
Ask HN: Dealing with monitoring software on work computers and transparency - imojinrobinson
Does your company run any monitoring software on your work computer? If so, does it interfere at all with development tooling? My company&#x27;s IT team has been very secretive with the tools and settings they are deploying. Their applications are interrupting build tools and there are rumors floating around web traffic is being monitored as well. The company can do as they wish with their property but I&#x27;m interested in where one draws the line.
======
runjake
I work on that IT side of the fence. You should assume that all activity is
being monitored on your work machine and on your work network, because it
probably is, and is your job worth testing the odds?

Additionally, modern OSes log and cache stuff all over the filesystem and even
though you cleared your browser history and cache, it's highly likely there's
still undeleted detritus sitting on your device's storage. I have recovered
supposedly-cleared caches many times without having to resort to filesystem
forensics tools, simply because of stuff like log rollovers, and routine
snapshots of data caches.

Where do I draw the line? If I were subjected to it myself, I'd keep looking
for a job where this kind of monitoring didn't happen. Not because I want to
goof off on HN all day, but because its creepy, fosters distrust between
employer and employee and hinders my tasks.

------
privcythrowy
> The company can do as they wish with their property but I'm interested in
> where one draws the line.

I'm not sure how universal that is. Personally I always prefer keeping my
stuff away from a work machine, but this does not mean that surveillance is
OK.

Where I live (Western Europe), it doesn't really matter whose property it is,
surveillance is not allowed. If your employer is analyzing your web traffic
and/or reading your e-mails this is illegal even if it's on their property or
their network.

~~~
krageon
Your employer most definitely has access to your work emails. Reading your
private email would absolutely be illegal in any normal country, but wasn't
really under discussion so is a wild tangent anyway.

Your employer is allowed to monitor web traffic that uses their networks,
which on a lot of work machines will be all traffic (office networks will be
monitored to detect malware and abuse, just like VPNs will be).

~~~
demygale
Having the ability to read your work email is not the same as having a legal
right to do so. My employer doesn’t have a legal right to view the contents of
my purse or car even on company property.

I realize the legality question will be different depending on the country,
but my experience working in the EU says people have a much higher expectation
of privacy on their work computer.

------
Jaruzel
I've worked in many large Corporates, mainly in the financial sector. I've
also spent a large part of my early career designing and deploying the
'standard' build that gets put on all work end-user machines.

At the very least, a regular full audit of your machine will be done. It will
be looking for unauthorised executables, scripts, and certain filenames. This
is in addition to the normal malware/virus scanning with central reporting
that will also be enabled.

Then there's the prevention of the user being elevated, so that normal users
can't install anything (although stuff like Chrome, and some Chat apps try to
bypass this) - some places totally rely on a central deployment platform (i.e.
SCCM) other places allow exception via one-time codes.

It's this prevention that tends to fubar most dev tools, which assume the user
has a high level of rights.

Web usage is definitely logged, with either auto alerts to line managers/HR
based on keywords, or is only actively looked at if it's a problem employee.
Most countries have employment laws, which mean that web usage HAS to be
logged - it's to protect the employee as much as the employer.

Unscrupulous employers also install 'idle' monitors, to check that the user is
actively working on the machine during the day (I'm looking at you, Barclays
Bank!) - these are people no self respecting professional should ever work for
in my opinion.

In short, if you think you are trying to do something on your work machine
that you do not want you employer to know about, then it's probably something
you should be doing on your personal device instead.

~~~
dominotw
> based on keywords

keywords like for porn ?

~~~
Jaruzel
Depends on the employer - most outsource their web access to a proxy provider
that has configurable content block-lists.

but yes, porn is likely blocked and/or reported on in most large
organisations.

~~~
wongarsu
Also keywords like "resume"

------
rojeee
Where I work it the software doesn’t interfere with development tools but
still, I don’t like the idea of it. Luckily they only have such monitoring
software for Mac OS and Windows, so the solution is to use Linux (for now). If
your company allows you to use any OS then I would recommend switching away
from Mac OS/Windows... I guess there are trade-offs though, most Linux distros
are not as polished as Mac OS, for instance.

~~~
wbkang
This is unfortunately not true anymore. Both Tanium and crowdstrike run on
Linux for example.

~~~
matoro
The Linux version of Crowdstrike is severely gimped compared to the Windows
one though. No way you could reconstruct somebody's activity with the same
detail you could from a Windows session.

------
brundolf
If it bothers you, avoid larger companies. Only one of the companies I've ever
worked at even had an IT department (it was two people), and even there I had
admin permissions on my own MacBook because it was easier for everybody if I
just set up my environment myself instead of filing a bunch of helpdesk
tickets. Creepy surveillance-ware seems to be more prevalent at giant
companies who a) have the money/man-hours to bother with it, and b) have
enough distance between devs and management that they feel like it's
necessary.

------
maps7
In any big company, web traffic is being monitored.

------
scott31
If your device is owned by your employer, they can technically do anything
with it, including illegal spying on you. Whether something is legal or moral
is irrelevant, you should just assume they are doing it and act accordingly.
Trying to draw any other line is not helpful.

------
cpach
To the best of my knowledge, the companies I have worked for has never
utilized any spyware as such. Only AV software.

