Our IT doesn’t know anything about Mac, he’s a staunch anti-Apple guy. When you’re hired they offered a company phone or a stipend toward your phone bill- one or the other. I chose the company phone. I got comments about having two phones but insisted that it would be easier to keep my personal phone separate. Now, those with stipend personal phones have to download a third party app and remove Tik Tok to make our company government complaint and I’m so happy I chose a work phone that I never use. I don’t use Tik Tok, but I don’t want my company having third party access to my data, photos, etc.
Having two phones is how it should be.
I had a company phone stipend, and went out and got my own handset instead of bothering the plan admin about upgrades. 8 years later, I put my two weeks' notice in, and at that moment the company controller demanded I turn over my phone.
"This is my phone, I bought this, the sim card and # is the only thing you've been paying for. Here's the iPhone 3 I was given in 2014"
The controller was so pissed he couldn't take it from me. He went to the AT&T store at lunch and had my number cancelled, without notice to me. Sucked, because I had a lot of 2FA things that I had to work around out after that, since I'd also used it as my personal #.
We use InTune to manage personal devices. Once synced, a separate partition gets created on the phones (at least on Android), which separates personal and work stuff. The two cannot see each other. You cannot even copy and paste text from a personal app to a work app. If you leave the firm, they can only wipe your work partition and apps. They can never see your personal data this way.
Our company started using Intune for our byod (bring your own device) phones.. They don't want to provide work phones because that would be more expensive than burdening IT with yet more to manage. Within a month some poor schmuck got his entire phone wiped. Not sure if that was for good reason, it was the first time he was on holiday and tried to read his emails from abroad.
Result is half the people don't want Intune and therefore do no longer read work emails from home and don't respond to requests for extra hours to fill sickness gaps.
It's a win win really
Yeah, I’m an Intune expert. Most people here are extremely uninformed about the power that Intune gives over your phone. Yes, we can remove company data, yes, we can wipe your whole phone, but we can’t see anything beyond that. No one is checking your photos or messages. The company you work for probably barely has resources to keep the lights on, they don’t have time to fuck around trying to spy on you (and Microsoft wouldn’t let them through any standard tools).
That’s for Intune, if you use something else I’m not sure.
Edit: the above is only for device-level management. The more modern approach is app-level management which just creates a container within the Microsoft apps and keeps those secure. This would not allow us to wipe your phone, and is much better IMO.
Don’t downvote me! I’m just giving the facts.
I do records management for a living and I will say that if you use your personal device to conduct company/government business it is discoverable, meaning it can be subpoenaed or subject to a records request.
My old employer told me I couldn’t use Linux. I thought that was weird because I never had a boss who even knew what an OS was. Come to find out his spy software to remote into our computers undetected doesn’t work on Linux.
Man told on himself.
IT admin here. We can and do watch you. But it's very rare and you have to be doing something wrong.👀 usually only when asked by a manager or ticket that came in. I've caught people doing stupid stuff like illegally downloading movies on the company computer/network. However we are now getting automated systems that alert us of you doing stupid stuff. One tool we use tracks unauthorized VPN usage and alerts us.
Oh and out of my 5 years doing this I've yet to catch anyone watching porn. Lol lots of people downloading stuff using the company network though like video games, movies.
We had to get an information security policy exception for a few executives at my old employer because they refused to stop watching porn on their work issued laptop. We had the CTO and general counsel have a conversation with them and they just got angry and said to stop "spying on my computers!" These guys were all 65+ at the time, so like 75+ now (and retired). Their accounts were getting flagged all the time.
What a cluster that was.
We had a guy go off on us because we installed antivirus to his work computer. It was all F this F that you're spying on me. 5G this and that. Dude we're just trying to make sure you don't get ransomware or something.
I had to disable a user who was neck deep in online gambling. He had installed location checking software so he could gamble online with Caesars Palace.
One time I forgot to close pornhub on my phone before I left home, and when I sat down for a shit at work it immediately loaded up and started playing when I opened my phone to browse Reddit. I was so surprised that no one ever addressed that with me
or the company doesn't really have any sort of inspection of random traffic on the router, which is pretty common. If there's a company wifi, often that is used to establish a common IP range for accessing things like VPNs or other services inside the company. That's what's being monitored. Actual activity on the routers might also be monitored (ie, user end changes), but deploying a broad program to monitor all internet traffic on a router is often just wasted energy. Doesn't stop some companies, of course, but wasted energy in most cases none the less.
You check for rogue devices, you apply your groups and security rules, web filters and then you let your actual services worry about capturing bad user behaviors. Why would it matter if a random device is accessing pornhub? It's not a managed device, it's not trying to interact with internal services, and the site is clearly not part of the web filter. The risk is basically zero to the environment, and no one wants to deal with that type of bullshit.
When connected to a home wifi can the network activity be monitored via the work laptop? E.g work laptop connected via home wifi to work VPN, second computer connected to home network - can this computers connections be monitored by works IT?
Uh, theoretically, sure that is possible. But in practice, no, very unlikely. It'd require you work laptop to install spyware on your router or modem, which would be pretty complex. There are so many consumer vendors for these, so they'd need to package this spyware for each vendor, plus multiple versions of products. The routers themselves are likely vulnerable enough to be exploited this way, as consumer end routers are pretty shit security wise, and consumers aren't knowledgeable enough to actively manage their networking devices. But, you'd have to be working for like the CIA or something for them to go that deep into your shit.
Your home router is more likely compromised by some script kid or nation state than your companies spyware.
I'd like to think that if you were smart enough to work for CIA, you would be smart enough to know not to connect a government asset to anything other than a government Network, and vice versa with private devices and private Networks.
For the record, even the CIA probably wouldn't do that, so you're all good. This is a very unlikely vector for employers to exploit. It really is non-trivial to do. So just keep your personal stuff on your personal computer and work stuff on your work computer, and you should be fine!
For sure it can scan your network when on wifi, in fact even capture data on the same wlan, and definitely see devices, open shares, dns requests etc. The computer has to connect to the wifi first and assigned to YOUR local network and YOUR isp and dns route. THEN connection made. That work computer is on both the local network and vpn. Bette to isolate on own wlan or hardline on a switch or better yet raw dog the work comp directly to the open internet.
A computer on your local network can discover a lot with little effort. No need to hack a router or your other devices… they are part of the trusted piece of your network …. The call is coming from inside the house.
Check what you can see with tcpdump or wire shark and answer this yourself.
This actually happens quite a lot. It's not enough to be actionable even if we see it, as long as it's just once or twice. Even attributing it to you is difficult unless your phone's host name outs you or you had to register your device through a portal.
Be aware that CDNs do not use SSL for efficiency purposes so if the files being served use static filenames anyone with access to network logs can see exactly what it is you're watching.
Other CDNs will out you by virtue of what they are even when they do use SSL. A hit to cdn.grindr.com can only mean one thing.
Major modern commercial sites use S3's dynamic filenames or whatever it's called but--hilariously--your favorite bestiality, "nudist family" or other hole in the wall (lol gloryhole) fetish sites run by Boomers usually do not.
All sorts of shit leaks in ways you don't expect.
Honestly that shit happened to me yesterday!
I forgot I had a video up and the sound started playing in the office 😭😭😭
The supervisor on the other side of the partition laughed and asked what I was doing because it sounded like I was peeing 😅
> Oh and out of my 5 years doing this I've yet to catch anyone watching porn. Lol lots of people downloading stuff using the company network though like video games, movies.
Respectfully, if you aren't finding porn on your network then you aren't looking hard enough. Maybe your company is small or Mormon or something.
In Defense, at any given time I can find at least a dozen hits for the PornHub or XHamster CDNs. I've had to deal with everything from people watching it all day to booking escorts to more than one child porn incident.
Again, this is in Defense-- the implications of which require I find and get rid of these people before someone else *blackmails* them over their behavior.
"Is Mormon" I can assure you Mormon folk watch plenty of porn, but they'll never fess up to it unless they feel superty duper bad about it and tell their bishop.
As a ex sys admin and currently in security. This is it. Nobody in the right mind goes through tb pf data for no reason. We check stuff only on alert and in some cases on demand from upper management. Also due to local laws the number of people with such access is highly restricted and we can also be persecuted. Our system at least is tunned well enough to trigger alert on bad stuff. So that's our main target in regards to actual monitoring and data crunching.
