[HN Gopher] Stop using your work laptop or phone for personal st...
___________________________________________________________________
Stop using your work laptop or phone for personal stuff, because I
know you are
Author : manikandarajs
Score : 126 points
Date : 2021-06-24 19:54 UTC (3 hours ago)
(HTM) web link (www.zdnet.com)
(TXT) w3m dump (www.zdnet.com)
| AshamedCaptain wrote:
| > who in addition to accessing those university resources also
| visited several "high-risk" porn sites, one of which had placed
| cookies on the computer.
|
| Get this, Charlie; get this, Charlie! It's cookies... Cookies!
| Oh, the humanity!
| leipert wrote:
| If I use my work laptop at home, I even put it in a separate
| guest WiFi. Since the introduction of an Endpoint Management
| system it essentially became an untrusted device.
| wing-_-nuts wrote:
| Separate computers? Sure. Separate _phones_? No. I have outlook
| installed in a little sandbox app (nine), and slack. My slack
| notifications are blocked. I don 't want to have to charge and
| carry two separate phones every where I go.
|
| I also refuse to install any software on my phone that I'm not
| comfortable with. For example, outlook wanted permissions to
| remote wipe my phone and a lot of other skeevy stuff. That's not
| going to happen. I've heard of some employers asking to install
| tracking applications on their employees phone, that wouldn't fly
| either.
| stavros wrote:
| More than avoiding keeping the personal stuff on the work laptop,
| avoid keeping work stuff on personal hardware. When you're off
| work, you're off work. No email, no notifications, no nothing.
|
| The only work thing I have on my personal phone is Slack, and
| that's with auto-DND outside work hours. If there's an emergency,
| you can call me.
| jimmaswell wrote:
| I had to install an authenticator and timesheet on my phone.
| Not really that bad.
| stavros wrote:
| Sure, if it doesn't generate notifications, that's no
| problem.
| underseacables wrote:
| My friend uses one computer for both personal and business but he
| owns the company. I've always wondered if that was prudent,
| perhaps separate accounts at least?
| onychomys wrote:
| Do we count posting on HN as personal stuff?
| zwieback wrote:
| I don't, as a SW guy it's part of on-the-job training!
| necrotic_comp wrote:
| Yes, messageboards, etc. should be considered read-only at best
| on work devices.
| dyingkneepad wrote:
| I think one of the biggest risks to the employee is the CEO or
| anybody in power simply deciding to letting you go and suddenly
| taking your machine from you without notice while you're in the
| office.
|
| Or a ransomware invading your work laptop and encrypting your
| stuff.
|
| Or your creepy IT guy figuring out the stuff you post on amazon
| or having access to your nudes or whatever.
| ChrisMarshallNY wrote:
| Many years before I left my company, I purchased my own equipment
| for personal use. I actually had better equipment than that
| provided by my employer.
|
| They monitored the living bejeezus out of my work equipment, and
| wouldn't let personal equipment (including phones) connect to the
| corporate network.
|
| It was pretty overboard, but my company was seriously paranoid.
| It actually caused problems. For example, we wrote optimized C++,
| and optimizing on a monitored system is...difficult; especially
| with some of the custom gnarlyware we got from companies like
| Intel.
|
| It also meant that I never worried about mixing my personal work
| with company work. If I had personal equipment at work, I would
| use 4G/hotspot. Not ideal (so I didn't really do anything more
| than check emails at work). It also allowed me to get to some of
| the banned sites (the company had a nasty habit of banning
| exactly the kinds of sites that optimizers like to read).
|
| Another benefit was that I left my work equipment at work, so I
| couldn't easily be roped into doing out-of-band work. I had a
| great excuse.
|
| It was annoying, but fine with me. I think the company went way
| overboard in their paranoia, but it was their company, and they
| got to set the rules. I have never had any interest in causing
| issues with them, so I was careful not to do anything that would
| step on their toes. They pretty much returned the favor.
| legohead wrote:
| One of those things that makes sense, and would be nice, but will
| never happen.
| neaden wrote:
| My first ever office job was working for a local government,
| where one of the first things they told me when giving me a
| laptop was that the previous person in the position had been
| FOIAed and had to hand over the laptop to attorneys in the past
| so to be very careful about anything I did. This attitude has
| served me well in life.
| [deleted]
| jcomis wrote:
| I recently switched jobs. When I put in notice at my previous
| employer there was some sort of miscommunication with IT about my
| last day and I was shut out 2 days early, before I had a chance
| to wipe everything or even log out of my personal stuff (in their
| own chrome instance). They were not willing to undo it, but
| assured me everything would be instantly wiped once they received
| it. Couple days later I decide to check my google accounts for
| some other purpose and see an active session in the city where I
| mailed back my machine to. Same with a few other accounts. Was
| not thrilled with that.
| zwieback wrote:
| Also just for practical reasons. When I shift to a new work
| laptop or reformat my current one for whatever reason I don't
| want to sift through docs and pictures I might lose.
| majormajor wrote:
| This is one of the reasons I'm starting to like thin client stuff
| for work. They've gotten pretty good even for large-screen GUI
| desktops, and if your "work laptop" is actually a different
| machine that's just open inside one app on your personal one, it
| is very easy to keep your personal stuff outside of that session.
| hughrr wrote:
| Been there won't do it again.
|
| I now have three laptops, two iPads and two iPhones on my desk
| all day though. Which is a complete fucking pain. Some days I
| wish I did something else for a living.
| mgarfias wrote:
| I'm not.
| AmVess wrote:
| Employee tracking isn't anything new or all that surprising. Do
| everything as if it is going to be made public at some point.
| EMPLOYERS ARE NOT YOUR FRIENDS.
|
| If they buy you internet, they are tracking it. If they provide
| you with a computer, they are tracking every click and pointer
| movement.
|
| Keep work computers and personal computers separate and that
| includes all methods of IO.
|
| I used to work for a Fortune 10 company, and they retroactively
| changed their approach to personal data on company computers.
| Yes, does it sound illegal? Very much NOT so, but they totally
| got away with it.
|
| ....Except there was an accidental malformed script that wiped
| all the user folders and backup data. Ever wonder what happens to
| a SAN when every disk shits itself for a few days?
|
| I'll never really know what the outcome of the malformed script
| was except there was no retroactive application of corporate
| rules because the thing the rules were meant to apply to simply
| didn't exist anymore.
|
| Coincidentally, it was also the same day that I quit and decided
| to work for myself.
|
| "Malformed script"
| tj-teej wrote:
| Obvious stupid uses of work laptops are beyond the pale, but I
| can see why someone would check their gmail from a work laptop
| (I'm posting this on my work laptop while my code compiles).
|
| But one thing I found which is great is setting up my work and
| personal laptops next to each other on a laptop holder and doing
| everything through external monitors.
