[HN Gopher] Your devices and your employer
___________________________________________________________________
Your devices and your employer
Author : parsecs
Score : 155 points
Date : 2021-08-20 17:52 UTC (5 hours ago)
(HTM) web link (rachelbythebay.com)
(TXT) w3m dump (rachelbythebay.com)
| itronitron wrote:
| I guess I have been lucky to work in groups that were fairly
| focused on operational and personal security which requires quite
| a bit of separation between business and personal. Although the
| larger organization always has broad-brush security measures that
| lump it all together.
|
| Pretty sure my next phone will be a feature phone.
| ectopod wrote:
| > Well, if you end up using any amount of storage (like backing
| up the device), they are going to want you to pay for it. You'll
| probably end up typing in a credit card number and all of that
| stuff.
|
| I don't get this bit. Are you expected to pay for the cloud
| backup of your work laptop with your own money?
| munk-a wrote:
| If a company offers me access to slack/email/whatever if I BYOD
| that's nice... but it's not something I'm going to take them up
| on unless 1) they're extremely young and don't have the
| infrastructure to manage things or 2) the responsibilities I'm
| taking on are so heavy that I feel the need to be always on call
| (and receive appropriate compensation).
|
| Otherwise, if you're hiring me as a developer, I will develop
| with all my effort during work hours... and then go home. If you
| occasionally need me to stay late to supervise an off-hours
| deploy that's cool - no worries... but if it ends up running 4+
| hours over a normal work day I expect time in lieu (possibly just
| starting late the next day).
|
| I feel like I'm at the sort of ideal balance of defensiveness and
| compliance for an employee - I want to help make your company run
| better... but we signed an agreement on what I'll be compensated
| for that effort and what the expectations are and we'll stick to
| the agreement excepting sane and reasonable requests for minor
| deviations - a BYOD policy is not one of those. I am not pulling
| down half a mil - I don't even make six figures US - but I'm
| still expensive enough that a good work setup: computer, chair,
| keyboard that doesn't suck and phone if you need me to have it -
| are entirely incidental costs compared with my salary, employer
| taxes and health care costs. If you, as an employer, are going to
| try and make both of our lives more complicated over a one time
| 200$ cost to the company (and plan cost - which could be non-
| existent if wifi-only works for the phone) then you don't have
| your priorities straight (unless, again, you're like a three
| person startup then whatever - I get there's already way too much
| crap each person is trying to handle).
|
| I disagree with Rachel in the fact that I don't think it's ever a
| good idea to BYOD - even paying for it yourself. Cleaning company
| software off the device is going to be a pain - and it's going to
| be a pain when your employment ends which is a period in every
| job's life that could always use every advantage it can get to be
| drama free.
| gnicholas wrote:
| > _I realize that many people do not have the option to just go
| and drop a couple hundred bucks on an additional phone and then
| add another $100 /mo to their budget for the service._
|
| I'd never pay a monthly fee for a work-only device. If they give
| me a work-only device, it should come with a data plan. If they
| don't give me a work-only device but want me to sign over access
| to my personal device, then I'll use an old device and just use
| wifi. No way I'm paying a separate monthly fee because my
| employer puts me between a rock and a hard place.
|
| Also, MVNOs are $20/mo, not $100.
| stronglikedan wrote:
| I took that to mean, not everyone who is provided a corporate
| device can afford a separate personal device and plan. I've
| never heard of a corporate device coming without a plan paid by
| corporate.
| gnicholas wrote:
| Agree that corporate devices typically come with data plans.
| I took the $100 bit as a reference to the Lyft situation,
| where she was required to load a bunch of apps onto a mobile
| phone, but wasn't given a work device. So she bought a
| dedicated device with a one-time cost and apparently paid an
| ongoing monthly fee as well.
| [deleted]
| [deleted]
| sigio wrote:
| $2.50 here.... good thing to not be in the US :)
| EamonnMR wrote:
| I worked for a healthcare company where the deal was you could
| get email on your phone but only if you installed am app that
| would allow IT to remote-wipe your whole device at their
| discretion. I declined.
| ShroudedNight wrote:
| > I also was given a PCI Express (see, I told you this was a long
| time ago) cellular device which would let me get online with the
| company laptop from anywhere it had service.
|
| Was this supposed to be PCMCIA or ExpressCard? It's not obvious
| to me how describing a laptop peripheral as being PCI Express-
| based is particularly effective at highlighting its anachronistic
| nature.
| rachelbythebay wrote:
| Ah! You are in fact correct. It's so long ago, I screwed up the
| term for it. ExpressCard it is.
