This would be a serious breach of privacy if true. But reading the tweets I'm not sure what the policy really is:
> During a discovery thing 3yr ago, legal forced me to hand-over all my texts. They refused to let me delete anything, even "fully personal," even when I said "by fully personal I mean nudes." They said they're in their "permanent evidence locker
This doesn't sound like company policy, and more like they were subpoenaed or otherwise compelled to hand over communications.
> Another interesting Apple tidbit: the company tells employees to link their personal iCloud accounts if they need to collab with colleagues when they start. When they leave, they're asked to hand over their laptops w/o wiping them and give managers access to work systems.
I'm not sure how to parse this. Do you need to link your personal accounts with family photos and whatnot? Or can you just create a separate iCloud account just for work, to collaborate with coworkers?
I'm a firm believer in separating work and personal accounts. I usually try not to even log into email from my work computer if I don't need to, and I always use a spare phone for work if a company requires admin access or remote management tools of any kind. That said, reading these tweets I'm not really sure if Apple is asking employees to breach this separation. I'd just create a separate Apple ID for work and use that for the "personal" account that I'm supposed to merge. That's a separation I'm still comfortable with.
> Do you need to link your personal accounts with family photos and whatnot?
Nope. You can create a separate iCloud account just for work. I did that during my time there. I always maintained a separate work phone, and used work icloud account for that. The folks complaining are the ones who just didn't do that, and added 'work data' on their personal account, which ofcourse they will have to hand over if subpoenaed.
Okay, that makes a lot more sense. To be frank, this twitter thread seems sensationalist if reality is closer to "I didn't bother to create a separate work account" rather than "Apple asked me to merge my personal account".
I find it harmful to jump to a conclusion too early and blame the victim. Forcing someone to merge these accounts can take many forms and Apple has thousands of different teams and managers.
Even if there was zero explicit or implicit force in place, the circumstances can still be non-obvious.
If you get handed a MacBook, you're basically forced to work with an iCloud account. And the fact that making the mistake of using your own one in the high-pressure situation of a first day in a massive company is apparently a non-reversible decision that hands over data that was created before and outside the employment definitely points towards Apple abusing their position of power here.
> hands over data that was created before and outside the employment definitely points towards Apple abusing their position of power here.
Trust me, Apple legal would rather not dig through your personal information to find nuggets to hand to opposing counsel during discovery.
But if there's work information in your personal account, and Apple is legally compelled to go through accounts with work information as part of discovery... what's going to happen?
People will call them awful and disrespectful, for not providing explicit instructions to use a new or work account, and warning everything in the account may be impounded.
> I find it harmful to jump to a conclusion too early and blame the victim.
The only victims I can possibly see here are those employees that had to review nude images inappropriately stored on a work computer.
Apple absolutely does not require that you use your personal iCloud account on your work machines, and any professional should know that it is inappropriate to browse, share, or store nude photos (of anyone) on company-owned hardware, and should never have placed their colleagues in a position of having to deal with those images.
Everyone has days of lax judgement: Excitement over a new job can do this. Anxiety, depression, a sick child, yourself being sick, recent marriage, a big move, and a slew of other things can do this.
Apple should be in the position to instruct new employees to create an icloud account for work alongside explaining that the computer they are handed must be turned in at times. The employees aren't the only ones with responsibility here.
> Anxiety, depression, a sick child, yourself being sick, recent marriage, a big move, and a slew of other things can do this.
Maintaining a modicum of personal responsibility is not asking for very much here.
In fact, I’d say it’s the bare minimum professionalism requires.
You don’t own your company-provided equipment. This is explained by Apple, in addition to being a patently obvious fact.
If you personally choose to misuse company equipment, that is something you are personally responsible for.
Adults trying to shift blame back to Apple is a remarkable abdication of a simple responsibility. If they cannot exercise good judgement in such a straight-forward case, I question whether they can be expected to operate professionally in the work-force at all.
The original complaint also seems to put the blame on Apple but I would have to think that letting people start deleting stuff in discovery is not allowed, even if you swear it's personal and irrelevant to the case.
I'm curious about this. It's 'not allowed' explicitly by the judge? Can the employee be charged with 'evidence tampering' even if the judge didn't issue any order that explicitly prohibits the employee from deleting their files?
I think the concern is that the employer could be accused of destroying relevant evidence in that case. If I’ve understood the tweets and the Wikipedia article on e-discovery correctly, these photos went through the preservation phase but likely were not actually handed over to the other party since relevance is a factor before that happens.
Having a separate account for work and private stuff should be common sense. No surprise your employer wants to access it when you used it for work related reasons. This can be as trivial as some business contacts having your mail and trying to contact Apple.
People just out from college might not know this yet. And others too who never were in similar situations and never had any problems with their employer or the legal system, and don't visit HN
Major companies are getting sued continually. It probably isn’t an individual person, but a product that a team or department worked on that is involved in the lawsuit.
It's not clear if it was the employee in particular. It was a work device, so it's possible that devices from people on a team or involved in something were needed for some legal thing.
+1 It must have not been the employee in particular. Big companies get sued all the time, and then all written records on work devices, for products that got sued, becomes evidence.
> This doesn't sound like company policy, and more like they were subpoenaed or otherwise compelled to hand over communications.
Yeah it feels like something is definitely missing here. If it's some kind of legal discovery, it's no shocking that the person cannot delete "personal stuff" before they hand it over, that would basically render pointless whatever they are doing with the phone.
The only way there should be a legal hold on a phone like that, is if it is her work phone, which she shouldn't be having nude pics of herself on in the first place.
> The only way there should be a legal hold on a phone like that, is if it is her work phone, which she shouldn't be having nude pics of herself on in the first place.
some people use their personal phone for work email, etc. and miss the fact that that makes the phone basically a company property - i.e. the company can wipe it remotely, etc.
Wrt. Apple requiring to not wipe out laptop before returning it i wonder how do they enforce it. In more than 2 decades i have never returned laptop without wiping it and wonder what can change that, if any.
At least on android (maybe not used at apple?) there are work profiles. You install all the work stuff there, and that partition can be remotely wiped. All of your personal stuff is kept segregated. It's also nice that you can turn off the work profile during weekends and holidays so that you don't get work notifications.