|
| At my desk I have an adjustable laptop holder which holds my work
| and personal laptops, as they're both macbooks switching between
| my work and personal laptop is as simple as unplugging a couple
| usb-c hubs, plugging them into the other laptop (the port is 1
| inch away), and pulling out my other keyboard.
|
| https://www.amazon.com/gp/product/B081GY4NM9/
| jph wrote:
| If you use the same computer for work and home, then you may be
| able to create a user account for your work stuff and a different
| user account for your home stuff.
|
| If you do consulting for multiple customers, then you may be able
| to create a different user account per customers, so there's some
| separation among your customers' information.
|
| If you're able to use thin clients, then you may be able to
| create separate user accounts on the servers, so any files stay
| fully on the servers and never download to your local computer.
|
| When you use multiple user accounts, you're having the operating
| system help separate things per account, such as each account's
| credentials, profiles, logins, histories, cookies, caches, etc.
| draw_down wrote:
| I've never understood why people do this and I never will. Work
| equipment for work things, personal equipment for personal
| things. Don't login to your bank, pay bills etc on work
| equipment.
|
| Not because it's "wrong" or something, but because doesn't that
| just strike you as a bad idea? They own that equipment, you don't
| know what's on it, what it's recording or reporting. If you're
| traveling you have your phone.
|
| You should trust your employer on some level because you work for
| them, but this is a case where you won't even need to think about
| trust if you just don't do it.
|
| Use airdrop etc to move files around.
| HumblyTossed wrote:
| Also, any company that will not give you a phone (if necessary
| for your job) and/or a computer (if necessary for your job), run
| away. Just, run away.
| Scoundreller wrote:
| When I sat down on day 1 and had 4 glowing rectangles set up at
| my desk, I knew I ended up at the right place.
| mewpmewp2 wrote:
| Not that simple. My company has BYOD for phone, but my total
| compensation is crazy good, a lot better than any other
| opportunity near my location. Why should I run?
| Hamuko wrote:
| I got a phone so shitty that I gave it back. The phone was only
| going to sit at the bottom of my bag, where I would never hear
| it. I couldn't even log into Slack since I didn't want to log
| into Google Play with a personal Gmail account on it.
| notJim wrote:
| no
| lkuty wrote:
| It's the other way around: somne work on personal computer.
| yoursunny wrote:
| In my agency, we are allowed to use work laptop for personal
| purposes, except certain prohibited software and prohibited
| sites.
|
| I don't store files though: they are only accessed though the
| browser.
| GekkePrutser wrote:
| I totally don't agree with his sentiment. And I manage 200,000
| endpoints (computer and mobile)
|
| This sentiment is a typical early 2000s mindset. It no longer
| works in this world where the line between business and private
| lives have blurred. And it wasn't just the pandemic that did
| that, this has been going on much longer.
|
| Who wants to bring 2 laptops on a business trips? Or 2 phones for
| that matter? Computing is flexible in the age of the cloud.
| Mobile OSes are really good at separating personal and private
| data (think of Android's Work Profile and iOS's User Enrolment).
| Personal computers (either Mac or Windows) don't do this as well
| yet, but at least they're a hell of a lot more secure with
| everyone enforcing disk encryption now.
|
| But we should remember that technology is there to serve us. If
| the tech can't deal with our increasing mix of private and
| business, we'll just have to make it better at that. Telling
| people not to do it just won't work.
|
| I have one exception: Installing personal apps on a work computer
| is not really OK (unless the application has already been
| approved for work too). On mobile this is fine because of the
| more rigid separation.
|
| PS: This is not just my opinion, it's the company's policy. We
| explicitly allow personal use (including apps) of mobile devices
| and most personal web usage on company laptops (though blocking
| malicious sites and stuff that's not really "business oriented"
| :) ). We do block some things like sideloading on mobile. Our
| devices are still secure because we enforce what's important
| (like decent passwords, full disk encryption). Our users are
| happier because we don't treat them like children. We're happier
| because we don't need to approve every taxi app anymore that a
| user would want to use on their work phone during a business
| trip. We just make sure their apps can't access the work apps. On
| mobile this works really well and on PC/Mac it's in the works.
|
| It's a give and take. The early 2000's us-against-them BOFH total
| lockdown thing just doesn't fly anymore.
| jfrunyon wrote:
| Pretty much this. I have no problem with people watching
| Netflix or checking their email, or whatever. If it's not
| likely to create security problems for us - or at least, we
| already accept any security problems it has (as is the case for
| web browsing)... meh, why would I care?
| pwarner wrote:
| I use a personal AWS Workspace as my personal machine, that I can
| access from my work laptop. It's handy, although I wish the cost
| was lower. Does anyone have a better managed VDI suggestion?
| joezydeco wrote:
| I bought a used R710 server for $200 and put it in the
| basement. I can run a handful of Win10 or Linux VMs on it at
| the same time and remote desktop into each of them. Just used
| wired ethernet if you can for speed and keeping the wifi quiet.
| barrkel wrote:
| It's worth calculating power usage for this kind of thing.
| It's often a false economy if you don't use the compute.
| encryptluks2 wrote:
| Don't work for a company that wants to "manage" your computer for
| you. You are assuming liability regardless if you manage it or
| they manage it. What you end up getting is usually crappy
| hardware, a bunch of redundant software that is terribly managed
| and outdated, and being told how to do your job and what software
| you can use even though you're supposed to be the expert.
|
| The same people installing SolarWinds and requiring you use
| Outlook with 10 different comprised extensions will be the first
| to try blaming their employees for installing Docker or kubectl
| because it wasn't approved software yet you were brought in to be
| the container expert.
| M277 wrote:
| I have always wondered about this... here in the third world,
| students pretty much rely on Windows Education and Office 365
| Education for all their Windows / Office needs, as the cost for
| these is too high. Yet, you don't actually "own" these as a
| student; they're managed by your IT department. So I was always
| curious if there are any implications / hidden traps.
| hizxy wrote:
| What about 2 factor apps on your personal device?
| ngngngng wrote:
| These days I do almost all of my work on my personal desktop
| since it's so much faster and more pleasant than my work issued
| laptop. Funny enough, the main time I use the work laptop is to
| play Netflix while doing the dishes or folding laundry. So I'm
| sure it looks like I'm not doing anything at all. Laptops off for
| 3 days, I turn it on and go straight to Netflix. Oh well.
| Grimm1 wrote:
| This goes double if you have any entrepreneurial ambitions. Do it
| on your own machines on your own time.
|
| There has been at least one high profile case over the last few
| years over people who didn't do that.
| albertgoeswoof wrote:
| What high profile cases?
| Cd00d wrote:
| Silicon Valley, season 1
| jfrunyon wrote:
| If you are in the US, and you write something on a work
| machine, your employer owns it.
|
| As you might be able to imagine, this happens pretty often.
| samjbobb wrote:
| I think this is reasonable advice, in some settings. But for many
| of us, I think it's just not practical anymore.
