Hacker News new | past | comments | ask | show | jobs | submit login
Apple explicitly asks employees to merge their personal and work accounts (twitter.com/oilyraincloud)
669 points by luu on Aug 20, 2021 | hide | past | favorite | 344 comments

This would be a serious breach of privacy if true. But reading the tweets I'm not sure what the policy really is:

> During a discovery thing 3yr ago, legal forced me to hand-over all my texts. They refused to let me delete anything, even "fully personal," even when I said "by fully personal I mean nudes." They said they're in their "permanent evidence locker

This doesn't sound like company policy, and more like they were subpoenaed or otherwise compelled to hand over communications.

> Another interesting Apple tidbit: the company tells employees to link their personal iCloud accounts if they need to collab with colleagues when they start. When they leave, they're asked to hand over their laptops w/o wiping them and give managers access to work systems.

I'm not sure how to parse this. Do you need to link your personal accounts with family photos and whatnot? Or can you just create a separate iCloud account just for work, to collaborate with coworkers?

I'm a firm believer in separating work and personal accounts. I usually try not to even log into email from my work computer if I don't need to, and I always use a spare phone for work if a company requires admin access or remote management tools of any kind. That said, reading these tweets I'm not really sure if Apple is asking employees to breach this separation. I'd just create a separate Apple ID for work and use that for the "personal" account that I'm supposed to merge. That's a separation I'm still comfortable with.

> Do you need to link your personal accounts with family photos and whatnot?

Nope. You can create a separate iCloud account just for work. I did that during my time there. I always maintained a separate work phone, and used work icloud account for that. The folks complaining are the ones who just didn't do that, and added 'work data' on their personal account, which ofcourse they will have to hand over if subpoenaed.

Okay, that makes a lot more sense. To be frank, this twitter thread seems sensationalist if reality is closer to "I didn't bother to create a separate work account" rather than "Apple asked me to merge my personal account".

I find it harmful to jump to a conclusion too early and blame the victim. Forcing someone to merge these accounts can take many forms and Apple has thousands of different teams and managers.

Even if there was zero explicit or implicit force in place, the circumstances can still be non-obvious.

If you get handed a MacBook, you're basically forced to work with an iCloud account. And the fact that making the mistake of using your own one in the high-pressure situation of a first day in a massive company is apparently a non-reversible decision that hands over data that was created before and outside the employment definitely points towards Apple abusing their position of power here.

> hands over data that was created before and outside the employment definitely points towards Apple abusing their position of power here.

Trust me, Apple legal would rather not dig through your personal information to find nuggets to hand to opposing counsel during discovery.

But if there's work information in your personal account, and Apple is legally compelled to go through accounts with work information as part of discovery... what's going to happen?

People will call them awful and disrespectful, for not providing explicit instructions to use a new or work account, and warning everything in the account may be impounded.

New hires at Apple get multiple hours of training in information security and other HR policy. There is warning. It's just ignored by lots of folks.

> I find it harmful to jump to a conclusion too early and blame the victim.

The only victims I can possibly see here are those employees that had to review nude images inappropriately stored on a work computer.

Apple absolutely does not require that you use your personal iCloud account on your work machines, and any professional should know that it is inappropriate to browse, share, or store nude photos (of anyone) on company-owned hardware, and should never have placed their colleagues in a position of having to deal with those images.

Everyone has days of lax judgement: Excitement over a new job can do this. Anxiety, depression, a sick child, yourself being sick, recent marriage, a big move, and a slew of other things can do this.

Apple should be in the position to instruct new employees to create an icloud account for work alongside explaining that the computer they are handed must be turned in at times. The employees aren't the only ones with responsibility here.

> Anxiety, depression, a sick child, yourself being sick, recent marriage, a big move, and a slew of other things can do this.

Maintaining a modicum of personal responsibility is not asking for very much here.

In fact, I’d say it’s the bare minimum professionalism requires.

You don’t own your company-provided equipment. This is explained by Apple, in addition to being a patently obvious fact.

If you personally choose to misuse company equipment, that is something you are personally responsible for.

Adults trying to shift blame back to Apple is a remarkable abdication of a simple responsibility. If they cannot exercise good judgement in such a straight-forward case, I question whether they can be expected to operate professionally in the work-force at all.

I’ve been given a MacBook on the first day at work, there was zero chance I would log in with my own iCloud ID - I created a new one.

Correct. Don’t use work computers for personal stuff and don’t use personal stuff for work.

It’s part of the on-boarding at my company (which happens to have formerly been at the same location Apple’s HQ is now).

The original complaint also seems to put the blame on Apple but I would have to think that letting people start deleting stuff in discovery is not allowed, even if you swear it's personal and irrelevant to the case.

I'm curious about this. It's 'not allowed' explicitly by the judge? Can the employee be charged with 'evidence tampering' even if the judge didn't issue any order that explicitly prohibits the employee from deleting their files?

I think the concern is that the employer could be accused of destroying relevant evidence in that case. If I’ve understood the tweets and the Wikipedia article on e-discovery correctly, these photos went through the preservation phase but likely were not actually handed over to the other party since relevance is a factor before that happens.

Having a separate account for work and private stuff should be common sense. No surprise your employer wants to access it when you used it for work related reasons. This can be as trivial as some business contacts having your mail and trying to contact Apple.

People just out from college might not know this yet. And others too who never were in similar situations and never had any problems with their employer or the legal system, and don't visit HN

Why are apple employees getting subpoenaed? Is this common at Apple?

Major companies are getting sued continually. It probably isn’t an individual person, but a product that a team or department worked on that is involved in the lawsuit.

How often is 'continually'? Is there any way to estimate how many times per year is each major company sued?

A company like Apple probably deals with hundreds of major lawsuits per year. Must be thousands of smaller cases too.

Not that I know of. A rough guess is they receive 3 new lawsuits daily.

It's not clear if it was the employee in particular. It was a work device, so it's possible that devices from people on a team or involved in something were needed for some legal thing.

+1 It must have not been the employee in particular. Big companies get sued all the time, and then all written records on work devices, for products that got sued, becomes evidence.

Yeah, this is simply false.

Apple doesn’t expect you to use a personal iCloud account, and is very clear about warning you about sharing /storing personal data on work systems.

I have very little sympathy for someone that used a personal account containing nudes on a work device.

That was a work-inappropriate choice with entirely predictable results.

In this day and age, having nudes in any device connected to the cloud is irresponsible.

Unless you are fine with your nudes

> This doesn't sound like company policy, and more like they were subpoenaed or otherwise compelled to hand over communications.

Yeah it feels like something is definitely missing here. If it's some kind of legal discovery, it's no shocking that the person cannot delete "personal stuff" before they hand it over, that would basically render pointless whatever they are doing with the phone.

The only way there should be a legal hold on a phone like that, is if it is her work phone, which she shouldn't be having nude pics of herself on in the first place.

> The only way there should be a legal hold on a phone like that, is if it is her work phone, which she shouldn't be having nude pics of herself on in the first place.

some people use their personal phone for work email, etc. and miss the fact that that makes the phone basically a company property - i.e. the company can wipe it remotely, etc.

Wrt. Apple requiring to not wipe out laptop before returning it i wonder how do they enforce it. In more than 2 decades i have never returned laptop without wiping it and wonder what can change that, if any.

At least on android (maybe not used at apple?) there are work profiles. You install all the work stuff there, and that partition can be remotely wiped. All of your personal stuff is kept segregated. It's also nice that you can turn off the work profile during weekends and holidays so that you don't get work notifications.

Personal devices could certainly be a part of discovery.

The company has no legal right to even know you have a personal device. You could just say you don't have one.

Or just quit the company if they ask you to hand over a personal device.

It's almost always the other party in the lawsuit who is subpoenaing your past communications. Your employer is being forced by the court to retrieve these; it isn't their choice. It is in fact possible for your personal communications to get subpoenaed for a lawsuit related to your work. But, the other party will need some evidence that you had a conversation on a personal device that relates to the lawsuit. They can't just subpoena something like "all communications by employees relating to terms X and Y."

Usually your employer would prefer that you not hand over your personal device. Because the other party is looking for some sort of "smoking gun" where employees admit that they think some corporate behavior is bad or breaking the law. The penalties for not cooperating here are bad enough, though, that companies will generally cooperate. And the situations where it's a personal device are relatively rare, usually it's just corporate devices.

Quitting the company doesn't change anything. You can still be subpoenaed after you leave the company and the court can force you to turn things over.

Source: I'm not a lawyer but I have had my communications subpoenaed from my time at both Google and Facebook and I have complained to many corporate lawyers about how stupid these rules are while they politely explained to me how the system works

This is stupid. Reformat your personal device every week as a habitual practice. Keep multiple personal devices. Use voice when possible so that wiretap laws protect you.

Company should have no right to your family communications.

I never use text.

I don’t know why you keep saying it is the company that is trying to access your communications. It isn’t. It is the courts ordering you to hand over your communication.

If you delete something that the court has ordered you to turn over, they can and will charge you with contempt.

Again, this isn’t your employer doing this. Your employer would love if you didn’t turn over anything, but they are legally required to cooperate and will get in a lot of trouble if they don’t do their part.

Well no, just reformat your device regularly and habitually just out of your own practice. Don't use text. Use voice calls. Maintain inbox zero on your personal e-mail.

That way if ordered by the legal system you'll only actually have at most 1 week of personal data and none of it will be text.

You won't be deleting anything after their request, you will just hand over what you have, which is incidentally not much.

Wiretapping laws prevent courts from getting your voice records, at least in CA.

In the US, you may not have freedom not to participate in a legal proceeding if discovery includes items on your personal device. Even if you quit.

It’s not the company who is doing discovery. It is the legal system. You can’t quit out of that.

If personal devices were not subject to legal discovery, every company would just have all the executives only use a personal device for all communication, and suddenly they are immune to discovery?

> ... more like they were subpoenaed or otherwise compelled to hand over communications.

