Never do anything on work machines/networks you don’t want to have to explain to hr/legal.
Sr. Systems Admin here. IT does not give 2 shits about what you browse UNLESS something is reported or something trips our Alerts (has to be something major like Child Porn).
We don’t sit there and actively monitor and watch what you are browsing. We investigate when something is reported by a worker or an Alert/Filter gets tripped
HR also doesn’t know unless we tell them.
Second. I once had a staff member come to me all embarrassed because someone sent a dick pick via some dating app while they was on our corporate wifi. I was like, “I promise we don’t care”.
I mean, its HTTPS right?
Https is no match for work monitoring: pre-installed software, certs.
That only applies to work devices. If you’re using your personal device, they would be able to see traffic to/from a dating website but not the actual content.
Pre installed certs would be a huge vulnerability
Some companies try to be incredibly controlling
Yeah, but the it’s a good rule anyway, for some of the same reasons as the “Don’t put it in an email if you wouldn’t want it read aloud in a deposition” rule.
deleted by creator
Probably for audit/investigation reasons.
IT generally doesn’t care (doesn’t want to care) but you still shouldn’t do personal stuff on work machines/profiles.
Depends on the company size and the people above IT. Sometimes the boss is a chode and demands everyone be supervised like children constantly.
That’s still inline with what they said.
Also do some really weird things that are innocuous so the HR lady looks at you weird from now on.
Examples please?
deleted by creator
Reload every five seconds the global doomsday countdown clock.
You sick €%#¥! /s
Absolutely. Everyone could use that reminder
Everybody has a cell phone nowadays. There’s no excuse not to use your cell phone for private stuff. In fact don’t use the company Wi-Fi. You must use the company Wi-Fi then you must use a VPN
But no excuse anymore not to use your phone, you don’t need to use the word computer to browse, send emails, flirt, whatever
Everybody has a cell phone
All of my colleagues have work provided phones and laptops. They do all their personal shit on these devices (they don’t have their own)
They think i’m a huge weirdo for having my own personal devices… “Why waste money? Work gives us computer/phone… Lol, you carry two phones like a drug dealer?”
Then they have nobody to blame but themselves when drama happens.
IT: “You’ve been fired. Please return your laptop…”
“But how do i retrieve all my personal files?”
IT: [Shrug emoji]
Like IT gives you any time to get anything off a corporate-owned device.
When I got laid off, IT sent a bullet to my laptop immediately kicking me off and completely locking me out of it.
I was supposed to have another 4 days to transition my work. I contacted IT and was told once the bullet goes out, that’s it. Any and all access to everything has been terminated. Might as well just go home and enjoy the extra 4 days because no one’s going to undo a bullet going off early unless it comes from the C-suite. So I did.
@EmbeddedEntropy @9488fcea02a9 Okay. Note fur future me: BACKUP🙃
Just tell them “I don’t want to spend company’s resources for my own private life.”
The only way is to give them back that guilt and fear they are feeling.
Hustlah 4 lyfe
WTF? What country? Even at jobs where I was given a phone no one felt like ditching their personal devices.
I suspect its a millenial thing…
A few of us old guys keep personal devices… Our young colleages just expect the company to provide devices for them and never have to buy their own
Or we can’t afford our own 😕.
personal
Decent used laptops are quite affordable. I recently scored one on Ebay for under $100. It runs Linux and everything is snappy.
it’s one thing if they pay for them but if they are actually company devices that’s fucking weird
Nope. It’s not a pay and reimburse situation
Pure company owned devices
And if you don’t have a VPN set up, use Tor on your phone:
https://play.google.com/store/apps/details?id=org.torproject.torbrowser
That’s fair, bur if your not using a VPN just don’t connect to wifi at all. Too easy to make a mistake
The Tor website provides .apk files for Android, and there is an F-Droid release too. https://www.torproject.org/download/#android
You must use the company Wi-Fi then you must use a VPN
The company VPN or the client VPN, sadly
I mean if your personal device is attached to a work network use a always on personal VPN.
If you can’t for whatever reason then don’t connect to the wifi!
Don’t most work Wifi networks prevent VPN use?
This has not been my experience
No.
then spin up your own wireguard instance and connect to it?
Use Tailscale. Much easier to configure and manage than raw WireGuard.
raw wireguard is hard to setup? since when?
I’ve done both. I wrote my own scripts to generate the WG config files to handle variations in configure I needed to make for my different networks (masking, IPv6, cross multiple WG networks).
After converting to Tailscale, WG is just an extra level of hassle I can now easily avoid.
They see and scan all traffic, even what doesn’t go through the browser.