|
| The lines have become too blurred. I work from home, I have one
| office and one desk. The computer on the desk was purchased by my
| company but other stuff wasn't like my mouse or my iPad. I have
| work Slack on my phone, which is my personal phone. I know I
| should be, but I'm just not that careful anymore about what I do
| where.
|
| Granted, I work for a startup. It's a MBP they had shipped
| directly from Apple to me. I set it up and configured it myself.
|
| The GitHub Balanced Employee IP Agreement acknowledges that this
| distinction is arbitrary and unhelpful:
|
| > In California the main difference made by BEIPA is that IP
| developed with company equipment or relating to the company's
| business, but in an employee's free time and which the employee
| is not involved in as an employee, is not owned by the company
| (but the company does get a non-exclusive and unlimited license
| if the IP relates to the company's business). This recognizes
| that from the employee perspective, segregating one's life
| activities based on ownership of devices at hand or relatedness
| to an employer's potentially vast range of business that an
| individual employee is not involved with as an employee imposes
| significant cognitive overhead and often doesn't happen in
| practice, whatever agreements state.
|
| - https://github.com/github/balanced-employee-ip-agreement
|
| I hope that more employee agreements move this direction so we
| can stop trying to enforce this distinction.
| loa_in_ wrote:
| I understand that visual arts or being a writer are considered
| a different businesses than IT, that's a pretty common sense,
| but I guess if you're doing a website on a company property
| where their business is embedded systems this could be
| qualified as the same business (IT)?
| sjfidsfkds wrote:
| If your employer wants you to have Slack on a phone, they
| should buy you a phone. That's been my situation across
| multiple employers for 5+ years.
|
| I plug the same monitor and mouse into a work computer and a
| personal computer. This isn't hard - you can use a single
| dongle with all of your inputs so you only need to swap one
| plug. Or you could use some kind of KVM switch.
|
| I understand that startups may not want the expense of buying
| hardware for their employees, and you might not want to buy
| your own laptop, but if you end up building something valuable
| in your personal time, it's in your interest to keep these
| things separate. For example, you might work on a side-project
| which is somehow related to your employer's business, and
| eventually decide to quit and start your own company. You'll be
| in a more secure legal position if you used your own device for
| that. You might judge that you aren't likely do do that, but
| you should think through the trade-off.
|
| The GitHub agreement sounds like an improvement, but most
| companies don't use it. I'm not sure how well it protects your
| interests. If you're working at odd hours because you're
| receiving notifications on a personal device, while you're also
| working on your side-project on a work device, would lawyers
| agree on what is personal and what is work?
| stock_toaster wrote:
| > If your employer wants you to have Slack on a phone, they
| should buy you a phone. That's been my situation across
| multiple employers for 5+ years.
|
| I wholeheartedly agree with computers/systems, and keeping
| things separate there.. but two phones? Who wants to carry
| around two phones just for staying on top of slack during
| _off hours_?
|
| If the company isn't ok with me using slack on my personal
| phone, then I'll only use slack on the supplied computer
| during business hours (eg. they get no mobile slack out of me
| at all). Either that or I find a different job. Life is too
| short to deal with so many devices and the hassle of it all.
| soperj wrote:
| why the hell would you want to stay on top of work during
| off hours?
| meepmorp wrote:
| Schadenfreude
| thrashh wrote:
| For some of us, we kind of make up off hours as we go. If
| it's 2pm and I'm bored and I have no meetings, I might
| just take 3 hours off and go to the park or gym, and if a
| coworker has a question during that time, I don't mind
| answering it.
|
| I prefer to do things whenever I want to do them and not
| bother with "on" and "off" hours.
| GekkePrutser wrote:
| Personally I _like_ blurring the lines between work and
| private life. Do some personal stuff during work hours
| (no more messing around getting time off to go to the
| dentist or the bank - I just book a meeting in my
| calender and go). Answer a quick question while I 'm on
| the subway. Spend an hour at night helping out a
| colleague in the US with an urgent problem when I have
| nothing better to do anyway. I'll just sleep in in the
| morning when things are quiet. I love this.
|
| What matters also is that I really like my work. And it
| isn't forced on me or even expected in the slightest.
| It's nice when I can pop in when I'm off and help out. If
| not it's fine too. Flexibility.
|
| For me this works. I understand it doesn't work for many
| others like yourself. But that doesn't mean it should be
| made impossible for me (like some countries do, e.g. in
| France forcing work email to stop after hours).
| ghaff wrote:
| Same. I don't overwork. Except maybe when I travel but I
| like travel. If I'm "off the clock" whether vacation or
| after 5, I'm not going to (nor be expected to) suddenly
| spend the rest of the night dealing with something. But
| maybe I can write an email or two or take a quick look at
| a dock which helps someone. And, as you say, I don't feel
| guilty going to the store or the dentist during the day.
| sharken wrote:
| Very much agree, a phone should either be for personal use or
| work.
|
| With 2FA being more common in the workplace it just makes
| sense to have that on the work phone.
| mike_d wrote:
| > If your employer wants you to have Slack on a phone, they
| should buy you a phone
|
| ...and if you want to have personal stuff on a laptop you
| should buy your own.
| [deleted]
| grillvogel wrote:
| ive got a wireless mouse and keyboard that support multiple
| devices, so i dont even need to swap the plug. to use my
| personal computer i just switch the monitor input and the
| mode on the mouse/keyboard.
| astockwell wrote:
| FWIW, with JAMF, your employer can ship it straight from Apple
| to your door, and still get their MDM all over it the second it
| connects to the internet the 1st time.
| rand49an wrote:
| I understand this sort of thing pisses people off but Windows
| Autopilot and automatic enrolment into Intune has been an
| incredible help this last year.
|
| Where I work we managed to ship thousands of laptops to
| students homes from the manufacturers during lockdown and but
| still ensured that they had the correct E-Safety software and
| configurations on them when they turned them on for the first
| time.
| Terretta wrote:
| Any product leveraging the built in MDM hooks can do this, no
| need to single out JAMF.
| astockwell wrote:
| Indeed, MSFT launched similar. JAMF was just the most well
| known in the Mac ecosystem.
| GekkePrutser wrote:
| Apple DEP (== Autopilot) on Mac can still by bypassed by
| simply not connecting to the internet when going through the
| setup wizard.
|
| On iOS however, it can't. iOS won't let itself activate
| without internet.
| varispeed wrote:
| Do you charge your company for desk space at your house?
|
| It's not being talked about much, but since companies are okay
| paying landlords billions, they seem to be shy to pay their
| employees for use of their homes as offices.
| teeray wrote:
| I really do wish iOS had appropriate os-sanctioned containment
| for work apps. Like, I'm talking a switch I throw and springboard
| flips over and shows me another whole set of apps with different
| data. Similarly, I should be able to assign a SIM to each
| profile. That way, whatever required MDM is isolated to that
| profile and doesn't touch personal stuff, guaranteed.