Exactly. OP wrote it was a "discovery thing". Discovery is a legal process for gathering evidence in a lawsuit. All relevant business records are discoverable, even if they're stored on employees' personal devices.

> legal forced me to hand-over all my texts

Who is "legal"? Corporate legal? They no right to your personal phone. Even if they were subpoenaed, they could only ask you to hand over data on corporate devices, not your personal one.

The only people who can get your personal device are a search warrant from a court.

Most of these companies offer a BYOD option where you explicitly agree to co-mingle work & personal use of your phone -- upto & including paying your cellular bills. This frequently means signing waivers permitting surveillance, installing corporate applications, surrendering the phone upon termination, and placing everything on the device at risk of subpoena.

When the company is subpoenaed, they aren't going to give you the chance to delete data from "evidence". This is probably what happened here.

Right, makes sense. I'd never BYOD to work unless I had a spare throwaway device specifically for that. But as long as you maintain a separate personal device that you never touch work stuff on -- and hell, never bring it inside the office -- they shouldn't have the right to data on that.

Some time ago when I hired on at Apple (I've since moved on to greener pastures) I had a tough time provisioning my corporate MacBook. Every time I tried entering my work email address I got kicked into an unfamiliar auth flow that ended up not working. After I mentioned how much trouble I was having, someone sitting near me in the office told me I needed to use a personal Apple ID to provision the device.

I created a completely new consumer iCloud account and used that. I never did anything remotely "personal" on that machine, and after I left Apple I never used that iCloud account again. In fact I don't even remember my password for it.

I went so far as to carry two iPhones, one personal and the other "corporate," and I only ever used my "corporate" iPhone with Apple employee apps. I never even connected my personal phone to the campus WiFi; I used wireless data for that phone the entire time I was there.

That said, I don't recall ever being asked to merge my personal and work accounts. It's just that if you want to do any personal stuff with corp hardware, it's much more convenient to just use your personal Apple ID when you provision the hardware.

"I went so far as to carry two iPhones, one personal and the other "corporate," and I only ever used my "corporate" iPhone with Apple employee apps. I never even connected my personal phone to the campus WiFi; I used wireless data for that phone the entire time I was there."

This is the way. Carry two devices.

Separate personal/work devices. Never connect personal to corporate network. Never send messages between personal and work. Never give out personal device # to colleagues.

Assume that everything on your work device is logged and monitored. Don't do vacation research, medical research, social media, Spotify, anything personal at all on your work device. Ever.

> Don't do vacation research, medical research, social media, Spotify, anything personal at all on your work device. Ever.

That's quite extreme. What is your threat model?

Is it really that extreme? Threat model, staying employed / defend against idle gossip.

Company surveillance (of their employees) is very real and unlike 'google reads all my emails' they actually can and do and it is a person they actually know whos private information they are viewing. I dont even need to get into the chance of every piece of information being in a lawsuit or get into the lack of any controls around data retention etc to be worried.

First step IT would take when I dropped my phone in 'because they had to run the update' - they would open my photos and take a look through. Second step - they would go to the deleted photos and have a look through. It was done as part of any company-mandated review of the device but out of personal 'curiosity'.

Every private message on teams etc was logged and routinely reviewed by a compliance team and often escalated to line managers - the team doing so knew everything professional and personal going on in the place. Who was getting hired, fired, promoted, working hard, slacking. Who was sleeping with someone, depressed, happy, gay, straight, having kids, getting divorced, getting a nose job, getting a vasectomy etc.

So whats the threat? I have nothing to hide, I am popular, a hard worker, not having an affair with the intern, so they are not going to trawl through looking for any dirt to diminish or fire me. There is little value in this information beyond gossip, but a permanent record remains all the same. For me there is little extra effort required to phone home from my phone rather than the recorded office line and that way the call wont be listened to by the guy in compliance.

Wow, what kind of workplace did you work in?

Here in Germany I think gathering many of these facts would simply be illegal.

A bank in Europe, it was EU wide laws that resulted in all mobile phones being brought into the surveilence net. It has been common in banks to use recorded lines for decades, but the regulatons effectively mandated monitoring of every communication internally and externally post the libor scandal.

That said, when I have worked outside the region or in less regulated positions - the intrusion into particularly email and written communications is the exact same. When you leave an organisation in particular, you do reflect on how big a trail of information you have left behind in their hands.

Financial companies are surely different from eg Apple though. As far as I’m aware, there are no laws forcing Apple to log as much of their internal communications as a typical financial company would have to.

Yes most of that would be illegal, except you gave them consent in your contract or other legal document.

This is also exactly why I always check all the paperwork for "personal usage" of the devices and services provided by the company (email and stuff). If there is nothing about it, I send my mom a random cat picture from my work email (always outside of office hours, in other cases it could be a contract violation). Why? Because if it's not forbidden, you are implicitly allowed to and after at least one private message was sent by the account, it's legally like a private account.

If your employer snoops in the account, it's a massive privacy violation (Datenschutzgesetz and DSGVO/GDPR) and a strong case in employment law. Never needed it, but it's better to be safe than sorry.

There is the law and then there are employment contracts. Sometimes these things overlap, intersect or contradict in interesting ways.

I dont think I have ever worked under an IT policy that was anything but 'for work use only' - although that didnt stop me from taking great pleasure at seeing how many work emails were used to sign up for sugardaddie etc whenever they leaked. I was never too fussed - having two phones, two emails, two laptops etc doesn't bother me in the slightest. You lose access to the work phone number / email / storage when you leave anyway so it's really of no use.

I have even come to like the physical separation of work and personal, there are times each needs more than 50% of my attention.

So your threat model is:

Extreme surveillance from your employer would unnerve you.

Your remediation is:

Firewall between work and personal.

Is that a reasonable restating?

Bright distinctions between work and personal devices make it easier to stay disciplined.

Threat model is straightforward: I have no expectation of privacy on my work devices. I do not want my employer entangled digitally with my personal life.

That's not a threat model, that's a set of expectations and desires.

A threat model would be (albeit an absurd one):

I will be fired and blacklisted if an employer determines how many personal emails I send a day

> It's just that if you want to do any personal stuff with corp hardware, it's much more convenient to just use your personal Apple ID when you provision the hardware.

Yes, but I feel like a major takeaway is that you should never ever do that


Here’s my take as someone who worked there in the last two years.

1. You absolutely have the choice to make a separate iCloud account for work, you just can’t make it with an @apple.com email. 2. It’s true that you should not wipe your device when you quit. 3. We were instructed to avoid using iCloud for anything work related. They recommended turning everything iCloud related off on your work computer except for FindMy. 4. None of the claims in the tweet sound familiar to me, but Apple is a big org.

My impression is that they need you to have an iCloud account for tracking the location of the device with FindMy, but technical/legal limitations prevent that from happening through your work email.

Yeah the Twitter OP is wayyyy off base here. No one compels employees to merge accounts???? What the hell is this story even. This feels like someone with an axe to grind, and external readers are none-the-wiser to reality internally at Apple.

(Obviously thoughts are my own, I do not speak for the company)

Jacob Preston (ex-Apple Firmware Engineer), Ashley Gjøvik (Apple Senior Engineering Program Manager) and Zoë Schiffer (Verge senior reporter) in the linked Twitter thread all seem to be claiming that Apple tells employees to merge their accounts. Encouraging use of a work iPhone as a personal device to "dogfood" is also mentioned.

It's a big company though, so possible that policy varies.

Yeah, it's really weird that the @apple.com email you get when you start isn't usable as an Apple ID. I didn't want to sign into my personal account on my work computer for a BUNCH of reasons (privacy being one, but beta software messing with my data was another) so I created a new free iCloud account. But it struck me as VERY odd that Apple would want their employees minging their work and personal data on their personal accounts.

It was a similar story at Microsoft: for a long time we couldn't reliably use @microsoft.com e-mail addresses as MSAs ("Microsoft Accounts", the then-new name for Windows Live IDs), so we were all told to create a new non-@microsoft.com address for stuff that needed an MSA - I don't remember the guidance for if we could re-use our pre-existing personal addresses or not but I know that some people did, but most people created new @outlook.com addresses.

IIRC, they did iron out the problems eventually, and finally came-up with a semi-decent UX for normal (non-MSFT) people that had an Office 365 ("Organizational account") with the same e-mail address as an MSA - but I think internal MSFT accounts still have issues? My information isn't up-to-date fwiw.

FWIW, I never had access to any "real" internal resources via my new @outlook.com MSA address - the only things it did have access to was things like MSDN Subscriber Downloads[1] and as a backup/recovery e-mail address for my @ms org account.

[1]: Oddly enough, I retained access to the MSDN Subscriber Downloads area, including full ISOs and Product Keys for about 2 years after I left the company, I only lost access because that was when they moved everything over from "MSDN Subscriber Downloads" to "My Visual Studio" which changed everything.

@microsoft.com accounts work fine now. But yeah, I remember it, and it was a hassle.

Might be a side effect of how broken their "company" managed Apple ID system. You can create managed Apple IDs at business.apple.com with such access, but the accounts are _extremely_ limited in functionality[0].

0: https://support.apple.com/guide/apple-business-manager/what-...

It’s far easier to blend. Otherwise you’re carrying multiple devices. To each their own, but you’re going to have a hard time debugging anything or living on your own new features if there’s zero personal real data in use.

I assume they do this because they are uber paranoid about product leaks.

The same Apple that can't figure out how to let customers merge two accounts [1]?

[1] Why would a customer need to merge two accounts? Because originally Apple accounts were just for iTunes, associated with your email address.

Then they started cloud services like file storage, email, calendars, etc, and those accounts were tied to your Apple provided email address.

Eventually they made it so that iTunes and cloud used the same accounts, but those of us who had both iTunes and cloud before that ended up with two accounts. And since your devices can only be signed into one at a time, if we were not extremely careful we ended up with some of our app and music purchases on one account, and some on the other.