No one should use work laptops other than for work
Yeah. Nobody competent is checking your browser history on your PC.
Until HR needs to dig up a reason to justify firing you.
But my state is at will employment only, so they don’t need a reason.
Of course they can, they literally own the machine. You don’t own it, so don’t treat it like it’s your own private job hunting platform or porn viewer.
Unless you work in recruitment or porn…
Yea, this regular “surprise” that work computers are… IDK… owned by work and are configured as the owner requires… is so strange to me.
deleted by creator
your work sees all your browser history
Possibly, if they’ve bothered to configure their machines that way. And only on the browsers they’ve configured that way and only on their machines.
Also, please don’t assume that your work operates the same way as everyone else’s work.
We have that capability but dont really have the time or need for it. having said that, it only takes one rouge employee to mess it up for everyone else.
it only takes one rouge employee
What about a pink employee?
Sir, that is not an employee. That is a pig.
They were tickled?
I’m not on the IT team but have elevated permissions. I can dial into any of my subordinates computers “invisibility” I might add, and watch their screen. I can copy data remotely. It’ll take me a few minutes to grab an image of their computer “for backup” reasons, restore it on another computer, and then safely view their history.
By invisibility, I still leave log traces on their computer.
I’m not going to, because wtf. But I totally do have that power.
I work in cybersec - I’m not going to speak for all businesses or individuals but I will give you my perspective.
Sometimes we need to see browser history to help with timeline correlation, it’s mainly to see “how did this file get here, was it downloaded etc.
Sometimes the investigators need to check out the things they need to check out, BUT
BUT
It needs to be done precisely and sparingly where needed only. This means instead of going through the entire history file, or doing unrelated correlation work (spying on you without cause) you are going to only grab specific timeframes from things you suspect explicitly to prevent any overreach. It’s a tricky balance to hold but also why it’s so important for people in tech to be privacy advocates as well.
There’s a difference between searching for answers to a problem that arose and looking for/predicting problems (thought crime detected!)
I also work in cybersecurity. Second everything this person said.
This thread is a good reminder, because at many organizations HR / management can and will look at your browser history (and computer activity in general) as a method of monitoring performance and staying in control.
But at my organization, we have never once looked at anyone’s browser history (and I know that HR hasn’t because they would have to go through us). We certainly could if we were asked to and we would if there was an incident (what we would care about is sensitive / confidential information getting leaked or suspicious activity on the network using a specific person’s credentials, suggesting those credentials may be compromised). But in almost 2 years (we’re a startup in the aerospace electronics sector) we have never once had cause to do that and we have a philosophy that happy relaxed employees who feel trusted by their employer are the kinds of employees that we want, so we wouldn’t intrude that way without cause ever.
I third(?) this. Security and IT teams are too busy to be monitoring your everyday habits. Sure, they can see your history if they wanted to, but they won’t unless there is an appropriate justification to do so, and it’s usually triggered by an incident or HR. There also stricit rules with doing so because employees still have the right to their own privacy. It’s not like HR can just go over to the security guy and ask them to pull someone’s browsing history.
Another Cybersec worker here, and I’ll broadly agree with all this. That said, I’d also point out that, depending on your site setup, the browser history may be nothing more than another place to correlate information we have from elsewhere.
Several sites I have been at have used Data Loss Prevention (DLP) software which automagically records (and possibly blocks) data moving into and out of the environment. This can be very detailed, to the point of knowing when someone copy/pastes data to a web form. I’ve also been at sites which sniff web traffic at the firewall and record full pcaps and extract metadata for quick analysis. So yes, for those not aware, deleting browser history or using “in private” browsing or other steps to avoid us seeing your porn browsing, may not be as effective as you think.
All that said, I’ve never been on a Cybersec team which has had enough time to really care about porn browsing, so long as you are not putting the network at risk. And, so long as HR/Management doesn’t tell us to care. We have better things to spend our time on.
Lastly, if you don’t want us seeing it, don’t so it on a work computer. Look, we have lots of ways to see what you are doing. Just, do that stuff at home, on your own hardware. And leave the work computer for work. Writing up misuse reports is something I really hate doing.
Same for our company, and all companies whose security folks I’ve had a chat with. We don’t give a fuck what you do on your computer. Almost all security folks are into privacy themselves, additionally to simply not having the time to look at people’s browser history or traffic or whatever.
Yes, we have the option to collect data. No, we don’t look at it unless there is a very good reason to do so. And we protect that data, HR or whoever can’t just have it if they feel like taking a look. There is a process to protect the data, because that means protecting the company.
Your security team is not the enemy.