| kwerk wrote:
| You can emulate the concept of flipping over / changing which
| apps are on the homescreen / notifications with the upcoming
| iOS 15 "focus" profile concept.
|
| It's not isolating data though.
| privong wrote:
| There's a lot of "one device versus two device" discussions here.
| I have a work laptop and a personal laptop that I use carefully
| to try and keep things separate. But, this means I'm now
| ~doubling the environmental impact of electronic devices (impact
| of production, disposal). So there's tension, in my mind, between
| the public/private work separation and minimizing the damage I'm
| doing the environment.
|
| In all fairness, I suspect me buying 2 laptops every 3-4 years
| instead of one laptop over the same period is a small
| environmental impact compared to other things (air travel,
| dietary choices). But it also seems like that's not a reason for
| me to ignore its impact. And the aggregate cost of many people
| having 2 laptops instead of 1 is probably worth considering.
|
| I thought about ways to only have one device (running my personal
| "machine" as a VM on my work laptop or vice versa) but couldn't
| come up with anything cleanly satisfactory.
| [deleted]
| Darvokis wrote:
| I think the environmental impact is overstated. There's a
| healthy second hand market that thrives because of companies
| buying laptops and eventually selling them. I've gotten plenty
| of great laptops at great discounted prices over the years that
| probably wouldn't be possible otherwise.
| balozi wrote:
| I remember when advice to not use company/official email for
| personal correspondence was considered a radical idea. Why
| would anyone need two email accounts?
|
| Today I don't even want my personal phone connecting to
| corporate wifi. I work with these cats, I know how they think.
| So yes, two devices please.
| GekkePrutser wrote:
| Yet today phones have really excellent separation of personal
| and private data. Like Android Work Profile which basically
| is a small virtual phone inside your phone which is
| controlled by your employer, with the benefit that they can't
| look at any of your personal stuff and you can switch the
| whole thing off easily.
| timr wrote:
| This is such critical advice, particularly if you work for a
| company that does remote hardware management.
|
| You could be fired tomorrow, and your access to your hardware
| revoked instantly. Apple devices, in particular, allow IT to
| remote lock your laptop. Whatever you had stored on the drive is
| lost to you, available to your employer, and you can't do
| anything about it.
|
| Don't mix business and personal hardware.
| pageandrew wrote:
| If you got the laptop in a sealed Apple box (purchased by
| employer), and set up macOS yourself, created your own admin
| user and everything, does this remote access still apply?
| rz2k wrote:
| In that case you should know whether a management profile[1]
| has been installed, but you shouldn't assume you can simply
| create another admin account.
|
| [1] https://support.apple.com/guide/server/intro-to-profile-
| mana...
| Hamuko wrote:
| If I don't see a Profiles section in my System Preferences,
| does this mean that my employer has a very high level of
| trust in me?
| mike_d wrote:
| It means your employer has a very low level of security
| and you should be genuinely concerned about any personal
| or financial information you gave them during your
| hiring.
| Hamuko wrote:
| Seems like a vast overstatement.
| mike_d wrote:
| Endpoint management is like bare minimum security basics.
| At this point luck is the only thing stopping a BEC or
| ransomware attack.
| GekkePrutser wrote:
| I manage hundreds of Macs. Just wanted to add that these
| management profiles don't say much about what you can and
| can't do and what your company can do. You have to go
| through each of them to see what they do (the management
| one is just the master one, there will be tons more which
| specify exactly what is restricted and/or enforced). Apple
| is very good at privacy protection, asking the user for
| permission even on managed machines, which can be bypassed
| with certain profiles but it's pretty tough to do. I
| personally take this as a sign to think long and hard about
| whether I really should.
|
| Co-usage is just a thing these days. A little trust in your
| employees is also important. Usually these profiles just
| mandate some basics like password complexity, disk
| encryption and they set standard settings like WiFi and
| printers so you don't have to bother figuring all that
| stuff out. And it will install applications you need and
| security stuff.
|
| And don't forget, a password complexity profile on a Mac
| will apply to _all_ accounts created on it. Even ones
| created by the user. Many things work like this, on a
| machine level. It 's more about establishing a security
| baseline than tying the users' hands.
| [deleted]
| jcims wrote:
| This entirely depends on what you do from that point forward.
| Are you using a VPN provided by your employer? Are you
| installing any screen sharing or collaboration apps for work?
| You'll need to understand what each of these are capable of
| in order to fully understand your exposure.
| gostsamo wrote:
| Yes, it does. The employer has registered in front of Apple
| the serial number and Apple considers the device theirs. MDM
| on an employer's laptop allows them full control. If the
| device is owned by the user, then the MDM is more limited.
| GekkePrutser wrote:
| It's actually the vendor that registers Macs. Only iOS
| devices can be registered to Apple DEP manually. Macs
| can't, only the vendor can do so, whether it's Apple or
| whoever else.
| GekkePrutser wrote:
| This is what (public or personal) cloud is for. Nothing lost.
| Helps too if the laptop breaks or is stolen.
|
| Though I would prefer to see stricter separation like Android
| Work profile on computers too.
| tomjen3 wrote:
| Many services allow you to log out of either all or a specific
| session on another computer.
| wvenable wrote:
| Android has work profiles separate from personal profiles -- I
| find that a reasonable compromise.
|
| Having work emails/chat/etc on my phone has been a great
| benefit -- it means I can be untethered from desk but not miss
| anything important.
| andrewshadura wrote:
| Reasonable countries don't allow companies to fire employees
| immediately, hence access cannot possibly be revoked instantly.
| ImaCake wrote:
| I live in Australia, which generally has decent (but slowly
| eroding) workplace protections. But I managed to get fired
| and walked out of the building with zero notice. So I would
| not count on this even in a country with traditionally strong
| labour laws.
| jfrunyon wrote:
| I would say that not allowing a company to fire someone
| immediately, say, if they're looking at porn on their work
| computer during work time in front of the entire work office,
| is unreasonable.
| mike_d wrote:
| Just because you aren't fired instantly doesn't mean your
| access can't be revoked.
|
| The company just says "your new job is to stare at the login
| screen until HR can schedule a meeting with you."
| nasalgoat wrote:
| I get to see the crazy stuff people do on work laptops all the
| time. After letting one guy go for poor performance, a quick scan
| of his machine showed he was spending a majority of his time
| reading and commenting on incel message boards. Nevermind the
| porn.
|
| Never ever put anything personal on a work laptop. I recommend
| remote desktoping to your personal machine and doing all your
| personal stuff on that machine, so you get the best of both
| worlds.
| asdff wrote:
| I'm convinced the doorway to personal use on work hardware is
| the free printing. I still find half printed mapquest
| directions piling up in the copy room, in this day and age no
| less.