|
| In the words of everyone who's ever done a small fix, "reload".
| saagarjha wrote:
| What I don't really understand is how we ended up at the point
| where invasive MDM is even acceptable. People mix their work and
| personal lives _all the time_ : even if I take my work laptop
| home and use it, it would be a massive overreach to show up at my
| house and demand that I let them search it. Why do we accept the
| equivalent for phones? Ok, I put company email on my phone: you
| should be able to wipe _just that_ and retain a copy (which,
| running a central server, you do of course). Why should you have
| any right to do more than that?
| p2detar wrote:
| BYOD have clear separation of work and personal containers.
| Wiping all work stuff comes down to deleting the work profile
| from your personal device. This automatically removes all work
| related apps, accounts, media, etc.
| Rd6n6 wrote:
| I don't think that byod at every company separates things
| that completely
| jdbernard wrote:
| Because collectively we've given up caring about digital
| privacy as a society. You and I and maybe most of the HN crowd
| care, but most people don't. Not really. This is just a
| reflection of that broader value system.
| systemvoltage wrote:
| Pardon me for the language, but it is fucked beyond repair.
| We've destroyed the planet. I wish to go back to analog life.
| killjoywashere wrote:
| This seems quaint to me. The real reason to not use a personal
| device for work is discovery. As soon as you do work someone can
| trace back to that device, there's the potential for someone to
| seek a warrant for that device. Even if it's some chucklehead you
| don't even know within the corporation who's being investigated,
| all you had to do was send an email to someone _they_ sent an
| email to. And now the courts can demand your stuff. Let's assume
| everything everyone does is perfectly legal, it's still a massive
| inconvenience tax, and that alone is a good reason to not do it.
| I carry two phones and two machines (Corp laptop, personal iPad).
| They want me, they can give me the machines to contact me.
| websites2023 wrote:
| Yep. This has already bitten one employee of Apple:
|
| https://twitter.com/ashleygjovik/status/1428495420917837826?...
|
| It's a damn shame, and a good reason to never, ever mix work
| and personal devices.
| [deleted]
| brundolf wrote:
| > Around 2009 or 2010, the company decided to try to pull a fast
| one on some of us. They said that our original NDA somehow hadn't
| gotten signed (what?), and that we needed to re-sign it...Sure
| enough, they delivered, and sent me the original NDA. Note: they
| didn't send me _AN_ original NDA they were using circa 2006 when
| I started. They sent me _THE_ original NDA, complete with my
| signature from the day I started! Yes!
|
| > So then I started reading along, doing my best to do a 'diff'
| in wetware, and found that they had actually added some clauses.
| One of them amounted to 'taint' for your personal devices.
| Basically, if you signed in to your corp gmail from a device,
| they claimed the right to audit it at any point in the future.
|
| This kind of psychotic behavior is one reason I'll never work at
| a megacorp. I'm sure some smaller companies do it too, but it
| seems less common, and they won't have as many lawyers on
| retainer just waiting for the chance to justify their salary by
| pursuing it.
|
| And if I ever _did_ find myself at a company that tried to pull
| something like this, I 'd probably quit on the spot. I won't work
| in an environment where I'm having to constantly watch my back.
| beh9540 wrote:
| What I don't understand about this is they were most likely an
| at-will employee. So the company could have just said "new
| policy, sign it".
|
| I had an employer do this - I was working there a few years,
| owner came in and said "we're doing background checks, fill
| this out and sign it". I asked what happened if something came
| back on it, and he said that I'd be fired.
| abawany wrote:
| I can confirm based on my experience that smaller companies do
| it this too. They may not have many lawyers on retainer but
| being small, they can (threaten to) walk you out immediately
| with no consequences, cut-and-paste irrelevant passages from
| other companies in the new NDA, and other assorted unnecessary
| nonsense.
| oogali wrote:
| Don't just sign the last page. Initial every page. Always.
| zhte415 wrote:
| This has always been required for the mega-contracts I've had
| to sign, which have sometimes spanned hundreds of pages. Not
| only initial each page, but to have the pages cascaded so
| there's initials running over the margin of consecutive pages
| - this was required.
| teeray wrote:
| The shameful thing is that there is no earthly reason why we need
| separate devices. There should be appropriate isolation
| mechanisms so that corp-ware stays in corp-land and personal crap
| stays over on its side of the fence. We have dual sim devices
| now, so we can even assign entirely separate plans to different
| device partitions. Separate devices just create more senseless
| e-waste.
| danans wrote:
| > There should be appropriate isolation mechanisms so that
| corp-ware stays in corp-land and personal crap stays over on
| its side of the fence
|
| This already exists and I use it every day: separate work and
| personal profiles on the same device or app.