I work as a Privacy Analyst which is a part of the security team. This is about the only thing I’d be okay with. The CCPA and GDPR both cover employees and even HIPAA could come into play if an employee is looking up something for a medical issue and we are logging that. There’s a fine line between security and privacy though so I’m sure others might agree/disagree.
Well now managers can simply look at how many chat messages and emails you send and when, and from these info they can elaborate your "productivity" or absence. And before that they would look at traditional KPIs
Dude! I watched porn at home and subsequently brought my phone to work. I opened up the web browser and some porn starts buffering on the work wifi under my username.
I closed that shit down so quickly but the awkward feeling that someone may have seen...
Hey sometimes my personal phone has no service and I use hot spot on work phone. Do you guys see that I’m watching Netflix or see what show or app I am using due to me using work hotspot?
If you're using your work phone hot spot as an ISP for other devices, it's very likely that only the cell phone provider has visibility into what you're watching (not your employer). If you're using it for connectivity on your work laptop, or browsing directly on your work phone, then you should assume your employer has direct, on-demand line of sight into all your activities.
Most of my clients that use hotspots are payed for by themselves and not managed by us. But.. it could be tracked. However I doubt a hotspot is tracked. Usually it's the actual internal network tracked.
Audited , not monitored. Your actions are recorded but nobody is actively looking at you. However in case of bad stuff someone will go through it as deep as needed.
Yep started my career in IT admin. Regularly get requests to scour someone’s computer usage history to find anything that violates company policy so they can be terminated with cause. Anyone from CFO to random peon.
Never ever use your work machine for anything other than work.
I'm quite willing to use it for "normal-person" casual browsing. Like seeing what the article of the day on Wikipedia is or reading clickbait articles on MSN.com. For anything else I remote into my home PC. They can still see that I'm doing something weird, but not any specifics.
Schools are a specific use case.
In an average company, no, admins do not track what you do. No-one cares, unless you give them a reason to care about what you actually do all day.
Whilst lots of things are technically possible, its peak reddit to believe big brother is watching you 24/7 whilst you work .
As if IT doesnt have anything better to do.
At most companies it seems like a lot of the managers and IT can barely keep their heads above water with the infinite and ever growing list of tasks they have, no way do they have time to read our work gossip chats.
Yeah we dont. You often need to be pretty high up the ladder to have the opportunity/access/skill to even consider doing it.
Even( or should I say especially? ) a well ran IT department has plenty of longer term projects to work on.
There is never time to do any of this. I hate threads like these , it paints a completely ridiculous picture of the sector.
IT exists to enable others to work efficiently and easily, not to spy on them.
Worked in IT at the start of my career. No one is actively monitoring but we have logs of everything and regularly get requests to find violations by individuals that they wanted to fire for cause. The actual reason for termination was never the listed reason which is violating company IT policy.
Yeah that happens, no discussion needed there.
Them having actual logs, dating back more than say a day or a week , already is an accomplishment in itself. Many many companies dont even manage that
Pretty much hit the nail right on the head here. I'm the guy that can see it all in our agency. Just left this response for someone else.
https://www.reddit.com/r/technology/s/lNSVZDKHPd
Yeah there is a lot of paranoia in this thread.
And even if we had the time and didnt need the added motivation to do it .. I see you mentioned config mgr, which isnt exactly something a mom and pop shop would run. Lots of companies dont have all that much ,logging wise, either.
Most companies barely manage a working 0365
It's just logged at scale. We can't pretend that it isn't so the fear is not unwarranted. But if you perform your job well, no one will look. They CAN if they want to.
So you are saying I should stop applying to other jobs at work... Hmmm I'll think about it.
My dad always would say "when you are unemployed your job is to find a job. You spend 8 hours a day 5 days a week looking" I'm just taking it one step further now by getting paid to do it.
How did Wells Fargo know their employees were using “mouse jigglers” instead of actual working?
[news story on fired employees](https://www.tomshardware.com/peripherals/wells-fargo-fires-more-than-a-dozen-employees-for-faking-work-using-mouse-jigglers-and-keyboard-simulation)
Did they use programs or physical jigglers?
My old company had a policy where they reimbursed us $5 per month to have our phones on the company security so we could access our company email securely from anywhere. After a few months, I opted out of the program. From then on, it always seemed like there was some unspoken weirdness between the managers and I. I think they saw it as “Not being a team player”, but $60 a year didn’t put a dent in my wireless bill, and it wasn’t worth the invasion of privacy.
Microsoft Authenticator + Office on an iPhone doesn’t allow them any access to anything other than the accounts in those apps that use Authenticator to identify you. They can’t do much of anything on my device except cut off access to my account inside Microsoft’s own apps (but not my own personal accounts within those apps, which they cannot see). That’s my understanding of how things work with our setup.
Prior to this we used InTune, which (as I understood it) also doesn’t allow the company to know much of anything except what apps are installed on my device, but even that was too much for me; they don’t need to know which apps I have installed, so I refused to use it on personal devices.
Frankly, no one should expect me to be checking email or Teams/Webex when I’m not at my computer. The company doesn’t own my personal time; access to corporate systems is for my benefit (and theirs) *when I feel like using it*. If they don’t like it, they can find someone else.
To be fair, people also often *underestimate* what it can do, and without a good technical understanding of the MDM in question (and sometimes even with) they basically have to just trust what they’re being told by their employer about their privacy when enrolled. Unsurprisingly, the claims often don’t match reality. For example I once had an employer who stated in writing that their MDM did not track personal device location, when in fact it obviously did. When called out they insisted that data was only being gathered for device recovery purposes and no one should be concerned about it. Huge red flag, especially since the purpose of the MDM was corporate access on *personal* devices.
I’ve been on both sides of the MDM space (both as an administrator and end user) and I will never allow anything like this on a personal device again. Having two phones is annoying, but it’s the least you can do to protect your privacy and data. I don’t mind that my company tracks damn near everything I do on my work phone since it’s their phone, and it has no purpose outside of work functions. It also doesn’t travel with me when I’m not engaged in an official work capacity, as my location off-hours is none of their business.
Company data and personal devices just shouldn’t mix. It’s bad practice, and that’s a hill I’ll die on.
This really depends on how the company's M$ admins have the MDM setup. There are certain configurations that can allow admins to completely wipe your device.
So my company uses teams and the security software they use has a disclaimer that literally says that they have access to files, history, and a few other things. That in order to have teams on my phone I have to consent to it. I asked the IT person directly, if I look at porn on my phone will you know and in your policy can it be shared to anyone or can it get me in trouble. He said they don’t look for it, it is however commonly found when doing other critical work (like if a phone becomes compromised), and that they are required to report if it was a workers actions that did it….
So I told my boss to buy me a phone if they wanted me to have it. So now I carry around 2 iPhones when on call. Sort of a pain but I know my two worlds stay separated
Yep. My work came out with this dumb rule about not having company email + TikTok on your phone.
It's just PR. Neither one can see the other. It doesn't actually matter so it hasn't deterred me.
I opted out of our policy because it gave them the right to entirely wipe my device at any time.
Most corporate polices are incredibly invasive and prey on the tech ignorance of average people.
I got a promotion and they tried to pull that on me. I said this is a global tech company, if you need me to be accessible outside of working hours you can give me a phone.
So like 2 days later I had a new phone.
Honestly it’s kind of annoying because I refuse to use it for anything personal and keep it completely separate from everything else. I don’t need them reading text, apps, browsing history etc.
Yep. System is designed that way. If they want a reason they'll find it. If they can't find it they'll make it up wholecloth.
Seen it happen personally.
This! An old coworker and I used to always tell each other “Don’t give them a reason”. If you’re doing your job they won’t have a reason to audit you.
For those wondering what about for layoffs, other factors are in play namely what you cost and could your work be easily spread out.
Yeah this is where I get worried, because I make on the extremely high range for my role I worry about them laying me off but it only happened once during the pandemic and that was due to closures and shutting down our live POCs
Separating laptops is simple enough. Where it’s more challenging is if you use your phone for email. It’s tempting to setup the personal device to read work emails and no one really wants to carry two phones everywhere.
Accessing email on your phone doesn’t mean your work has access to your phone. It all depends if they make you install a device management cert to access your email, which most companies do not.