It's almost always the other party in the lawsuit who is subpoenaing your past communications. Your employer is being forced by the court to retrieve these; it isn't their choice. It is in fact possible for your personal communications to get subpoenaed for a lawsuit related to your work. But, the other party will need some evidence that you had a conversation on a personal device that relates to the lawsuit. They can't just subpoena something like "all communications by employees relating to terms X and Y."
Usually your employer would prefer that you not hand over your personal device. Because the other party is looking for some sort of "smoking gun" where employees admit that they think some corporate behavior is bad or breaking the law. The penalties for not cooperating here are bad enough, though, that companies will generally cooperate. And the situations where it's a personal device are relatively rare, usually it's just corporate devices.
Quitting the company doesn't change anything. You can still be subpoenaed after you leave the company and the court can force you to turn things over.
Source: I'm not a lawyer but I have had my communications subpoenaed from my time at both Google and Facebook and I have complained to many corporate lawyers about how stupid these rules are while they politely explained to me how the system works
This is stupid. Reformat your personal device every week as a habitual practice. Keep multiple personal devices. Use voice when possible so that wiretap laws protect you.
Company should have no right to your family communications.
I don’t know why you keep saying it is the company that is trying to access your communications. It isn’t. It is the courts ordering you to hand over your communication.
If you delete something that the court has ordered you to turn over, they can and will charge you with contempt.
Again, this isn’t your employer doing this. Your employer would love if you didn’t turn over anything, but they are legally required to cooperate and will get in a lot of trouble if they don’t do their part.
Well no, just reformat your device regularly and habitually just out of your own practice. Don't use text. Use voice calls. Maintain inbox zero on your personal e-mail.
That way if ordered by the legal system you'll only actually have at most 1 week of personal data and none of it will be text.
You won't be deleting anything after their request, you will just hand over what you have, which is incidentally not much.
Wiretapping laws prevent courts from getting your voice records, at least in CA.
It’s not the company who is doing discovery. It is the legal system. You can’t quit out of that.
If personal devices were not subject to legal discovery, every company would just have all the executives only use a personal device for all communication, and suddenly they are immune to discovery?
> ... more like they were subpoenaed or otherwise compelled to hand over communications.
Exactly. OP wrote it was a "discovery thing". Discovery is a legal process for gathering evidence in a lawsuit. All relevant business records are discoverable, even if they're stored on employees' personal devices.
Who is "legal"? Corporate legal? They no right to your personal phone. Even if they were subpoenaed, they could only ask you to hand over data on corporate devices, not your personal one.
The only people who can get your personal device are a search warrant from a court.
Most of these companies offer a BYOD option where you explicitly agree to co-mingle work & personal use of your phone -- upto & including paying your cellular bills. This frequently means signing waivers permitting surveillance, installing corporate applications, surrendering the phone upon termination, and placing everything on the device at risk of subpoena.
When the company is subpoenaed, they aren't going to give you the chance to delete data from "evidence". This is probably what happened here.
Right, makes sense. I'd never BYOD to work unless I had a spare throwaway device specifically for that. But as long as you maintain a separate personal device that you never touch work stuff on -- and hell, never bring it inside the office -- they shouldn't have the right to data on that.
Some time ago when I hired on at Apple (I've since moved on to greener pastures) I had a tough time provisioning my corporate MacBook. Every time I tried entering my work email address I got kicked into an unfamiliar auth flow that ended up not working. After I mentioned how much trouble I was having, someone sitting near me in the office told me I needed to use a personal Apple ID to provision the device.
I created a completely new consumer iCloud account and used that. I never did anything remotely "personal" on that machine, and after I left Apple I never used that iCloud account again. In fact I don't even remember my password for it.
I went so far as to carry two iPhones, one personal and the other "corporate," and I only ever used my "corporate" iPhone with Apple employee apps. I never even connected my personal phone to the campus WiFi; I used wireless data for that phone the entire time I was there.
That said, I don't recall ever being asked to merge my personal and work accounts. It's just that if you want to do any personal stuff with corp hardware, it's much more convenient to just use your personal Apple ID when you provision the hardware.
"I went so far as to carry two iPhones, one personal and the other "corporate," and I only ever used my "corporate" iPhone with Apple employee apps. I never even connected my personal phone to the campus WiFi; I used wireless data for that phone the entire time I was there."
This is the way. Carry two devices.
Separate personal/work devices. Never connect personal to corporate network. Never send messages between personal and work. Never give out personal device # to colleagues.
Assume that everything on your work device is logged and monitored. Don't do vacation research, medical research, social media, Spotify, anything personal at all on your work device. Ever.
Is it really that extreme? Threat model, staying employed / defend against idle gossip.
Company surveillance (of their employees) is very real and unlike 'google reads all my emails' they actually can and do and it is a person they actually know whos private information they are viewing. I dont even need to get into the chance of every piece of information being in a lawsuit or get into the lack of any controls around data retention etc to be worried.
First step IT would take when I dropped my phone in 'because they had to run the update' - they would open my photos and take a look through. Second step - they would go to the deleted photos and have a look through. It was done as part of any company-mandated review of the device but out of personal 'curiosity'.
Every private message on teams etc was logged and routinely reviewed by a compliance team and often escalated to line managers - the team doing so knew everything professional and personal going on in the place. Who was getting hired, fired, promoted, working hard, slacking. Who was sleeping with someone, depressed, happy, gay, straight, having kids, getting divorced, getting a nose job, getting a vasectomy etc.
So whats the threat? I have nothing to hide, I am popular, a hard worker, not having an affair with the intern, so they are not going to trawl through looking for any dirt to diminish or fire me. There is little value in this information beyond gossip, but a permanent record remains all the same. For me there is little extra effort required to phone home from my phone rather than the recorded office line and that way the call wont be listened to by the guy in compliance.
A bank in Europe, it was EU wide laws that resulted in all mobile phones being brought into the surveilence net. It has been common in banks to use recorded lines for decades, but the regulatons effectively mandated monitoring of every communication internally and externally post the libor scandal.
That said, when I have worked outside the region or in less regulated positions - the intrusion into particularly email and written communications is the exact same. When you leave an organisation in particular, you do reflect on how big a trail of information you have left behind in their hands.
Financial companies are surely different from eg Apple though. As far as I’m aware, there are no laws forcing Apple to log as much of their internal communications as a typical financial company would have to.
Yes most of that would be illegal, except you gave them consent in your contract or other legal document.