| dylan604 wrote:
| MapQuest prints? Did we jump back in time? Do people still do
| this?
|
| Edit: I see the printing part. I guess I was more shocked at
| the call out to MapQuest.
| gumby wrote:
| Rather astonishingly, yes!
| stevehawk wrote:
| i went back to mapquest because i wanted to avoid google
| software and Apple Maps is absolute ass where i live.
| syntheticnature wrote:
| It only takes one time arriving in a new city by air at
| 11pm and your phone becoming non-functional prior to
| reaching the rental car to make one bring a redundant set
| of paper directions to get to the hotel.
| samatman wrote:
| My redundancy these days is having a cellular-equipped
| iPad.
|
| It's saved my bacon a few times at this point. Basically
| a (large and unwieldy) cell phone I can pull out when my
| main driver falls dead.
|
| Pro tip: install ride share apps on the tablet in
| advance, because in a serious UX fail, Uber and Lyft both
| want you to receive an SMS code to activate accounts. I
| was lucky that time, that getting my iPhone out of
| airplane mode at 1% battery wasn't enough to trigger
| forced shutdown.
|
| Lyft doesn't even have a separate app, but Uber actually
| offers an iPad-native experience, but is unable to
| activate you without SMS. Which, along with standard
| voice calls, is the one thing a data plan associated with
| a phone number won't let you do except from the primary
| advice.
| syntheticnature wrote:
| As part of my firewalling work from personal at my new
| job, I have been thinking "cellular iPad" for an ultra-
| portable personal machine that can also poke a personal
| server if needed.
|
| (Well, that or Pi 400, but I worry how well the Pi 400
| would hold up for travel, or about getting a hotel room
| with no easy HDMI on the TV)
| GekkePrutser wrote:
| > Pro tip: install ride share apps on the tablet in
| advance, because in a serious UX fail, Uber and Lyft both
| want you to receive an SMS code to activate accounts. I
| was lucky that time, that getting my iPhone out of
| airplane mode at 1% battery wasn't enough to trigger
| forced shutdown.
|
| Of course regular taxis are also still a thing ;)
| gmadsen wrote:
| for long cross country trips, I do this. I have been burned
| before..
| sonofhans wrote:
| Consider a AAA membership. Their maps are high-quality,
| frquently-updated, and entirely free. You can walk into
| any AAA on any day and get as many free maps as you can
| carry.
|
| Not to mention the roadside assistance and towing
| coverage. I take long roadtrips too. The couple times
| that AAA has saved me make all the yearly dues
| worthwhile. E.g., once they arranged a 300-mile tow from
| a small coastal town back home; it took less than an hour
| to setup and didn't cost me a dime. The alternative would
| have been paying next-day air freight on a Mercedes
| alternator and battery, and staying another 2 days to get
| the work done.
| eqvinox wrote:
| For a non-US dweller: how frequent are AAAs and how easy
| are they to find?
|
| (Because, in Germany, even if you're an ADAC member,
| you'd be hard pressed to find an ADAC-affiliated office
| to pick up a map from...)
| dylan604 wrote:
| They used to be a staple at pretty much any/all gas
| stations. Not so much any more though. Edit: the maps
| were available, not the offices.
| bsder wrote:
| They are very common--even tiny cities in the US will
| have an office somewhere. In fact, they're one of the few
| places to easily pick up properly formatted and valid
| international drivers licenses before you go overseas.
|
| However, I would _caution_ you that some of the benefits
| that used to come from being an AAA member have been
| severely curtailed. The towing benefit, in particular,
| now has quite a few restrictions on it.
| sonofhans wrote:
| "Over 1000" their website says --
| https://newsroom.aaa.com/about/. I can't find anything
| more definitive. I've never had trouble finding one.
| samatman wrote:
| There are at least hundreds and probably thousands of
| locations. AAA is shockingly good. Maybe not shocking if
| you consider it's a 120-year-old nonprofit member
| services organization, but still: anyone who drives an
| auto in America is leaving serious value on the table if
| they aren't a member.
|
| The bottom line is that if you're having a problem and
| you're in an automobile (doesn't have to be yours) AAA
| will do their best to help you solve that problem.
|
| Unlimited, free, high-quality paper maps are just another
| perk. Walking in to a member branch and walking out with
| maps is just the beginning: a AAA employee will help you
| plan out a road trip, and make what's called a TripTik,
| which is a custom spiral-bound route map, with various
| sorts of amenities you can choose pointed out for you.
|
| There are campgrounds as well. It's truly remarkable how
| much AAA offers.
| jfrunyon wrote:
| AAA will also mail maps/trip planning materials (they
| call it "TripTik") to members.
| OminousWeapons wrote:
| I would add that you should avoid connecting your personal
| devices to corporate networks until you understand their usage
| policies.
| duxup wrote:
| First 'real' job I had I was a 20 something working in an
| office of mostly 40+ guys. (dot.com era had taken off and the
| company needed warm bodies)
|
| As typical I became the guy who could help coworkers fix basic
| PC stuff quick. I didn't mind this as I got to know my
| coworkers and really just did simple things for just our small
| team.
|
| One guy calls me over to help him with why he couldn't open
| some images on his computer. I fix the file association and ...
| yeah it's porn.
|
| A little while later a guy brings in an old digital camera
| (back when they had some weird proprietary formats for images).
| Yeah his daughters were taking pics of them standing by the
| highway flashing traffic as it goes by.
|
| Nothing ever came of any of it, but here I was thinking loading
| a bunch of mp3s on my computer was a bit dicey....
|
| I'm not sure people's attitudes have changed that much in the
| following decades.
| [deleted]
| paulpauper wrote:
| How come this was never brought up during a performance review
| renewiltord wrote:
| Man, y'all are weird, reading browser history and shit. I would
| just remote wipe the computer and leave it be. That's what my
| last employer did. They just Fleetsmithed it to zero and left
| me with the MacBook Pro.
|
| I don't see why anyone would do anything else.
| throwaway_egbs wrote:
| Agreed, this is creepy, unnecessary, and possibly even
| damaging to whatever litigation is pending. (Assuming the
| litigation thing is even true, which I personally doubt.)
| Even if they do need an image of the drive, the people in IT
| shouldn't be the ones pawing through it. That's a job for a
| professional investigator or a lawyer. I ran an IT department
| for four years and if any of my staff did something like
| this, at the very least they'd be getting a closed door
| conversation about why this isn't ok.
| nasalgoat wrote:
| We were investigating the employee as part of their
| offboarding.
| canadianfella wrote:
| That's fucking lame.
| renewiltord wrote:
| Okay, man, I'll trust that you're doing this because they
| were stealing stuff or something like that but if it's just
| sucking at their job then damn, dude. That's like kinda a
| shitty thing.
|
| Sure it's company hardware, and you get to do this shit but
| damn that shit would be like "I gotta get out of here" if I
| heard IT was scanning people's browser history for sucking
| at their jobs.
