[HN Gopher] How companies like Amazon and JPMorgan spy on their ...
___________________________________________________________________
How companies like Amazon and JPMorgan spy on their staff
Author : pg_1234
Score : 40 points
Date : 2023-10-01 22:00 UTC (1 hours ago)
(HTM) web link (www.businessinsider.com)
(TXT) w3m dump (www.businessinsider.com)
| bonestamp2 wrote:
| Some places have laws that require employers to disclose to their
| employees what kind of monitoring they do. I expect we'll see
| those become more common.
| caladin wrote:
| I've seen employment contracts that just include a general
| catch-all for any kind of surveillance, even if they "don't do
| it right now". This in California.
|
| I take your point though that you're saying some laws require
| explicitly enumerating them (from how I understood your
| comment).
| fullshark wrote:
| Maybe instead of expecting it we should lobby for it
| southernplaces7 wrote:
| Should they also publish a news headline declaring the sky to be
| blue and clouds to cause rainfall?
| deviantbit wrote:
| You should know if work is not getting done. If you need to spy
| on your employees, you have a problem with executive management.
| NikolaNovak wrote:
| 1. I agree
|
| 2. To reiterate, I agree :-)
|
| 3. That being said, the only places where I've seen it actually
| used is where an employee is fired for a cause, fights it, and
| then company retrieves logs and hammers them with proof.
|
| 4. But still I agree - it's a nasty sleezy slippery path. I am
| a manager of people and managers and have zero desire for
| anything like that.
| TheSoftwareGuy wrote:
| Presumably these companies would like to follow up with finding
| out __why__ work is not getting done. Not that I agree, but
| these companies seem to think that coming to the office
| increases productivity.
| olliej wrote:
| They're not interested in work not being done. They're
| interested in you being in the office and at your computer
| for a prescribed amount of time.
|
| Actual productivity is not something they want to measure
| here, what they want is control.
| xyzelement wrote:
| // Actual productivity is not something they want to
| measure here, what they want is control
|
| This doesn't seem to be a logical conclusion. When you hire
| someone, do you care more about what they are delivering
| for you or do you just get some weird kicks?
| zinodaur wrote:
| Yikes. I use a company Macbook to WFH - the company also offers
| Linux desktops that you have to self-admin, I wonder if "no one
| develops for linux" is actually a feature, and would let me avoid
| the bossware.
| c7DJTLrn wrote:
| I worked at one of these companies. Yes, office attendance is
| tracked by badge swipes, but that's no secret. There's an
| intranet page where employees can see their own attendance and
| the minimum required. Everybody knew that there was a minimum
| attendance upon taking the job.
|
| I read a post on Reddit a few months back saying that everybody's
| body language in the office was being fed into a machine learning
| algorithm to analyse their emotions and stress levels to feed it
| back to their managers. Which is complete horseshit. They also
| said that everybody's laptop camera was being used to scan the
| surroundings for evidence of alcohol/drug use. Again, totally
| nuts.
| caladin wrote:
| Does anyone know if on company-provided macOS/macbook, can these
| kinds of tracking programs turn the microphone or webcam on
| without it being indicated in the system?
|
| Obviously, it is a device that's not yours and the company can do
| all kinds of things such as installing rootkits and other things
| to do whatever, but putting that aside, short of that level of
| commitment, is anyone familiar with these kinds of programs and
| whether or not they indicate in some way (e.g. macOS-level
| indicators that some app is using the microphone/webcam).
|
| I'm just curious if I have my work laptop in clamshell mode and
| it goes to sleep, to what extent is it not a 24/7 active bug?
| Maybe I should be shutting it down every single moment that I
| don't want to risk being spied on?
|
| Is "sleeping" the macbook and closing it shut, enough? Is it low-
| level enough of a block, or can apps circumvent even that?
|
| I'm specifically putting aside Pegasus-level circumventions here,
| since then all bets are off. I'm just thinking about 'off-the-
| shelf' level apps that companies can license and use.
