
Employers who use software to take screenshots of workers’ computers - polpenn
https://www.wsj.com/articles/youre-working-from-home-but-your-company-is-still-watching-you-11587202201
======
askafriend
I would quit the moment I found out something like this was being instituted.

I think most companies that need to hire top talent know that these kinds of
things drive away talent. So these practices tend to be relegated to a lower
tier of companies/employers.

~~~
whitehouse3
Conversely, those employers can’t hire top-tier people. The ones they do hire
probably don’t have the FU money to walk away from spyware like this. So they
live with it instead.

This is truer in a recession. And the effect can justify calls to unionize.

------
benjohnson
As a company owner, I've resisted the temptation to do this. We did make it
easy for our employees to behave themselves by making it very easy to 'clock
in' and 'clock out.'

I told everybody that this is a time to be close to family - if your child
wants to play ball in the middle of the day, then go ahead! Just clock out
before you do. Get your 8 hours in and document your work.

Thankfully everybody has responded well - I have one employee than needs me to
randomly call them to keep then honest, but he's a good guy and I think is
struggling with a bit of depression. He likes to be called and he likes our
chats.

~~~
dkersten
Why is it tied to time, instead of deliverables? I mean, if I work extra hard
to get the days work done in 4 hours, why can’t I leave early compared to a
co-worker who is working less focused and more slowly?

I get that it’s not easy to set good milestones, and to keep it fair in terms
of making sure everyone has approximately equal work, but I feel the same
problems exist with required work “time” especially since it doesn’t encourage
working more efficiently, effectively or smarter, because you gotta get those
8 hours in regardless.

Unless they’re contractors/consultants who bill by the hour, of course.

~~~
benjohnson
I limit our employees work to 40 hours a week so we don't have burn out. I
want people to work hard and then go home.

So far, so good: Our employees are constantly coming up with better ways of
doing things - with less stress, hassle, and annoyance. Over the last three
years, our works has gone from suffering 40 hours to an enjoyable but hard-
working 40 hours. Our retention rate has gone from 40% to 95%.

~~~
benjohnson
I need to be explicit - it's timed to both time and deliverables. 40 hours of
productive work - productivity is defines and delivering value to the
customer. The customer can be internal.

We don't work overtime and only one person is on call (wait time is paid at
time and a half) on Saturday.

------
Cpoll
A lot of people are saying "not news worthy," but I think this is a far more
useful article than the majority of articles posted here:

\- It's applicable to most people on this site

\- It's actionable: be conscious of what you use your company-issued computer
for

I'm convinced that most people aren't aware that this is a common practice.
I've talked to people who think it's not possible or that their company
doesn't do it. On the flip side, I've worked with enough IT departments to
know that most of them have the capability, even if they're not actively using
it.

If your computer has any sort of remote management software on it (typically
used for pushing mandatory updates), IT can probably also surreptitiously
access your filesystem or observe your screen.

~~~
Guest42
What I wonder is the best way to determine whether this is going on and if so
what it is doing exactly (or in broad terms)

~~~
geofft
If it's on a computer built for you by work / owned by work, all bets are off.
Even if they're not taking screenshots, they can be logging keystrokes or web
traffic or anything.

If it's on a device you own:

\- Do not install software from your employer that requires admin permissions
(i.e., requires typing your password).

\- If you're on recent versions of Windows or macOS, various powerful actions
like taking screenshots are restricted by default and should at least trigger
a permission prompt. You can go to Settings or System Preferences and see
which apps have been given permission. If you can, try to install apps only
from the OS's app store (because those apps are sandboxed more tightly than
traditional desktop apps) or apps from reputable publishers (e.g., it's fine
to install Word or Photoshop or whatever, but don't install MyCompany
Productivity Helper For Employees).

\- Try to get work to give you a corporate device, or a way to work via a web
browser or via remote-desktop to a computer on your desk in the closed office
or something (and make sure that way doesn't involve installing custom
software...).

\- If you have to install custom apps, make a separate non-admin user account
and don't type your admin password when you're logged into it. Then your
company can watch your company work but not your personal stuff.

\- If you're installing on a mobile OS, installing apps is generally fine but
be very careful about installing a mobile device management (MDM) profile.
When you install one, you'll be prompted about what sort of access you're
giving your company; make sure you're comfortable with it.

BTW, the same goes for schools - for instance, if your school wants you to
install some sort of app for taking remote exams, the purpose of the app is
almost certainly to _intentionally_ take screenshots so they know you're not
looking at Wikipedia. See if you can install it in a non-admin account, or if
your school is issuing laptops, use that (and don't use that laptop for
personal stuff).