|
| I think most browsers support this out of the box. My phone's
| work profile actually shuts off automatically on vacation days
| from work and I have to consciously enable it if I want to
| check work email or chat.
| jessaustin wrote:
| You might trust the isolation mechanisms, but that doesn't
| mean that all employers do.
| yjftsjthsd-h wrote:
| Okay? The original statement was,
|
| > The shameful thing is that there is no earthly reason why
| we need separate devices. There should be appropriate
| isolation mechanisms so that corp-ware stays in corp-land
| and personal crap stays over on its side of the fence.
|
| And we have that. Companies not trusting the tech is a
| separate problem.
| marbu wrote:
| The problem is that someone has a full control over that device
| in the end (to keep this argument simple, let's ignore how
| apple or google fits into this picture). And you and a company
| you are working for may not agree on who that admin should be.
| On a device I own and fully control, I would be able to create
| a separate user profile for work, but the company may not like
| how I manage the device nor can it ensure that I follow a
| company security policy when using my personal device. And vice
| versa, I won't be comfortable with creating a private profile
| on a company controlled device.
| pydry wrote:
| im not sure id trust the isolation to be done properly.
| rcarmo wrote:
| This is another reason why I Remote Desktop to corporate machines
| from my personal ones. Fully insulated access to corporate stuff
| (I turn off file and printer sharing, obviously, although they're
| usually disabled anyway), but I get to use my monitors, keyboard,
| mouse, etc. and don't have to physically plug in anything.
| lazypenguin wrote:
| I would like to do the same but I don't want to run my
| employers vpn software on my machine (they don't need to see my
| local machines network traffic). Does your work not use a vpn?
| yjftsjthsd-h wrote:
| Depends on the VPN; at a previous job that used one, it was
| anyconnect, so I could just use openconnect on my local
| machine and never need anything that the company truly
| controlled locally
| aluminussoma wrote:
| In California, most companies that require after hours duties
| because engineers are on-call, provide a company issued cell
| phone device because of California Labor Code section 2802:
| https://leginfo.legislature.ca.gov/faces/codes_displaySectio...
|
| The companies that do not do that are exposing themselves to
| unnecessary legal risk in the future.
| toomuchtodo wrote:
| Would be fun to know which companies aren't for reporting
| purposes.
| nindalf wrote:
| > Basically, when you quit, you have to go through this process
| of getting your number released from their mega-account with ATT
| or whatever, and that's just one more bit of turmoil in a time
| when you just want to be done with it.
|
| I did this about a month ago at the same company Rachel is
| talking about. It was dead simple. I created a task where I
| mentioned my personal email account. The next day they mailed me
| a porting key, which I relayed to my new carrier. It started
| working within a day. Haven't had an issue so far.
|
| I always felt that some of the writing on this blog had a
| tendency to make mountains out of mole hills. I can't say for
| sure about the rest of it, but this is definitely a mole hill.
| wafflespotato wrote:
| As someone who no longer shares devices / numbers / ... with
| employers partly due to NDA shenanigans in the same vein as in
| this article and when I left that company they tried to make my
| life as difficult as possible and tried to withhold
| compensation and so on.
|
| Sure, in the happy path porting number is easy. But this
| assumes that
|
| * the company will be ok with you porting it out (and not just
| hold onto it out of spite, which I believe the company I worked
| for might have done)
|
| * the company will handle that kind of tickets in a reasonable
| amount of time
|
| * the company will not need to escalate this sort of request to
| levels where they will then be ignored
|
| * the company will be technically competent to handle this sort
| of request
|
| I'm not saying that all or even most companies will have these
| problems but the issue is that if the first thing you do when
| joining the company is port your number over, how can you know
| what the internal company culture is and if they will make it
| feasible for you to get your number back later on?
|
| This also ignores the big selling point of keeping your work
| accounts / numbers separate: being able to disconnect. Just
| being able to put your work laptop and phone away and know that
| you won't get called has it's own fairly large value.
| nindalf wrote:
| I have nothing to say about companies in general. I only
| spoke about that particular company Rachel and I both worked
| at. My experience was smooth.
| wafflespotato wrote:
| Sure. My point was more "how would you know the experience
| would have been smooth" before you worked there for a
| while?
|
| edit: sure, her description of the hurdles etc might not be
| representative of things at that specific company, to be
| clear.
|
| Just saying that it's a risk to connect your personal stuff
| to any company.
| insulanus wrote:
| Good point, but incomplete. It's safe to assume the company
| improved their process over time.