|
| EDIT: The lawsuit thing makes this even worse. If I even
| heard that someone was suing their employees for poor
| performance I am like straight up blackballing that company
| and all of its damn subsidiaries as places to work. Like my
| friends would know, my family would know, friends of my
| family would know. I'm sorry, this is straight up
| unacceptable to me.
| Causality1 wrote:
| I pretty much assume they're watching everything I do on
| a work computer. I don't do anything that would be too
| embarrassing to see sitting printed out on my
| supervisor's desk.
| wilsonrocks wrote:
| Same here. It's my only Windows machine and the only one
| that reliably prints some PDFs. If they cared that I'm
| printing out MLP RPG sheets to play with my daughter I'll
| have that conversation.
|
| I Never have work email on any other device but works.
| reidjs wrote:
| I assume it's for liability reasons in case they start a
| lawsuit.
| vlunkr wrote:
| Agreed. If he's already been let go, who cares what's on
| his laptop?
| nasalgoat wrote:
| It's important to document and archive the contents for
| liability reasons, but the takeaway here is that you
| should remember that the laptop belongs to the company
| and you have zero rights to privacy on it, so conduct
| yourself appropriately.
| snowwrestler wrote:
| Ok but it's not important to be posting on HN about
| embarrassing stuff you found.
|
| This thread is a great example of why, regardless of what
| the law says, many corporate leaders tend to be
| ambivalent about exercising this ability to look into
| work computers. You might not like what you find--but
| once the company finds a piece of information, it becomes
| responsible for it.
|
| And you might find out the hard way that you have IT
| staff who lack sufficient discipline to compartmentalize
| and keep confidential what they find on behalf of the
| company.
| makapuf wrote:
| Depends where. Here in Europe it has been said that a
| Personal folder cannot be looked at by the company. But
| ofc it can ask you to delete it or fire you if you spend
| too much time idling but Personal data is Personal.
| grahamburger wrote:
| This is a major cultural difference between US and EU. In
| the U.S., data is only Personal if it's on a Personal
| device.
| p_j_w wrote:
| >It's important to document and archive the contents for
| liability reasons
|
| Unless this guy was sexually harassing people, I'm
| curious how this is going to protect anyone from any kind
| of liability.
|
| >you should remember that the laptop belongs to the
| company and you have zero rights to privacy on it, so
| conduct yourself appropriately.
|
| Yes, but as others have mentioned, just because the
| company has the right to do that doesn't mean it's either
| ethical OR good. No one here was asserting the right to
| privacy on company owned hardware.
| ElViajero wrote:
| > We were investigating the employee as part of their
| offboarding.
|
| I do not know how it works in your country, but anything
| that you discover of his personal life becomes a liability
| for the company. If he had AIDS and now you get that
| knowledge and it leaks, you may find the company fined for
| big money. In Europe, again and again, companies are
| forbidden to use any knowledge gained spying on employees.
|
| What reason would you have to investigate an employee that
| is leaving the company anyway? Unless it has some
| contractual impact and your company HR/legal department is
| aware, there is no reason. "To see what the employee was
| doing" is not a legal reason.
|
| I strongly agree that IT needs ethical education. That you
| have access to some information does not mean that you have
| the right to access it or that it is moral to do so.
| meowface wrote:
| (I'm in the US and have worked a similar job as the
| parent poster and have had to do similar things on
| several occasions.)
|
| >What reason would you have to investigate an employee
| that is leaving the company anyway? Unless it has some
| contractual impact and your company HR/legal department
| is aware, there is no reason. "To see what the employee
| was doing" is not a legal reason.
|
| In our case, we would and could never investigate someone
| for any reason besides HR and/or legal explicitly
| requesting it for a specific reason and telling us what
| they wanted us to look for and why. "Fishing expeditions"
| weren't permitted. (There were a few occasions where such
| fishing expedition requests did come from them, and our
| managers would push back and basically professionally
| tell them to fuck off.)
|
| I'm not sure of any specific laws or liabilities, but I'm
| sure we also would (and should) have likely been sued if
| we discovered some sensitive personal information about
| an employee and that information then leaked. If we
| inadvertently stumbled across personal things like that
| during the course of a specific investigation, we would
| always ignore it and not make any record of it. We didn't
| care about someone's personal life and didn't
| intentionally ever look at anything related to it.
|
| Due to the nature of the investigations, it was often
| unavoidable that we'd end up seeing something at least
| somewhat personal, even if it's just some random website
| they habitually browsed appearing multiple times in their
| browsing history.
|
| So, we would never look at an employee's computer or
| network traffic "just to see what they were doing" or
| just because we could. That would definitely be extremely
| unethical and unprofessional, and if management
| discovered any of us doing that we surely would and
| should have been fired. However, I'm not sure if there
| are actually any laws against that in the US if it's
| disclosed in the employment contract.
| nasalgoat wrote:
| Legal reasons for pending litigation. And we're not in
| Europe.
| [deleted]
| ElViajero wrote:
| > I don't see why anyone would do anything else.
|
| Because that is the smart thing to do. I got to purchase my
| laptop when I left the company, and they still wiped it out
| before handling it. It protects them and it protects me. I do
| not want access to any company resource, it can only hurt me.
| And they are not interested anymore on what was in the laptop
| either.
| zero_deg_kevin wrote:
| It's pretty common practice to capture system images from
| returned employee equipment when they're fired for cause (at
| least in the US). But it's also pretty common for technicians
| to be forbidden from browsing those files without a very good
| reason.
| marcinzm wrote:
| If they were let go for cause then the laptop history is
| useful probably in case of lawsuit or unemployment claims.
| renewiltord wrote:
| Is it, though? I genuinely don't think so. Performance
| stuff like this is usually documented via your HR stuff,
| the PIP etc.
|
| "This guy was browsing incel forums from this time to this
| time"
|
| Which court in what land uses that information?
|
| Sounds kind of mythical, especially since I'm sure there's
| an army of other people on idiot forums like that who are
| nonetheless performing fine.
|
| EDIT: Okay, you guys hit me with sufficient downvotes that
| I'm rate limited so I know the predominant view is
| different.
|
| Fine. I'm not a lawyer, but I'll tell you this. If some
| rando IT dude is going through folks' computers after they
| quit and I find out, I am quitting your company and telling
| everyone. I have never done that to anyone reporting to me
| and no company has ever done that to me. I can't believe
| you'd accept these work conditions. Wild.
| tolbish wrote:
| "This guy was stealing company data"
|
| "This guy was conducting illegal business using the
| company's network"
|
| "This guy was running his own mining rig on company
| servers"
|
| It's not hard to think of actual cases that happen.
| renewiltord wrote:
| Sure, but fortunately we're not context-free text
| generators. We are able to see that we are in a thread
| where the guy was let go for poor performance. Like that
| shit is not "poor performance".