(Shameless plug: a friend and I run a personal security newsletter and we
talked about this a bit last issue:
[https://looseleafsecurity.com/episodes/newsletter-2020-04-05...](https://looseleafsecurity.com/episodes/newsletter-2020-04-05.html)
and we also have a guide to checking up on MDM on your phone:
[https://looseleafsecurity.com/episodes/newsletter-2019-12-07...](https://looseleafsecurity.com/episodes/newsletter-2019-12-07.html))

~~~
Bombthecat
In germany, this would be highly illegal though. (screenshots, keystrokes)

------
Hamuko
This makes me really glad that our company policy thus far has been giving
employees new machines and have them set them up themselves. I know my work
laptop has no spyware because I didn't install any.

~~~
diebeforei485
And you installed no internal apps at all? How did you get on the corporate
Wi-Fi? How do you send print jobs to the office printer?

It's quite rare for company-owned macs to be completely unmanaged. Usually the
installation method for common corporate utilities is an MDM solution like
Jamf (Self Service), which also transmits logs - for example how long each app
was in the foreground[1] and what times you're using your computer[2].

1\. [http://archive.today/tfYtO](http://archive.today/tfYtO)

2\. [http://archive.today/MkBKE](http://archive.today/MkBKE)

~~~
slipheen
I have work at multiple start ups, many of which I have been with as a grown
from 5 to 500 people. A few have gone public

None of them do any sort of monitoring like this.

At some of them, I have lead the security team. and others, I have been in
charge of IT.

Even at the ones where its not my job to handle that, I am supremely confident
that we use no such software.

Beyond the policy problems that it would cause (private keys and customer data
could be viewed, requiring very broad access roles), it would also be next to
impossible to implement from a technological standpoint.

At every company that I've worked at in the last 12 years, engineers have had
the ability to wipe their machine and reinstall.

In most cases, they have the ability to swap out hard drives and other
components, Bring them to Apple stores for repair, etc.

No one that I know of users custom VPN software, or closed source Cisco stuff
anymore.

I think you are dramatically overestimating how common this sort of thing is.

------
dessant
This [1] is a good read on what you can expect as remote work becomes
widespread in a competitive job market.

[1]
[https://www.buzzfeednews.com/article/carolineodonovan/upwork...](https://www.buzzfeednews.com/article/carolineodonovan/upwork-
freelancers-work-diary-keystrokes-screenshot)

~~~
codesuela
This seems pretty easy to game for a software engineer:

1\. Write code for the project and record mouse clicks and keystrokes

2\. Replay keystrokes at .5 speed inside a mirrored VM

a more sophisticated tool could also vary speed and add typos.

~~~
rapind
Agreed, and bring it on. If this becomes a thing then I'll run a platform you
can outsource your _busy time_ in a VM to. This sounds like a ton of fun TBH
and makes me think of game automation. Evolving into a game of cat and mouse
and giving me an excuse to spend more time messing w/ OpenAI.

~~~
sitkack
This is how the AI takes over, we automate ourselves in silly ways. How do we
know we aren't bots doing someone else's work?

~~~
jowsie
Bob was one step ahead of us all

[https://www.npr.org/sections/thetwo-
way/2013/01/16/169528579...](https://www.npr.org/sections/thetwo-
way/2013/01/16/169528579/outsourced-employee-sends-own-job-to-china-surfs-web)

------
mschuster91
This would be super illegal in Germany and I believe also in the rest of
Europe.

Sure, most corporate IT depts could do this - but if caught, they'd face
_real_ penalties. The brazen-ness of US employers regarding surveillance of
their employees is something that continues to (negatively) amaze me, even
after years on HN and Reddit.

------
sacks2k
I'm not surprised. I worked at a place a decade ago that used desktop
recording software on everyone's computer and our manager would regularly
review it.

I ended up quitting when I found out.

------
uk_programmer
I assume if the PC isn't mine e.g. machine provided by employer, or the box
isn't mine (router from ISP) It is probably has telemetry of some sort. I also
expect device s like a phone/pager etc from an employer to be monitored in one
way or another.

~~~
bdcravens
Many also use it on computers owned by contractors, requiring its use to bill
time.

~~~
dawnerd
In that case can't you just install it on a tiny vm on a server?

~~~
uk_programmer
Some places are super locked down when it comes to what software you can
install. For example it took me a month to have pandoc, vim and a few other
tools (GNU Tree) and a few other pieces of software installed by IT because it
had to be approved by 2 layers of management, approved by IT Security and then
it was installed on my PC.

