
Ask HN: What can employers monitor while you work from home? - rebelshrug
It occurred to me that the only employer provided equipment that I use for work is my laptop. The monitor and peripherals are all mine.<p>Can an employer use my webcam and microphone to monitor me or my activity? Can they log keystrokes typed on my keyboard? Can they do all of this through the internet service that I pay for? And should they be able to do all or any of this?
======
s1t5
> And should they be able to do all or any of this?

Personally, I don't think they should which is why I wouldn't work for anyone
who tried to enforce this. It would be a massive red flag if an employer
brought this up. Also, the companies that manage remote well know this and
none of them are implementing invasive monitoring. The ones that try it are a
small number of short-sighted old-fashioned shops that feel like they're
losing control if an employee is remote and are desperately tring to gain that
control back.

------
coffeefueled
It varies hugely, and is often more than is obvious.

Logging keystrokes and webcam monitoring is at the extreme ends of the
covert/overt spectrum, and the trust/control spectrum. Perfectly possible,
illegal in many countries, and betrays a lack of trust in employees (in most
cases) that likely means the company has a rather toxic environment. There are
some very unpleasant examples of this out there, not only for employees but
also students using school-issued equipment.

In a much more subtle example, a company which provides their own DNS
infrastructure can effectively monitor internet activity on company endpoints
without relying on a proxy, and without the conscious awareness of most
employees.

------
rogerkirkness
We ask employees to install a monitoring agent based on OSQuery for compliance
reasons. It does very little. It queries (read-only) OS meta details about
whether or not they're using antivirus (true/false), have a password manager
(true/false), the HD is encrypted (true/false), whether or not location
services is active (true/false) and a list of applications. I think this is
pretty typical. Some companies might go deeper, but I think we're in the norm.

~~~
rebelshrug
Do managers or HR personnel have the ability to dig deeper?

~~~
rogerkirkness
Nope

------
muzani
I worked as a partner to a tech giant who had some security requirements,
where they'd only release code to us if all the people with the code met
certain requirements. It was a day-long security audit and there were several
pages of checklists.

What I commonly see is them monitoring all data going in and out, especially
through USB drives. Rival services like Google Drive are often blocked. I
wouldn't be surprised if some have a kind of analytics but it's unlikely. I
doubt webcam and microphone are used to monitor activity unless you're working
somewhere like Facebook.

------
drpebcak
They certainly CAN monitor all of this.. but a lot of them don’t. I don’t
think it really matters if the mouse or something is yours, it’s really about
the computer itself. The policies and practices vary between companies. Are
you suggesting there might be an issue because they are ‘using your resources’
to do this?

Would be interesting to see the liability a company opens themselves up to by
monitoring an unaware employee with a webcam while they work from home though!

~~~
rebelshrug
> Are you suggesting there might be an issue because they are ‘using your
> resources’ to do this?

Not suggesting, but asking. It certainly feels invasive to me, though.

------
cloudking
Depends who your employer is, there are varying levels of remote monitoring &
administrative tools. Smaller companies are likely to invest less in this due
to limited resources, where larger companies may invest more heavily for
compliance and security.

