
Should I continue to work for a company that MITM all my web traffic - je_bailey
Recently the company I work for has implemented a third party solution (zscalar) to intercept all outbound https traffic. Although conceptually I recognize the desire to protect the company. I feel like this is a huge invasion of my privacy in particular when accessing a personal account.
======
ApolloRising
You can use your cell to tether your personal machine if you are allowed to
bring one.

You can also just buy a 4g enabled tablet and use that unless you work in
finance.

If your workplace wants to monitor its own network that is pretty normal for
any company over 50 employees. Most of the polite ones will tell you that they
are monitoring.

------
i0nutzb
Then don't access any _personal_ accounts from work?

~~~
malux85
People aren't robots. I quite like to have my personal email open just in case
anything urgent comes in. I like to have my personal github logged in, just to
see messages.

I'm still producing my work, in fact I'm so far ahead of my colleagues, that I
can take entire days off because I'm delivering early.

If somewhere told me I flat out couldn't use personal accounts I'd tell them
to f- off.

Also - work is give and take - if work is not going to "give" a little, and
let me use personal accounts, then I'm not going to "give" you some extra time
when production goes down out of hours, or there's a big push for a delivery.

Anywhere that's this inflexible is a crappy place to work, tell them to get
bent.

~~~
i0nutzb
You don't log in on very sensitive services (i.e. mail). You log in on not so
sensitive services (i.e. github, if you don't have any private repos) and you
ALWAYS use two factor auth. Always.

For very sensitive services you're either staying away for 8h/day or use your
phone, connected via 3G/4G (not wifi).

You know the saying, my house, my rules :) It's _their_ pc, their internet
connection.

Depending on your country, there might be some laws that will prevent them to
scan your traffic. Or not.

------
jstewartmobile
It seems like every mid-size-or-larger organization does this now. I think the
only way to escape this is to work for a trusting "mom and pop" outfit, or
work for yourself.

Places that do this kind of thing (most places) usually have a culture of
secrets and backstabbing. Life is too short.

"Ask and it will be given to you; seek and you will find; knock and the door
will be opened to you. For everyone who asks receives; the one who seeks
finds; and to the one who knocks, the door will be opened." \- Matthew 7:7-8

Or, if the check is just too damn juicy to part with the bastards, SSH and VPN
are your friends.

------
steve_taylor
I have no problem with companies doing this as long as they inform their
employees that all web traffic, including https, is monitored. As a rule,
never ever trust a device or local network other than your own. Bring your own
device and use your own mobile data connection.

I worked at a startup that was acquired by a big company and subsequently had
all manner of crap implemented including zscaler. They didn't tell us about
zscaler and when I discovered this I let them know I was pissed.

------
chrisbennet
Can you use your smartphone for personal use? I don't use work computers for
things I want private because I don't want my credit card #, passwords, etc.
on them.

Browsing HN on my lunch break though? No problem.

------
savoiadilucania
Do you know for certain that they are MITM'ing +ALL+ traffic? Some firms have
domain-based exceptions for certain sites (e.g. wellsfargo.com).

------
satblip
If you feel bad about this, you should at least be able to report and to have
access to a process that describe how your data are used.

~~~
benmcnelly
I feel like this is on track for most places, an above board explanation of
how safe your personal data is. If they are going to assume no personal web
access on their systems, or not give that access privacy then you have to
evaluate if that is the right environment for you.

------
ken_the_bin
You're going to be hard-pressed now to find a company of any size that doesn't
do something of this sort.

It's their network and their resources, so they get to make the rules.

If you don't like their rules, don't access personal accounts from work.

My employer has also implemented zscalar, but I never accessed things like my
bank account, credit card accounts, social media accounts, etc. from work even
before they did that.