This is also exactly why I always check all the paperwork for "personal usage" of the devices and services provided by the company (email and stuff). If there is nothing about it, I send my mom a random cat picture from my work email (always outside of office hours, in other cases it could be a contract violation). Why? Because if it's not forbidden, you are implicitly allowed to and after at least one private message was sent by the account, it's legally like a private account.
If your employer snoops in the account, it's a massive privacy violation (Datenschutzgesetz and DSGVO/GDPR) and a strong case in employment law. Never needed it, but it's better to be safe than sorry.
There is the law and then there are employment contracts. Sometimes these things overlap, intersect or contradict in interesting ways.
I dont think I have ever worked under an IT policy that was anything but 'for work use only' - although that didnt stop me from taking great pleasure at seeing how many work emails were used to sign up for sugardaddie etc whenever they leaked. I was never too fussed - having two phones, two emails, two laptops etc doesn't bother me in the slightest. You lose access to the work phone number / email / storage when you leave anyway so it's really of no use.
I have even come to like the physical separation of work and personal, there are times each needs more than 50% of my attention.
Bright distinctions between work and personal devices make it easier to stay disciplined.
Threat model is straightforward: I have no expectation of privacy on my work devices. I do not want my employer entangled digitally with my personal life.
> It's just that if you want to do any personal stuff with corp hardware, it's much more convenient to just use your personal Apple ID when you provision the hardware.
Yes, but I feel like a major takeaway is that you should never ever do that
Here’s my take as someone who worked there in the last two years.
1. You absolutely have the choice to make a separate iCloud account for work, you just can’t make it with an @apple.com email.
2. It’s true that you should not wipe your device when you quit.
3. We were instructed to avoid using iCloud for anything work related. They recommended turning everything iCloud related off on your work computer except for FindMy.
4. None of the claims in the tweet sound familiar to me, but Apple is a big org.
My impression is that they need you to have an iCloud account for tracking the location of the device with FindMy, but technical/legal limitations prevent that from happening through your work email.
Yeah the Twitter OP is wayyyy off base here. No one compels employees to merge accounts???? What the hell is this story even. This feels like someone with an axe to grind, and external readers are none-the-wiser to reality internally at Apple.
(Obviously thoughts are my own, I do not speak for the company)
Jacob Preston (ex-Apple Firmware Engineer), Ashley Gjøvik (Apple Senior Engineering Program Manager) and Zoë Schiffer (Verge senior reporter) in the linked Twitter thread all seem to be claiming that Apple tells employees to merge their accounts. Encouraging use of a work iPhone as a personal device to "dogfood" is also mentioned.
It's a big company though, so possible that policy varies.
Yeah, it's really weird that the @apple.com email you get when you start isn't usable as an Apple ID. I didn't want to sign into my personal account on my work computer for a BUNCH of reasons (privacy being one, but beta software messing with my data was another) so I created a new free iCloud account. But it struck me as VERY odd that Apple would want their employees minging their work and personal data on their personal accounts.
It was a similar story at Microsoft: for a long time we couldn't reliably use @microsoft.com e-mail addresses as MSAs ("Microsoft Accounts", the then-new name for Windows Live IDs), so we were all told to create a new non-@microsoft.com address for stuff that needed an MSA - I don't remember the guidance for if we could re-use our pre-existing personal addresses or not but I know that some people did, but most people created new @outlook.com addresses.
IIRC, they did iron out the problems eventually, and finally came-up with a semi-decent UX for normal (non-MSFT) people that had an Office 365 ("Organizational account") with the same e-mail address as an MSA - but I think internal MSFT accounts still have issues? My information isn't up-to-date fwiw.
FWIW, I never had access to any "real" internal resources via my new @outlook.com MSA address - the only things it did have access to was things like MSDN Subscriber Downloads[1] and as a backup/recovery e-mail address for my @ms org account.
[1]: Oddly enough, I retained access to the MSDN Subscriber Downloads area, including full ISOs and Product Keys for about 2 years after I left the company, I only lost access because that was when they moved everything over from "MSDN Subscriber Downloads" to "My Visual Studio" which changed everything.
Might be a side effect of how broken their "company" managed Apple ID system. You can create managed Apple IDs at business.apple.com with such access, but the accounts are _extremely_ limited in functionality[0].
It’s far easier to blend. Otherwise you’re carrying multiple devices. To each their own, but you’re going to have a hard time debugging anything or living on your own new features if there’s zero personal real data in use.
The same Apple that can't figure out how to let customers merge two accounts [1]?
[1] Why would a customer need to merge two accounts? Because originally Apple accounts were just for iTunes, associated with your email address.
Then they started cloud services like file storage, email, calendars, etc, and those accounts were tied to your Apple provided email address.
Eventually they made it so that iTunes and cloud used the same accounts, but those of us who had both iTunes and cloud before that ended up with two accounts. And since your devices can only be signed into one at a time, if we were not extremely careful we ended up with some of our app and music purchases on one account, and some on the other.
This is an ongoing pain in the ass. It would be much much nicer if Apple provided a way to delete one of the accounts and move all the purchases to the other, but they have not done so despite receiving numerous requests to do so.
Sometimes you get lucky. It turned out that all I had on the Apple addressed account was a couple of "purchases" of free apps plus some paid for storage. It was easy just to repurchase those free apps on my original iTunes account, purchase cloud storage for that and delete the other account from my password manager so I can't ever accidentally log in to it. But many people have a lot of non-free app and music and video purchases on both, and so are stuck keeping them both active.
Edit: I don't understand her endgame. She's not going back to work at Apple after the negative publicity she's been generating. She probably doesn't care because she's in law school and will be graduating soon. Is her goal to negotiate a generous settlement? The negative publicity reduces the value of her settlement. (Companies will pay for an NDA as part of a settlement, but only if the damaging info isn't already public.) Is she pursuing some naive, idealistic notion of justice? Or is it all to establish "cred" for her future legal career?
Do people just assume she's telling a truthful story?
I wonder that because I worked there for years and anything remotely like what she claims was implausible when I was there, and would have been immediately corrected with impunity had such occurred.
I mean there's security all over and they're not in a managerial chain, so something seems very difficult about her claims to me.
In saying that, maybe she did have some entirely crazy people around her. Evidence would be stronger than conjecture, and I hope she has some if such happened.