This is an ongoing pain in the ass. It would be much much nicer if Apple provided a way to delete one of the accounts and move all the purchases to the other, but they have not done so despite receiving numerous requests to do so.

Sometimes you get lucky. It turned out that all I had on the Apple addressed account was a couple of "purchases" of free apps plus some paid for storage. It was easy just to repurchase those free apps on my original iTunes account, purchase cloud storage for that and delete the other account from my password manager so I can't ever accidentally log in to it. But many people have a lot of non-free app and music and video purchases on both, and so are stuck keeping them both active.

And people get married and divorced all the time, go figure…

It seems this person has/had some major work problems at Apple.

The employees there apparently kept scores (on a white board?) to make her want to quit the job [1]

[1] https://twitter.com/ashleygjovik/status/1427351298920239106

No matter who is in the wrong here, this is some A-grade toxic shit. This is unacceptable even for kids let alone adults.

There's a lot more.


Edit: I don't understand her endgame. She's not going back to work at Apple after the negative publicity she's been generating. She probably doesn't care because she's in law school and will be graduating soon. Is her goal to negotiate a generous settlement? The negative publicity reduces the value of her settlement. (Companies will pay for an NDA as part of a settlement, but only if the damaging info isn't already public.) Is she pursuing some naive, idealistic notion of justice? Or is it all to establish "cred" for her future legal career?

This person puts more effort into trolling their employer than I do into my actual job

How about trying to get Apple to fix problems like these?

I wouldn't hire her. She just screams trouble, no matter if she's right or wrong.

Getting ready to write her woke book about bad capitalism ruining her life on a 6 figures salary and becoming a public attorney.

I'm sure it's not because of the money, it's purely a political motivation. That's what she wants to do in her life.

I understand it, I also take all the chances I have to bash the government, out of pure hatred.

Do people just assume she's telling a truthful story?

I wonder that because I worked there for years and anything remotely like what she claims was implausible when I was there, and would have been immediately corrected with impunity had such occurred.

I mean there's security all over and they're not in a managerial chain, so something seems very difficult about her claims to me.

In saying that, maybe she did have some entirely crazy people around her. Evidence would be stronger than conjecture, and I hope she has some if such happened.

Perhaps this might help convince you: https://twitter.com/ashleygjovik/status/1426014545202479108

Thats a redacted screenshot by the person making the claim. Its not very convincing.

Are you familiar with Radar? It's an internal bug database that is used by all the teams inside of Apple. She redacted identifying information in the screenshot, but anyone with the appropriate amount of disclosure at Apple (several hundred, if not thousands of people) can go and look up the unredacted version where all the names and context is visible. Many with the ability to do so have confirmed it.

> Many with the ability to do so have confirmed it.

Would you happen to have a link handy? I don't mean to be adversarial. That screenshot is just so incredibly outlandish that it comes across as something from an overdone movie and I honestly find it difficult to take at face value.

Basic human decency and social norms aside, I just can't comprehend what manager would fail to recognize something like that committed in writing as a huge legal liability.

Sure, here's one: https://twitter.com/vllry/status/1427360794925158425. I am not joking when I say many, many people had access to this–while I am not at Apple, I know people who are and they could see it too. (FWIW, I was on the Radar team previously, and this is exactly what it looks like–faking it this exactly would require a lot of effort.)

Thanks for that. Wow. That's really unbelievable honestly. This followup from that link sums it up nicely:

> I admit I looked it up thinking "this can't possibly be real, no one would leave that paper trail".

> I was wrong.

> Do people just assume she's telling a truthful story?

I have no reason to doubt that she's telling the trust from her perspective, but that being said, there are always two sides to a story.

> In saying that, maybe she did have some entirely crazy people around her

To be honest, reading her published tweets/documents, she mostly appears to be someone who complains to HR about everything. Judging by the way her managers "dismiss" her complaints with (attempted) humor (refill whiskey bottles with fruit color and water, suggest which NERF gun she should buy, etc), i'm guessing she's been at it for a while. The sign that her managers purposely leave her out of important meetings could also be a signal that "she's more trouble than beneficial".

Not saying she was wrong (or correct) when she complained, but it would certainly explain some of the hostility being shown by her team members. Reading the parts she complains about it actually sounds like a really nice and accepting/inclusive workplace, and a place i would love to work. Planning a NERF war, and your managers only concern is if you're too loud to disturb other teams :)

In any case, she has published multiple (redacted) confidential documents, so i wouldn't get my hope up for a big settlement.

> Do people just assume she's telling a truthful story?

That is why said that no matter who is at fault here, this act of public score keeping is still not ok.

Fyi, she’s the same woman whose apartment complex was apparently built on toxic waste that made her sick (only her), yet noone could measure any harmful substance in her apartment, the authorities couldn’t help and tried to cover it up. [1]

It seems strange that she happens to be also the victim of organized workplace harrasment at Apple. And again, the authorities (internal Employee Relations) refused to help, and tried to cover it up…?

Either she’s the most unlucky person… or maybe it’s all in her head? Take a look at her website documenting her “ordeals” at Apple [2] To me, it looks like the scrapbook of a paranoid schizophrenic who meticulously collects “evidence” on their “gangstalking”… Just look at this tweet [3] where she talks about fighting Apple, Northrop Grumman (!) and the Irvine Company, and tell me with a straight face that she’s not a wacko.

[1] https://sfbayview.com/2021/03/i-thought-i-was-dying-my-apart...

[2] https://www.ashleygjovik.com/ashleys-apple-story.html

[3] https://www.ashleygjovik.com/uploads/1/3/7/0/137008339/publi...

Even a light scan through the Apple stuff will find you things that obviously aren't just "in her head", like the "Make Ashley's Life a Living Hell" bug ticket entry that other people have mentioned still exists in Apple's system if someone with access looks it up by ID number.

Apparently you can only have one bad thing happen to you otherwise anonymous people online will attack your character and call you crazy.

I’m slowly getting the impression that either there’s been a policy change at Apple in terms of customer privacy, or some other government pressure that’s causing all of these seemingly anti-privacy decisions to be made. I’m considering moving away from the Apple eco-system, any recommendations? I’m equally distrustful of Android (specifically Google). I feel like my only option is to compile and deploy my own version of Android (or some other OS) to a non-privacy invading phone.

It’s a downgrade, but the freedom of running linux on a phone is nice. I have a pinephone running sxmo, probably the nerdiest and least friendly ux possible.

I’ve been using it sparingly, but intend to make a full time switch pretty soon. Having a phone with less capability and a focus on privacy will I think help make my phone less of a mental zapping appendage and more like the useful tool I remember these things being way back when.

I guess I’m arguing why even bother with a full replacement? I know everyone else seems to be all in on mobile/leaving a modern app ecosystem feels like getting left behind, but maybe everyone else is wrong. Maybe it’s better to just step away from all the ultra modern attention grabbing bricks of pure unadulterated dopamine and switch to a hacky little portable computer when you need to look something up, or text someone, or call someone, or work on some text document you have or whatever.

If you have a phone with even a crappy browser you have access to a ton of modern functionality anyway if you want it, minus all of the notification hell.

>minus all of the notification hell.

I'm a huge believer in disabling any form of push notification. Nobody's software is entitled to my attention, I'll use it when I feel like it, not when it nags me for attention like a petulant toddler. I don't know how people tolerate their phones pinging, flashing, and buzzing all day like a pinball machine that's been very personally crafted to extract as much attention from your day as possible.

A little off topic, but since social media seems to be the main driver of this "phones as a personally crafted distraction" I'd love to see what a social network that's not actually deeply antisocial would look like. No push notifications, no filter bubbles, no politics, no "nudge" messaging from governments and other organisations aiming to subtly change people's behaviour, no creepy advertising pushed to a perverse degree. Just give me a place with a good chat client, a way of asynchronously keeping in touch with people in my life in that long range between "good friend" and "stranger" (seriously even the Facebook walls of 2008ish would do), and just enough non-obnoxious adverts to cover costs and make a reasonable profit. Oh yeah, and you should always be able to pay a small monthly fee to be rid of ads if you want to.

I'm using a PinePhone right now and I hope I won't need to switch back to Android. I grew used to this freedom.

However, I would recommend it only to the most determined people because many things don't work well.

Forget GPS navigation. GPS does not get the correct location most of the time, AGPS only works through a hacky bash / python script. There is no good gps app anyway.

The sms app on phosh is crashy and does not yet support MMS for which you have to use another hacky script (but I'm working on an alternative app).

The phone often needs to be rebooted due to the modem sometimes not waking up. Calls are not high quality. No built in way to have a reliable alarm if the phone is not plugged. Photos are bad. The phone is generally slow for many modern web apps targeting more powerful hardware.

The phone takes time to wake up for a call.

I would not want to experience an emergency requiring to call someone.

The phone is not waterproof so it will likely break if it takes a good rain.

The on-screen time is not great though you can buy spare batteries which can largely change the game. Remember to set the sleep timer to 30s, which you need to do using the command line if you use Phosh, it helps a lot.

A smoother transition could be to use a degoogled android phone, maybe with MicroG for cell/wifi based location and only using free software (from F-Droid). But you'll still rely on proprietary blob.

I only ever used open source apps on Android and always refused to use apps like WhatsApp & its friends, which helped the transition to the PinePhone.

On the flip side, the PinePhone is getting better every day and the ability to just buy a spare battery and a battery charger and swap them as needed without any tool is really nice.

I typed this message on the PinePhone by the way. It's far from horrible despite my comment.

edit: what I want to say is, wanting to migrate to free and privacy-friendly software is probably a good thing, but increase the chance it will work by not making it too hard. On the desktop, Linux distributions are delightful to use, free software phones are still pretty much work-in-progress unfortunately. The gap between a degoogled Android phone and a PinePhone is huge, probably way bigger than between an iPhone and a degoogled Android phone.