|
| The point stands that it may be a hassle at other companies.
| Furthermore, you are beholden to the company until then.
| [deleted]
| ldoughty wrote:
| _your_ company made it easy... If you left on bad terms, or
| with an immature company /boss/process, you might need days to
| go through the process... Or the company might argue and say
| your number is on to many cards/documents/etc and want to fight
| you to keep it... Even if it's clear on paper the number is
| yours.
|
| I get where Rachel is coming from here. I think a decade ago
| when I had a separate phone for work was my least stressful
| time working... Unfortunately (in this case) I work for a
| University which I also attended school as a benefit, so the
| work/personal line got blurred for 6-7 years. Even though I
| finished my masters degree, it's become familiar to have "work"
| on my personal device now, when I used to be like Rachel --
| separate work phone for the first 7-8 years I was working.
|
| I'm happy she wrote this article, it's encouraging me to
| consider a low cost provider like Google Fi with an old phone
| and going back to the work/personal separation.
| nindalf wrote:
| Like I've pointed out to others, I have nothing to say about
| other companies. I speak only about this one company where
| Rachel claimed that it would cause turmoil if you attempted
| to transfer your number out.
|
| Rachel didn't actually raise a request for number transfer,
| so this was conjecture. I've gone through the process, and it
| was smooth. That's why I think it's a mole hill.
|
| Everyone is saying "yes but at other companies...". Sure. I
| concede that. Just not at this one company.
| gnicholas wrote:
| Agree that it's not hard to port numbers. I think the larger
| potential issue is if you are working for a smaller company
| that is not as smooth with these transactions, or if you end up
| with an acrimonious situation where -- whoops, we forgot to
| give you the porting key and now your phone number has been
| lost and there's literally no way to pull it back.
| nindalf wrote:
| Like I said, it might be different at other companies. I only
| pointed out at the specific company Rachel mentioned, the
| process is smooth.
| id5j1ynz wrote:
| > I always felt that some of the writing on this blog had a
| tendency to make mountains out of mole hills. I can't say for
| sure about the rest of it, but this is definitely a mole hill.
|
| The thing is that the "fast path" or "happy path" of things is
| always nice and streamlined. It's when things start going wrong
| that it matters. If you marry yourself too heavily to a company
| you start losing your leverage. Depending on where you are and
| who you work with, things can get real dirty, and if your stuff
| is all intertwined with their stuff, that can add up to a lot
| of pain and suffering.
| asveikau wrote:
| At a big co, competence of whoever you are dealing with in HR
| might vary a lot depending on who you happen to be working with
| that day. Maybe they could also have improved some processes
| since she worked there.
|
| I share an employer in my work history with her. I feel she
| captures some things I didn't like about the place pretty well,
| without hyperbole.
| shuckles wrote:
| This is not a universal experience. I had to go through this
| recently with a large technology company, and it took multiple
| weeks of back and forth between the company and a major US
| carrier to confirm that the company wanted to release the
| number. If I had lost access to the internal ticketing system
| in the meantime, I am not sure what I would have done short of
| asking a coworker to take on the cause.
|
| Most importantly, I had no idea a priori how long and involved
| the process would be.
| nickjj wrote:
| The device discussion is really interesting on so many levels.
| Especially for non-phones and remote working.
|
| Let's say you live in a studio apartment and you have your own
| personal workstation set up how you like it. That would be a
| desktop workstation, couple of monitors, adjustable standing
| desk, some chair that you like, internet, etc..
|
| Now a company wants to hire you and they want you to use a
| company issued laptop. This becomes a serious physical burden on
| both yourself and your limited space. Using a laptop without
| external monitors is horrible posture but if you're in a studio
| apartment you might not have enough space to use a completely
| separate desk, chair, couple of monitors, keyboard, mouse, etc..
| We'll ignore the money aspect of having 2 distinct set ups which
| in the grand scheme of things isn't too big of a deal.
|
| There's not too many reasonable options here. The company's
| policy might not allow you to bring your own device and even if
| they let you use your personal computer, allowing them to audit
| that or install some remote desktop sharing software that they
| have free reign over would be total madness.
|
| It's also not that painless to quickly switch around HDMI (or
| even worse DVI) monitor cables. I suppose you could rig some type
| of HUB that lets you flip a switch to control which computer your
| monitors, keyboard, mouse, headphones, microphone, etc. are
| active for. This way you can use your desk setup for both, but
| now you can't use them at the same time which has its own set of
| issues. There's also issues like wanting to copy files from your
| personal machine to the work machine. So you might think ok I'll
| just allow SSH connections locally but now you've linked both
| machines to a point where having separation is useless, or maybe
| you decide to use an external drive that you can swap between
| both. In either case the work machine has been tainted.