Are you familiar with Radar? It's an internal bug database that is used by all the teams inside of Apple. She redacted identifying information in the screenshot, but anyone with the appropriate amount of disclosure at Apple (several hundred, if not thousands of people) can go and look up the unredacted version where all the names and context is visible. Many with the ability to do so have confirmed it.
> Many with the ability to do so have confirmed it.
Would you happen to have a link handy? I don't mean to be adversarial. That screenshot is just so incredibly outlandish that it comes across as something from an overdone movie and I honestly find it difficult to take at face value.
Basic human decency and social norms aside, I just can't comprehend what manager would fail to recognize something like that committed in writing as a huge legal liability.
Sure, here's one: https://twitter.com/vllry/status/1427360794925158425. I am not joking when I say many, many people had access to this–while I am not at Apple, I know people who are and they could see it too. (FWIW, I was on the Radar team previously, and this is exactly what it looks like–faking it this exactly would require a lot of effort.)
> Do people just assume she's telling a truthful story?
I have no reason to doubt that she's telling the trust from her perspective, but that being said, there are always two sides to a story.
> In saying that, maybe she did have some entirely crazy people around her
To be honest, reading her published tweets/documents, she mostly appears to be someone who complains to HR about everything. Judging by the way her managers "dismiss" her complaints with (attempted) humor (refill whiskey bottles with fruit color and water, suggest which NERF gun she should buy, etc), i'm guessing she's been at it for a while. The sign that her managers purposely leave her out of important meetings could also be a signal that "she's more trouble than beneficial".
Not saying she was wrong (or correct) when she complained, but it would certainly explain some of the hostility being shown by her team members. Reading the parts she complains about it actually sounds like a really nice and accepting/inclusive workplace, and a place i would love to work. Planning a NERF war, and your managers only concern is if you're too loud to disturb other teams :)
In any case, she has published multiple (redacted) confidential documents, so i wouldn't get my hope up for a big settlement.
Fyi, she’s the same woman whose apartment complex was apparently built on toxic waste that made her sick (only her), yet noone could measure any harmful substance in her apartment, the authorities couldn’t help and tried to cover it up. [1]
It seems strange that she happens to be also the victim of organized workplace harrasment at Apple. And again, the authorities (internal Employee Relations) refused to help, and tried to cover it up…?
Either she’s the most unlucky person… or maybe it’s all in her head? Take a look at her website documenting her “ordeals” at Apple [2] To me, it looks like the scrapbook of a paranoid schizophrenic who meticulously collects “evidence” on their “gangstalking”… Just look at this tweet [3] where she talks about fighting Apple, Northrop Grumman (!) and the Irvine Company, and tell me with a straight face that she’s not a wacko.
Even a light scan through the Apple stuff will find you things that obviously aren't just "in her head", like the "Make Ashley's Life a Living Hell" bug ticket entry that other people have mentioned still exists in Apple's system if someone with access looks it up by ID number.
I’m slowly getting the impression that either there’s been a policy change at Apple in terms of customer privacy, or some other government pressure that’s causing all of these seemingly anti-privacy decisions to be made. I’m considering moving away from the Apple eco-system, any recommendations? I’m equally distrustful of Android (specifically Google). I feel like my only option is to compile and deploy my own version of Android (or some other OS) to a non-privacy invading phone.
It’s a downgrade, but the freedom of running linux on a phone is nice. I have a pinephone running sxmo, probably the nerdiest and least friendly ux possible.
I’ve been using it sparingly, but intend to make a full time switch pretty soon. Having a phone with less capability and a focus on privacy will I think help make my phone less of a mental zapping appendage and more like the useful tool I remember these things being way back when.
I guess I’m arguing why even bother with a full replacement? I know everyone else seems to be all in on mobile/leaving a modern app ecosystem feels like getting left behind, but maybe everyone else is wrong. Maybe it’s better to just step away from all the ultra modern attention grabbing bricks of pure unadulterated dopamine and switch to a hacky little portable computer when you need to look something up, or text someone, or call someone, or work on some text document you have or whatever.
If you have a phone with even a crappy browser you have access to a ton of modern functionality anyway if you want it, minus all of the notification hell.
I'm a huge believer in disabling any form of push notification. Nobody's software is entitled to my attention, I'll use it when I feel like it, not when it nags me for attention like a petulant toddler. I don't know how people tolerate their phones pinging, flashing, and buzzing all day like a pinball machine that's been very personally crafted to extract as much attention from your day as possible.
A little off topic, but since social media seems to be the main driver of this "phones as a personally crafted distraction" I'd love to see what a social network that's not actually deeply antisocial would look like. No push notifications, no filter bubbles, no politics, no "nudge" messaging from governments and other organisations aiming to subtly change people's behaviour, no creepy advertising pushed to a perverse degree. Just give me a place with a good chat client, a way of asynchronously keeping in touch with people in my life in that long range between "good friend" and "stranger" (seriously even the Facebook walls of 2008ish would do), and just enough non-obnoxious adverts to cover costs and make a reasonable profit. Oh yeah, and you should always be able to pay a small monthly fee to be rid of ads if you want to.
I'm using a PinePhone right now and I hope I won't need to switch back to Android. I grew used to this freedom.
However, I would recommend it only to the most determined people because many things don't work well.
Forget GPS navigation. GPS does not get the correct location most of the time, AGPS only works through a hacky bash / python script. There is no good gps app anyway.
The sms app on phosh is crashy and does not yet support MMS for which you have to use another hacky script (but I'm working on an alternative app).
The phone often needs to be rebooted due to the modem sometimes not waking up. Calls are not high quality. No built in way to have a reliable alarm if the phone is not plugged. Photos are bad. The phone is generally slow for many modern web apps targeting more powerful hardware.
The phone takes time to wake up for a call.
I would not want to experience an emergency requiring to call someone.
The phone is not waterproof so it will likely break if it takes a good rain.
The on-screen time is not great though you can buy spare batteries which can largely change the game. Remember to set the sleep timer to 30s, which you need to do using the command line if you use Phosh, it helps a lot.
A smoother transition could be to use a degoogled android phone, maybe with MicroG for cell/wifi based location and only using free software (from F-Droid). But you'll still rely on proprietary blob.
I only ever used open source apps on Android and always refused to use apps like WhatsApp & its friends, which helped the transition to the PinePhone.
On the flip side, the PinePhone is getting better every day and the ability to just buy a spare battery and a battery charger and swap them as needed without any tool is really nice.