How does wasm run in general? E.g. .net blazor/rust apps? I feel wasm web apps running in a chromium clone could gain momentum.

I don't know, I don't think I've encountered any WASM app. Chromium is generally slow on the PinePhone, I would highly recommend Firefox on Phosh (unusable on Plasma unfortunately if this hasn't been fixed). Gnome Web and Angelfish (KDE's mobile browser) work well too.

I would not seek for WASM apps though. Those generally require big and heavy runtimes to be loaded in the browser for questionable benefits, with no way of sharing those runtimes with other apps. I would rather look for native apps, or Web apps with lightweight frontends which can actually be quite fast if done well.

> There is no good gps app anyway.

Forget global positioning specifically, shouldn't a good OpenStreetMap atlas application without automatic positioning be feasible, if not presently available? Today it might feel like caveman technology, but it's not that long ago that having a high quality up-to-date world atlas that fits in your pocket would have been considered a considerable marvel. That such an atlas might also tell you exactly where you are at all times is icing on the cake.

Let's forget GPS.

Well, you have those options which work well enough to be usable (you don't have pinch zoom, Gnome Maps takes a while to load, openstreetmap.org does not fit very good on mobile, both require an internet connection):

- openstreetmap.org

- GNOME Maps

Then you have Pure Maps. It allows offline maps using OSM Scout Server [2]. It seems good, however it overheats my PinePhone and crashes probably out of lack of resources. So I don't use it. It could be because of Flatpak, but I'm not sure.

As for how to build a good alternative, I see these possibilities:

- contribute to Pure Maps to make it more lightweight. Maybe it's just a matter of building native packages for distributions like Mobian and Manjaro.

- Look whether KDE has a good app for that. They have Marble on the desktop but I'm not sure there is a mobile version that works well yet so porting this to mobile could be a way. KDE apps are generally very high quality though Marble could use some refinement.

- using C++ and Qt/QML with its Map widget, and find a way to use OSM Scout Server to provide the tiles. Actually, Pure Maps is a QML app.

- build a minimal web page showing a Leaflet or a MapLibre widget, connected to a backend built using a compiled language like C++ or D, itself connecting to OSM Scout Server to provide the tiles. Or to OSM Scout Server directly if it is possible.

The last option is probably the most lightweight solution, provided you probably have a browser already running on your phone. I'm not saying this out of my ass by the way, I'm building an SMS app using Svelte for the user interface and D for the backend connecting to the modem and managing the SQLite database. It's way faster than chatty. Maybe don't use React though, this is heavy (Mattermost works but is almost unusable, Element (Matrix) works way better but you still feel latency everywhere).

[1] https://openrepos.net/content/rinigus/pure-maps

[2] https://rinigus.github.io/osmscout-server/

I’m the same way. For times I absolutely need an app (like banking or healthcare), I’ll boot up an old iPhone I keep around for that exact purpose. Otherwise, I keep no apps other than browsers on my current phone.

> customer privacy

I agree with the point of your comment but this particular post is regarding employees and seems like this has been in place for 3 years at least (tweet mentions it).

I started moving away from Apple a few months ago, much before this Apple CSAM debacle. This is a pretty big move for me because I am a developer who makes apps for both iOS and MacOS, so I pretty much need Apple software for work.

No longer buying iPhones or Macs. I was planning on upgrading to the Mac Mini with M1 chip later this fall but now I plan on building a hackintosh instead. I also no longer recommend Apple devices to friends/family.

I got myself a cheap android phone which I have de-googled myself. I got this Android phone ($190 USD for a very good phone - 8GB ram, 12gb space):


I use Firefox for YouTube on it with the following add-ons:

1. uBlock Origin

2. Video Background Play Fix add-on

This allows me to use YouTube as a background playback music player. And if needed, I use YouTube-dl to get the audio files and put them on the phone.

You can check out several tutorials to de-google an android phone.

No longer buying iPhones or Macs. I was planning on upgrading to the Mac Mini with M1 chip later this fall but now I plan on building a hackintosh instead.

If you don't trust Apple, why build a Hackintosh and run Apple software?

Not the parent you're replying to but it sounded from the post like it's because they develop apps on apple platforms and need them for work.

>This is a pretty big move for me because I am a developer who makes apps for both iOS and MacOS, so I pretty much need Apple software for work.

Looks like it's work related. Although perhaps they could just treat it as a work device and use personal devices for everything else.

I require MacOS for app development (I am an iOS/MacOS Developer) and it can only be done using MacOS. If I have a hackintosh (or maybe just build my own PC and run MacOS in a VM, then I don't have to buy Apple hardware.

The whole using-personal-iCloud-for-work thing isn't super new, I started at Apple ~2 years ago and it was the recommended practice back then

> I’m slowly getting the impression that either there’s been a policy change at Apple in terms of customer privacy

More likely that they never were for privacy and injury used it as a marketing ploy, putting on the mirage of being pro-privacy.

I work for Apple. It’s not just marketing. It’s in every discussion in every feature. Even the current CSAM implementation is actually all about privacy if you read the details on how it’s implemented.

The real question and concern is what happens once laws start getting passed that run counter to this. And that then won’t be just Apple’s problem at that point.

>Even the current CSAM implementation is actually all about privacy if you read the details on how it’s implemented.

Lol, no.

Read this: https://www.apple.com/child-safety/pdf/CSAM_Detection_Techni...

and tell me what's not about privacy with this? The alternative is upload everything unencrypted to providers who then scan there, which is how everything else works.

> The alternative is upload everything unencrypted to providers who then scan there

That's exactly how it should be. If a service provider wants to scan unencrypted documents for legal or PR reasons that's completely understandable. If instead they want to provide true E2EE and risk ending up in court with the regulators, that's also fine.

E2EE with black box on device scanning, however, is an absolutely terrible idea. It misleads regular people who almost certainly won't understand what's really going on. It's easily subverted by various governments as a condition of doing business. It blurs the line regarding ownership and unlawful search, thereby eroding future expectations of civil rights.

Apple should just be honest about the fact that they aren't comfortable providing a full E2EE solution for various regulatory or political reasons.

There's no proper encryption though. In my mind, it's just like having everything unencrypted but using TLS to get it to Apple central. Apple employees can still access it.

This is just ever so slightly better than the worst of everything.

No real encryption, on-device scanning and scanning on Apple servers. "For privacy", WTF!!

No client side encryption yet.

I can't see any reason to implement a scanner in this way other than at least having E2EE as a possibility under consideration. They knew there was the possibility for PR backlash. Doing it on device also adds significant complexity. Meanwhile scanning on upload is a very common and well accepted (both legally and socially) practice.

On its own the current approach is all downsides and no upsides so there has to be something else going on here. Wanting to market iCloud as providing full E2EE is obvious and fits perfectly.

Nitpick: What I think you're talking about is not E2E because there is no recipient (ie in this scenario Apple is not able to decrypt your data). It's just bog-standard encryption so your files are private or only shared with people you choose.

We can only recognize the current situation, not a hypothetical future one.

I for one think it is unlikely that Apple will willingly lock themselves out of that mountain of intoxicating user data.

I believe their privacy stance is just marketing. There's countless examples of them not caring about real security issues, eg https://sneak.berlin/20201112/your-computer-isnt-yours/

Even if they do ever implement true encryption - not E2E between customer and Apple - personally I wouldn't trust it because of the unauditable on-device scanning/snitching.

This is a ridiculous redefinition of the word, "privacy".

I don't need to read your marketing manual when there's no getting around the fact you are normalizing on-device scanning on personal devices and automated secret reporting to the authorities, which means iphones have now become adversarial.

Used to be that there was a clear delineation between a customer's device and a cloud server. Not anymore with Apple "privacy".

At least with Google I know that if I don't upload the photos to them, they're not scanning my device.

Just as a point of fact, there is zero point to encryption if Apple is able to access everything on icloud, which they can, because Apple doesn't allow you to do backups using a key that only you know.

That's just another one of Apple's penny-pinching scams so they can upsell customers on extra icloud space for backups which are also "encrypted", yet Apple can read everything.

Real privacy would mean real encryption, but then Apple couldn't do their upselling scam and also couldn't secretly scan all your personal stuff.

You are missing the forest for the trees. This entire feature is a privacy violation.

> The alternative is upload everything unencrypted to providers who then scan there

No, the alternative is to not do any scanning.

100% this. If you had said this a month ago you'd get viciously downvoted. People are finally waking up though.

At this point you might as well buy a Pinephone. It's about as close as you can get to privacy-respecting. Just don't ask too much of it and try not to mind the price.

Well, it's only $149 (or $199 for the higher-spec model with a dock), so it's affordably priced for a phone. One way to keep expectations in check is to treat the PinePhone as an upgrade to a feature phone, until the software options are more fleshed out.

Why would the government pressure them to have employees use their personal accounts at work? That doesn't make any sense.

Sailfish is pretty great. Devices get industry leading software update support (the only device they ever dropped got 7 years of updates). Great UI. It even supports a fairly good Android emulation mode if you want to run some Android apps. You can shut down the Android emulator when not in use for power usage and peace of mind.

EDIT: The devices are cheap too, but aren't slow. Typical cost is less than $250 including both the device and software license. The software is mostly open source, but there are a few licensed components. It is possible to use Sailfish without the proprietary bits for free.

See previous discussion at

Ask HN: What Apple alternatives are you switching to? https://news.ycombinator.com/item?id=28220968

The internal policy is invariably related to their views on ultra secrecy. Because they are 'Apple' and people want the jobs, there's acquiescence. When people leave it's probably a different story.

Create a firewall between your personal and professional time. Another name for this is “setting healthy boundaries”.

Always create new accounts for anything work related -- GitHub, Apple ID, whatever.

Don’t install work apps on your personal phone. Don’t enrol your personal phone in corporate MDM. If they want you to use a device for work, ask them to give you one.

Don’t do personal stuff on your work devices. Don’t do side project work on your work devices. Only do work for your employer on your work devices. Turn it off when you’re done work and leave it off until you start work the next day.