| treis wrote:
| It's not really that hard. They make KVM switches that will
| swap everything with one button. I've found those to be
| somewhat unreliable. Instead, I've got a USB switch that
| handles the keyboard + mouse. Monitors are always connected to
| both and I swap the input at the monitor.
|
| It mostly works fine except for the piece of crap Mac. Never
| know what arrangement my monitors will be when I boot up in the
| morning.
| amne wrote:
| RDP for the win. I just RDP into the work laptop from my rig.
| Done.
| treis wrote:
| If you have a tutorial on how to do that to a Mac from
| Linux I'd be eternally grateful.
| 10000truths wrote:
| You can use VNC to do the same. MacOS screen sharing is
| basically just a built-in VNC server.
| treesknees wrote:
| You don't need to be a single bachelor in a studio apartment to
| have this problem. I'd argue most people who worked from home
| due to lockdowns have ran into this.
|
| My home office, while adequate, wasn't exactly setup to be
| writing code and hosting meetings in for 8 hours a day. I'm
| certainly not going to go out and buy a desk and chair just for
| my work laptop... I ended up buying a nicer desk and monitor
| stand. As someone else pointed out, I purchased a KVM switch to
| flip my monitor between personal and work machines.
|
| After a year of this I've just moved to setting my personal
| laptop to the side for music/email/etc and stopped using the
| KVM switch. It really wasn't a big deal and I wouldn't call it
| all that interesting.
| EamonnMR wrote:
| You can get a switch that lets you select between HDMI signals,
| and quick-disconnect magnetic USB cables, that's how I deal
| with this problem.
|
| Realistically I don't switch it more than once a day; during
| work hours I don't need my personal machine and away from work
| hours I (generally) don't need my work machine.
| vineyardmike wrote:
| > I suppose you could rig some type of HUB that lets you flip a
| switch to control which computer your monitors, keyboard,
| mouse, headphones, microphone, etc. are active for
|
| This is the only sane option imo. I have been aggressively
| (during pandemic) switching to USB C and optimizing my desk
| setup. My personal macbook is usb c, my work macbook is usbc
| and my in-progress new gaming pc will be usb c.
|
| I have a single usbc hub with one cable that i will move from
| device to device at home and deal with that as the minimum
| difficulty solution.
| ubermonkey wrote:
| I'm astonished some companies push the "user your own phone,
| which we now basically can control" angle. I mean, that's really
| shitty.
|
| I've been working for the same small software shop (single owner,
| and I trust him) for 14 years, so the entire development of the
| modern mobile ecosystem happened while I've been in this job.
|
| I use a personal laptop for all my work. I do this because I have
| Strong Preferences, and there's no way for the company to
| interfere with my computer. I can say this because (a) I trust
| the guy and (b) it's not actually possible for our corporate
| stuff to affect my personal stuff. (My computer isn't on the
| domain, for one thing; for another, we've all increasingly moved
| to "remote desktop into a VM in the colo" as a work pattern, even
| the devs, because it puts us all closer to the app servers and
| database servers. What device we use to reach the corporate
| environment is increasingly irrelevant.)
|
| But this is a post about what OTHER people should do. Most people
| aren't in my position. Anybody who works for a big corporation --
| which I define as "anywhere your boss has a boss" -- should
| absolutely assume that Bullshit and Chicanery Will Ensue at some
| point, and treat your personal computing security accordingly.
| Don't cross the streams if you can at all avoid it. If you must,
| minimize exposure.
| vcxnxgj wrote:
| careful. you're massively opening yourself up by using a
| personal machine for work. use hardware they own, with your
| configuration.
| nayuki wrote:
| Somewhat related: https://news.ycombinator.com/item?id=28241753
| "Apple explicitly asks employees to merge their personal and work
| accounts"
| rcarmo wrote:
| That was flagged as bogus by a number of people from Apple.
| hbrav wrote:
| The most interesting thing about this is the linked article about
| the employer that tried a bit of sharp practice to insert
| additional clauses into the NDA:
| https://rachelbythebay.com/w/2011/11/09/signs/
|
| There's definitely a few morals to this story (but note: not
| legal advice! I am not a lawyer!):
|
| 1. You should keep your own copy of anything you sign as part of
| your employment contract.
|
| 2. You should maybe keep a record of when you handed that to your
| employer ("I did in fact sign a copy of the NDA when I began my
| employment, and handed it to [person] on [date]. I hope this
| helps you to locate it.")