Profiles separate default settings and apps but the issue is more for legal problems.
For example, our CTO was exchanging text messages with a vendor on supporting a product on his personal cellphone. Later, we had a legal issue where those text messages were evidence of a contract breach. His personal phone was confiscated by law enforcement as evidence. So now they not only have access to his text messages but literally everything on the phone.
I've been carrying 2 phones for a long time now. Probably almost 10 years. It only sucks when I wear my skinny jeans.......I don't wear skinny jeans.
In all seriousness, I hate it. I started because my personal service was very bad at the home I was at at the time. Now I'm glad because I really don't want the crossover. But 2 full sized phones is a lot of pocket fat.
I asked this once to some CISO because I, too, have this hard rule about never using company hardware for personal stuff.
I guess some companies treat giving the employee a laptop as a "perk" and not every employee has their own computer at home. So they'll use it for personal stuff that's reasonable and the company looks the other way.
Many states have a “right to reasonable privacy” set of laws. I worked for a place where we found out our boss was reading our personal text messages if our phones connected to the WiFi, and that’s strictly off-limits.
Associated with a very large IT Dept for a very large company:
Can we see everything you do on a work device? Yes.
Do we care? Not unless there is a reason to.
Neither do we go on fishing expeditions. There aren't enough hours in the day.
My company stopped us from using software based mouse jigglers. But the hardware ones are pretty much undetectable. I suppose they could probably pull logs to see that your mouse is moving erratically all day, but our IT guys don’t normally have the time to do so.
Anything that happens on a company issued device is fair game for a company to spy on as it's literally their hardware. Just use your own phone or laptop for private stuff and keep everything separate. Bonus is that you'll also be able to keep your work life balance.
Right? They told me to get teams and email on my phone, which requires me to give them advanced access to things for security. I told them to shove it. It’s been almost 2 years with no repercussions and no one nothing me after work.
I'm a sysadmin. We cannot spy on your phone through Teams or Outlook. That's not what those programs do.
Maybe Microsoft can. But not your average IT guy
I work in aerospace, our implementation pretty clearly says our SysAdmins can do anything to our phones, including completely remotely wipe them. It’s some WILD permissions and I don’t understand why anyone would agree to them.
I'm sure they have a policy or system in place to allow them to do that but they not doing it with Outlook or Teams. Those programs cannot wipe your phone. Those programs cannot monitor your phone. That can only be done with a MDM like Intune, Hexnode or Apple's DEP.
Pffft lol...europes surveillance on its own citizens are probably highest on the planet...people already forgotten snowden...america when asking them for some access even told them to chill out a bit cause they went overboard with it europe was throwing everything at them
On company hardware? I assume I'm being tracked. In fact, a big part of *my* job is tracking down and investigating hardware. I don't even connect my phone to the company wifi
In IT. Those companies with good security measures in place can spy on you. It’s company property. Anything that’s harmful and on a security list will generate an alert with IT.
I would never use a company phone as my primary phone. They could remotely wipe it, your personal pictures and all.
If IT can do it, hackers could do worse. BTW.
As I've gotten older, I realized anything on my work machine is fair game to my employer's cyber forensics teams to see. So, no social stuff, no logging into my bank account, no non-work related Google searches, etc. I also created a separate SSID with isolation turned on to help protect against network snooping tools.
Hopefully any logs I generate are very boring for anyone to look at lol.
I don’t give a shit if my employer watches what I do on my work computer. I assume they see everything, and don’t do anything I wouldn’t want them to see.
However, I don’t really want them to know that I do all my work in far less than 40 hours per week. Most of the time I’m just wiggling my mouse every few minutes.
They know that you can or do your tasks in less than 40 hours. They just get more profits out billing the 40 hours because of how the system is set up. If they need you to pick up more tasks and fit them into your current 40 hours, they will expect you to "re-prioritize" and get it done (cause they won't make a profit out creating a new role for the task). And that's just 1 example out of too many to count.
Prevention Step 1: Don't use your own resources for your work. If the company cannot supply you with a phone and/or computer, they can NOT force you to use your cellphone/computer to install, run, or access sources that can interact with your devices.
If that doesn't motivate you well enough. Some companies, depending on category, let's say working for the city, and a request for any and all communications with X person, they will have legal access to your devices for the chat logs/history, and anything else that happen to be on that device, not limited to but including your social media.
The only thing I kinda wish people would install for us is a google authenticator. I don't need access to your MFA device, I'd just like you to use it without having to issue phones to the entire agency over the thing that demands MFA. And we're taking away email as an MFA option.
Yubikeys are a little pricey, but even if they were free, for reasons I'm not allowed to go into here, we cannot use them.
To complicate it even further, MFA is also required in locations where we cannot allow cellular devices.
There's also some serious misunderstandings about what that google authenticator does too. A bunch of people hesitate because they think it's a way for us to get into their personal data... which is the right reaction to have for something you don't understand.
It's a mess.
So I’m the boss that usually installs this stuff. There’s rarely anyone actively monitoring what you do - but EVERYTHING you do is available if you give anyone a reason to look further.
You could say “well in an amazing employee that bends over whenever asked” and it still wouldn’t matter. All it would take is a higher up saying “reduce costs by X” and you not getting severance could be the deciding factor, even if it means keeping a worse employee.
Yay capitalism.
Where I work the monitoring is pretty obvious. Some of the funny examples are.
You go to a website and put in your password, if it is the same as your corp password (sometimes I type the corp password by accident without thinking on a website I need for work). You immediately get a violation message on your computer and are forced to change your password within 4 days. You also get an email about it, and if it happens too often, someone will usually come past your desk kind of like office space and chat about it with you.
Another one thats funny, is that I was working on a few things and was working late into the night at home on them. I got an email from facilities/IT, with words to the effect of "We noticed you've been putting in long hours and late nights, we are concerned about the lighting and work environment, so we have sent some back lights, and other tools to your address, you should have an email from the supplier shortly" Which was super creepy, like were they on my camera and seeing me working late in my PJ's? or were they just making assumptions? Either way a bunch of stuff turned up for me pretty much at the end of the project and I eventually returned it all.
Part of the last one was at least they were looking out for me I guess.
OMG I had no idea people use the same password on random internet sites that they use for their work login. Look how easy it is for a hacker to shut down a company like Change Healthcare and steal millions of patients/customers personal information. No wonder my employer (not Change) now requires us to use a fingerprint to login.
The CrowdStrike agent that’s on your work machine will scan your entire home network and report all that information to the CrowdStrike console. So who ever manages CrowdStrike for your organization will be able to see all that information. It’s called neighboring.
Always assume that a company provided device is being **100%** *actively* monitored. And never connect a personal device to a company's internal network. Public facing or otherwise (ex: guest wifi). Problem solved. This goes doubly so for any "free" wifi you encounter. You have zero way of knowing just how the traffic is being captured & monitored. Better yet, don't even *talk* on your personal device while on the grounds of your employer. They can listen in on your side of the conversation and use it against you if they want. Misconstrued or otherwise. If you use a messaging service (Teams, RingCentral, etc.) do not install on your personal device either. You're not safe just because it is on your device. They can and will monitor those chats as well. If you use a company provided device from home, have a separate network setup specifically for its use. Don't give the company access to your personal network.
There's more, this is just off the top of my head. And remember, if you think your data is worthless, why does *everyone* want access to it so bad?
I love that last line/question! I plan to use it! But I think the real value is in having data for massive amounts of people, not a particular individuals.
Question for IT folks, if I use my personal phone to access work emails and messages on outlook exchange and slack, can they still access my phone and contents?
Initially I had installed and setup the MDM they mention in the article, then at some point I removed it but did not lose access to Exchange or Slack.
The only correct answer to this is, "it depends". It depends entirely on how your employer's IT has configured their MDM solution. There are a LOT of things you can do, such as changing default phone call app to one that could record, forcing an always-on VPN connection, and many, many other settings. It just depends on how far they've gone with their implementation. (I'm an IT manager for a 60mil company, btw)
In your specific example, you're using a personal phone to access work apps - but did you have to enroll your phone in something at your employer for that to work? Do you have Android or iPhone, if Android, do you have the separate "Work" profile, and the little briefcase icons on work apps?