I agree with you completely
I used TOR at work once, to download some RPMs. Corp IT had a fucking meltdown
I can’t imagine why
RPM in this context means what?
i think they are a package of some distribution.
like .deb for Ubuntu or .exe for windows.
RedHat Package Manager
Thank you
Actually it’s Raunchy Porn Movies
We’re not cool enough to know
Forget chrome management. Any IT shop worth their salt is protecting their egress with a proxy, explicitly or transparently set.
Don’t browse the net on your employer’s network or devices. Use your phone. Get on 4G/5G.
Oh no, my employer might find out I’m looking for other jobs after being overloaded for a year and a half and constantly having my concerns/feedback/process improvement initiatives brushed aside.
Shot, i regularly browse jobs websites even though Im not looking to change jobs again soon. Just to keep them guessing.
I have been hinting to my manager for 6-9 months that he needs to move part of my workload elsewhere so that I can focus and actually achieve something. To think, all it took was for me to tell him straight that I was unhappy and unfulfilled to the point that I was considering resigning. Suddenly he’s all apologies and let’s make changes because you’re kind of vital and we don’t want to lose you.
And I was fired for it. Depends on the market demand I suppose, some industries there is no denying your worth, in others you’re disposable.
I love the fact that firing me what the person you’re answering mentioned is illegal here.
Peace of mind.
Yeah pretty outrageous, I soon found out employment rights in Ontario Canada are practically useless. I had no idea, I thought I had some basic protections, it’s almost nothing.
Your work can also read your private Slack messages. You have been warned.
Are they really called private messages? They should just be direct messages
I was the slack admin. We could not see private messages of clients. We could see company wide channels.
If I remember correctly you have to pay extra to be able to access private messages. Maybe you didn’t have this option enabled?
They can see it. I know because someone had an HR investigation happening and they showed me screenshots of his Slack conversations.
If it was a screenshot then they didn’t get it from slack. They have spyware that takes screenshots.
Obviously if they install malware that records keystrokes or the screen then they can see what you type and what’s on your screen.
But slack doesn’t let admins export private chats
Then they must have been able to capture his whole screen. Idk how they’d do that days later, but they had a screenshot of a private conversation in slack. Maybe he had already set off some flags before then and they were watching him or something.
deleted by creator
I’m on Ubuntu at work! The only employee on Linux at a tech company of >150 people! (Where are my Linux nerds?)
Kind of yeah, the rest of the working world uses Windows for good reasons.
deleted by creator
Legacy software with incredible backwards compatibility, exponetially more software options, user familiarity, pretty much everything that active directory provides from user management to group policies, the list goes on.
Im a linux guy, but the thought of rolling out even the most user friendly linux distro gives me nightmares.
deleted by creator
Aren’t they? Changing a legacy app can take years to do the needed research, approval, procurement, and implementation. “Because my IT guy doesn’t like Windows” is a terrible reason to undergo that process.
The same with retraining users on a whole new OS. You’ll spend hours over the course of months answering “where did my C:\ drive go?”. That’s a lot of time you’ll never get back.
Active Directory provides a lot of tools that are familiar to senior techs and easy enough for junior techs to figure out. I might prefer how Salt Stack works but I don’t have time to train dozens of fellow techs.
Linux is cool for a number of reasons, but it isn’t a magic easy button and a wise admin doesn’t swap out fundamental parts of his tech stack without careful consideration.
I’m using it, as well as my boss!
I’m in a company that uses Microsoft stuff, but I use a lot of fedora and Linux mint in VMs. The latter is based off Ubuntu at least!
It’s actually kind of nice to be able to save the state of my VM since forced restarts are so infrequent.
deleted by creator
I’m in the process of convincing my management to switch to Linux. The most important thing to them is having a way to remotely delete the pc in case it’s stolen. Does someone know of a solution in Linux for that?
I’m an infrastructure analyst and at my workplace I implement such rules for specific reasons: 1) we need to be able to have evidence should an employee act maliciously with a company device. We do also monitor all queries but it’s passive. We can drill into your browsing history in great detail but won’t unless we have to (speaking personally here as I follow the code). 2) people will do dumb shit. And will lie to get support. Now, having been on the other end of a support ticket, I get it. Unless you lie a little, you may not get support promptly. Therefore, it’s part of my job to check what’s the lie and what’s the actual issue, which includes being able to see the download history. I would not be surprised if malware is accidentally downloaded and then it autonomously removes itself from the download history as It has happened before. Strictly speaking, this is done for both your safety as well as that of the company. And generally speaking, you should NEVER use your work laptop/phone/iPad for personal use because of all of the above.
I use my personal laptop at work, no issues. Employer can’t see what I’m doing which is the way it should be.