I typed this message on the PinePhone by the way. It's far from horrible despite my comment.
edit: what I want to say is, wanting to migrate to free and privacy-friendly software is probably a good thing, but increase the chance it will work by not making it too hard. On the desktop, Linux distributions are delightful to use, free software phones are still pretty much work-in-progress unfortunately. The gap between a degoogled Android phone and a PinePhone is huge, probably way bigger than between an iPhone and a degoogled Android phone.
I don't know, I don't think I've encountered any WASM app. Chromium is generally slow on the PinePhone, I would highly recommend Firefox on Phosh (unusable on Plasma unfortunately if this hasn't been fixed). Gnome Web and Angelfish (KDE's mobile browser) work well too.
I would not seek for WASM apps though. Those generally require big and heavy runtimes to be loaded in the browser for questionable benefits, with no way of sharing those runtimes with other apps. I would rather look for native apps, or Web apps with lightweight frontends which can actually be quite fast if done well.
Forget global positioning specifically, shouldn't a good OpenStreetMap atlas application without automatic positioning be feasible, if not presently available? Today it might feel like caveman technology, but it's not that long ago that having a high quality up-to-date world atlas that fits in your pocket would have been considered a considerable marvel. That such an atlas might also tell you exactly where you are at all times is icing on the cake.
Well, you have those options which work well enough to be usable (you don't have pinch zoom, Gnome Maps takes a while to load, openstreetmap.org does not fit very good on mobile, both require an internet connection):
- openstreetmap.org
- GNOME Maps
Then you have Pure Maps. It allows offline maps using OSM Scout Server [2]. It seems good, however it overheats my PinePhone and crashes probably out of lack of resources. So I don't use it. It could be because of Flatpak, but I'm not sure.
As for how to build a good alternative, I see these possibilities:
- contribute to Pure Maps to make it more lightweight. Maybe it's just a matter of building native packages for distributions like Mobian and Manjaro.
- Look whether KDE has a good app for that. They have Marble on the desktop but I'm not sure there is a mobile version that works well yet so porting this to mobile could be a way. KDE apps are generally very high quality though Marble could use some refinement.
- using C++ and Qt/QML with its Map widget, and find a way to use OSM Scout Server to provide the tiles. Actually, Pure Maps is a QML app.
- build a minimal web page showing a Leaflet or a MapLibre widget, connected to a backend built using a compiled language like C++ or D, itself connecting to OSM Scout Server to provide the tiles. Or to OSM Scout Server directly if it is possible.
The last option is probably the most lightweight solution, provided you probably have a browser already running on your phone. I'm not saying this out of my ass by the way, I'm building an SMS app using Svelte for the user interface and D for the backend connecting to the modem and managing the SQLite database. It's way faster than chatty. Maybe don't use React though, this is heavy (Mattermost works but is almost unusable, Element (Matrix) works way better but you still feel latency everywhere).
I’m the same way. For times I absolutely need an app (like banking or healthcare), I’ll boot up an old iPhone I keep around for that exact purpose. Otherwise, I keep no apps other than browsers on my current phone.
I agree with the point of your comment but this particular post is regarding employees and seems like this has been in place for 3 years at least (tweet mentions it).
I started moving away from Apple a few months ago, much before this Apple CSAM debacle. This is a pretty big move for me because I am a developer who makes apps for both iOS and MacOS, so I pretty much need Apple software for work.
No longer buying iPhones or Macs. I was planning on upgrading to the Mac Mini with M1 chip later this fall but now I plan on building a hackintosh instead. I also no longer recommend Apple devices to friends/family.
I got myself a cheap android phone which I have de-googled myself. I got this Android phone ($190 USD for a very good phone - 8GB ram, 12gb space):
No longer buying iPhones or Macs. I was planning on upgrading to the Mac Mini with M1 chip later this fall but now I plan on building a hackintosh instead.
If you don't trust Apple, why build a Hackintosh and run Apple software?
I require MacOS for app development (I am an iOS/MacOS Developer) and it can only be done using MacOS. If I have a hackintosh (or maybe just build my own PC and run MacOS in a VM, then I don't have to buy Apple hardware.
I work for Apple. It’s not just marketing. It’s in every discussion in every feature. Even the current CSAM implementation is actually all about privacy if you read the details on how it’s implemented.
The real question and concern is what happens once laws start getting passed that run counter to this. And that then won’t be just Apple’s problem at that point.
and tell me what's not about privacy with this? The alternative is upload everything unencrypted to providers who then scan there, which is how everything else works.
> The alternative is upload everything unencrypted to providers who then scan there
That's exactly how it should be. If a service provider wants to scan unencrypted documents for legal or PR reasons that's completely understandable. If instead they want to provide true E2EE and risk ending up in court with the regulators, that's also fine.
E2EE with black box on device scanning, however, is an absolutely terrible idea. It misleads regular people who almost certainly won't understand what's really going on. It's easily subverted by various governments as a condition of doing business. It blurs the line regarding ownership and unlawful search, thereby eroding future expectations of civil rights.
Apple should just be honest about the fact that they aren't comfortable providing a full E2EE solution for various regulatory or political reasons.
There's no proper encryption though. In my mind, it's just like having everything unencrypted but using TLS to get it to Apple central. Apple employees can still access it.
This is just ever so slightly better than the worst of everything.
No real encryption, on-device scanning and scanning on Apple servers. "For privacy", WTF!!
I can't see any reason to implement a scanner in this way other than at least having E2EE as a possibility under consideration. They knew there was the possibility for PR backlash. Doing it on device also adds significant complexity. Meanwhile scanning on upload is a very common and well accepted (both legally and socially) practice.
On its own the current approach is all downsides and no upsides so there has to be something else going on here. Wanting to market iCloud as providing full E2EE is obvious and fits perfectly.
Nitpick: What I think you're talking about is not E2E because there is no recipient (ie in this scenario Apple is not able to decrypt your data). It's just bog-standard encryption so your files are private or only shared with people you choose.
We can only recognize the current situation, not a hypothetical future one.
I for one think it is unlikely that Apple will willingly lock themselves out of that mountain of intoxicating user data.
Even if they do ever implement true encryption - not E2E between customer and Apple - personally I wouldn't trust it because of the unauditable on-device scanning/snitching.
This is a ridiculous redefinition of the word, "privacy".
