
Limitless Worker Surveillance - boh
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2746211
======
rm_-rf_slash
This kind of thing is why I EXCLUSIVELY browse the Internet on my phone while
at work (without using work wifi, of course). I also never use my work email
for personal correspondence, ever.

Granted, I work at a remarkably lax institution that cares more about getting
the job done and less about managing our lives, but these are habits I picked
up working in Silicon Valley and I couldn't even imagine the kinds of
perpetual monitoring that some of my friends from college have to put up with.

Nobody cares about how long I'm in the bathroom. They like the software I
write. And then we all go home at 5.

~~~
x1798DE
Yeah, I am always shocked when I see people logged in to services and stuff at
work. I use my phone, never on work wifi, to check e-mail, and if something
comes up that needs a real interface, I use my laptop (on work wifi, but with
a VPN to my home router). Doing anything else seems like madness to me.

~~~
thieving_magpie
I use personal accounts at work. If texts to my wife are a problem, sure have
at it. I'll start circulating my resume.

Luckily I've never worked at an organization that wanted to own my life to
that extent.

~~~
Loughla
Also, if my work is being measured by time spent on task instead of output,
I'm working in the wrong place.

------
PixelB
The company I used to work for required that you give them backdoor access to
your cell phone if you wanted to check your work email from it. This gave them
the ability to factory reset your phone remotely, as well as change your
pin/unlock, along with who knows what else. I refused and was terminated.

~~~
rfrey
You lost your job over the ability to check work email from a personal device?

~~~
PixelB
I lost my job because of "noncompliance" to their demands that they have
complete access to my personal phone.

~~~
jessaustin
We're confused because above it seemed as if your other choice would have been
just not checking your work email with your personal phone. That doesn't seem
as if it would have been a hardship.

~~~
PixelB
Management required that you send a group email if you were going to arrive
late to work. So when I'm stuck in traffic because of an accident how do I
email them? Before you ask, they said no text messages were not acceptable..
their requirements were if you had any issues that you had to send an email.

~~~
bigmofo
If they require one to send an email outside of the company network, then
should supply the equipment. I would never give my employer control of any
personal device. If they don't give employee equipment to send the email on,
then I don't see how they can reasonably require one to send an email. What
happens if one does not have a smart phone? Do they require one to purchase
one?

Also, if one is stuck in traffic one most definitely should not be sending
email or a text message because that is dangerous to you and others on the
road; it also gives the impression that the company does not care about the
safety of people.

If I could not call my boss (or coworker) when I hit bad traffic and have said
person send the email for me, I think that there is something wrong with the
company or group. What exactly is the problem? Do they think your boss or co-
worker are lying?

Anyway, sounds like a company that I would leave and save them the trouble of
firing me.

------
matheweis
I refuse to participate in the worker wellness program for this very reason.
The $10/mo I'm giving up isn't nearly worth the data that I'm coughing up in
exchange...

~~~
r0m4n0
Yea, having worked for a big health insurance company with many "wellness
programs" it's a bit scary what you agree to when you do the biometric
screenings. All of your vitals go into a database for them to analyze and
calculate risk. We weren't quite smart enough to really utilize it and most of
the drive to implement these programs were not nefarious. Our intentions were
primarily around the fact that requiring people with certain BMIs to lose
weight does reduce healthcare costs.

~~~
Someone1234
> Our intentions were primarily around the fact that requiring people with
> certain BMIs to lose weight does reduce healthcare costs.

I've never seen a wellness program that "required" that. Most of them are just
designed to bring attention to the issue so that you yourself start to address
it (i.e. it is a subtle prod, not a hard shove).

If requiring weight loss has been implemented I'd be interested to read about
it. In particular how employers and insurance companies avoid violating the
Americans with Disabilities Act.

They started out as a way to stop people ignoring their health until it was
too hate. Essentially they're designed around giving out health information
and requiring annual checkups (either full health check or biometric
screening, employee's choice).

~~~
r0m4n0
Yep totally agree, I always found that to be a slightly bothersome but they
are ultimately trying to reduce costs and don't have much control.

We had various stipulations as part of the wellness program:

First off, this is a "optional" wellness program but opting out could cost the
typical employee hundreds of dollars.

If you fall within a certain threshold for BMI, blood pressure, and haven't
smoked within 30 days you immediately qualify for the health premium discount
(or some other custom incentive including PTO, cash, giftcards, etc whatever
we negotiated with the group).

If you failed the BMI or blood pressure criteria, you have the option to show
improvement in your BMI over the course of a period of time.

If you smoke or can't/won't improve your BMI or blood pressure you immediately
fall into the third ring which involves third party programs that you have to
prove you attended. Some of which include achieving a particular goal at
Weight Watchers, smoking cessation programs, Walkadoo, etc.

------
manishsharan
My employer MITMs my https sessions. The result is that I can not use Firefox
to google stuff or use any site that uses HTTP Strict Transport Security . And
since we are still on Windows 7, we end up using IE which is a pain in the
ass.

~~~
Spooky23
Just add your employer's public key to the Firefox trust store. If you
explicitly trust the signer, it shouldn't block you.

~~~
nkristoffersen
It's a MITM attack so I'm guessing the traffic is no longer secure.

~~~
Spooky23
It is, but he's using IE so that isn't an issue.

Firefox provides it's own TLS root certificate store, while Chrome and IE
inherit the system's.

~~~
leereeves
It _may_ be secure against outsiders (depending on what the MITM does with it)
but is almost certainly being monitored by the employer.

~~~
NickNameNick
Some of those 'security' platforms are pretty terrible.

I can't remember which vendor it was, but at least one of them was accepting
invalid certificates, and re-encrypting the traffic with its own certificate
chain. Completely hiding any errors that should have been visible to the end
users.

~~~
Silhouette
I've noticed some popular Windows anti-virus software doing similar things
recently. Trying to check one of our own (HTTPS/HSTS enabled) sites after a
report from a customer suggested something might not be set up ideally, we
looked at the certs showing on someone's laptop and it turned out their anti-
virus had rewritten the whole thing anyway.

I understand why some scanning tools decrypt SSL traffic and effectively MITM
their own system so they can do their job, but when this results in rewriting
the chain of credentials to use some phantom authority that isn't who you
originally thought you were talking to, that seems a significant downside.

------
giancarlostoro
I work at a school whose Wi-Fi requires you to install some suspicious
software, I mask my browsers user-agent to pretend I'm on a platform that
software does not run on, stops them from nagging me. Now I am on a platform
they can't support anyway (Linux).

------
arrty88
I use a VPN on my phone while on work wifi. Openvpn is free for ios and
Android and a digital ocean server costs 5 bucks