If they don’t trust me, don’t hire me then.
I would never work anywhere where people like you can watch what I’m doing. Luckily I’m in IT so I choose where I work.
I despise companies who don’t give employees privacy. The reasons you gave means nothing. You can always argue for anything to protect the company. Who protects the employees?
Safest for the company would be if you have employees in small cells being watched by guards around the clock. That would be really good for the company.
If you’ve connected your personal laptop to your work wifi, they 100% can see all your browsing history (specifically whats passed through their network).
Hell, I only run a simple homelab and I can see the exact traffic/browsing history of every device on my home network. I’m only tracking via dns traffic, but your https traffic can even be intercepted and decrypted pretty easily. So don’t even trust that.
This doesn’t require installing anything on your device to fully monitor you.
You’re not wrong. It really comes down to how ethical the IT/company is. And we are, purposely so. Also we have dns-over-https and No other identifier is parsed through. So we can see and block someone browsing porn on the guest Wi-Fi, but we’d never know who it was. Look, I’m not saying things are perfect, but there are people like me who look out for both the user and the company. The goal is ensure that users privacy is respected and that the company is protected agains misuse, malicious intent or just plain bad-luck. This is the “code” I was referring to. As IT people we have to behave ethically for business we operate in. It’s not perfect but nobody is trying to be. This is all best effort from all parties.
Your ethics goes out the window when being told to do something by your employer.
Maybe you try to look out for the user, but it’s completely wrong that employees should have to trust you to do that.
“Company being protected from misuse” is a blanket term for survellience, same as “fighting terrorism”.
I still stand by my opinion. Companies need to trust employees and not run survellience programs against them. It’s just wrong.
Sure but I work from home. Don’t use their wifi except when I’m in the office. I could connect to a VPN and they would also see a connection to a VPN, but I don’t care enough to do that.
But when I’m at home, working on my computer, they don’t see anything.
Joke’s on you, I’m the network admin in the office.
deleted by creator
Trust an IT guy, we all do linux shit for fun. But at the office it’s called “work”. You are qualified.
deleted by creator
Arch on work is called centOS or debian. Just a hint for your new job.
deleted by creator
if you don’t have your personal browsing using a private profile of a secondary browser which you know you can delete, you are doing it wrong.
That might not be enough. I could monitor that on all the devices I manage, if I need to. There are tools to dump browsing info as it’s being committed, or it’s easy to pipe all the traffic from your machine through a VPN to a firewall I manage with a trusted cert injection into your device and inspect the traffic in transit. If you don’t want your employer to see what your up to, don’t use their infrastructure.
Well, yeah, if I worked at home I would use my personal computer for personal things and the workstation for work, it would be pristine. But alas, in the office there’s so much time I can spend pretending that I’m working because I finished my tasks before I implode.
Some risks are necessary :)
It’s not really about IT not knowing, but about being discreet enough that your boss doesn’t see your personal accounts logged in or even worse, to have two chrome profiles, both with obscure names, press the wrong one and to share the screen of saved tabs with Facebook, Instagram, pornhub… Yeah I’ve seen those bookmarks.
It’s… Wtf… If you’re going to be that deranged, at the very least be discreet… Sigh.
Some risks are necessary :)
No, it’s zero-trust all the way down!
not really about IT not knowing
All true, and I’m sure your IT doesn’t care as long as you’re not taking stupid risks
If you’re going to be that deranged, at the very least be discreet
…
I’ve seen things you people wouldn’t believe… a folder full of photos of a sales rep’s feet taken under the table at a meeting… a bookmarked playlist of adult baby porn labelled “Potential Suppliers”… I watched a modded BitTorrent client try to fake VLAN tags for unrestricted Internet access. All those moments will be lost in time, like that expensive label printer from my locked desk drawer… time to get another coffee…
As an IT administrator, if your org has GPOs controlling if you can delete your browsing history or not, there is no chance you will be able to install a second browser without admin credentials.
I can confirm there are places where that is possible.
Also as long as they do not whitelist executables, you could use a portable version of a browser.
And you would still get caught on the company device trusting company CAs, thus enabling them to decrypt all your traffic.
Use a personal device on a personal network for personal stuff.
Yeah, I can still see that activity. You’re still doing it wrong.
Personal device not on corporate network or you’re doing it wrong.
Sure but people see that you are on the phone while the IT people don’t really care what you do and by bosses aren’t checking those logs so idc. it’s about being discreet on some layers.
If I were at home I wouldn’t need to do anything to hide it since I would use my pc but since I’m in the office I have to get creative.
Also, 5hisbpost was 7 days old :)