I don't need to read your marketing manual when there's no getting around the fact you are normalizing on-device scanning on personal devices and automated secret reporting to the authorities, which means iphones have now become adversarial.
Used to be that there was a clear delineation between a customer's device and a cloud server. Not anymore with Apple "privacy".
At least with Google I know that if I don't upload the photos to them, they're not scanning my device.
Just as a point of fact, there is zero point to encryption if Apple is able to access everything on icloud, which they can, because Apple doesn't allow you to do backups using a key that only you know.
That's just another one of Apple's penny-pinching scams so they can upsell customers on extra icloud space for backups which are also "encrypted", yet Apple can read everything.
Real privacy would mean real encryption, but then Apple couldn't do their upselling scam and also couldn't secretly scan all your personal stuff.
At this point you might as well buy a Pinephone. It's about as close as you can get to privacy-respecting. Just don't ask too much of it and try not to mind the price.
Well, it's only $149 (or $199 for the higher-spec model with a dock), so it's affordably priced for a phone. One way to keep expectations in check is to treat the PinePhone as an upgrade to a feature phone, until the software options are more fleshed out.
Sailfish is pretty great. Devices get industry leading software update support (the only device they ever dropped got 7 years of updates). Great UI. It even supports a fairly good Android emulation mode if you want to run some Android apps. You can shut down the Android emulator when not in use for power usage and peace of mind.
EDIT: The devices are cheap too, but aren't slow. Typical cost is less than $250 including both the device and software license. The software is mostly open source, but there are a few licensed components. It is possible to use Sailfish without the proprietary bits for free.
The internal policy is invariably related to their views on ultra secrecy. Because they are 'Apple' and people want the jobs, there's acquiescence. When people leave it's probably a different story.
Create a firewall between your personal and professional time. Another name for this is “setting healthy boundaries”.
Always create new accounts for anything work related -- GitHub, Apple ID, whatever.
Don’t install work apps on your personal phone. Don’t enrol your personal phone in corporate MDM. If they want you to use a device for work, ask them to give you one.
Don’t do personal stuff on your work devices. Don’t do side project work on your work devices. Only do work for your employer on your work devices. Turn it off when you’re done work and leave it off until you start work the next day.
Be very clear on all your contractual obligations related to this before you start a new job. Ask to see ahead of time all the paperwork they will ask you to sign, so there are no last-minute surprises (“oh, you want to own anything I create outside of working hours?”).
Firewall yourself to protect yourself.
Edit: One more: don’t use corporate WiFi with your personal devices
I get that in the "most secure boundary" sense, I should have a work provided phone for work stuff, BUT...
I don't want to carry two phones.
I'm part of a team that owns some responsibility for fixing things that break in the night.
I find it freeing to be able to reply to a Slack or Outlook email while I'm with my kids at the playground.
I see the above advice all the time, but I can't help but think it only relates to an IC with no career ambition, no outside responsibility distractions (kids schedules), that's 100% committed to 9-5 life and has little opportunity for big promotion based on being part of a chain of ownership for things that are customer facing.
Personally, I've mostly worked at small companies (my preference), and have ambitions. I have a healthy work/life balance, but also don't want my products to fail and occasionally want the flexibility to help my colleagues while AFK.
In the end, the above advice is very popular, but I just see a jaded burnout mercenary in a company with tens or hundreds of thousand employees.
> I find it freeing to be able to reply to a Slack or Outlook email while I'm with my kids at the playground.
You can spend as much time on work as you want, but you only get so much time with your children. OP's point is that you should guard the time you have and spend it wisely. Personally, I find carrying a second device and keeping things separate part of maintaining a healthy balance between my work and my personal time.
I also don't want my personal devices or projects tied up in some corporate legal proceeding, so I keep them separate for that reason as well.
I can attest to the importance of this legal separation. I had a personal laptop stolen that had work files on it from before my work had given me a laptop, and I had the uncomfortable responsibility of disclosing that to my boss.
I hadn't even done anything wrong but it made me hella uncomfortable thinking about my work or the cops getting their hands on my laptop. It just feels too personal.
I had to file police reports and everything, and ultimately it was never found, but I still hate the idea and sometimes think about where that laptop ended up.
Part of the thought process is that he wouldn’t be at the playground with his kids in the middle of the day at all if it made him completely unavailable to respond to stuff. Similarly, I go surfing some mornings and respond to people on my watch to keep them unblocked while I’m having some fun at a time strict 9-5 wouldn’t allow.
I maintain a pretty optimal WLB at my current job (I don't remember the last time I've done any work outside of normal work hours) but I do like having work Slack and calendar on my phone. In my case I feel it adds freedom to my day since it makes it easier to just go run a quick mid-day errand without worrying that you're missing a meeting or something. I didn't used to have any of it on my phone because I always heard it was bad psychologically, but as a result I always felt nervous stepping away from my desk for too long because I'd have no way of knowing if someone needed me. I think if I was in a position where I was asked to do work outside of work hours I'd feel differently about this though, but the extent of my after work Slack is mostly requesting days off and browsing some announcement threads.
You can be ambitious and committed to the success of your team/projects while still maintaining clear boundaries. Indeed if you're that ambitious (as you repeatedly emphasize), I think it's wiser to maintain such a clear boundary. What if you either have to leave your firm due to an emerging problem or receive an offer that you dearly wish to accept, but you're so entangled with your employer that disconnection if going to be fraught and/or have legal complications? What if your employer winds up in messy litigation and your personal data ends up as part of the evidentiary record, as mentioned in that Twitter thread?
I've known people who are very driven and can't unplug, who later on end up being very resentful of their own careers because they've structured everything around pleasing others and never saying no.
This is where I think the new line of Linux phones need to put in a lot of work. Properly sandboxing applications and defending against corporate snoopers should be a top priority of any open source phone OS.
I mean you need an undetectable virtual machine for a phone really. That's the reality: I'm content with my phone running some type of hard to crack secure element so companies can convince themselves it's secure, but what I want is that thing isolated and it's network and cellular access gated.
I think you are dramatically overestimating the actual challenge of carrying two phones. Phones these days have great battery life, and they make pretty small models. The phone is like 0.2% the mass of your body. It’s not that big of a load.
I’ve been promoted several times while having separate work and personal phones.
If more phones is less ambitious, is having 0 phones the maximum ambition? I have tapped away on slack on my work phone while at the playground or sports or recital on weekends etc 100's of times.