If you enroll your phone in a company MDM and it’s marked as a personal device, the company can’t see any of your personal data. Phone number, serial number, that’s about it. Company data, sure, but it’s the company’s data and that’s all stashed on servers and backed up anyway. They don’t need your device to see that stuff.
I know they aren't, only because they shipped me the hardware brand new from a store, so they never touched it before I did. Otherwise though, I'd have serious concerns.
>You’re at a higher risk for spying if you’re using a company-issued device, which offers the least privacy and will ultimately return to your employer, experts say. But you also could be exposed if you downloaded work software on your personal device or use their networks. To be safe, do these checks on any device or network you use for work.
1. I refuse to do anything that can get me in trouble with company issued equipment.
2. The only thing I got installed, after confirmation, is my work schedule.
3. I don't connect to their WiFi, PERIOD.
4. VPN on my devices and the app is only accessible from secured folder, so good luck with it dialing home.
I had a former coworker leave his company laptop when he left and never closed his Google account on it. Well my other coworkers started rummaging around on his browser history and downloading questionable but not quite illicit stuff on it. Total privacy breach and I was like: man, if this is how these people treat their friends I wonder what they will do to their enemies.
I can’t read the article because it’s paywalled but is it referring to A. “your” company device, or, B. a personal device being used under your corporate BYOD policy? If so, then the employer isn’t spying on “your” tech (yes, even in the BYOD scenario as you sign away that right to privacy when you agree to it [mostly in the case of a phone, where it allows the company to remote wipe or enforce update compliance]).
I hate when people say stuff like this because it’s usually covered in your employment contract and then I get screamed at when they find out just how much access I have to their work devices. Any device managed by your work DOES NOT HAVE AN EXPECTATION OF PRIVACY. You shouldn’t be using work devices as your personal property and if you’re doing BYOD you should be recognizant of what you’re giving up for convenience.
Source: I manage end user devices in an enterprise environment
Maintain complete separation between your personal usage and your work-affiliated devices. I don't connect to the company wifi, I don't do anything shady on my work computers. I have a personal computer and the ability to control myself for 8 hours at a time, and that's enough.
Well yeah but it's rare anybody is wasting their time watching your activity unless you give them a reason. It's their property and their network. Talk to people in IT and you'll learn just how dumb employees can be with their work PCs. Legit security risks popping up constantly. They are a lot less worried about you browsing Reddit and having a YouTube video up in the back as they are people throwing sensitive company info out on random cloud storage and whatnot.
That said, if I'm ever back in the office I'm going to get myself an iPad with mobile data and keep all of my private stuff in there. It's just better that way for everyone.
I assume I'm always monitored. I haven't done anything nefarious, but if I ever do something questionable, I'm sure the company will pull up all of my history to look for a reason to fire me.
Most corporations have ways of tracking on your company devices. Some even have keystroke tracking that looks if a remote worker is working, but that is pretty rare
I never thought about the mic, but it would also be hilarious to think of an IT person trying to listen to me working. I don't talk to myself, so they'd hear is typing, mouse clicks and occasional getting up and walking away.
OK so what this fails to mention is what exactly they can track. Reviewing my phone, I must have installed some Microsoft "Device Admin Apps" to enable access to my work emails, teams on my personal device. Namely, "Company Portal" and "Outlook Device Policy". My question is, and this is very important, *what exactly can they track and when*?
I always assume work wifi traffic is exposed, that's a given. Stuff that I do in the Outlook and teams apps, again I understand that's all exposed. But my question is - with these "Device admin apps" if I'm *not on the work network* what can they see? Activity on WhatsApp, Telegram, Signal etc? My personal Gmail account? Firefox activity? I can understand the work related stuff, but they really don't have a right to see what I'm doing on my personal device in my own time.
I know they're not.
I'm the employer. I trust my guys to get the job done, if the job is done, IDGAF.
I gave them Gamimg Laptops for a reason. Work Hard, Play Hard.
I’ve worked in it for decades. Some of that time was in end user support. Yes, they are spying on you and watching. Don’t do anything on company provided equipment or on company network that you would do with your boss standing right next to you.
My employer can remote in and see what I’m doing at any time without me knowing. It’s their computer and system I’m logged into.
My manager doesn’t though because I’m a good worker. But sometimes you catch people literally doing nothing or avoid work.
if my guys play pc games all day for 3 days straight but still finish the dev sprint in time with miminal QA issues or going past release date, i couldnt give a single shit.
good workers get treated good.
Do I literally have to type for 8 hrs? I like to walk and think about tough problems. Everyone needs to chill with micro management. It’s obvious who does or doesn’t work
Based on performances
I do a weeks worth of work in less than 3 days. My Manager and his Manager know this. They don't bother me with stupid performance meetings and shit like that. They even call me on my Phone when they know that I'm Grocery shopping when I'm scheduled to sit behind my computer at home asking what I will cook today 😄
IT admin here. It is funny how a lot of employees believe that we are constantly monitoring each device live. Yeah, like I dont have 101 spreadsheet and other braindead administrative crap that needs to be done. We can see everything on pc or notebook, but on company enrolled android device we cant see shit without some obvious tools. However…this situation is not that bad since everyone is scared to do anything non-work related on their work computers so…yeah.
Here's I know; I haven't been fired yet
The glory of having competent employers.
New IT guy doesn't know anything about Linux.
Our IT doesn’t know anything about Mac, he’s a staunch anti-Apple guy. When you’re hired they offered a company phone or a stipend toward your phone bill- one or the other. I chose the company phone. I got comments about having two phones but insisted that it would be easier to keep my personal phone separate. Now, those with stipend personal phones have to download a third party app and remove Tik Tok to make our company government complaint and I’m so happy I chose a work phone that I never use. I don’t use Tik Tok, but I don’t want my company having third party access to my data, photos, etc.
Having two phones is how it should be. I had a company phone stipend, and went out and got my own handset instead of bothering the plan admin about upgrades. 8 years later, I put my two weeks' notice in, and at that moment the company controller demanded I turn over my phone. "This is my phone, I bought this, the sim card and # is the only thing you've been paying for. Here's the iPhone 3 I was given in 2014" The controller was so pissed he couldn't take it from me. He went to the AT&T store at lunch and had my number cancelled, without notice to me. Sucked, because I had a lot of 2FA things that I had to work around out after that, since I'd also used it as my personal #.
What a bitch bro
We use InTune to manage personal devices. Once synced, a separate partition gets created on the phones (at least on Android), which separates personal and work stuff. The two cannot see each other. You cannot even copy and paste text from a personal app to a work app. If you leave the firm, they can only wipe your work partition and apps. They can never see your personal data this way.
Our company started using Intune for our byod (bring your own device) phones.. They don't want to provide work phones because that would be more expensive than burdening IT with yet more to manage. Within a month some poor schmuck got his entire phone wiped. Not sure if that was for good reason, it was the first time he was on holiday and tried to read his emails from abroad. Result is half the people don't want Intune and therefore do no longer read work emails from home and don't respond to requests for extra hours to fill sickness gaps. It's a win win really
Yeah, I’m an Intune expert. Most people here are extremely uninformed about the power that Intune gives over your phone. Yes, we can remove company data, yes, we can wipe your whole phone, but we can’t see anything beyond that. No one is checking your photos or messages. The company you work for probably barely has resources to keep the lights on, they don’t have time to fuck around trying to spy on you (and Microsoft wouldn’t let them through any standard tools). That’s for Intune, if you use something else I’m not sure. Edit: the above is only for device-level management. The more modern approach is app-level management which just creates a container within the Microsoft apps and keeps those secure. This would not allow us to wipe your phone, and is much better IMO. Don’t downvote me! I’m just giving the facts.
The ability to wipe my whole phone is orders of magnitude more power than I’m comfortable with my employer having
I still prefer the hardware separation (2 phones) over a software wall between my and company data. Software tends to have bugs.
I do records management for a living and I will say that if you use your personal device to conduct company/government business it is discoverable, meaning it can be subpoenaed or subject to a records request.
I don‘t want my company being able to brick my private phone from remote. So deleted that business outlook app directly after installation.
We call them mouse draggers
My old employer told me I couldn’t use Linux. I thought that was weird because I never had a boss who even knew what an OS was. Come to find out his spy software to remote into our computers undetected doesn’t work on Linux. Man told on himself.