| dehrmann wrote:
| Companies doing this have to be extremely careful. California
| is a two-party consent state. If an employer is found recording
| a personal conversation in the employee's home, they could find
| themselves in court with an unsympathetic jury.
| gmiller123456 wrote:
| Almost every state is one or two party consent. That means
| you have to be a party to the conversation at the very least.
| I don't know any state that allows passive recording of
| conversations in private.
| KennyBlanken wrote:
| Many employers during the pandemic engaged in all sorts of
| electronic monitoring on employees with seemingly no legal
| repercussions. The corporate law firms of America lawyers
| have almost certainly devoted much time to dreaming up
| extensive legal arguments and language to slip into
| employee contracts, agreements, and 'handbooks'
|
| When you're fired for saying something derogatory about
| your employer that is picked up by your company-issued
| computer sitting in your home office, do you have the
| resources to fight them in court, especially given your
| employer's law firm almost certainly has a cozy
| relationship with the judiciary in your area?
| paulryanrogers wrote:
| If you don't have root, and sometimes even if you do, then you
| cannot be entirely sure. That's why hardware shutters and
| physical disconnects are a thing.
| olliej wrote:
| If you have root you still cannot turn on the camera without
| the physical light turning on, and I believe you'd need at
| least a kernel exploit to disable the screen indicator for
| the microphone.
| smithcoin wrote:
| MDM software only allows to do so much. We use it my company.
| We can remotely wipe a Mac or reboot it but that pretty much
| it. I'm not aware of any 3rd party software that can turn on
| the camera (remember the green light) or capture the screen
| without the user knowing it's happening. Checkout Jamf it's a
| pretty standard 3rd party tool, whatever they say they can do
| is what's possible from a corporate "non-hostile" perspective.
| a-r-t wrote:
| > Is "sleeping" the macbook and closing it shut, enough?
|
| For Apple silicon-based (and newer Intel-based), yes:
| https://support.apple.com/guide/security/hardware-microphone...
| KennyBlanken wrote:
| ...which is pointless, because in the last two major MacOS
| releases (well, now three) an Apple Silicon system will not
| only remain connected to any bluetooth audio devices _and_
| wifi (even if "wake for network access" is set to "never"),
| it will actively seek connections with bluetooth audio
| devices that are turned on or come into range.
|
| Not only is this a huge potential privacy issue, it's
| extremely annoying, because on many bluetooth headphones, it
| makes it impossible to, say, connect your phone to the
| headphones.
|
| The issue with remaining on wifi is also extremely annoying
| if you're connected to a hotspot device. I discovered well
| into a vacation that my macbook was remaining connected to a
| hotspot and using up data - despite both "low data mode"
| (which has a penchant for magically turning itself off) and
| "wake for network access" set to never.
|
| There was an option to disable allowing a bluetooth device to
| "wake" the system, which stops the mac from keeping bluetooth
| connections active during sleep, but that was removed in
| Catalina.
|
| There's no excuse for removal of such an option, nor is there
| any excuse for not setting some logic such that only
| keyboards and mice retain active bluetooth connections.
|
| The dumbification of MacOS marches on, as some anonymous mid-
| tier executive at Apple continues his or her mission to turn
| MacOS into iOS. We also lost wifi network priority a couple
| releases ago as well - a move that is so unfathomably stupid
| it defies belief. You used to be able to set a hotspot as
| high priority and then, say, a cafe's free (and far less
| secure) wifi network as a lower priority, and when you wanted
| to do something on the hotspot, you could just turn it on,
| and your mac would prefer that network. Now it's a roll of
| the dice at best.
| [deleted]
| olliej wrote:
| Any one working for a company that requires this BS should take a
| hard line: your job is 9-5, there is not communication outside of
| that work period. There is not "crunch" bs, there are no longer
| nights, there is no work during the weekend.
|
| If work can only happen in the office at prescribed time, then
| work only happens then. If you waste your time and money forcing
| people to work in a shitty and distraction filled environment and
| then why should they be interested in donating their time to help
| you compensate for poor management.
| smithcoin wrote:
| If you as a company decide to RTO and it's an expectation your
| employees are in fact in the office I don't see how tracking
| badge swipes can be considered Orwellian. I draw the line at
| software installed in employee PCs to grab screens and track
| keys. I get it's a slippery slope but tracking attendance doesn't
| feel like "surveillance" while the other software does.
| abraae wrote:
| > One Time Doctor tool even lets businesses take screenshots and
| video recordings of employees' screens.
|
| In conjunction with a way to say "I'm on personal time now", and
| suitable privacy prtections, I don't really see a problem with
| this.
|
| Trying to establish someone's work effectiveness through
| keystroke or eye tracking analysis - yeah, that's creepy and
| Orwellian.
|
| But knowing that an employee is using Facebook instead of working
| - that's an employer's right I feel.
|
| The big caveat is that these tools are blunt instruments. If
| there's no way for an employee to say "I'm doing some personal
| stuff now" then this isn't going to work. Everyone needs to do
| personal stuff during the day, and why not. However we've
| probably all seen people who literally sit on Facebook (or HN)
| instead of doing their job.
| sokoloff wrote:
| > For example, if your team is meant to be in 3 days a week, this
| number [days swiped out of possible] should equal 60%
|
| Oh geez. That tells me that less than 30 seconds of thought was
| put into that line in the policy. Surely, there are PTO days,
| sick days, business travel days, and other reasons to have that
| figure show as less than 60%.
|
| Said differently, if it was 2019 and the team policy is 5 days a
| week, does HR imagine that figure would be 100%?
| sylware wrote:
| You remember the interviews with HR? Those wanting to "know you
| better"... which what you told them ending being used as a
| leverage to push you hard to leave by yourself?
| oxfordmale wrote:
| HR is never your friend, they are the enemy.
| sylware wrote:
| My whole professional career was only betrayals following
| each other. Once I decided "Stop!" and actually doing things
| to prevent that to happen again: have been unemployed for
| more than a decade.
| Ajay-p wrote:
| A FAANG recruiter told me I should assume any company wit more
| than 100 employees is actively spying on their employees.
| imwillofficial wrote:
| A FAANG recruiter is not in a position to know this
| information, and is likely a third party contractor themselves.
| clnq wrote:
| That might have been a cope.
| glimshe wrote:
| FAANG recruiters, as most recruiters, know less of tech than
| pretty much every engineer out there. They have little to no
| exposure to this kind of information, so they probably read it
| somewhere (on HN, perhaps!)
| willcipriano wrote:
| They lied.
| DragonStrength wrote:
| If you're turning to machines to check attendance, is that tacit
| acknowledgement middle managers are just as opposed to RTO as
| ICs? Why would you need to turn to an HR dashboard unless your
| managers have undermined your plans already? Either the managers
| are bringing people in and enforcing it or they're ignoring it
| because they aren't in alignment, which seems like a bigger issue
| to your ability to execute.
| zrail wrote:
| Employer provided and managed hardware is treated as a hostile
| entity on my network. Separate SSID, separate VLAN, no access to
| local resources whatsoever. I don't even let them talk to my
| local DNS server, they reach out to Google and/or Cloudflare.
|
| Further, I don't put any personal accounts on employer provided
| hardware. For example, I always use a dedicated GitHub account
| for work stuff and the key and password never leave that machine.
| This ensures a clean break when I'm no longer at that employer.
| ttt3ts wrote:
| I find it annoying how social GitHub has become. Posting
| notifying others when I work on public repos. I don't care for
| my coworkers to know when I am up at 2am working on open
| source. I also use separate accounts now.
|
| Vlan is a good idea. Doing that now. Thanks.
___________________________________________________________________
(page generated 2023-10-01 23:01 UTC)