Be very clear on all your contractual obligations related to this before you start a new job. Ask to see ahead of time all the paperwork they will ask you to sign, so there are no last-minute surprises (“oh, you want to own anything I create outside of working hours?”).

Firewall yourself to protect yourself.

Edit: One more: don’t use corporate WiFi with your personal devices

I get that in the "most secure boundary" sense, I should have a work provided phone for work stuff, BUT...

I don't want to carry two phones. I'm part of a team that owns some responsibility for fixing things that break in the night. I find it freeing to be able to reply to a Slack or Outlook email while I'm with my kids at the playground.

I see the above advice all the time, but I can't help but think it only relates to an IC with no career ambition, no outside responsibility distractions (kids schedules), that's 100% committed to 9-5 life and has little opportunity for big promotion based on being part of a chain of ownership for things that are customer facing.

Personally, I've mostly worked at small companies (my preference), and have ambitions. I have a healthy work/life balance, but also don't want my products to fail and occasionally want the flexibility to help my colleagues while AFK.

In the end, the above advice is very popular, but I just see a jaded burnout mercenary in a company with tens or hundreds of thousand employees.

> I find it freeing to be able to reply to a Slack or Outlook email while I'm with my kids at the playground.

You can spend as much time on work as you want, but you only get so much time with your children. OP's point is that you should guard the time you have and spend it wisely. Personally, I find carrying a second device and keeping things separate part of maintaining a healthy balance between my work and my personal time.

I also don't want my personal devices or projects tied up in some corporate legal proceeding, so I keep them separate for that reason as well.

I can attest to the importance of this legal separation. I had a personal laptop stolen that had work files on it from before my work had given me a laptop, and I had the uncomfortable responsibility of disclosing that to my boss.

I hadn't even done anything wrong but it made me hella uncomfortable thinking about my work or the cops getting their hands on my laptop. It just feels too personal.

I had to file police reports and everything, and ultimately it was never found, but I still hate the idea and sometimes think about where that laptop ended up.

Part of the thought process is that he wouldn’t be at the playground with his kids in the middle of the day at all if it made him completely unavailable to respond to stuff. Similarly, I go surfing some mornings and respond to people on my watch to keep them unblocked while I’m having some fun at a time strict 9-5 wouldn’t allow.

This is exactly correct.

I maintain a pretty optimal WLB at my current job (I don't remember the last time I've done any work outside of normal work hours) but I do like having work Slack and calendar on my phone. In my case I feel it adds freedom to my day since it makes it easier to just go run a quick mid-day errand without worrying that you're missing a meeting or something. I didn't used to have any of it on my phone because I always heard it was bad psychologically, but as a result I always felt nervous stepping away from my desk for too long because I'd have no way of knowing if someone needed me. I think if I was in a position where I was asked to do work outside of work hours I'd feel differently about this though, but the extent of my after work Slack is mostly requesting days off and browsing some announcement threads.

Some people don't want any boundaries, and that's fine too.

You can be ambitious and committed to the success of your team/projects while still maintaining clear boundaries. Indeed if you're that ambitious (as you repeatedly emphasize), I think it's wiser to maintain such a clear boundary. What if you either have to leave your firm due to an emerging problem or receive an offer that you dearly wish to accept, but you're so entangled with your employer that disconnection if going to be fraught and/or have legal complications? What if your employer winds up in messy litigation and your personal data ends up as part of the evidentiary record, as mentioned in that Twitter thread?

I've known people who are very driven and can't unplug, who later on end up being very resentful of their own careers because they've structured everything around pleasing others and never saying no.

This is where I think the new line of Linux phones need to put in a lot of work. Properly sandboxing applications and defending against corporate snoopers should be a top priority of any open source phone OS.

I mean you need an undetectable virtual machine for a phone really. That's the reality: I'm content with my phone running some type of hard to crack secure element so companies can convince themselves it's secure, but what I want is that thing isolated and it's network and cellular access gated.

This is what Samsung Knox is. I use it for my company email and slack etc.

I think you are dramatically overestimating the actual challenge of carrying two phones. Phones these days have great battery life, and they make pretty small models. The phone is like 0.2% the mass of your body. It’s not that big of a load.

I’ve been promoted several times while having separate work and personal phones.

If more phones is less ambitious, is having 0 phones the maximum ambition? I have tapped away on slack on my work phone while at the playground or sports or recital on weekends etc 100's of times.

Yes I feel like a right prick pulling two phones out of my pocket - I mitigate this by not being the kind of person who sits down and places their phone on the table face up at dinner.

As for the suggestion that the seperation or work/personal is a sign of less ambition, that you somehow care less about work than your personal life - my work phone is set to ring 24 hours a day, my personal phone vibrate only. There are times where I am not keeping my work life from getting in the way of my personal life, but keeping my personal life from getting in the way of work.

Watching someone go to check their work slack on their phone only to have their attention dragged away to group chats with friends on competing attention apps gives me pause to consider. At the end of the day, whatever works for people, I have found what I think works for me.

I also just want to say, as a full time remote worker, I need Slack on my personal phone. Remote work allows you to work anytime and thus break out of the 9-5. But to properly do that and still be a member of a team, I need to be reachable on my regular phone. If I decide to switch up my day and work at night, I need to still be reachable for random things during other people's working hours. It's usually just someone has a quick question. Team members in other time zones have discussions on Slack that are outside of the time I'm sitting in front of my computer. I like seeing these discussions and contributing while I'm at the grocery store or some such. If mission critical software is blowing up, I need to know that I need to get back to my computer. If I don't have any real work to do that day, I can go do something else, and just check my phone to see if I need to get back to my computer because someone who actually is working needs me. I can actually sort of take days off this way, without having to actually ask for the day off.

In general, as a remote worker, having Slack on my personal phone allows me to work less and more efficiently. It gives the illusion that I am always working, whereas I'm actually working only when I want to and am most effective.

You don’t have to do that.

I also work remote, in a different time zone to my team who communicate mainly on slack. I would never consider installing it on my phone.

Yes, it is possible that somebody will send me a message when I’m not at my machine. They’ll get a response the next morning I’m in.

To me, that’s just the most basic form of boundary setting. If I’m not at work, I’m not working. Being remote doesn’t change that.

> I don't want to carry two phones.

Neither did Hilary Clinton

Relevant Between Two Ferns: https://youtu.be/xrkPe-9rM1Q?t=317

When things break at night, can't they just call your personal phone? Can't you login to slack on your personal phone, from the browser if you have to?

Why does cooperate IT need to own your tech just for you to be reachable.

I have found few things as freeing as removing slack from my phone, especially at the playground - i enjoy the time i spend with my kids more.

To me, being at the playground is not a prime example of spending time with my kids. I'm fine with replying to some work related messages while basically watching my kids play.

Playing soccer together, reading to them, playing a board game, doing a joint Lego construction project, learning them to skate, etc. That's spending time together. It doesn't mix well with work.

What activities mean what depends on the kids age a lot, and the kids and the parent. We agree that spending time together doesn’t mix well with work.

> To me, being at the playground is not a prime example of spending time with my kids.

It is if you actually play with them while there.

You take your kids to the playground at night?? Ok.

If you're trying to get promoted by doing unpaid overtime and/or unpaid oncall shifts, you're a class traitor screwing over your colleagues. Help them by setting healthy boundaries even if you don't actually need them yourself.

This is just not a good outlook. Class traitor is ridiculous. If someone is of marrying age and/or child rearing age, are they a traitor to their class because they choose to work instead of whatever your preconceived notions are? People are different and have different work/life conditions than you. You're just going to need to come to terms with this.

The key term in their comment is "unpaid overtime", that's the part that makes them a traitor to their class.

It might make them a sucker, it might make them a sycophant, but you have no right to dictate someone else's values like that. I think this sort of tankie rhetoric is worse than useless.

if they want to work because they have no life, that's fine and really none of your business. if you work for a company where working off the clock like this is accepted, then it should be taken as a red flag.

when employees are on the clock, there are protections established for both employee and employer. if someone is injured while on the clock, workers comp is at play as well as corp insurance. if someone is working off the clock and injury occurs, shit storms are coming. if you were clocked out and working because company expects it, you can sue them. if you were doing it on your own to be "a good employee", you can get the blame.

in terms of coders, say you're off the clock and you accidentally truncate a table while connected to production when you thought you were in dev. if you're off the clock, you can actually be accused of "hacking" and doing a malicious act by the corp. if you were on the clock, then they would have a harder time with those accusations.

on the other end, i've worked for companies that were very good on the on clock/off clock recognition. if you were on a paid vacation and the company needed you to answer a call or respond to email, they would credit you that vacation day back even if it only took 5 mins. i miss that company. best work/life balance company i every worked.

Salaried workers don't get over-time.

Also what's a class traitor? it's not like I'm working so hard not to become filthy rich. All my colleagues are doing the same.

> Salaried workers don't get over-time.

Abusive employers classify many de facto line workers as overtime-exempt, often illegally, and workers should not be complicit in this. An employer who tried to treat a unionized industry the way programmers are treated would be laughed at.

> Also what's a class traitor? it's not like I'm working so hard not to become filthy rich. All my colleagues are doing the same.

Sure, but remember that you're not actually a "temporarily embarrassed millionaire" - you most likely have much more common interest with your colleagues than with your bosses. When you find yourself in a prisoner's dilemma situation, remember that the correct metastrategy is to cooperate with people like you and with people who will cooperate themselves, not with a group that's well known to select for sociopathy.

I agree with you in principle, but you come off as a dick for the way you expressed it.

class traitor

I talk about class issues and economic justice a lot, but nobody owes prior allegiance to a particular class in a way that you can call them a traitor, unless it's some extreme example like a union official being willingly corrupted by a corporate fat cat - in which case a person is reneging on a promise they made, not some unilateral obligation.