Yes I feel like a right prick pulling two phones out of my pocket - I mitigate this by not being the kind of person who sits down and places their phone on the table face up at dinner.
As for the suggestion that the seperation or work/personal is a sign of less ambition, that you somehow care less about work than your personal life - my work phone is set to ring 24 hours a day, my personal phone vibrate only. There are times where I am not keeping my work life from getting in the way of my personal life, but keeping my personal life from getting in the way of work.
Watching someone go to check their work slack on their phone only to have their attention dragged away to group chats with friends on competing attention apps gives me pause to consider. At the end of the day, whatever works for people, I have found what I think works for me.
I also just want to say, as a full time remote worker, I need Slack on my personal phone. Remote work allows you to work anytime and thus break out of the 9-5. But to properly do that and still be a member of a team, I need to be reachable on my regular phone. If I decide to switch up my day and work at night, I need to still be reachable for random things during other people's working hours. It's usually just someone has a quick question. Team members in other time zones have discussions on Slack that are outside of the time I'm sitting in front of my computer. I like seeing these discussions and contributing while I'm at the grocery store or some such. If mission critical software is blowing up, I need to know that I need to get back to my computer. If I don't have any real work to do that day, I can go do something else, and just check my phone to see if I need to get back to my computer because someone who actually is working needs me. I can actually sort of take days off this way, without having to actually ask for the day off.
In general, as a remote worker, having Slack on my personal phone allows me to work less and more efficiently. It gives the illusion that I am always working, whereas I'm actually working only when I want to and am most effective.
When things break at night, can't they just call your personal phone? Can't you login to slack on your personal phone, from the browser if you have to?
Why does cooperate IT need to own your tech just for you to be reachable.
To me, being at the playground is not a prime example of spending time with my kids. I'm fine with replying to some work related messages while basically watching my kids play.
Playing soccer together, reading to them, playing a board game, doing a joint Lego construction project, learning them to skate, etc. That's spending time together. It doesn't mix well with work.
If you're trying to get promoted by doing unpaid overtime and/or unpaid oncall shifts, you're a class traitor screwing over your colleagues. Help them by setting healthy boundaries even if you don't actually need them yourself.
This is just not a good outlook. Class traitor is ridiculous. If someone is of marrying age and/or child rearing age, are they a traitor to their class because they choose to work instead of whatever your preconceived notions are? People are different and have different work/life conditions than you. You're just going to need to come to terms with this.
It might make them a sucker, it might make them a sycophant, but you have no right to dictate someone else's values like that. I think this sort of tankie rhetoric is worse than useless.
if they want to work because they have no life, that's fine and really none of your business. if you work for a company where working off the clock like this is accepted, then it should be taken as a red flag.
when employees are on the clock, there are protections established for both employee and employer. if someone is injured while on the clock, workers comp is at play as well as corp insurance. if someone is working off the clock and injury occurs, shit storms are coming. if you were clocked out and working because company expects it, you can sue them. if you were doing it on your own to be "a good employee", you can get the blame.
in terms of coders, say you're off the clock and you accidentally truncate a table while connected to production when you thought you were in dev. if you're off the clock, you can actually be accused of "hacking" and doing a malicious act by the corp. if you were on the clock, then they would have a harder time with those accusations.
on the other end, i've worked for companies that were very good on the on clock/off clock recognition. if you were on a paid vacation and the company needed you to answer a call or respond to email, they would credit you that vacation day back even if it only took 5 mins. i miss that company. best work/life balance company i every worked.
Abusive employers classify many de facto line workers as overtime-exempt, often illegally, and workers should not be complicit in this. An employer who tried to treat a unionized industry the way programmers are treated would be laughed at.
> Also what's a class traitor? it's not like I'm working so hard not to become filthy rich. All my colleagues are doing the same.
Sure, but remember that you're not actually a "temporarily embarrassed millionaire" - you most likely have much more common interest with your colleagues than with your bosses. When you find yourself in a prisoner's dilemma situation, remember that the correct metastrategy is to cooperate with people like you and with people who will cooperate themselves, not with a group that's well known to select for sociopathy.
I talk about class issues and economic justice a lot, but nobody owes prior allegiance to a particular class in a way that you can call them a traitor, unless it's some extreme example like a union official being willingly corrupted by a corporate fat cat - in which case a person is reneging on a promise they made, not some unilateral obligation.
You might not like or disapprove of someone's work/life choices or values, this person's certainly don't appeal to me as expressed. But someone's failure to share my values does not in any way make them a 'traitor'. That sort of assumption of mandatory loyalty and cultish denouncement isn't any kind of socialism or liberation; you cannot bully people into freedom.
This is an asinine and immature way of doing politics and I urge you grow out of it.
They're framing their position as wanting to "help their colleagues" and not be a "mercenary", while in actually they're harming those colleagues for the sake of their "big promotion"; they're not just embracing a different value system but performing allegiance to communal values while actually undermining them. I'd have a certain respect for someone who openly acknowledged that they were trying to win a race to the bottom, but not for that kind of disingenuity and hypocrisy.
That kind of reasoning is a great way to impress other Marxist-Leninists (of which I am not one) and alienate everyone else. I seriously doubt this person has ever professed or aimed to perform 'allegiance to communal values'; You're excoriating them for going back on a promise they never made, which is a kind of rhetorical sleight of hand. Whether that's what you intended or a reflex you've developed, it has no basis in reality.
As I said, I don't think much of this person's choices or attitudes, but you can't betray that which you never signed up for to begin with.
I'm by no means a Marxist-Leninist; I meant communal in the normal everyday sense of "belonging to this community". Again, they talk about wanting to help their colleagues and not wanting to be too mercenary - values most of us will sympathise with - but their actions are actually opposed to those values.
As I said, I do have a healthy work life balance. I also have responsibilities to my family and to my colleagues, and balancing those is difficult. Especially during a pandemic with no child care - I'm full time working and full time parenting.
> As I said, I do have a healthy work life balance.
If you're working overtime and on-call outside of work hours then no, you don't. That's not healthy and there's no way to make it healthy. You talk about "owning" responsibility for fixing this thing if it breaks, but real ownership is two-sided - do you have a meaningful equity stake (token stock options don't count) in whatever that system does so that you're getting the upside as well as the downside?