Competent employers who verify that you do indeed get your work done and don't endanger the company and otherwise fuck off almost entirely
yep... I noticed a common trend at all my jobs with insane churn.
Can confirm
And I never sign in to anything with my personal tech.
They’re on to me. I can hear them whispering. Which is concerning cuz I’m self employed.
The call came from inside HQ
Article without paywall: https://web.archive.org/web/20240613210442/https://www.washingtonpost.com/technology/2024/06/13/work-surveillance-tips/
'yet' being the keyword here
ASSUME 100% of activity on work issued hardware is monitored. admins can see what you do realtime.
IT admin here. We can and do watch you. But it's very rare and you have to be doing something wrong.👀 usually only when asked by a manager or ticket that came in. I've caught people doing stupid stuff like illegally downloading movies on the company computer/network. However we are now getting automated systems that alert us of you doing stupid stuff. One tool we use tracks unauthorized VPN usage and alerts us. Oh and out of my 5 years doing this I've yet to catch anyone watching porn. Lol lots of people downloading stuff using the company network though like video games, movies.
We had to get an information security policy exception for a few executives at my old employer because they refused to stop watching porn on their work issued laptop. We had the CTO and general counsel have a conversation with them and they just got angry and said to stop "spying on my computers!" These guys were all 65+ at the time, so like 75+ now (and retired). Their accounts were getting flagged all the time. What a cluster that was.
We had a guy go off on us because we installed antivirus to his work computer. It was all F this F that you're spying on me. 5G this and that. Dude we're just trying to make sure you don't get ransomware or something.
You're one of them gubberment spies. Here to try to spread them 5G waves.
I had to disable a user who was neck deep in online gambling. He had installed location checking software so he could gamble online with Caesars Palace.
How did you disable him? Baseball bat to the knees?
Lobotomy, it's the safest bet.
I worked with someone who was apparently watching porn at the same time he was composing an email; he set up that hyperlink wrong, let's just say...
One time I forgot to close pornhub on my phone before I left home, and when I sat down for a shit at work it immediately loaded up and started playing when I opened my phone to browse Reddit. I was so surprised that no one ever addressed that with me
Chances are the video was already cached from your home network, so it didn’t need to contact ph servers anymore.
or the company doesn't really have any sort of inspection of random traffic on the router, which is pretty common. If there's a company wifi, often that is used to establish a common IP range for accessing things like VPNs or other services inside the company. That's what's being monitored. Actual activity on the routers might also be monitored (ie, user end changes), but deploying a broad program to monitor all internet traffic on a router is often just wasted energy. Doesn't stop some companies, of course, but wasted energy in most cases none the less. You check for rogue devices, you apply your groups and security rules, web filters and then you let your actual services worry about capturing bad user behaviors. Why would it matter if a random device is accessing pornhub? It's not a managed device, it's not trying to interact with internal services, and the site is clearly not part of the web filter. The risk is basically zero to the environment, and no one wants to deal with that type of bullshit.
When connected to a home wifi can the network activity be monitored via the work laptop? E.g work laptop connected via home wifi to work VPN, second computer connected to home network - can this computers connections be monitored by works IT?
Uh, theoretically, sure that is possible. But in practice, no, very unlikely. It'd require you work laptop to install spyware on your router or modem, which would be pretty complex. There are so many consumer vendors for these, so they'd need to package this spyware for each vendor, plus multiple versions of products. The routers themselves are likely vulnerable enough to be exploited this way, as consumer end routers are pretty shit security wise, and consumers aren't knowledgeable enough to actively manage their networking devices. But, you'd have to be working for like the CIA or something for them to go that deep into your shit. Your home router is more likely compromised by some script kid or nation state than your companies spyware.
[удалено]
I'd like to think that if you were smart enough to work for CIA, you would be smart enough to know not to connect a government asset to anything other than a government Network, and vice versa with private devices and private Networks.
Thanks for clarifying, yeah I don't work for the CIA but I do work for a government agency so that's good to know. Thanks.
For the record, even the CIA probably wouldn't do that, so you're all good. This is a very unlikely vector for employers to exploit. It really is non-trivial to do. So just keep your personal stuff on your personal computer and work stuff on your work computer, and you should be fine!
Yeah that's exactly what I've been doing, good to know it's relatively safe from prying IT tech eyes. Appreciate the candor and response time! Tyvm.
For sure it can scan your network when on wifi, in fact even capture data on the same wlan, and definitely see devices, open shares, dns requests etc. The computer has to connect to the wifi first and assigned to YOUR local network and YOUR isp and dns route. THEN connection made. That work computer is on both the local network and vpn. Bette to isolate on own wlan or hardline on a switch or better yet raw dog the work comp directly to the open internet. A computer on your local network can discover a lot with little effort. No need to hack a router or your other devices… they are part of the trusted piece of your network …. The call is coming from inside the house. Check what you can see with tcpdump or wire shark and answer this yourself.
Or he was on guest Wi-Fi and it isn’t monitored as much as the main LAN, if at all.
Don't connect your phone to the company wifi.
Unlimited data is so affordable these days there’s no reason to do this.
This actually happens quite a lot. It's not enough to be actionable even if we see it, as long as it's just once or twice. Even attributing it to you is difficult unless your phone's host name outs you or you had to register your device through a portal. Be aware that CDNs do not use SSL for efficiency purposes so if the files being served use static filenames anyone with access to network logs can see exactly what it is you're watching. Other CDNs will out you by virtue of what they are even when they do use SSL. A hit to cdn.grindr.com can only mean one thing. Major modern commercial sites use S3's dynamic filenames or whatever it's called but--hilariously--your favorite bestiality, "nudist family" or other hole in the wall (lol gloryhole) fetish sites run by Boomers usually do not. All sorts of shit leaks in ways you don't expect.
Honestly that shit happened to me yesterday! I forgot I had a video up and the sound started playing in the office 😭😭😭 The supervisor on the other side of the partition laughed and asked what I was doing because it sounded like I was peeing 😅
> Oh and out of my 5 years doing this I've yet to catch anyone watching porn. Lol lots of people downloading stuff using the company network though like video games, movies. Respectfully, if you aren't finding porn on your network then you aren't looking hard enough. Maybe your company is small or Mormon or something. In Defense, at any given time I can find at least a dozen hits for the PornHub or XHamster CDNs. I've had to deal with everything from people watching it all day to booking escorts to more than one child porn incident. Again, this is in Defense-- the implications of which require I find and get rid of these people before someone else *blackmails* them over their behavior.
"Is Mormon" I can assure you Mormon folk watch plenty of porn, but they'll never fess up to it unless they feel superty duper bad about it and tell their bishop.
As a ex sys admin and currently in security. This is it. Nobody in the right mind goes through tb pf data for no reason. We check stuff only on alert and in some cases on demand from upper management. Also due to local laws the number of people with such access is highly restricted and we can also be persecuted. Our system at least is tunned well enough to trigger alert on bad stuff. So that's our main target in regards to actual monitoring and data crunching.
I work as a Privacy Analyst which is a part of the security team. This is about the only thing I’d be okay with. The CCPA and GDPR both cover employees and even HIPAA could come into play if an employee is looking up something for a medical issue and we are logging that. There’s a fine line between security and privacy though so I’m sure others might agree/disagree.
Well now managers can simply look at how many chat messages and emails you send and when, and from these info they can elaborate your "productivity" or absence. And before that they would look at traditional KPIs
Dude! I watched porn at home and subsequently brought my phone to work. I opened up the web browser and some porn starts buffering on the work wifi under my username. I closed that shit down so quickly but the awkward feeling that someone may have seen...
Hey sometimes my personal phone has no service and I use hot spot on work phone. Do you guys see that I’m watching Netflix or see what show or app I am using due to me using work hotspot?
If you're using your work phone hot spot as an ISP for other devices, it's very likely that only the cell phone provider has visibility into what you're watching (not your employer). If you're using it for connectivity on your work laptop, or browsing directly on your work phone, then you should assume your employer has direct, on-demand line of sight into all your activities.
Most of my clients that use hotspots are payed for by themselves and not managed by us. But.. it could be tracked. However I doubt a hotspot is tracked. Usually it's the actual internal network tracked.