If you are working remotely they will give you a machine that VPNs into
another machine.

------
pcurve
This has been a thing for at least 15+ years. In fact, when computers were a
bit slower, I would notice a perceptible lag in my mouse movement when this
happened.

Honestly, there are better ways to measure productivity based on other
parameters, taking screenshots is just silly.

------
caseysoftware
When they say _" workers' computers"_ do they mean company-owned machines
issued to staff to do their jobs or personally-owned machines that people use
for work?

If it's the first, as ugly as it is, it makes sense. Don't do anything on a
work computer that you don't want your boss, their boss, and the corp
IT/lawyers to know about.

If it's the second, that's wholly unacceptable and ridiculous. I refuse to
install company-anything on personal devices with the exception of a push-app
for MFA on my phone. Everything else, forget it.

~~~
judge2020
This is referenced during the pandemic, so most likely personal computers.
Many employers either sent their employees a desktop or have asked them to use
their work laptops, but I would guess the majority allow and encourage
employees to use personal computers instead (of which they would require the
spyware installation).

------
buraksarica
It's not news when employers use software to take screenshots of workers'
computers. Come again if you catch a worker use software to take screenshots
of employers' computer.

------
MattGaiser
What? Did you think the manager who came to look over your shoulder constantly
suddenly became trusting of you when everyone went to remote work?

------
WalterBright
The trouble with taking screenshots is then you have to employ people to spend
their day examining and evaluating the screenshots.

Before computers could transcribe voice, the limiting factor of wiretapping is
needing some poor schmuck who had to listen to all those utterly banal
conversations, which has to be one of the worst jobs ever.

~~~
kqr
> The trouble with taking screenshots is then you have to employ people to
> spend their day examining and evaluating the screenshots.

What I don't understand is how they explain that to their customers.

"Yeah, you're not quite getting what you paid for because we spent a portion
of it hiring a couple of guys to look at screenshots of our employees
computers. Sorry. You can get free screenshots?"

And customers accept this waste of money?

------
ackbar03
Jokes on them, hope they like gay porn

------
dep_b
I'm working on a product that logs everything you do on your computer super
accurately, but when it comes down to submitting those activities the user can
(actually often really _needs_ to) clean them up first.

The raw logged data doesn't leave the computer, the boss or client gets a
version that might or might not be an accurate reflection of what the worker
did.

The most important thing is that you're able to "remember" what you did two
weeks back, how much time you spent on it and for what project. Because that
takes a lot of time and is always very inaccurate if you need to do it from
memory.

There is no way I want the end user to feel spied on by the tool, that would
totally kill the acceptation in the market.

~~~
Ididntdothis
“ There is no way I want the end user to feel spied on by the tool, that would
totally kill the acceptation in the market.”

Are you selling to the actual user? Usually stuff like this gets bought by the
employer.

------
bmn__
Bosses panic-buy spy software to keep tabs on remote workers
[https://news.ycombinator.com/item?id=22728971](https://news.ycombinator.com/item?id=22728971)
(19d ago)

------
ryall
I understand that managers have a need to keep track of how their team members
are performing, and that their job is a lot harder when their team is working
remotely.

But I think It's possible to collect productivity metrics without obliterating
employee trust.

I'm working on a tool to do this but I’ve stalled in the project because I’m
having a hard time reconciling whether it benefits companies enough to pay for
it (It seems geared towards employees more than companies)

~~~
tspike
If you have good domain knowledge and regular 1:1s, remote or not, it should
be pretty darn easy to know if your team is being productive. Why is this so
difficult?

~~~
ryall
I completely agree, but then why do these tools exist in the first place?

I think it comes down to a few things. 1\. There are managers that do not have
good domain knowledge. 2\. They don't have regular 1 on 1's, or anything else
that good managers do.

Essentially you're assuming that all managers are good, or even competent when
most of us have had experience to contradict this.

Which is essentially my conundrum: good managers won't need my service, and
bad managers won't even be looking for it

------
SecurityMinded
And this is news how ? You are using a computer furnished by your employer and
said emplyor has every right to monitor what uis being done on it in any way
they can and want. My company uses ObserveIT and one of the features is to
take screen captures, to be used in any way that company sees fit, now or
later. If anyone has a problem, they can quit

------
diebeforei485
Not just Windows. It's also fairly common for corporate Macs to transmit usage
logs, for example using Jamf (Self Service). I'm fine with this, but willing
to bet most people aren't fully aware.

1.[http://archive.today/tfYtO](http://archive.today/tfYtO)

2.[http://archive.today/MkBKE](http://archive.today/MkBKE)

------
ericjang
Hypothetical question: if your employer offered you the option of extra
compensation to install keyloggers/screen capture software on your work
computer, and you know that the logs are only being used for aggregate
productivity statistics of the firm (de-anonymized), how much do you think
would be a fair price?

Assumption: you use a separate computer for your personal computing needs not
related to work.

