this post was submitted on 22 Aug 2023
481 points (96.5% liked)

Privacy

32120 readers
1010 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 
top 50 comments
sorted by: hot top controversial new old
[–] Pons_Aelius@kbin.social 176 points 1 year ago (3 children)

Never do anything on work machines/networks you don't want to have to explain to hr/legal.

[–] ech0@lemmy.world 90 points 1 year ago* (last edited 1 year ago) (6 children)

Sr. Systems Admin here. IT does not give 2 shits about what you browse UNLESS something is reported or something trips our Alerts (has to be something major like Child Porn).

We don't sit there and actively monitor and watch what you are browsing. We investigate when something is reported by a worker or an Alert/Filter gets tripped

HR also doesn't know unless we tell them.

[–] ensignrick@startrek.website 23 points 1 year ago (1 children)

Second. I once had a staff member come to me all embarrassed because someone sent a dick pick via some dating app while they was on our corporate wifi. I was like, "I promise we don't care".

[–] Pantherina@feddit.de 11 points 1 year ago (1 children)
[–] Pixel@lemmy.sdf.org 14 points 1 year ago (4 children)

Https is no match for work monitoring: pre-installed software, certs.

load more comments (4 replies)
[–] JokeDeity@lemm.ee 17 points 1 year ago

Depends on the company size and the people above IT. Sometimes the boss is a chode and demands everyone be supervised like children constantly.

load more comments (4 replies)
[–] teft@startrek.website 29 points 1 year ago (1 children)

Also do some really weird things that are innocuous so the HR lady looks at you weird from now on.

[–] JoeBigelow@lemmy.ca 11 points 1 year ago (1 children)
[–] fat_flying_pigs@lemmy.ml 48 points 1 year ago (1 children)

Open 100 tabs of Honey Bunches of Oats each and every morning

[–] teft@startrek.website 31 points 1 year ago

Reload every five seconds the global doomsday countdown clock.

load more comments (1 replies)
[–] jet@hackertalks.com 79 points 1 year ago (14 children)

Everybody has a cell phone nowadays. There's no excuse not to use your cell phone for private stuff. In fact don't use the company Wi-Fi. You must use the company Wi-Fi then you must use a VPN

But no excuse anymore not to use your phone, you don't need to use the word computer to browse, send emails, flirt, whatever

[–] 9488fcea02a9@sh.itjust.works 30 points 1 year ago* (last edited 1 year ago) (9 children)

Everybody has a cell phone

All of my colleagues have work provided phones and laptops. They do all their personal shit on these devices (they don't have their own)

They think i'm a huge weirdo for having my own personal devices.... "Why waste money? Work gives us computer/phone... Lol, you carry two phones like a drug dealer?"

[–] jet@hackertalks.com 17 points 1 year ago (3 children)

Then they have nobody to blame but themselves when drama happens.

load more comments (3 replies)
load more comments (8 replies)
load more comments (13 replies)
[–] Zeth0s@lemmy.world 54 points 1 year ago (4 children)

They see and scan all traffic, even what doesn't go through the browser.

No one should use work laptops other than for work

load more comments (4 replies)
[–] Raiderkev@lemmy.world 48 points 1 year ago (3 children)

I never browse personal stuff on a company device. That's what phones are for. I also don't connect to company Wi-Fi on any personal device, because my company makes me sign in with my company's credentials. This should be common sense.

load more comments (3 replies)
[–] Shiki@lemmy.world 40 points 1 year ago

Anyone that uses work equipment for personal stuff deserves to be found out

[–] Anticorp@lemmy.ml 34 points 1 year ago (7 children)

Your work can also read your private Slack messages. You have been warned.

load more comments (7 replies)
[–] PeachMan@lemmy.one 33 points 1 year ago (3 children)

Of course they can, they literally own the machine. You don't own it, so don't treat it like it's your own private job hunting platform or porn viewer.

[–] Koof_on_the_Roof@lemmy.world 15 points 1 year ago (2 children)

Unless you work in recruitment or porn…

load more comments (2 replies)
[–] jmp242@sopuli.xyz 12 points 1 year ago

Yea, this regular "surprise" that work computers are... IDK... owned by work and are configured as the owner requires... is so strange to me.

load more comments (1 replies)
[–] stevedidwhat_infosec@infosec.pub 30 points 1 year ago (4 children)

I work in cybersec - I’m not going to speak for all businesses or individuals but I will give you my perspective.

Sometimes we need to see browser history to help with timeline correlation, it’s mainly to see “how did this file get here, was it downloaded etc.

Sometimes the investigators need to check out the things they need to check out, BUT

BUT

It needs to be done precisely and sparingly where needed only. This means instead of going through the entire history file, or doing unrelated correlation work (spying on you without cause) you are going to only grab specific timeframes from things you suspect explicitly to prevent any overreach. It’s a tricky balance to hold but also why it’s so important for people in tech to be privacy advocates as well.

There’s a difference between searching for answers to a problem that arose and looking for/predicting problems (thought crime detected!)

[–] thebardingreen@lemmy.starlightkel.xyz 11 points 1 year ago (1 children)

I also work in cybersecurity. Second everything this person said.