You might not like or disapprove of someone's work/life choices or values, this person's certainly don't appeal to me as expressed. But someone's failure to share my values does not in any way make them a 'traitor'. That sort of assumption of mandatory loyalty and cultish denouncement isn't any kind of socialism or liberation; you cannot bully people into freedom.

This is an asinine and immature way of doing politics and I urge you grow out of it.

They're framing their position as wanting to "help their colleagues" and not be a "mercenary", while in actually they're harming those colleagues for the sake of their "big promotion"; they're not just embracing a different value system but performing allegiance to communal values while actually undermining them. I'd have a certain respect for someone who openly acknowledged that they were trying to win a race to the bottom, but not for that kind of disingenuity and hypocrisy.

That kind of reasoning is a great way to impress other Marxist-Leninists (of which I am not one) and alienate everyone else. I seriously doubt this person has ever professed or aimed to perform 'allegiance to communal values'; You're excoriating them for going back on a promise they never made, which is a kind of rhetorical sleight of hand. Whether that's what you intended or a reflex you've developed, it has no basis in reality.

As I said, I don't think much of this person's choices or attitudes, but you can't betray that which you never signed up for to begin with.

I'm by no means a Marxist-Leninist; I meant communal in the normal everyday sense of "belonging to this community". Again, they talk about wanting to help their colleagues and not wanting to be too mercenary - values most of us will sympathise with - but their actions are actually opposed to those values.

You might want to check that anger a bit.

As I said, I do have a healthy work life balance. I also have responsibilities to my family and to my colleagues, and balancing those is difficult. Especially during a pandemic with no child care - I'm full time working and full time parenting.

Can you empathize with that?

> As I said, I do have a healthy work life balance.

If you're working overtime and on-call outside of work hours then no, you don't. That's not healthy and there's no way to make it healthy. You talk about "owning" responsibility for fixing this thing if it breaks, but real ownership is two-sided - do you have a meaningful equity stake (token stock options don't count) in whatever that system does so that you're getting the upside as well as the downside?

If you're choosing to spend your life and health on something you actually own, fair enough, it's your funeral. But if you're a worker then it's not your job to deal with that. I can understand that as a parent you're vulnerable, you don't want to lose your job, and when the bosses say the business wouldn't be viable if they had to pay for a proper night shift (or whatever rate it would take for them to get enough coverage from you and your colleagues voluntarily taking those shifts - funny how the biggest fans of "free markets" don't seem to like being on the receiving end) then it's hard to stand up to that. But doing free favours for the bosses is like paying Danegeld - once you start it will only get worse.

You keep talking about responsibility to your colleagues, but what you're doing hurts them a lot. That's where my anger comes from.

I'm not actually working meaningful overtime.

I am working a more flexible schedule where I handle some details from my phone AFK and work dedicated hours at times that fit better with family obligations.

I actually believe setting that expectation helps my colleagues.

And again, I work at small companies by choice. If we fail a product, the company may fail, then we are all out of a job.

> If we fail a product, the company may fail, then we are all out of a job.

My view remains that if you're going above and beyond then that shouldn't be just to avoid the downside - you should also be getting a proportionate piece of the upside. For a small software company skilled workers are often bringing most of the value to the table, so you should have a corresponding ownership stake (I don't mean that purely rhetorically - from a friend who works at a consultancy that's structured as a cooperative it sounds like it's very much a "normal job" in practice).

Of course in a more capital-intensive business, or if you're blitzscaling, then maybe the owners are bringing something else to the table that you couldn't replicate with just a gang of programmers. But in that case capital is almost always a part of what they're bringing, and that means the company should be in a position to be paying what things cost.

Maybe they want to ascend to a higher class?

You are wasting your breath. You know he thinks most people are lazy and earning below 200k "for a reason."

A guy won Nobel prize proving your quality of life or happiness does not improve above 75k. Thats what you need.

And in IT you dont need to do unpaid overtime or sacrifice your time with family to get to 75k. Everything above that and you are doing it on purpose cause you value money over family and personal relationships. And that is your choice. But that is not healthy and that should not be norm.

And if you need your workers to work 16h a day with unpaid overtime but they are refusing your workers are not lazy you are incompetent CEO. Or just evil level of greedy.

That Nobel winner wasn’t trying to buy a house in the Bay Area.

That study is old, but I still suspect there’s a grain of truth that the financial cutoff is lower than many would suspect.

A rough off-the-cuff calculation is that $75k is roughly double the median US income. If the same rough estimate is applied to SV, that’s about $110k. I bet that’s much much lower than many SV/HN would suspect for a happiness threshold. If you can’t find a way to be happy on double the median income, it implies the system is rigged to make an awfully lot of people miserable.

The problem is often not that happiness isn’t possible, but that we compare ourselves to our peer group to calibrate our expectations. As Roosevelt said, comparison is the thief of joy.

You sure are projecting a lot about me.

Might want to introspect on that a bit.

I haven't called anyone lazy.

> I don't want to carry two phones.

Ah, so you're willing to trade privacy for convenience.

I'm not sure what tone your comment is intended to give off, but does there exist a person who _isn't_ willing to trade privacy for convenience to some degree? One certainly couldn't be using the internet or participating in society if they weren't willing to give up some privacy.

Privacy vs convenience is a spectrum, the question is not _whether_ you trade between those, but rather _how much_.

In many circumstances, yes I am. :)

You are too

OK, Dave Morin.

This. +100

I used to think people were paranoid about this stuff until I ran a big email system. Most big companies have a department in compliance or counsel that reads your mail, either in response to a complaint or randomly depending on the industry.

Accused of sexual harassment? Your JDate and Match emails support the idea that you’re lonely. An external entity thinks somebody embezzled money? Your late credit card notice projects that you have money woes.

> Most big companies have a department in compliance or counsel that reads your mail

They read the email of your personal email account if you use it in the company-owned phone? Or they read the email of your company email account?

In other words, when you say 'This. +100', what do you mean by 'This'? The parent comment raised many points and I'm confused as to which one you're referring to.

Edit: To be clear, it's my fault because I'm new to these things and I don't understand them well.

+100 to the entire way of thinking from the original post. work/personal should be treated like church/state where they are kept separate.

yes, if you read your personal email on a corp device, then there's a good chance corp is reading your personal emails. and 100% yes, the corp can/do read your corp email. they are required to keep copies of every email sent by employees, so just assume at some point some corp lawyer can/will be reading them.

> they are required to keep copies of every email sent by employees

Required by who? (Sorry, I'm not so knowledegable about these things)

Corporations have to follow guidelines/rules/laws in order to be in good standing. If the corp is sued, the corp will have to respond to discovery requests from the plantiff's attorneys. In the past, so many companies have deleted emails so that they did not have to turn over incriminating evidence has lead to laws being passed that require a minimum amount of document storage. I don't know the details other than it is a thing.

Edit: search "email retention laws" for more precise rules and specifics

The corp having to give out emails on legal requests does not in any way shape or form imply they read your mails regularly. They certainly aren't allowed to in some parts of Europe, even though they have to respond to legal requests.

>imply they read your mails regularly.

No, but the point is they can. And if there is anything they feel they need to protect themselves, they can investigate. Most corp employees are just too damn busy avoiding doing their regular tasks to be bothered to snoop other employee emails. Yes, I agree that it's not like someone is just tasked with reading all email every day. The point is that they can and do when necessary. Once they start reading, they have no idea where the trail ends so they will be reading a lot.

It all comes down to the same thing stated here multiple times, don't send any messages on corp equipment that you wouldn't want to see read aloud in front of your manager/boss or worse a courtroom.

It depends on locale and industry.

Some companies sample mail and flag for manual inspection.

There are a few different dimensions here. Note that I’m in the US and have experience specific to larger entities.

For you conducting any personal business on work devices, it is pretty easy for employers to get tools that can detect and even capture that activity. That ranges from grabbing files on the device to periodically or continuously recording screen content.

For conducting personal business on work services, that is trivially searchable with O365 or Google Workplace. Some industries (banking, finance) are required to retain all mail and sample it for policy violations. Sometimes contractors are roped into doing this by contract terms. Sometimes dating coworkers becomes a problem when you communicate on work systems in unexpected ways — anything you do is essentially public.

For conducting business on personal devices, employers cannot generally search through your content. (Unless security or other products are present — for example Crowdstrike or similar EDR tools will log most executable launches) But, if evidence exists that you use personal stuff for business and there is a litigation event or investigation, you can be compelled by a court to turn over your personal gear. That risk depends on what you do for a living and for who. (For example, a government employer may have an inspector general with police subpoena powers, if you are a decision maker in a company, a civil suit may focus on something you said or didn’t say)

All-in-all, the best policy is to keep work away from your personal business and vice versa within reason. The meaning of “Within reason” depends on your circumstances. The issues for a unionized white collar worker at a factory are different than an at-will financial analyst at some big bank.

Plus, if you quit then recovering all those accounts is incredibly annoying.

Exactly. And do not sign up for online services you are using personaly with work email.

I work in healthcare. It blows my mind how many people use a work email for communication regarding medical appointments including results and very personal information.

I’m a complete outlier in how conservative I am with this stuff and I’m nowhere near as fastidious as the HN gold standard.

It blows my mind how many healthcare providers routinely transfer sensitive information over insecure channels like email in the first place and ask the patients or carers involved to do the same. The most basic data protection regulations enshrined in law in my country are being openly violated, to say nothing of medical ethics and patient confidentiality.

In New Zealand the move to email comes after faxes were deemed insecure. It’s pretty much universally used, despite the issues.

I’m not looking forward to the day the US government stops believing in the magical security properties of fax machines with respect to HIPAA.

I had a co-worker that signed up with everything with his work email. Actually he did all his internet stuff from work (didn't have home access oddly) After some badgering from us he got his own email. when he was hit in the second round of layoffs this helped him a lot.. Even if he was initially schlepping to library to get his email..

> Most big companies have a department in compliance or counsel that reads your mail

Thankfully that's illegal herearound. And I work in finance.