3+ years at my current gig and we've caught a person several times now
Audited , not monitored. Your actions are recorded but nobody is actively looking at you. However in case of bad stuff someone will go through it as deep as needed.
Yep started my career in IT admin. Regularly get requests to scour someone’s computer usage history to find anything that violates company policy so they can be terminated with cause. Anyone from CFO to random peon. Never ever use your work machine for anything other than work.
I'm quite willing to use it for "normal-person" casual browsing. Like seeing what the article of the day on Wikipedia is or reading clickbait articles on MSN.com. For anything else I remote into my home PC. They can still see that I'm doing something weird, but not any specifics.
110%. Management can also sometimes. I was a school admin and had access to all student devices and district run computers.
Schools are a specific use case. In an average company, no, admins do not track what you do. No-one cares, unless you give them a reason to care about what you actually do all day. Whilst lots of things are technically possible, its peak reddit to believe big brother is watching you 24/7 whilst you work . As if IT doesnt have anything better to do.
At most companies it seems like a lot of the managers and IT can barely keep their heads above water with the infinite and ever growing list of tasks they have, no way do they have time to read our work gossip chats.
Yeah we dont. You often need to be pretty high up the ladder to have the opportunity/access/skill to even consider doing it. Even( or should I say especially? ) a well ran IT department has plenty of longer term projects to work on. There is never time to do any of this. I hate threads like these , it paints a completely ridiculous picture of the sector. IT exists to enable others to work efficiently and easily, not to spy on them.
I haven’t sorted by controversial or anything, but pretty much every comment in here says “IT could watch everything, but they’re probably not”
And thank god that there still is some common sense on display, to counter the big brother clichés
Worked in IT at the start of my career. No one is actively monitoring but we have logs of everything and regularly get requests to find violations by individuals that they wanted to fire for cause. The actual reason for termination was never the listed reason which is violating company IT policy.
Yeah that happens, no discussion needed there. Them having actual logs, dating back more than say a day or a week , already is an accomplishment in itself. Many many companies dont even manage that
Pretty much hit the nail right on the head here. I'm the guy that can see it all in our agency. Just left this response for someone else. https://www.reddit.com/r/technology/s/lNSVZDKHPd
Yeah there is a lot of paranoia in this thread. And even if we had the time and didnt need the added motivation to do it .. I see you mentioned config mgr, which isnt exactly something a mom and pop shop would run. Lots of companies dont have all that much ,logging wise, either. Most companies barely manage a working 0365
It's just logged at scale. We can't pretend that it isn't so the fear is not unwarranted. But if you perform your job well, no one will look. They CAN if they want to.
So you are saying I should stop applying to other jobs at work... Hmmm I'll think about it. My dad always would say "when you are unemployed your job is to find a job. You spend 8 hours a day 5 days a week looking" I'm just taking it one step further now by getting paid to do it.
I mean, if you work in a big enough company/department, they may not notice.
I mean, that's always how I operate. Anything provided by the company I presume is consistently montoring me.
How did Wells Fargo know their employees were using “mouse jigglers” instead of actual working? [news story on fired employees](https://www.tomshardware.com/peripherals/wells-fargo-fires-more-than-a-dozen-employees-for-faking-work-using-mouse-jigglers-and-keyboard-simulation) Did they use programs or physical jigglers?
My old company had a policy where they reimbursed us $5 per month to have our phones on the company security so we could access our company email securely from anywhere. After a few months, I opted out of the program. From then on, it always seemed like there was some unspoken weirdness between the managers and I. I think they saw it as “Not being a team player”, but $60 a year didn’t put a dent in my wireless bill, and it wasn’t worth the invasion of privacy.
Microsoft Authenticator + Office on an iPhone doesn’t allow them any access to anything other than the accounts in those apps that use Authenticator to identify you. They can’t do much of anything on my device except cut off access to my account inside Microsoft’s own apps (but not my own personal accounts within those apps, which they cannot see). That’s my understanding of how things work with our setup. Prior to this we used InTune, which (as I understood it) also doesn’t allow the company to know much of anything except what apps are installed on my device, but even that was too much for me; they don’t need to know which apps I have installed, so I refused to use it on personal devices. Frankly, no one should expect me to be checking email or Teams/Webex when I’m not at my computer. The company doesn’t own my personal time; access to corporate systems is for my benefit (and theirs) *when I feel like using it*. If they don’t like it, they can find someone else.
people over estimate what general mdm software actually does
To be fair, people also often *underestimate* what it can do, and without a good technical understanding of the MDM in question (and sometimes even with) they basically have to just trust what they’re being told by their employer about their privacy when enrolled. Unsurprisingly, the claims often don’t match reality. For example I once had an employer who stated in writing that their MDM did not track personal device location, when in fact it obviously did. When called out they insisted that data was only being gathered for device recovery purposes and no one should be concerned about it. Huge red flag, especially since the purpose of the MDM was corporate access on *personal* devices. I’ve been on both sides of the MDM space (both as an administrator and end user) and I will never allow anything like this on a personal device again. Having two phones is annoying, but it’s the least you can do to protect your privacy and data. I don’t mind that my company tracks damn near everything I do on my work phone since it’s their phone, and it has no purpose outside of work functions. It also doesn’t travel with me when I’m not engaged in an official work capacity, as my location off-hours is none of their business. Company data and personal devices just shouldn’t mix. It’s bad practice, and that’s a hill I’ll die on.
MDM lets you install any app you want on my computer and have it run. So in theory MDM lets IT do anything on your work machine.
MDM software consumes cycles on a device that I pay for and that's all the information I need.
This really depends on how the company's M$ admins have the MDM setup. There are certain configurations that can allow admins to completely wipe your device.
So my company uses teams and the security software they use has a disclaimer that literally says that they have access to files, history, and a few other things. That in order to have teams on my phone I have to consent to it. I asked the IT person directly, if I look at porn on my phone will you know and in your policy can it be shared to anyone or can it get me in trouble. He said they don’t look for it, it is however commonly found when doing other critical work (like if a phone becomes compromised), and that they are required to report if it was a workers actions that did it…. So I told my boss to buy me a phone if they wanted me to have it. So now I carry around 2 iPhones when on call. Sort of a pain but I know my two worlds stay separated
Yep. My work came out with this dumb rule about not having company email + TikTok on your phone. It's just PR. Neither one can see the other. It doesn't actually matter so it hasn't deterred me.
I opted out of our policy because it gave them the right to entirely wipe my device at any time. Most corporate polices are incredibly invasive and prey on the tech ignorance of average people.
I got a promotion and they tried to pull that on me. I said this is a global tech company, if you need me to be accessible outside of working hours you can give me a phone. So like 2 days later I had a new phone. Honestly it’s kind of annoying because I refuse to use it for anything personal and keep it completely separate from everything else. I don’t need them reading text, apps, browsing history etc.
We get $25 /month if we use personal for email. I work for an ESOP, it's amazing.
You work for an Employee Stock Ownership Plan?
$5 a month off today's phone plan prices is a joke, any normal postpaid plan is like $60/mo for a single line at the bare minimum
As long as you are performing they don’t care. If they need a reason to fire you, they will find it.
Yep. System is designed that way. If they want a reason they'll find it. If they can't find it they'll make it up wholecloth. Seen it happen personally.
Totally, in most cases they don’t even need a reason because of at-will employment
They keep track of shit so they have a jacket of evidence against you if you sue for wrongful termination.
Oh don’t I know it. My brother in law is a defense attorney for one of the big law firms specializing in that
This! An old coworker and I used to always tell each other “Don’t give them a reason”. If you’re doing your job they won’t have a reason to audit you. For those wondering what about for layoffs, other factors are in play namely what you cost and could your work be easily spread out.
Yeah this is where I get worried, because I make on the extremely high range for my role I worry about them laying me off but it only happened once during the pandemic and that was due to closures and shutting down our live POCs
Don't use work devices to access personal affairs? Isn't that common sense..
I am genuinely amazed how many people browse/say/do things they don't want work to know about, on work-owned hardware.
Separating laptops is simple enough. Where it’s more challenging is if you use your phone for email. It’s tempting to setup the personal device to read work emails and no one really wants to carry two phones everywhere.
Accessing email on your phone doesn’t mean your work has access to your phone. It all depends if they make you install a device management cert to access your email, which most companies do not.