|
| Y'all are playing me if you think that.
| [deleted]
| [deleted]
| GekkePrutser wrote:
| If someone is that bad that they run mining rigs on your
| servers, I suspect a little personal web use is the least
| of your worries :)
| macksd wrote:
| It makes sense if you think you're likely to have to
| defend the decision in court. For instance, I've worked
| on a team where a guy was fired for performance reasons
| that were obvious to all of us, but he sued and claimed
| it was discrimination. HR had known of a performance
| problem and the process was documented, but if the
| trustworthiness of the manager who gave them all that
| information is cast in doubt, could they really defend it
| quickly and decisively in court? We all had to be
| deposed. Imagine if it became a lengthy court case. I
| imagine it would be nice for the company to have a paper
| trail of convincing evidence of a performance problem. A
| timeline of significant, non-work web browsing during
| work hours on work machines would do the trick, and
| protect the rest of the team and the company.
|
| That said, I agree with the commenters that I wouldn't
| want to work somewhere that did this as a matter of
| routine. I always have my work laptop encrypted with a
| key only I know and I have not (yet) been forced to give
| work root access for management. I'm always confident
| handing in my laptop that they couldn't find anything
| even if there was something.
| kerkeslager wrote:
| > Is it, though? I genuinely don't think so.
|
| Are you a lawyer?
|
| > Which court in what land uses that information?
|
| That seems like a question for the legal department, not
| for the IT department.
|
| You're doing this thing that smart people do (I know
| because I do it myself if I'm not careful) where you way
| overstep your area of expertise. It's not a good look,
| avoid the trap.
| marcinzm wrote:
| >Fine. I'm not a lawyer, but I'll tell you this. If some
| rando IT dude is going through folks' computers after
| they quit and I find out, I am quitting your company and
| telling everyone. I have never done that to anyone
| reporting to me and no company has ever done that to me.
| I can't believe you'd accept these work conditions. Wild.
|
| Every large company I've worked at or heard of it's
| pretty much assumed that IT may monitor everything you do
| on their machine. Everyone knew this. Which is why you
| don't use the company laptop for personal use.
| snowwrestler wrote:
| IT may have the legal right and often the technical
| ability to monitor any activity on work computers.
|
| But it is stupid to allow any old IT staff to do so, and
| this thread is a good illustration of why: because most
| IT staff do not have the discipline or smarts to keep
| what they learn sufficiently confidential. Allowing IT
| staff to browse the files of other staff at will can lead
| to other HR problems such as harassment or even
| blackmail, or loss of corporate reputation if people post
| embarrassing stuff in, say, a public HN thread.
|
| The ability should be exercised only under the
| supervision of a lawyer, which limits bad behavior and
| creates attorney-client privilege for discussions of what
| might be found.
| mewpmewp2 wrote:
| Is it same in EU? If I read the law correctly I
| understood they need a good reason to monitor and they
| definitely need to notify you and ask for consent.
|
| I have been using my work laptop quite heavily for
| personal use and I would prefer not to stop honestly.
|
| I believe my intentions are pure and to provide value, I
| understand world is not perfect, but I would not want to
| work for an employer that needed to monitor me.
| Volundr wrote:
| I got a new job recently after being at my old place almost
| 15-years. I've decided I'm doing things differently this time.
| All my work stuff is on my work equipment, all my personal on my
| personal, and never the two shall meet. I don't have e-mail or
| slack on my phone. I don't have personal e-mail on my work
| computer.
|
| It's remarkable to me how much this has improved my life. It took
| some getting used to, but when I'm working I focus better on
| work, and when I'm not I unplug. It seems obvious yet somehow
| leaving work behind at the end of the day escaped me before.
|
| Also as someone who used to run an IT department, it's shocking
| the degree that some people fail to realize their work equipment
| is well works. Personal e-mail on your work laptop, I get it.
| Your entire collection of photography celebrating the human form
| in your folder of the company shared drive, why would anyone
| think that's a good idea?
| jcun4128 wrote:
| For me to have work Teams on my phone, have to install this app
| that can remotely wipe my phone. Understandable but still.
| zdragnar wrote:
| When I have worked for similar companies, I simply didn't
| install any of their software on my phone. If they wanted the
| ability to wipe it, they would have to give me a phone for
| it. Sure enough, it never turned out to be that important to
| anyone.
| yourabstraction wrote:
| I did this exact same thing at my last job, and I agree that
| it's remarkable how much it made both work and non work life
| better. Drawing hard lines can oftentimes make compliance much
| easier. Just the fact that I had decided to not have/do ANY
| personal stuff on my work computer made it very easy to focus
| and be extremely productive. I'm in the middle of my career,
| and it was by far my most productive time as a software
| engineer.
|
| That being said, I didn't work myself to the bone. Instead of
| taking breaks with reddit, checking personal email, or spending
| time on social networks, I allowed myself long lunches, long
| walks, naps in the park or at the beach, and other forms of
| relaxation during the working day. This easy pace allowed me to
| perform some of the highest quality and most creative work of
| my career.
| heroHACK17 wrote:
| I had a similar experience after switching companies (to
| remote) last year. Work computer has no personal
| accounts/services. iPhone (and personal Mac) has no work
| accounts/services. No Slack, calendars, etc. I made it clear
| up-front that I am not available before 8AM and after 5PM M-F,
| but very available during work hours. Best decision I ever
| made!
| kritiko wrote:
| Which computer are you posting this from?
| Volundr wrote:
| Personal. Took a break, got some food, browsed HN, etc.
| yumraj wrote:
| Everyone knows that HN is work.
| datameta wrote:
| Potentially from the ~6x10cm computer
| LanceH wrote:
| I do this while freelancing/contracting as well. I have a
| macbook for client work _only_.
|
| While I don't have a one for each potential client, I do use a
| different user for each client, and all data should remain in
| user space -- which is easy enough to accomplish since I need
| to maintain matching versions of databases anyway, there is no
| need to share a single data store.
| ekzy wrote:
| I tried to use this approach before, but if I remember
| correctly Homebrew didn't like it. I like to manage my
| software with Homebrew, but multi user simply wasn't working
| jokethrowaway wrote:
| KDE has the concept of activities (think like, virtual
| desktop on steroids, with custom widgets and look) which I
| used for some time to split between clients' work.
|
| It was a fun gimmicky but I can't say I missed it once I had
| to start using a Mac.
| ska wrote:
| I've done this before with one VM per client. Makes archiving
| etc. simple also, and means that per-client setup stuff never
| tramples on each other.
|
| Gives an answer for how you firewall sensitive data also,
| e.g. every document you gave me never existed anywhere except
| in this (potentially encrypted) VM. Easy to delete cleanly.
| dylan604 wrote:
| The user per client on the computer sounds like a nice idea.