There certainly are automated controls on all communication systems and all mails (and relevant phone calls) are recorded and retained. This being a regulatory requirement.

I'm also pretty sure that there's pattern detection software running on those systems to flag potentially problematic communications.

But indiscriminate email monitoring is illegal without a very good reason (suspected fraud, circumvention of regulatory or compliance requirements, etc) is illegal.

This still doesn't mean that I would mix the personal with work on my personal device but I'm glad there are such protections in place.

And if you can't resist using a work device for something non-work-related, please restrict your use to things you wouldn't mind having printed out and sitting on your boss's desk.

Or read out loud and passed around in court. See the parent of the linked tweet.

I checked the parent tweet but still don't understand what you mean. Could you please elaborate?

"legal forced me" and "permanent evidence locker" = these texts are part of a legal discovery process (e.g. somebody sued Apple and their lawyers get a certain kind of access to Apple's corporate data)

If there's value for the other side to present the boob pictures as evidence in trial (e.g. in an attempt of character assassination), it will be rather hard to have them not passed around in court now that they're part of the "evidence locker" (as they call it) even though there were 100% personal and unrelated.

> their lawyers get a certain kind of access to Apple's corporate data

Whose lawyers? The plantiff's? Or the defendant (Apple)'s?

my cutoff is whether I would send the email to my grandmother or not lol. I would never merge a personal and work account. They would just have to hand me my pink slip if they didn't like that.

I agree with most of this, but I'm curious about the specific case of Github. If I join a company, are there any big dangers to just having them add my personal GH account to their organizations or private repos, and then if I leave the company they can remove me again? This seems to be how a lot of developers in my orbit do things.

(I mean any dangers at the account/permissions/privacy level - separate from "having two separate accounts might be better for work/life balance" sorts of concerns.)

There have definitely been cases where hosting services have allowed someone to link a personal account into a corporate one belonging to their employer, then at the end of the employment the corporate account has been given control of everything within the personal account. I don't recall whether GitHub specifically was one of the services mentioned, but I would avoid creating that kind of link on any hosting service where I had my own data. Maintaining clear separation between personal and professional devices and accounts is a sound policy and there are very few sensible reasons not to follow it.

Ah, great point. I remember hearing about a case like that, though I also don't remember which specific service it was.

I recall pulling out of some AWS signup last minute because of this.

My last couple jobs have been setup with GitHub or GitLab enterprise, which is on-prem and not connected to my personal account in any way.

No. Having a separate GitHub is just a pain. GitHub provides adequate separation itself (you can add multiple emails and configure notifications accordingly)

What’s difficult about it?

Personally, I like knowing that my personal GitHub credentials stay only on my personal devices and my work credentials stay only on my work devices. I never have to worry about the two mixing and any problems that might arise.

Separating accounts is a fine principle, but for anything social (github, twitter..) some people have good reasons for doing their work from their existing personal accounts. E.g. evangelists, folks in devrel, those whose jobs include contributing to OSS or participating in open standards, and so on.

Presuming you also contribute to FOSS projects, and that you additionally use the FOSS you work on personally at work, there will come a point at which a bug you find at work will require you to fix the upstream FOSS project on your work laptop. At that point, getting the git-commit attribution correct gets annoying.

Well, if I work on it at work for work then the attribution should be under my work email. Otherwise, it should be under my personal email.

So far, the only problem I've ever had with separate accounts (including contributing to FOSS) is one time (once!) somebody selected the wrong email alias to review a CL. That took all of (literally) 10 seconds to fix.

This isn't too hard - Git supports folder path separated config settings, so usually I just have a "foss" and "work" profile.

More annoying can be commit signing, but this is actually something GPG has baked right into it - I issue and sign a new key with my work email address while I'm there, and when I quit revoke the key as superceded (and set the expiry to roughly my contract renewal period/performance eval period).

The real problem is corporate IT doesn't understand encryption or signing beyond how their vendors pitch it too them as "secure" so trying to extend any of this to actually support business processes is a losing battle.

Spot on on all accounts. It's been my policy for a very long time now. I consider having a hard separation between my personal systems and work systems to be a security measure that protects both myself and my employer.

Great advice.

My company last year demanded we have MDM to access email. So now I don't read emails outside of work hours.

I assume there's decent reasons behind such mandates, but net net all it does is alienate many people.

Ideally your employer should pay for seats for their GH Org.

In ignorance of this policy I've been violating it all along. They're certainly not enforcing it aggressively (though how could they if you're using your work email).

Pay for content and services.

Having a workplace sponsor a separate GitHub account for your work there would be reasonable, but is this actually common practice? I certainly wish it were, for the above reason, but I can't speak to the reality.

Is it considered free if you are using it with an organization?

Not if the org is paying for your seat.

My question was more, if I create a free account and it is linked to an organization, is that a paid account? The company didn't make my account, I did.

Note: Speculation.

Without actually reading the ToS properly, I imagine you're good if your org is paying for your seat in their org (as opposed to a free org, but if it's a company with private repos I'd assume it's the case). That'd be reasonable.

If reality is that you actually meed individual billing for each individual account, that would be kind of crazy and I hope that's not the case.

You also should not do work stuff on personal devices. Yes, this does include checking work email on your phone. Ask the company to give you one if your work requires that you do.

This may be slightly more controversial, but I would extend this firewall to conversations with coworkers --- don't tell them anything that could be used against you either, i.e. mentions of personal projects or accounts. I keep a clear "no real name" policy for personal things which are publicly visible --- including HN --- which avoids the delicate situation of people I know who have had their employer complain about stuff with their name on it, in their personal life, that someone else had found and didn't like.

I'm really surprised at the number of personal GitHub accounts that are being used in my org and at others. I guarantee their access isn't being removed when they depart.

And it seems common at a ton of companies.

GitHub actually manages attaching business org to personal accounts very well.

You can make notification emails related to the business org repos go to your work email, while all other notification emails go to your personal email.

When you fork a business org private repo into your account, it stays attached to the business org. Other members of the org can push to your fork of that repo but not your other personal or open-source repos. When your account is separated from the org, you lose access to your fork.

If the business org requires extra SAML/OIDC through their central auth service, you can still access your personal and public repos without doing it.

So yeah the business still has to remember to disconnect you from the org when you leave the company, but that's still true if you make a new github account anyway?

Because GitHub makes it hard (i.e. impossible) to manage multiple accounts.

No account switching on the website, no easy way to use multiple SSH keys to access multiple accounts when using Git.

Shouldn't you mostly be using them on separate computers though? The rare times I need my personal one at work (to view how I solved something before), I just open Incognito.

I'm self-employed and always on-call. Not suggesting this is the right way for anyone else, but trying to unravel a combined life to even multiple accounts on a single computer sounds like a nightmare.

This is one of those times where Qubes OS makes these things so much easier. It allows you to easily split everything between the different roles.

Obligatory plug for Firefox Containers

Or, you know, having multiple profiles in Chrome (which have existed much longer).

Or, you know, multiple profiles in Firefox which has existed even longer. I use both.

You can set up a new host in your ssh config and specify a key different from your main account and it should swap your accounts based on the key. Additionally, you can set a git config to be included if you’re in a particular directory so that you can change your commit details.

I’m on a mobile device so excuse the vagueness, but if there’s interest I can provide some resources and go more in depth.

A new host with what hostname? Because git uses github.com for all repos.

So one thing you can do is put the following in your ~/.gitconfig:

  [includeIf "gitdir:/home/john/corp/**"]
      path = .gitconfig-corp
And then ~/.gitconfig-corp:

    email = john@example.com
    name = John Doe

  [url "git@github.com-corp"]
    insteadOf = git@github.com
Now all repos under the path /home/john/corp/ will use that config. Then you can put a new host in your SSH config:

  Host github.com-corp
    HostName github.com
    User git
    IdentityFile /home/john/.ssh/corp_github
This way you can have different e-mail address and name in your commit messages as well.

Due to the nature of git you can't scope it via GH URL (you can have many remotes in the same local repo). Though you can still manually rewrite when you add a remote with just the SSH config change, e.g.

  git clone git@github.com-corp:corp/foobar.git

Thank you. The `host` field always has to have the format `word.word`? Or it can be just `word` without any dot in the middle?

You can call it anything you want save of whitespace (albeit I personally haven't tried emoji or other non-ASCII shenanigans :))

Thank you. Why is it that all examples in this thread use `.com` somewhere in the middle of the string used for the `host` field?

I guess if you have a more complex matrix of personas and remote servers (not only GH), structure and predictability becomes more important than terseness.

But again, it's just personal preference.

Personally I just found it natural to tack on a suffix. But you do you :)

Why is it natural? Do hosts usually have a suffix? Why?

put this in your ~/.ssh/config

    Host personal.github.com
          HostName github.com
          User git
          IdentityFile ~/.ssh/id_rsa_personal
then clone from git@personal.github.com/x.git for personal stuff

The host also doesn’t have to be a “real” host. You could do something like github-personal for example.

Thanks for the assist fnord77!

Newbie here. Where should I type `github-personal` ?

Just posted a more complete example above


In the example, fnord77 posted, you can replace all the places that they used personal.github.com. It will be usable anywhere you would use ssh, including when going through a few tools that ultimately resolve to an ssh invocation. I won't copy the host block in .ssh/config but you could, for example:

`sshuttle -r my-cloud-server 0/0` for a poor man's vpn

`ssh some-enterprise-server` for when the server has a user unfriendly domain name that you don't want to bother remembering

`git clone git@github-personal:myusername/somerepo.git` when you want to clone using your personal key from GitHub.

There is the caveat, though, that you may have some nested dependencies that will use the plain ole every day host name in which case things will break for you. It rarely comes up, though, in my experience.

Wow! I don’t know why I hadn’t thought of that, even though I use aliases all the time for SSH. Seems my brain got stuck on the domain part. ^_^

How do you deal with submodules?