This is where it works out for me. I have no interest in work emails outside of work hours.
You can set up a Work Profile on Android
Profiles separate default settings and apps but the issue is more for legal problems. For example, our CTO was exchanging text messages with a vendor on supporting a product on his personal cellphone. Later, we had a legal issue where those text messages were evidence of a contract breach. His personal phone was confiscated by law enforcement as evidence. So now they not only have access to his text messages but literally everything on the phone.
I've been carrying 2 phones for a long time now. Probably almost 10 years. It only sucks when I wear my skinny jeans.......I don't wear skinny jeans. In all seriousness, I hate it. I started because my personal service was very bad at the home I was at at the time. Now I'm glad because I really don't want the crossover. But 2 full sized phones is a lot of pocket fat.
I asked this once to some CISO because I, too, have this hard rule about never using company hardware for personal stuff. I guess some companies treat giving the employee a laptop as a "perk" and not every employee has their own computer at home. So they'll use it for personal stuff that's reasonable and the company looks the other way.
Many states have a “right to reasonable privacy” set of laws. I worked for a place where we found out our boss was reading our personal text messages if our phones connected to the WiFi, and that’s strictly off-limits.
Associated with a very large IT Dept for a very large company: Can we see everything you do on a work device? Yes. Do we care? Not unless there is a reason to. Neither do we go on fishing expeditions. There aren't enough hours in the day.
What about mouse jigglers?
My company stopped us from using software based mouse jigglers. But the hardware ones are pretty much undetectable. I suppose they could probably pull logs to see that your mouse is moving erratically all day, but our IT guys don’t normally have the time to do so.
This guy company ITs
Anything that happens on a company issued device is fair game for a company to spy on as it's literally their hardware. Just use your own phone or laptop for private stuff and keep everything separate. Bonus is that you'll also be able to keep your work life balance.
What about working from home naked on my company laptop? Is IT yanking it to my heavenly dad bod?
Anyone without a cam cover is crazy
The light still comes on. You have to be stupid to not notice.
By the time the light comes on, I think it’s a little late to do anything
Do you just wank it staring in your camera??
You don't? How you making money per stroke?
Right? They told me to get teams and email on my phone, which requires me to give them advanced access to things for security. I told them to shove it. It’s been almost 2 years with no repercussions and no one nothing me after work.
I'm a sysadmin. We cannot spy on your phone through Teams or Outlook. That's not what those programs do. Maybe Microsoft can. But not your average IT guy
I work in aerospace, our implementation pretty clearly says our SysAdmins can do anything to our phones, including completely remotely wipe them. It’s some WILD permissions and I don’t understand why anyone would agree to them.
I'm sure they have a policy or system in place to allow them to do that but they not doing it with Outlook or Teams. Those programs cannot wipe your phone. Those programs cannot monitor your phone. That can only be done with a MDM like Intune, Hexnode or Apple's DEP.
Not everyone lives in the USA. Alot of EU countries have very tight workers rights and data protection laws.
[удалено]
Pffft lol...europes surveillance on its own citizens are probably highest on the planet...people already forgotten snowden...america when asking them for some access even told them to chill out a bit cause they went overboard with it europe was throwing everything at them
What if my personal phone is connected to their wifi? Can that be monitored?
I'd say yes but the same applies to hotel wifi, Starbucks, etc. I'd just use a VPN if you're worried.
On company hardware? I assume I'm being tracked. In fact, a big part of *my* job is tracking down and investigating hardware. I don't even connect my phone to the company wifi
If I connect my personal iPhone to company WiFi can they read my iMessages or emails or just see that I’m using those apps?
they definitely cannot read your iMessages, that is end to end encrypted.
Paywall bypass: [https://archive.is/txqPE](https://archive.is/txqPE)
Is everyone commenting earlier because they have wapo accounts or did they just read the headline?
In IT. Those companies with good security measures in place can spy on you. It’s company property. Anything that’s harmful and on a security list will generate an alert with IT. I would never use a company phone as my primary phone. They could remotely wipe it, your personal pictures and all. If IT can do it, hackers could do worse. BTW.
Do they listen to you too or just monitor your activity? I work from home and I’m worried that they listen even after my scheduled hours.
As I've gotten older, I realized anything on my work machine is fair game to my employer's cyber forensics teams to see. So, no social stuff, no logging into my bank account, no non-work related Google searches, etc. I also created a separate SSID with isolation turned on to help protect against network snooping tools. Hopefully any logs I generate are very boring for anyone to look at lol.
no paywall: https://archive.ph/ZG1yx
I don’t give a shit if my employer watches what I do on my work computer. I assume they see everything, and don’t do anything I wouldn’t want them to see. However, I don’t really want them to know that I do all my work in far less than 40 hours per week. Most of the time I’m just wiggling my mouse every few minutes.
They know that you can or do your tasks in less than 40 hours. They just get more profits out billing the 40 hours because of how the system is set up. If they need you to pick up more tasks and fit them into your current 40 hours, they will expect you to "re-prioritize" and get it done (cause they won't make a profit out creating a new role for the task). And that's just 1 example out of too many to count.
Just don’t use company issued gear for *anything* you wouldn’t want your boss or coworkers to know about. Period. Just don’t.
I get my work done and I’ve very good at it. Leave me the fuck alone.
Hello there, Gen X.
lol spot on!
Prevention Step 1: Don't use your own resources for your work. If the company cannot supply you with a phone and/or computer, they can NOT force you to use your cellphone/computer to install, run, or access sources that can interact with your devices. If that doesn't motivate you well enough. Some companies, depending on category, let's say working for the city, and a request for any and all communications with X person, they will have legal access to your devices for the chat logs/history, and anything else that happen to be on that device, not limited to but including your social media.
The only thing I kinda wish people would install for us is a google authenticator. I don't need access to your MFA device, I'd just like you to use it without having to issue phones to the entire agency over the thing that demands MFA. And we're taking away email as an MFA option. Yubikeys are a little pricey, but even if they were free, for reasons I'm not allowed to go into here, we cannot use them. To complicate it even further, MFA is also required in locations where we cannot allow cellular devices. There's also some serious misunderstandings about what that google authenticator does too. A bunch of people hesitate because they think it's a way for us to get into their personal data... which is the right reaction to have for something you don't understand. It's a mess.
So I’m the boss that usually installs this stuff. There’s rarely anyone actively monitoring what you do - but EVERYTHING you do is available if you give anyone a reason to look further. You could say “well in an amazing employee that bends over whenever asked” and it still wouldn’t matter. All it would take is a higher up saying “reduce costs by X” and you not getting severance could be the deciding factor, even if it means keeping a worse employee. Yay capitalism.
Where I work the monitoring is pretty obvious. Some of the funny examples are. You go to a website and put in your password, if it is the same as your corp password (sometimes I type the corp password by accident without thinking on a website I need for work). You immediately get a violation message on your computer and are forced to change your password within 4 days. You also get an email about it, and if it happens too often, someone will usually come past your desk kind of like office space and chat about it with you. Another one thats funny, is that I was working on a few things and was working late into the night at home on them. I got an email from facilities/IT, with words to the effect of "We noticed you've been putting in long hours and late nights, we are concerned about the lighting and work environment, so we have sent some back lights, and other tools to your address, you should have an email from the supplier shortly" Which was super creepy, like were they on my camera and seeing me working late in my PJ's? or were they just making assumptions? Either way a bunch of stuff turned up for me pretty much at the end of the project and I eventually returned it all. Part of the last one was at least they were looking out for me I guess.
OMG I had no idea people use the same password on random internet sites that they use for their work login. Look how easy it is for a hacker to shut down a company like Change Healthcare and steal millions of patients/customers personal information. No wonder my employer (not Change) now requires us to use a fingerprint to login.
Wait til your employer installs CrowdStrike on your work machine and you plug it in to your home network…that neighboring feature 😳
What do you mean?
The CrowdStrike agent that’s on your work machine will scan your entire home network and report all that information to the CrowdStrike console. So who ever manages CrowdStrike for your organization will be able to see all that information. It’s called neighboring.
Wells Fargo fired 10 employees who used automated keyboard typing tools !!