|
| 3. If the NDAs are so long that it would be impractical to
| visually diff them, you can just ask the company: "Can you please
| ask [name of company lawyer] to send me an email confirming that
| this is the same NDA that I signed at the beginning of my
| employment on [date]?" If they do, and then later rely on a
| clause that has been inserted, I suspect they would have a hard
| time convincing a court to enforce that clause.
|
| 4. In the author's situation, they sound like they were over a
| bit of a barrel economically and it's hard to push back in that
| situation. If you are willing to push back, remember that your
| employer is asking for something _from you_ , i.e. a change to
| your contract. And if that change is that they can audit your
| personal devices, that is not a small concession! "This NDA does
| differ substantially from the one I originally signed, and would
| represent a significant change in the conditions of my
| employment. I understand if the company has new security
| concerns, and I am willing to work constructively to find an
| acceptable solution. For instance, if you are uncomfortable with
| me being able to access work e-mail on my personal device, you
| can issue me with a separate device over which you would have
| auditing rights."
| jessaustin wrote:
| _" I did in fact sign a copy of the NDA when I began my
| employment, and handed it to [person] on [date]. I hope this
| helps you to locate it."_
|
| I'm not sure how important this is. Of course they still have
| the old NDA, and in any perjury situation they would readily
| admit that. Managers and (especially) HR people regularly "fib"
| (synonym of "lie") in hopes of distracting attention from the
| monstrous demands of capital. If an employee made a big stink,
| that employee would be reminded that employment is at-will and
| thus contingent on signing whatever is required at any time.
| The worst NDA amendments could possibly be contested in court,
| if one wants to spend five figures on attorneys. Probably a
| better way to avoid surprise "renegotiations" is to unionize...
| hbrav wrote:
| A union is definitely the gold-standard defense against
| nonsense like this. But a lot of places have significantly
| higher employment protections that the US.
|
| Remember, it's not always you that has to go to court to
| fight an NDA clause though. If you've resigned, and the
| company is insisting that it can search your devices because
| the NDA says so, the company is the one that needs to
| convince a judge to grant a court order allowing it to do so.
| (Again: not legal advice! But my understanding is that's how
| most contract rights need to be enforced.)
| vineyardmike wrote:
| > the company is the one that needs to convince a judge to
| grant a court order allowing it to do so
|
| Except they still have the legal advantage of more moneys
| and lawyers. There is no easy win unless the judge
| intervenes before you pay lawyers too much.
| hbrav wrote:
| True, but it still puts the work of filing etc. on them.
| You can always self-rep. It's usually not a good idea,
| but here your argument is really very simple: "I signed
| this NDA on the basis of specific assurances, which were
| false. I have a record of those assurances from [company
| lawyer]."
| franciscop wrote:
| I'd add to also keep a copy of any substantial
| agreement/clarification alongside the proper legal paperwork.
| The PTO wording was a bit confusing, you ask for clarification
| and they tell you it's 21 work days and not 3 natural weeks?
| Keep a copy of those email/slack/etc., preferably one from HR
| and one from your manager where they both agree. Just push them
| in the same binder, they are probably not so many situations to
| make this bothersome but it can be helpful.
|
| Luckily I've never needed it in any kind of legal situation,
| but a couple of times they saved me of a "he said she said"
| kinda conversation.
| hbrav wrote:
| This is also excellent advice.
|
| Actually maybe I should also add: keep not just the text of
| those e-mails, but also the from, to, date fields etc. If you
| ever get into a I-said / they-said about this, your employer
| might claim that your e-mails are a fabrication. If you get
| as far as a discovery process, and the company has to turn
| over e-mail records, that's going to make it much easier to
| locate the e-mail in question.
| munk-a wrote:
| New contract changes are unenforceable without compensation in
| most cases. If you're getting a new NDA or somesuch rolled out
| it's why it usually comes with "Free 10$ starbucks gift cards
| for everyone surprise!" but a lot of the time any contract you
| sign that does nothing to benefit you is illegal - you can also
| refuse to sign new contracts and, depending on the company,
| they might just shrug and carry on with the old contract.
| a-priori wrote:
| I once had a company ask everyone to sign updated employment
| contracts that changed the vacation policy to "unlimited PTO".
|
| So I opened up my original contract and compared them... and
| wouldn't you believe it? There were other changes in the
| contract: they'd added non-compete and non-solicit clauses, and
| tweaked the IP language to make it broader.
|
| I talked to the company lawyer to ask for an explanation, and
| they became very embarrassed and they walked back all those
| changes, claiming that they'd used a new law firm and this
| happened because that firm had used their "standard
| boilerplate". They sent everyone a new copy with just the PTO
| change.