| I haven't done that, but can easily see the appeal. Nice one
| handrous wrote:
| It's a great system. The only real pain I've run into with
| it, on macOS anyway, is that you can't isolate iCloud
| accounts and still receive texts on your Mac. So unless you
| have a separate _phone_ for each client, that 's not so
| great. Also, the lack of profiles on iDevices means any
| client-specific apps (2fa stuff, for instance, or if you
| like to have Slack on your iDevice, or dev/testing apps, or
| whatever) ends up in a shared space on there.
| touisteur wrote:
| Would almost be better with in addition a vm per customer
| or at least some kind of encrypted partition per
| user/customer. Not sure how easy it is under Linux.
| asymptosis wrote:
| > Not sure how easy it is under Linux.
|
| Not sure how easy it is on other OSes. On Linux, it's
| easy.
| kyleee wrote:
| Just bite the bulllet and move to Qubes
| ghaff wrote:
| There are many cases where this is good advice--and certainly if
| you're the director of the CIA. There are of course additional
| reasons, including company policy and as peer comment says side
| projects, to keep personal and work devices separate. But I also
| don't think one-size fits all rules apply. I'm not going to carry
| two laptops when I travel.
| bee_rider wrote:
| Work laptop + personal iPad seems reasonable if you are in the
| Apple ecosystem.
| ghaff wrote:
| That's a reasonable approach assuming you're not doing
| anything personal off-the-clock that requires a laptop
| computer.
|
| It's something I'm not worried about in general given our
| work policies and practices. I just travel with a personal
| MacBook or Chromebook.
| dopidopHN wrote:
| I carry 3 and I just flew to back home to Europe for the
| summer.
|
| - 1 MbP for my actual job. I'm not admin. I can't even trigger
| a update.
|
| - 1 MBP to access the parent company system. Like ... 1 a
| month. ( it has a vpn client that I can't install on the first
| one ... that's all )
|
| - my personal laptop. Because I can't do shit beside working on
| the two first.
|
| It's ridiculous
| GekkePrutser wrote:
| Did you consider booting off an external drive? Macs work
| really well in this scenario. Windows is notoriously bad at
| booting off USB (though I'm not sure if this is still the
| case). But Macs can do it really well. Linux too.
|
| I used to do this in earlier times when personal use was
| still a very dark thing (in our company it has since become
| normal - at least web browser stuff). In the days I carried a
| ThinkPad T42 I would just slip the HDD caddy out and stick in
| my own at night in the hotel.
|
| Later on I ran my own macOS on a company mac from a USB 3
| HDD. Just hold option when booting. You can even encrypt both
| to secure them from each other.
|
| Luckily these days I don't have to bother with any of that
| anymore. But they weren't too bad options as long as you
| don't need both environments at the same time.
| Hamuko wrote:
| Yeah, the carrying two laptops part is also my issue. Of
| course, I am well within my rights to not take my work laptop
| with me when I go anywhere and if a disaster strikes, I can
| just tell my manager to sod off - but it's just easier to take
| the work laptop and do my YouTube watching on it.
|
| (I'm technically not on call but on practice it's messier)
| mike_d wrote:
| I love the shocked Pikachu face when I show up at someone's
| desk, let them know their laptop is part of an ongoing
| investigation, and IT will be by soon to give them a new one.
| GekkePrutser wrote:
| How does that work these days when people no longer work at
| their desk in the office?
|
| Just one of the many ways that dual-use is becoming more
| common. And OSes are increasing their abilities for it too.
| Mobile OSes are already great at separation. Windows is
| coming along slowly with Windows Information Protection and
| Azure Information Protection. Mac has user enrolment but it's
| in its infancy, sadly.
| gmadsen wrote:
| remote desktop for personal?
| ghaff wrote:
| Hotel WiFi can be pretty awful. To be honest, this isn't a
| problem for me. I don't separate usage pretty much at all.
| I'm not sure what I would do if it were a bigger deal.
| _jal wrote:
| The one I think is harder for a lot of people is the phone in
| BYOD environments.
|
| When I started needing specific apps for work, I also got a work
| phone. I don't think my employer is doing anything creepy, and
| now I know if I'm wrong about that, it is contained and severed
| from my everyday phone.
|
| But that's an expensive option.
| 0xffff2 wrote:
| >But that's an expensive option.
|
| Are you saying you personally purchased a phone for use as a
| work device? That's completely bonkers to me. I have a personal
| phone and a work phone, but I definitely don't pay for the work
| phone out of my own pocket. I even made them order the case and
| screen protector I put on it.
| qbasic_forever wrote:
| Get a $30 bottom end prepaid Android phone at Walmart and such.
| If you're only using it for 9-5 work stuff and expect to be on
| wifi you don't even need to pay for a cheap SIM card or plan.
| Yeah it will suck and perform terribly, but who cares it's just
| for the odd slack/email/etc. notification and that's it.
| symlinkk wrote:
| What about iPhones? I was under the impression even with a
| company managed MDM profile installed, there's a limit to how
| much they can see, like they can't see messages or browsing
| history
| djrogers wrote:
| You're correct, but I'd guess that's a level of nuance beyond
| what the article is geared for.
| gwittel wrote:
| It depends on the MDM. My works' MDM required full access to my
| phone. That is the MDM software was fully capable of wiping the
| full device (not just the MDM data store). IT promised they
| wouldn't/couldn't do that; yet the app required the
| permissions. So yeah, noped right out of that.
| Hamuko wrote:
| I would've had to consent to full-device wipes if I wanted my
| school email back when I was in university. Thanks Microsoft
| Exchange.
| gorgoiler wrote:
| I moved my work life onto a Lenovo ThinkCentre connected to a
| 1440p display and a Rode USB mic. Video isn't worth it when you
| have amazing audio. I live my life in a browser and a terminal
| emulator and the hardware is fully supported by my favourite free
| and open source OS.
|
| The back looks like this, to give an idea of scale:
|
| https://www.refurbishedcomputerslaptops.com/wp-content/uploa...
|
| What a lovely little platform, especially for $100. That's a
| price point that makes hardware replacement easy to stomach. It
| also freed up my MBP for personal stuff only.
|
| Being a desktop it also means I have to "go to the office" to do
| work stuff. Bliss.
| tyingq wrote:
| Firefox is handy if you want to occasionally do personal stuff on
| a work-provided Windows PC, since it has it's own proxy settings
| (where Chrome uses the Windows settings). Also DNS-over-https. So
| if you run a proxy on an outside host, it's all still reasonably
| separated.
|
| I suppose you could wrap it with Windows sandbox[1] if you're
| paranoid.
|
| [1] https://docs.microsoft.com/en-us/windows/security/threat-
| pro...
| genpfault wrote:
| Gotta build your own version to neuter all the "managed by your
| organization" tomfoolery though :(
___________________________________________________________________
(page generated 2021-06-24 23:01 UTC)