This thread is a good reminder, because at many organizations HR / management can and will look at your browser history (and computer activity in general) as a method of monitoring performance and staying in control.

But at my organization, we have never once looked at anyone's browser history (and I know that HR hasn't because they would have to go through us). We certainly could if we were asked to and we would if there was an incident (what we would care about is sensitive / confidential information getting leaked or suspicious activity on the network using a specific person's credentials, suggesting those credentials may be compromised). But in almost 2 years (we're a startup in the aerospace electronic sector) we have never once had cause to do that and we have a philosophy that happy relaxed employees who feel trusted by their employer are the kinds of employees that we want, so we wouldn't intrude that way without cause ever.

load more comments (1 replies)
load more comments (3 replies)
[–] NegativeLookBehind@kbin.social 30 points 1 year ago (5 children)

I used TOR at work once, to download some RPMs. Corp IT had a fucking meltdown

[–] possiblylinux127@lemmy.zip 20 points 1 year ago

I can't imagine why

[–] gowan@reddthat.com 10 points 1 year ago (2 children)

RPM in this context means what?

[–] Rescuer6394@feddit.nl 10 points 1 year ago (1 children)

i think they are a package of some distribution.

like .deb for Ubuntu or .exe for windows.

[–] mishimaenjoyer@kbin.social 17 points 1 year ago (2 children)
load more comments (2 replies)
[–] Reverendender@sh.itjust.works 8 points 1 year ago

We’re not cool enough to know

load more comments (3 replies)
[–] regalia@literature.cafe 29 points 1 year ago (10 children)

Until you get asked by HR why you're breaking their policies by clearing history and why you're doing it. If it's a work device that's not yours, don't expect privacy. It's their property.

[–] skookumasfrig@sopuli.xyz 12 points 1 year ago (1 children)

They don't need the computer to see everywhere you've gone. I've never heard of anyone getting in trouble for clearing their history, but lots of people who have had problems visiting questionable sites.

load more comments (1 replies)
load more comments (9 replies)
[–] rah@feddit.uk 21 points 1 year ago (5 children)

your work sees all your browser history

Possibly, if they've bothered to configure their machines that way. And only on the browsers they've configured that way and only on their machines.

Also, please don't assume that your work operates the same way as everyone else's work.

load more comments (5 replies)
[–] angelsomething@lemmy.one 18 points 1 year ago (10 children)

I’m an infrastructure analyst and at my workplace I implement such rules for specific reasons: 1) we need to be able to have evidence should an employee act maliciously with a company device. We do also monitor all queries but it’s passive. We can drill into your browsing history in great detail but won’t unless we have to (speaking personally here as I follow the code). 2) people will do dumb shit. And will lie to get support. Now, having been on the other end of a support ticket, I get it. Unless you lie a little, you may not get support promptly. Therefore, it’s part of my job to check what’s the lie and what’s the actual issue, which includes being able to see the download history. I would not be surprised if malware is accidentally downloaded and then it autonomously removes itself from the download history as It has happened before. Strictly speaking, this is done for both your safety as well as that of the company. And generally speaking, you should NEVER use your work laptop/phone/iPad for personal use because of all of the above.

load more comments (10 replies)
[–] UsernameLost@lemmy.ml 14 points 1 year ago (4 children)

Oh no, my employer might find out I'm looking for other jobs after being overloaded for a year and a half and constantly having my concerns/feedback/process improvement initiatives brushed aside.

load more comments (4 replies)
[–] seiryth@lemmy.world 13 points 1 year ago

Forget chrome management. Any IT shop worth their salt is protecting their egress with a proxy, explicitly or transparently set.

Don't browse the net on your employer's network or devices. Use your phone. Get on 4G/5G.

[–] NENathaniel@lemmy.ca 10 points 1 year ago (4 children)

Anyone know exactly what they could see if you're on a personal device but work-wifi?

[–] freundTech@feddit.de 16 points 1 year ago* (last edited 1 year ago) (2 children)

Usually the websites and apps you use, but not what specific page you visit and it's content.

If you for example visit https://en.wikipedia.org/wiki/Labor_unions_in_the_United_States they could see that you visited https://en.wikipedia.org/ but nothing more.

This is assuming that the website is encrypted (it starts with https://, not http://), which nowadays luckily most websites are. Otherwise they can see the specific page, it's content and most likely also all information you input on that page.

[–] henfredemars@infosec.pub 10 points 1 year ago* (last edited 1 year ago) (7 children)

My work runs MITM with corporate certificates, so they can see everything no matter whether it's encrypted or not. If you don't accept the certificates to let them monitor, you can't browse.

Therefore, I just don't use it.

load more comments (7 replies)
load more comments (1 replies)
load more comments (3 replies)
[–] echodot@feddit.uk 9 points 1 year ago* (last edited 1 year ago) (1 children)

So only watch mainstream porn on work computers, got it.

I've always assumed work will be looking at the browser history. Anyone who assumes they won't is an idiot.

load more comments (1 replies)
[–] UnfortunateShort@lemmy.world 8 points 1 year ago (10 children)

I mean, MS can literally track you between Windows installs, as long as you're on the same hardware. No surprises here.

load more comments (10 replies)
load more comments
view more: next ›