|
| Of course, then I refused to sign the updated one, because I'm
| a jerk who thinks "unlimited PTO" is a scam. :)
| kelnos wrote:
| > _Of course, then I refused to sign the updated one, because
| I 'm a jerk who thinks "unlimited PTO" is a scam._
|
| Unlimited PTO is only a scam if you are a) bad at taking care
| of yourself, and b) have a shitty manager.
|
| I've been taking every other Friday off since last summer,
| and in addition to that take 4-5 weeks off during the year (a
| week or two at a time). Hasn't been a problem because I get
| my work done, and I have a manager who understands we all
| need downtime to be healthy (and productive).
|
| In my experience, most of the people who end up taking less
| time off when their company switches unlimited PTO are just
| bad at taking care of themselves, and (incorrectly) believe
| they'll be penalized for taking time off.
| Jiro wrote:
| Incorrectly believing you'll be penalized is still the
| company's fault, because you're going to be penalized at
| some point and the company is hiding what that point is.
| Taking the PTO becomes a gamble.
|
| Nobody would accept a job where the company told you "well,
| it's unlimited pay. Just tell us when you need some money
| and if it's not unreasonable we'll give it to you."
| indigodaddy wrote:
| It is insanity that a company as "big" as Lyft is not providing a
| Corp phone to employees and forcing them to install and connect
| to so many work related apps and network elements on their own
| non-work-supplied phone. Absolute insanity.
| kbenson wrote:
| What ever happened to the future we all predicted or were told
| was coming a few years ago where we ran our phones like a
| hypervisor, and could actually segregate different controlling
| accounts into separate phone VMs? I imagine it was probably
| because it was too power intensive.
|
| She's entirely right IMO with the advice. Separating work and
| personal time is already so hard to do in some cases, and having
| my phone be a pseudo-work communicator does not help with that
| problem in any way. Disentangling them at the end of a employment
| relationship is likely much much harder (luckily I've only had to
| deal with this minimally).
| adrianmonk wrote:
| https://support.google.com/work/android/answer/6191949
|
| > _A work profile can be set up on an Android device to
| separate work apps and data from personal apps and data. With a
| work profile you can securely and privately use the same device
| for work and personal purposes--your organization manages your
| work apps and data while your personal apps, data, and usage
| remain private._
|
| There are other features aside from keeping apps separate. You
| can deny location data to apps running under the work profile.
| You can pause a work profile so you don't get work
| interruptions on the weekend. You can make phone calls from a
| separate dialer in the work profile, and it keeps a separate
| call history.
| fouc wrote:
| I assume there's not a lot of incentive to give the end-user
| that sort of power over their devices
| yjftsjthsd-h wrote:
| I'm pretty sure you can do exactly that. On Android it's called
| a Work Profile, and I assume Apple has an equivalent although I
| don't know anything about it. It's not a VM, but the access is
| sufficiently constrained that it should be good enough against
| anything but a really malicious actor of an employer.
| masklinn wrote:
| The problem is when corporate policy considers that the
| device you work with essentially belongs to them and can be
| managed remotely or audited at any moment.
| Rebelgecko wrote:
| If you're using work profile and the company doesn't
| literally own the phone, there's not much they can do.
|
| Remote management (such as remotely doing a factory reset)
| only impacts the work profile. I think the only thing they
| can do outside of the work profile is check what version of
| Android you're on to see if you have the latest updates
| kbenson wrote:
| Hmm, I recall profiles being talked about in the past, but
| seem to have missed when they rolled out, or forgotten about
| them. I don't think they necessarily solve the problem
| entirely, but I'll definitely look into them to see if
| they're useful to me now that you've reminded me. Thanks!
| Wowfunhappy wrote:
| I was thinking about something similar along these lines--why
| draw the boundary at the physical device in your hands? From
| the article:
|
| > So then I started reading along, doing my best to do a 'diff'
| in wetware, and found that they had actually added some
| clauses. One of them amounted to 'taint' for your personal
| devices. Basically, if you signed in to your corp gmail from a
| device, they claimed the right to audit it at any point in the
| future.
|
| But iOS apps are supposed to be sandboxed! So as long as I
| install a separate Mail app for my work email, my company
| should have no justification for auditing anything else on my
| iPhone, right?
|
| Or, going in the other direction--what if my company wants to
| audit every device connected to the same wifi network as my
| work phone? Why _wouldn't_ they want to do that? Is it really
| any different?
| kbenson wrote:
| > If iOS apps are all supposed to be sandboxed, I should be
| able to just install a different Mail app for my work email,
| and continue on my way with my one iPhone, right?