~~~
downerending
If it's aggregate stats (assume you meant _anonymized_ ), I wouldn't care very
much.

If someone was watching me without my knowledge, I'd like quit when I found
out. (Or perhaps make their life hell.)

Employers should just fess up and state clearly that they _are_ doing this.
It's the coverup that's the problem.

------
s09dfhks
For those of you with macbooks, you can easily remove the Jamf management
software by running `sudo jamf removeFramework` (note the capital F)

------
BrandoElFollito
This would be completely illegal in France.

Beside the fact that an individual tracking requires the employee to be
informed of the fact and that the company must jump through hoops to have this
registered - you coukd end up screenshooting private activities.

They are allowed on company devices and company time, and they are protected.

------
amiga_500
I remote into my PC at work with citrix.

When I want to surf the web I use my local browser. I would be surprised if
citrix can screenshot other active windows, perhaps I'm naive.

------
bobbydreamer
Mostly all issues happen at the top of the hierarchy which is enough to
dissolve the company like insider trading, giving a hint to client but those
people will never be logged. Mostly I feel it's ok. If a employer is doing it
basically means couple of things 1. He is helping a startup and loading them
test cases. 2. Well he has some computing power but nothing big to process or
analyse so he is throwing it away.

Just asking would anyone be okay if a banking app asks for a selfie or takes a
photo of you when you are performing a transaction via mobile, just to know
that transaction is valid.

------
Ididntdothis
Is there a way to figure out if your machine does this? Is there a list of
process names to look for or similar?

~~~
droopyEyelids
In MacOS, the software probably requires screen recording permission in System
Preferences.

------
neonate
[https://archive.md/rArpa](https://archive.md/rArpa)

------
bdcravens
This software is pretty common in the VA space, and Upwork does the same.

~~~
czardoz
What's ”VA space”?

~~~
Chirael
Virtual assistants

------
loteck
Certainly would feel creepy, if I knew it was happening.

But, I would ask, beyond a gut feeling of being creepy, what particular
objections does anyone have to this? Do you believe employers are not
entitled, either legally or ethically, to do this on their own equipment?

~~~
ryall
I think the main objection is that these companies are treating their
employees as an enemy rather than part of a team.

Seems to me to be a very strong indicator of a toxic workplace

~~~
loteck
I disagree with the characterization of "enemy," but I understand your point.
Do we not regularly discuss here amongst ourselves the internal security of
our organizations? Are inside threats not a growing part of that concern? [0]

Do we expect orgs not to respond to insider threats, or is it just this
particular response that is especially distasteful?

[0]
[https://enterprise.verizon.com/resources/executivebriefs/ins...](https://enterprise.verizon.com/resources/executivebriefs/insider-
threat-report-executive-summary.pdf)

------
siva7
I am seriously baffled at how normal it seems for americans to put up with
this. This is illegal in germany. If i would find out about this behaviour i
would instantly quit, warn my colleagues, turn to press and the police.
Otherwise such things would be considered only a small offense at privacy if
you act like this is normal.

------
invalidOrTaken
Gross.

------
papermachete
Paywalled article, please post the full version.

------
tanilama
If it is the computer that owned by the employer, then it is their property,
they put all kinds of spyware there, nothing news worthy

~~~
krzyk
But they way you do your job is private, think of it as intellectual property,
your know-how, your tricks. In EU this would probably be not allowed.

E. G. in Poland it is not allowed to record how teachers teach as it is their
IP.

~~~
fulafel
In most of Europe it's rather rooted in privacy of communications as a basic
right, plus regulated labour rights that come from unionization.

~~~
BuckRogers
I love the European way. It’s shocking to me considering the US was founded
and largely consists of descendants of Europeans, how our work cultures can be
so extremely different. Every single person on my family tree for both of my
grandmothers are from Germany and Switzerland, going back 5 generations. There
has to be shared cultural traits passed down to us.

We need to at least move to being more like Canada, if not Germany. Tough to
ever happen as our class war has long been won/dominated by the investment
class. Employees here aren’t even cognizant the class war is going on. If they
were, they’d choose denial to avoid having to punch up and prefer to focus on
fellow workers or energy on disdain for people in public assistance. Ignoring
that low tax rates for the wealthy is much larger and harmful public
assistance (socialism).