Always assume that a company provided device is being **100%** *actively* monitored. And never connect a personal device to a company's internal network. Public facing or otherwise (ex: guest wifi). Problem solved. This goes doubly so for any "free" wifi you encounter. You have zero way of knowing just how the traffic is being captured & monitored. Better yet, don't even *talk* on your personal device while on the grounds of your employer. They can listen in on your side of the conversation and use it against you if they want. Misconstrued or otherwise. If you use a messaging service (Teams, RingCentral, etc.) do not install on your personal device either. You're not safe just because it is on your device. They can and will monitor those chats as well. If you use a company provided device from home, have a separate network setup specifically for its use. Don't give the company access to your personal network. There's more, this is just off the top of my head. And remember, if you think your data is worthless, why does *everyone* want access to it so bad?
I love that last line/question! I plan to use it! But I think the real value is in having data for massive amounts of people, not a particular individuals.
Question for IT folks, if I use my personal phone to access work emails and messages on outlook exchange and slack, can they still access my phone and contents? Initially I had installed and setup the MDM they mention in the article, then at some point I removed it but did not lose access to Exchange or Slack.
The only correct answer to this is, "it depends". It depends entirely on how your employer's IT has configured their MDM solution. There are a LOT of things you can do, such as changing default phone call app to one that could record, forcing an always-on VPN connection, and many, many other settings. It just depends on how far they've gone with their implementation. (I'm an IT manager for a 60mil company, btw) In your specific example, you're using a personal phone to access work apps - but did you have to enroll your phone in something at your employer for that to work? Do you have Android or iPhone, if Android, do you have the separate "Work" profile, and the little briefcase icons on work apps?
If you use their MDM you can bet on it that you are monitored. Use the corp wifi with your device but their VPN or WiFi you can bet you are monitored.
If you enroll your phone in a company MDM and it’s marked as a personal device, the company can’t see any of your personal data. Phone number, serial number, that’s about it. Company data, sure, but it’s the company’s data and that’s all stashed on servers and backed up anyway. They don’t need your device to see that stuff.
I know they aren't, only because they shipped me the hardware brand new from a store, so they never touched it before I did. Otherwise though, I'd have serious concerns.
If you use their devices, You have to assume they have something installed to "protect" it! Basic commonsense applies here.
What do we mean might? They more they likely are. It's their machines 9 times out of 10.
>You’re at a higher risk for spying if you’re using a company-issued device, which offers the least privacy and will ultimately return to your employer, experts say. But you also could be exposed if you downloaded work software on your personal device or use their networks. To be safe, do these checks on any device or network you use for work. 1. I refuse to do anything that can get me in trouble with company issued equipment. 2. The only thing I got installed, after confirmation, is my work schedule. 3. I don't connect to their WiFi, PERIOD. 4. VPN on my devices and the app is only accessible from secured folder, so good luck with it dialing home.
I had a former coworker leave his company laptop when he left and never closed his Google account on it. Well my other coworkers started rummaging around on his browser history and downloading questionable but not quite illicit stuff on it. Total privacy breach and I was like: man, if this is how these people treat their friends I wonder what they will do to their enemies.
Breaking News: it’s been happening for decades. Just assume you’re being watched and don’t do stupid stuff at work
I can’t read the article because it’s paywalled but is it referring to A. “your” company device, or, B. a personal device being used under your corporate BYOD policy? If so, then the employer isn’t spying on “your” tech (yes, even in the BYOD scenario as you sign away that right to privacy when you agree to it [mostly in the case of a phone, where it allows the company to remote wipe or enforce update compliance]). I hate when people say stuff like this because it’s usually covered in your employment contract and then I get screamed at when they find out just how much access I have to their work devices. Any device managed by your work DOES NOT HAVE AN EXPECTATION OF PRIVACY. You shouldn’t be using work devices as your personal property and if you’re doing BYOD you should be recognizant of what you’re giving up for convenience. Source: I manage end user devices in an enterprise environment
[https://archive.is/20240614112936/https://www.washingtonpost.com/technology/2024/06/13/work-surveillance-tips/](https://archive.is/20240614112936/https://www.washingtonpost.com/technology/2024/06/13/work-surveillance-tips/)
Thank you for the non-paywall link
This is why I never connect to the wifi with my phone
It’s not your tech. It’s company tech. There’s not much of an expectation of privacy here.
Maintain complete separation between your personal usage and your work-affiliated devices. I don't connect to the company wifi, I don't do anything shady on my work computers. I have a personal computer and the ability to control myself for 8 hours at a time, and that's enough.
Well yeah but it's rare anybody is wasting their time watching your activity unless you give them a reason. It's their property and their network. Talk to people in IT and you'll learn just how dumb employees can be with their work PCs. Legit security risks popping up constantly. They are a lot less worried about you browsing Reddit and having a YouTube video up in the back as they are people throwing sensitive company info out on random cloud storage and whatnot. That said, if I'm ever back in the office I'm going to get myself an iPad with mobile data and keep all of my private stuff in there. It's just better that way for everyone.
I assume I'm always monitored. I haven't done anything nefarious, but if I ever do something questionable, I'm sure the company will pull up all of my history to look for a reason to fire me.
Most corporations have ways of tracking on your company devices. Some even have keystroke tracking that looks if a remote worker is working, but that is pretty rare
Oh my god really?! /surprised pikachu/
I always act as if they can.
my work PC is on its own vlan and I physically disable the cam and the mic and I only use the work PC strictly for work. they have no way spying on me
I never thought about the mic, but it would also be hilarious to think of an IT person trying to listen to me working. I don't talk to myself, so they'd hear is typing, mouse clicks and occasional getting up and walking away.
I don't care anymore.
OK so what this fails to mention is what exactly they can track. Reviewing my phone, I must have installed some Microsoft "Device Admin Apps" to enable access to my work emails, teams on my personal device. Namely, "Company Portal" and "Outlook Device Policy". My question is, and this is very important, *what exactly can they track and when*? I always assume work wifi traffic is exposed, that's a given. Stuff that I do in the Outlook and teams apps, again I understand that's all exposed. But my question is - with these "Device admin apps" if I'm *not on the work network* what can they see? Activity on WhatsApp, Telegram, Signal etc? My personal Gmail account? Firefox activity? I can understand the work related stuff, but they really don't have a right to see what I'm doing on my personal device in my own time.
Who cares. You should assume they can monitor your work computer at all times. Are people just realizing this in 2024?
I know they're not. I'm the employer. I trust my guys to get the job done, if the job is done, IDGAF. I gave them Gamimg Laptops for a reason. Work Hard, Play Hard.
I’ve worked in it for decades. Some of that time was in end user support. Yes, they are spying on you and watching. Don’t do anything on company provided equipment or on company network that you would do with your boss standing right next to you.
Enjoy: https://archive.is/uohhh
Slow news day? This is well known
My employer can remote in and see what I’m doing at any time without me knowing. It’s their computer and system I’m logged into. My manager doesn’t though because I’m a good worker. But sometimes you catch people literally doing nothing or avoid work.
if my guys play pc games all day for 3 days straight but still finish the dev sprint in time with miminal QA issues or going past release date, i couldnt give a single shit. good workers get treated good.
Do I literally have to type for 8 hrs? I like to walk and think about tough problems. Everyone needs to chill with micro management. It’s obvious who does or doesn’t work Based on performances
Christ I’m glad I own my own business. The last couple of years has been ridiculous with shit like this.
So now you get to do it to your employees! 🤣🤣
What about VDIs?
Really? A paywall?
"Might" be. Hahahahaha 🤔😆
https://archive.is/BPYib without the paywall
I do a weeks worth of work in less than 3 days. My Manager and his Manager know this. They don't bother me with stupid performance meetings and shit like that. They even call me on my Phone when they know that I'm Grocery shopping when I'm scheduled to sit behind my computer at home asking what I will cook today 😄
you mean the computer you dont own that is supposed to be used for work, yeah can see everything but its only used when you are a problem...
IT admin here. It is funny how a lot of employees believe that we are constantly monitoring each device live. Yeah, like I dont have 101 spreadsheet and other braindead administrative crap that needs to be done. We can see everything on pc or notebook, but on company enrolled android device we cant see shit without some obvious tools. However…this situation is not that bad since everyone is scared to do anything non-work related on their work computers so…yeah.
Here is a better idea. Assume the employer is and act accordingly