|
| If you're talking about keeping them logically separated on
| the device, you already get this on any Android phone. You
| can install different mail apps and use a different one for
| each account if you like. You can even do it with GMail
| accounts if you're willing to use GMail through IMAP (but I
| think you're out of luck for whatever Google calls their chat
| platform this week).
|
| The problem is that it's hard to distinguish between work and
| personal notifications when not working (and vice versa).
| Giving me the ability to take a VMs running and mute them (or
| mute them except if they blow up with notifications, or
| provide a single notification on the main interface telling
| me there's X notifications waiting on the work VM that
| updates once every hour or so) would be a real benefit. Not
| as much as a totally separate device, but also it wouldn't
| necessarily be as expensive or require more physical space.
| [deleted]
| Wowfunhappy wrote:
| It's not about UX so much as company policies. I edited my
| post a bit to clarify the part of the article I was
| referencing.
| discardable_dan wrote:
| If my employer wants to contact me outside of work hours, they
| better provide me a phone.
| postalrat wrote:
| A phone seems to be a pretty low price to give up your privacy
| and time.
| vincent-manis wrote:
| I had a job where I lived on planes and in airports (this was
| just before smartphones existed). The first day on the job, I
| logged in to the corporate network. It told me bluntly `This is
| the BigCorp network; there is no right to privacy'. The entire
| time I was there, I travelled with two laptops.
|
| I don't blame BigCorp for their policies; their equipment, their
| rules. But I strongly recommend separating the use of business
| and personal devices.
|
| And, no, if an employer demanded I install an app on my personal
| phone, I'd refuse.
| duxup wrote:
| >if an employer demanded I install an app on my personal phone,
| I'd refuse.
|
| I did that once. In very polite terms I told them that I like
| to keep personal and work activity separate as much as possible
| for personal and work security reasons and that if they issued
| me a phone with an app I'd be happy to carry it.
|
| I got a very positive response. Ultimately they didn't think it
| was worth issuing me a phone and everyone went on happily.
| dijit wrote:
| > And, no, if an employer demanded I install an app on my
| personal phone, I'd refuse.
|
| It's increasingly common for employers to give payslips via a
| smartphone app; which needs to be installed on a personal phone
| of course.
|
| I'm one of the very few people to make a stink about it. But
| they've accommodated me after a lot of back and forth.
| belval wrote:
| Do you really consider your payslips as work stuff? From a
| legal point of view it seems unlikely that they could claimed
| your device was used for work if it was used to transmit
| payslips. To me this doesn't seem comparable to having
| Slack/Email on your personal phone which means that some
| corporate possibly classified info made it to your device.
| phdelightful wrote:
| My employer doesn't even really allow personal electronic devices
| on the network, though there is some provision for visitors of
| course. So if you need a phone they have to provide you one, same
| for a computer. The same security constraints also basically
| prohibit accessing work stuff from a personal device. We can't
| even get webmail, we have to access a managed desktop-as-a-
| seevice and get our email from there if we are on a personal
| device. And the facility is big enough that cell service sucks.
|
| I really appreciate the work/life firewall. Impossible to work on
| personal devices, impossible to use personal devices at work. And
| the security posture of them can be different
| heroHACK17 wrote:
| Recently joined a FAANG and did this same thing last week. 0
| chance I'd install company software on my personal device.
| draw_down wrote:
| If you're working a tech job, you almost certainly have the bucks
| to get the extra device. Personally, I think it's a bit scummy
| that a business would ask employees to do work on a device they
| didn't pay for, but that's a digression.
|
| The long and short of it, I think, is that you should keep things
| separate because a job is not forever so you should remain
| prepared to leave, and to keep them from snooping in your
| personal business. Yeah yeah that probably won't happen, but if
| you keep em separate you know it won't.
|
| MDM and similar also give them the ability to wipe the device at
| any time, for reasons that could have absolutely nothing to with
| you. You know, as a precaution, of course.
|
| Just save yourself the headache.
| wccrawford wrote:
| I'm of the opinion that until I retire, I do _not_ have the
| "extra money" to do anything for my job out of my own pocket.
| They can pay me for their requirements if they go against my
| better judgement.
|
| My current job does not require that I put anything on my
| phone, though I've chosen to check my work email there. I could
| take it off at any time, though, without repercussions. They've
| treated me well, there's nothing in my contract about their
| data on my devices, and I like to keep up with what's going on.
| If any of that changed, I'd remove it from my phone.
___________________________________________________________________
(page generated 2021-08-20 23:01 UTC)