This is a limitation that I haven't really found a way through. I haven't tried too hard though because I've found that I can often just let the complicating set up have the 'plain' github.com host and use the custom host for the other set up. If I found that both professionally and personally I needed submodules, though, I'd probably be in trouble.

Also, if the submodules are public, the plain host will work fine because it doesn't matter what key you authenticate with.

Why should they? All that stuff is easily managed locally under your own control.

What the hell? Everything you claim is false.

This sounds like advice learned the hard way. Stay well, and don't burn out!

I doubt it. I've never heard first-hand of anyone running into any trouble that this would mitigate. Some people are just crazy overzealously fearful of employers and BigCos.

Not first-hand, but this other thread is an example: https://news.ycombinator.com/item?id=28241917

And it's not about being fearful. It's about realizing that the relationship between you and your employer is often adversarial. They want to pay you as little as they can get away with for the most work possible. You want the exact opposite. Otherwise why would you have to "negotiate" for a higher salary when you were hired?

I guess I've never worked for such employers.

> why would you have to "negotiate" for a higher salary

Why not?

Read the parent of the linked tweet. Nudes becoming part of a court record.

I read it but couldn't really determine what exactly happened or how true it was.

There is another perspective: many companies don't want their employees to use company resources for personal use. They don't want that email from their domain name to be misconstrued as official business, to be entangled in their employees' legally or morally questionable actions, or simply to foot the bill for the resources used. It is a bit odd that a business would ask their employees to merge personal and professional accounts.

It's also worth noting that using personal accounts for professional purposes can confuse things. Personally, I forward any email that my supervisors inadvertently send to my personal account to my work account so that everything is archived and is in one place. Given the amount of filtering of some services (e.g. email) correspondence sent between internal accounts also tends to be more reliable. I have seen situations where dozens of employees did not receive a vital message since it was either sent to a spam folder, or simply dropped, since almost everyone found their personal email provider more convenient.

I've personally started working for a company that demanded any code that I write during employment for company is owned by them regardless if I write it during working hours or at home. I had to list out each project that I had worked on or continuing to work on to establish a history of before/after start of employment. Any new personal project had to be added to the list after a discussion to see how that project and continued employment could co-exist.

The concept here is that if you learned something new at work and then implement it into your own private projects, the company wants that project since they paid for your time learning new something. Also, NDAs and other forms of copyright and what not gets weird.

To me, the gold standard of how to do this is how Woz handled the creation of the first Apple computer. He took it to his employeer multiple times being told they did not claim any ownsership on each occassion.

> The concept here is that if you learned something new at work and then implement it into your own private projects, the company wants that project since they paid for your time learning new something.

This is not how the law works if you’re in California at least. They’ll still get you for other things if you work at a large company, but not for that.

How would they even remotely be able to enforce such and thing? And is there any chance they actually would?

Depends on what the valuation of the project your developing is I'd guess. Also how similar your new project is to what your day job is.

You don't hear about the trouble that people avoid. So...

You also wouldn't hear about the trouble someone didn't avoid if the subsequent legal settlement included a gag clause as well as seizing control of the affected IP and a large financial element.

Never accept terms that give your employer control over anything you do independent of work that doesn't affect your performance at work. There is nothing in it for you and the only reason it would be of value to them is if they intend to abuse it.

> Don’t install work apps on your personal phone.

100%. If a company wants me to install an app they'd better provide the phone.

> Edit: One more: don’t use corporate WiFi with your personal devices

Yep, thankfully we don't need to do that anymore with 4G/5G

Do apple let you have multiple accounts? Facebook don't (as I understand it, I have one less). Don't google also say you have to use your real name etc?

If they do it's the stroke of a key to make it a ToS violation for employees to have any personal, privacy. Which seems to be their endgame for everyone. Their issue with facebook google etc is that it's not apple doing it as far as I can tell.

Personally I think it's a great thing if Apple employees have to dogfood their own privacy violations!

It might be the only way things start heading in the right direction.

Hopefully an exec gets caught up in a CSAM hash collision fiasco.

This makes sense for most employees of a corporation; is this also relevant for upper management or C suite executives? I'm curious about if these kinds of boundaries are established even in the "upper levels"

This is relevant to everyone. Executives are even more likely to be involved in litigation.

My bad I was imagining from a personal boundaries at work perspective, and not a litigation one

The risks associated with cross contamination are numerous. Legal, social, etc.

> Edit: One more: don’t use corporate WiFi with your personal devices

Can't you use a VPN and the guest network and be essentially OK?

I don't ger this either. With TLS/SSL , how is it different than connecting to any public wifi?

The workplace admin can see which domains you visit when you use the work wifi.

This. Its not a problem until someone is looking to get rid of you. Then they dump the logs.

I've seen people fired for watching DVDs at work. Conversly people watching youtube a lot and nothing happening. Early in the web days an admin assistant came to me because they clicked on something on the web and a bunch of pron windows started popping up. She panicked and turned off her computer and was wondering if it was safe to turn back on or would she be fired. It was safe, and nothing happened to her.

Someone at a job complained I was reading the news on the web to my boss, when that was my habit at lunch. That was fun.

I think the rule is people usually don't care unless it hits them directly at which point it is already game over.

I am not super religious about, but I do have boundaries. It is mostly like you said. It is all great until it isn't and employer is building a case against you.

Some corporate setups need a new root CA added - since TLS/SSL is inspected.

"jptech used 6.8 gb last month, must be watching Youtube all day"

It’s not infrequent I’ll leave YouTube videos playing while I work on my actual work machine so I don’t think they need to do that much sleuth work if they want to accuse me of using YouTube on the clock.

I've had issues in the past with employers wanting me to add work email and work apps to my own phone.

I always refused. My attitude was, like you said, if you want me to carry around a device connected to my work, then you need to pay for it.

But my main reason why though was knowing that managers preferred staff to put work email etc on personal phones, not due to the cost of buying devices for employees, but because it blurred the lines between personal and work domains. You can switch a work phone off at 6:00pm and turn it on again at 9:00am. With a personal phone you have to set up do not disturb profiles and stuff like that to achieve the same separation because you aren't likely to turn it off in the evenings. Admittedly, it's not the hardest thing in the world to setup - but still a bit more effort that just being able to hit the power button.

I still had to deal with the extreme annoyance of having my personal number passed around the company without my permission.

I don't follow ANY of this advice and am unlikely to do so anytime soon.

Exactly. I’m not saying trust my employer or that I dont, I don’t care that much. Logging into slack on my phone doesn’t give them access to all my life. I don’t have to be a slave to the company but I don’t have to be a slave to paranoia either.

Personally there is a difference between logging into Slack on my phone and logging into email (which requires me to enroll into the MDM). I do the former on my personal cell phone, but I would never do the latter. There are many mistakes the company can make (like wiping my personal phone after resigning from the company) to make me regret that decision. But installing Slack is different, I can shut off the notifications and it is oftentimes convenient for me to have the access there if I need it.

Agreed enrolling into MDM shouldn’t be taken lightly. I don’t see that in any modern tech company (at least small ones). For the most part I use gmail and login to the company google account.

I like that you're in a thread about Apple asking employees to straight up merge their personal data into a corporate-owned account and your response is "Phew, at least they didn't ask you to install MDM!"

> There are many mistakes the company can make (like wiping my personal phone after resigning from the company) to make me regret that decision.

How much would you even notice this these days, with everything synced to the cloud?

I would certainly notice because I go out of my way to ensure everything on my device is not synced to the cloud.

I'm going to guess there are not a lot of people who are assiduously avoiding any cloud sync and then adding their work e-mail to their phones.

That's not what people are talking about, they're talking about fully merging your personal and work accounts for things like iphoto, email, etc like Apple is talking about above.

If you're ever caught up in discovery or a lawsuit, you'll realize why many of us believe in multi-device and firewall policies.

I used to be very strict but I kind of had to give in on the work email because it was so inconvenient. From what I’ve read on iOS this gives them fairly limited access to my activities. Well, hopefully true.

Proverb from HPMOR: It's not paranoia if they really are out to get you.

As with any security advice, we each have to know our threat model and understand how it may differ from the advice-giver.

It’s undoubtedly more secure to maintain perfect separation between work and personal information contexts. It can also be expensive and annoying, and may not be worth it for everyone. It really depends strongly on the employer and one’s relationship with them.

Hi, secret apple HR worker!

I was sort of into the idea of having my calendar on my phone until I learned my company could remotely wipe my phone at any time. That’s a world of trouble from a misunderstanding, or a bitter IT person.

+1 on the MDM stuff. I recently had a guy I know lose all his photos after he left a company. The company said that they could only wipe the company partition on his Android phone, but somehow they could wipe the whole thing and pressed the wrong button.

Leaving a job is hard enough without having to disentangle a bunch of devices and accounts. If an employer wants the security of MDM, just have them provide you the device. Otherwise, it's your device, and you can be responsible for deleting the company related content on it when you separate.

Absolutely agree with separating phones, recently my company mandated MDM policy on phones, and it really messed my phone, there are apps which are separated with work profile but there are very few such apps, what about other apps? Learnt the importance of creating a hard boundary the hard way.


you havent worked in sales.

Every salesperson I know has two cell phones.

and some of the good contacts get the personal number.

Sounds like some people in sales have three phones.

Just need a dual SIM phone and Google Voice.

The need for "authenticity" with "this is my personal cell number"?

what's it like in sales?

you hop between companies in the same industry contacts are fluid. everyone takes their reputation with them. everything is blended.

you learn to never put anything questionable in writing. Most people dont even hint at things, just not worth the risk.

drinking create plausible deniability of what you said or what was remembered. information spreads deals get closed. and im talking about things that are perfectly clean but may not apear that way if written.

sort of like in person you can say “grab me a burrito” but if you write it as a request its hard for it to not come off as demeaning.

aaand nothing of this is relevant when WFH

Applications are open for YC Winter 2024

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact