this post was submitted on 22 Aug 2023
13 points (100.0% liked)

Privacy

31876 readers
468 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 
all 43 comments
sorted by: hot top controversial new old
[–] [email protected] 5 points 1 year ago

Never do anything on work machines/networks you don't want to have to explain to hr/legal.

[–] [email protected] 1 points 1 year ago

Of course they can, they literally own the machine. You don't own it, so don't treat it like it's your own private job hunting platform or porn viewer.

[–] [email protected] 1 points 1 year ago (3 children)

if you don't have your personal browsing using a private profile of a secondary browser which you know you can delete, you are doing it wrong.

[–] [email protected] 2 points 1 year ago (1 children)

Yeah, I can still see that activity. You're still doing it wrong.

Personal device not on corporate network or you're doing it wrong.

[–] [email protected] 1 points 1 year ago

Sure but people see that you are on the phone while the IT people don't really care what you do and by bosses aren't checking those logs so idc. it's about being discreet on some layers.

If I were at home I wouldn't need to do anything to hide it since I would use my pc but since I'm in the office I have to get creative.

Also, 5hisbpost was 7 days old :)

[–] [email protected] 1 points 1 year ago (1 children)

As an IT administrator, if your org has GPOs controlling if you can delete your browsing history or not, there is no chance you will be able to install a second browser without admin credentials.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

I can confirm there are places where that is possible.

Also as long as they do not whitelist executables, you could use a portable version of a browser.

[–] [email protected] 1 points 1 year ago (1 children)

And you would still get caught on the company device trusting company CAs, thus enabling them to decrypt all your traffic.

Use a personal device on a personal network for personal stuff.

[–] [email protected] 1 points 1 year ago

I was talking about the history on device, of course I agree: never expect privacy on a device controlled by someone else.

[–] [email protected] 0 points 1 year ago (1 children)

That might not be enough. I could monitor that on all the devices I manage, if I need to. There are tools to dump browsing info as it's being committed, or it's easy to pipe all the traffic from your machine through a VPN to a firewall I manage with a trusted cert injection into your device and inspect the traffic in transit. If you don't want your employer to see what your up to, don't use their infrastructure.

[–] [email protected] 0 points 1 year ago* (last edited 1 year ago)

Well, yeah, if I worked at home I would use my personal computer for personal things and the workstation for work, it would be pristine. But alas, in the office there's so much time I can spend pretending that I'm working because I finished my tasks before I implode.

Some risks are necessary :)

It's not really about IT not knowing, but about being discreet enough that your boss doesn't see your personal accounts logged in or even worse, to have two chrome profiles, both with obscure names, press the wrong one and to share the screen of saved tabs with Facebook, Instagram, pornhub.... Yeah I've seen those bookmarks.

It's... Wtf... If you're going to be that deranged, at the very least be discreet... Sigh.

[–] [email protected] 1 points 1 year ago

Oh no, my employer might find out I'm looking for other jobs after being overloaded for a year and a half and constantly having my concerns/feedback/process improvement initiatives brushed aside.

[–] [email protected] 0 points 1 year ago (1 children)

Everybody has a cell phone nowadays. There's no excuse not to use your cell phone for private stuff. In fact don't use the company Wi-Fi. You must use the company Wi-Fi then you must use a VPN

But no excuse anymore not to use your phone, you don't need to use the word computer to browse, send emails, flirt, whatever

[–] [email protected] 0 points 1 year ago* (last edited 1 year ago) (1 children)

Everybody has a cell phone

All of my colleagues have work provided phones and laptops. They do all their personal shit on these devices (they don't have their own)

They think i'm a huge weirdo for having my own personal devices.... "Why waste money? Work gives us computer/phone... Lol, you carry two phones like a drug dealer?"

[–] [email protected] 0 points 1 year ago (1 children)

WTF? What country? Even at jobs where I was given a phone no one felt like ditching their personal devices.

[–] [email protected] 0 points 1 year ago (1 children)

I suspect its a millenial thing....

A few of us old guys keep personal devices.... Our young colleages just expect the company to provide devices for them and never have to buy their own

[–] [email protected] 1 points 1 year ago

Or we can’t afford our own 😕.

[–] [email protected] 0 points 1 year ago (2 children)

If allowed, doesn't DoH/DoT mitigate this issue?

[–] [email protected] 1 points 1 year ago (1 children)

Not if your employer has installed a root CA on your machine, enabling them to man-in-the-middle all your TLS connections.

[–] [email protected] 1 points 1 year ago

Oh that's a thing? That's kinda frightening

[–] [email protected] 0 points 1 year ago (1 children)

Not necessarily, as the browser is still logging the history.

[–] [email protected] 1 points 1 year ago (1 children)

Well that's what private mode is for, to dump the local data after closing the browser session

[–] [email protected] 1 points 1 year ago (1 children)

I know I'm here a week later, but a large number of system administrators disable browser proxy systems, dns over https, and incognito. It's a neverending war.

[–] [email protected] 1 points 1 year ago (1 children)

Pretty much, but (noob question) how can they block DoH, wouldn't they have to block HTTPS completely as well?

[–] [email protected] 2 points 1 year ago (1 children)

They control the browser settings itself. It's either a work managed device or profile.

[–] [email protected] 2 points 1 year ago

Ah ok that makes sense

[–] [email protected] 0 points 1 year ago (1 children)

I’m an infrastructure analyst and at my workplace I implement such rules for specific reasons: 1) we need to be able to have evidence should an employee act maliciously with a company device. We do also monitor all queries but it’s passive. We can drill into your browsing history in great detail but won’t unless we have to (speaking personally here as I follow the code). 2) people will do dumb shit. And will lie to get support. Now, having been on the other end of a support ticket, I get it. Unless you lie a little, you may not get support promptly. Therefore, it’s part of my job to check what’s the lie and what’s the actual issue, which includes being able to see the download history. I would not be surprised if malware is accidentally downloaded and then it autonomously removes itself from the download history as It has happened before. Strictly speaking, this is done for both your safety as well as that of the company. And generally speaking, you should NEVER use your work laptop/phone/iPad for personal use because of all of the above.

[–] [email protected] -1 points 1 year ago* (last edited 1 year ago) (1 children)

I use my personal laptop at work, no issues. Employer can't see what I'm doing which is the way it should be.

If they don't trust me, don't hire me then.

I would never work anywhere where people like you can watch what I'm doing. Luckily I'm in IT so I choose where I work.

I despise companies who don't give employees privacy. The reasons you gave means nothing. You can always argue for anything to protect the company. Who protects the employees?

Safest for the company would be if you have employees in small cells being watched by guards around the clock. That would be really good for the company.

[–] [email protected] 0 points 1 year ago* (last edited 1 year ago) (2 children)

If you've connected your personal laptop to your work wifi, they 100% can see all your browsing history (specifically whats passed through their network).

Hell, I only run a simple homelab and I can see the exact traffic/browsing history of every device on my home network. I'm only tracking via dns traffic, but your https traffic can even be intercepted and decrypted pretty easily. So don't even trust that.

This doesn't require installing anything on your device to fully monitor you.

[–] [email protected] 0 points 1 year ago* (last edited 1 year ago) (1 children)

You’re not wrong. It really comes down to how ethical the IT/company is. And we are, purposely so. Also we have dns-over-https and No other identifier is parsed through. So we can see and block someone browsing porn on the guest Wi-Fi, but we’d never know who it was. Look, I’m not saying things are perfect, but there are people like me who look out for both the user and the company. The goal is ensure that users privacy is respected and that the company is protected agains misuse, malicious intent or just plain bad-luck. This is the “code” I was referring to. As IT people we have to behave ethically for business we operate in. It’s not perfect but nobody is trying to be. This is all best effort from all parties.

[–] [email protected] -1 points 1 year ago* (last edited 1 year ago)

Your ethics goes out the window when being told to do something by your employer.

Maybe you try to look out for the user, but it's completely wrong that employees should have to trust you to do that.

"Company being protected from misuse" is a blanket term for survellience, same as "fighting terrorism".

I still stand by my opinion. Companies need to trust employees and not run survellience programs against them. It's just wrong.

[–] [email protected] -1 points 1 year ago

Sure but I work from home. Don't use their wifi except when I'm in the office. I could connect to a VPN and they would also see a connection to a VPN, but I don't care enough to do that.

But when I'm at home, working on my computer, they don't see anything.

[–] [email protected] 0 points 1 year ago (1 children)

Joke's on you, I'm the network admin in the office.