If you're choosing to spend your life and health on something you actually own, fair enough, it's your funeral. But if you're a worker then it's not your job to deal with that. I can understand that as a parent you're vulnerable, you don't want to lose your job, and when the bosses say the business wouldn't be viable if they had to pay for a proper night shift (or whatever rate it would take for them to get enough coverage from you and your colleagues voluntarily taking those shifts - funny how the biggest fans of "free markets" don't seem to like being on the receiving end) then it's hard to stand up to that. But doing free favours for the bosses is like paying Danegeld - once you start it will only get worse.
You keep talking about responsibility to your colleagues, but what you're doing hurts them a lot. That's where my anger comes from.
I am working a more flexible schedule where I handle some details from my phone AFK and work dedicated hours at times that fit better with family obligations.
I actually believe setting that expectation helps my colleagues.
And again, I work at small companies by choice. If we fail a product, the company may fail, then we are all out of a job.
> If we fail a product, the company may fail, then we are all out of a job.
My view remains that if you're going above and beyond then that shouldn't be just to avoid the downside - you should also be getting a proportionate piece of the upside. For a small software company skilled workers are often bringing most of the value to the table, so you should have a corresponding ownership stake (I don't mean that purely rhetorically - from a friend who works at a consultancy that's structured as a cooperative it sounds like it's very much a "normal job" in practice).
Of course in a more capital-intensive business, or if you're blitzscaling, then maybe the owners are bringing something else to the table that you couldn't replicate with just a gang of programmers. But in that case capital is almost always a part of what they're bringing, and that means the company should be in a position to be paying what things cost.
You are wasting your breath. You know he thinks most people are lazy and earning below 200k "for a reason."
A guy won Nobel prize proving your quality of life or happiness does not improve above 75k. Thats what you need.
And in IT you dont need to do unpaid overtime or sacrifice your time with family to get to 75k. Everything above that and you are doing it on purpose cause you value money over family and personal relationships. And that is your choice. But that is not healthy and that should not be norm.
And if you need your workers to work 16h a day with unpaid overtime but they are refusing your workers are not lazy you are incompetent CEO. Or just evil level of greedy.
That study is old, but I still suspect there’s a grain of truth that the financial cutoff is lower than many would suspect.
A rough off-the-cuff calculation is that $75k is roughly double the median US income. If the same rough estimate is applied to SV, that’s about $110k. I bet that’s much much lower than many SV/HN would suspect for a happiness threshold. If you can’t find a way to be happy on double the median income, it implies the system is rigged to make an awfully lot of people miserable.
The problem is often not that happiness isn’t possible, but that we compare ourselves to our peer group to calibrate our expectations. As Roosevelt said, comparison is the thief of joy.
I'm not sure what tone your comment is intended to give off, but does there exist a person who _isn't_ willing to trade privacy for convenience to some degree? One certainly couldn't be using the internet or participating in society if they weren't willing to give up some privacy.
I used to think people were paranoid about this stuff until I ran a big email system. Most big companies have a department in compliance or counsel that reads your mail, either in response to a complaint or randomly depending on the industry.
Accused of sexual harassment? Your JDate and Match emails support the idea that you’re lonely. An external entity thinks somebody embezzled money? Your late credit card notice projects that you have money woes.
> Most big companies have a department in compliance or counsel that reads your mail
They read the email of your personal email account if you use it in the company-owned phone? Or they read the email of your company email account?
In other words, when you say 'This. +100', what do you mean by 'This'? The parent comment raised many points and I'm confused as to which one you're referring to.
Edit: To be clear, it's my fault because I'm new to these things and I don't understand them well.
+100 to the entire way of thinking from the original post. work/personal should be treated like church/state where they are kept separate.
yes, if you read your personal email on a corp device, then there's a good chance corp is reading your personal emails. and 100% yes, the corp can/do read your corp email. they are required to keep copies of every email sent by employees, so just assume at some point some corp lawyer can/will be reading them.
Corporations have to follow guidelines/rules/laws in order to be in good standing. If the corp is sued, the corp will have to respond to discovery requests from the plantiff's attorneys. In the past, so many companies have deleted emails so that they did not have to turn over incriminating evidence has lead to laws being passed that require a minimum amount of document storage. I don't know the details other than it is a thing.
Edit: search "email retention laws" for more precise rules and specifics
The corp having to give out emails on legal requests does not in any way shape or form imply they read your mails regularly. They certainly aren't allowed to in some parts of Europe, even though they have to respond to legal requests.
No, but the point is they can. And if there is anything they feel they need to protect themselves, they can investigate. Most corp employees are just too damn busy avoiding doing their regular tasks to be bothered to snoop other employee emails. Yes, I agree that it's not like someone is just tasked with reading all email every day. The point is that they can and do when necessary. Once they start reading, they have no idea where the trail ends so they will be reading a lot.
It all comes down to the same thing stated here multiple times, don't send any messages on corp equipment that you wouldn't want to see read aloud in front of your manager/boss or worse a courtroom.
There are a few different dimensions here. Note that I’m in the US and have experience specific to larger entities.
For you conducting any personal business on work devices, it is pretty easy for employers to get tools that can detect and even capture that activity. That ranges from grabbing files on the device to periodically or continuously recording screen content.
For conducting personal business on work services, that is trivially searchable with O365 or Google Workplace. Some industries (banking, finance) are required to retain all mail and sample it for policy violations. Sometimes contractors are roped into doing this by contract terms. Sometimes dating coworkers becomes a problem when you communicate on work systems in unexpected ways — anything you do is essentially public.
For conducting business on personal devices, employers cannot generally search through your content. (Unless security or other products are present — for example Crowdstrike or similar EDR tools will log most executable launches) But, if evidence exists that you use personal stuff for business and there is a litigation event or investigation, you can be compelled by a court to turn over your personal gear. That risk depends on what you do for a living and for who. (For example, a government employer may have an inspector general with police subpoena powers, if you are a decision maker in a company, a civil suit may focus on something you said or didn’t say)
All-in-all, the best policy is to keep work away from your personal business and vice versa within reason. The meaning of “Within reason” depends on your circumstances. The issues for a unionized white collar worker at a factory are different than an at-will financial analyst at some big bank.
I work in healthcare. It blows my mind how many people use a work email for communication regarding medical appointments including results and very personal information.
I’m a complete outlier in how conservative I am with this stuff and I’m nowhere near as fastidious as the HN gold standard.
It blows my mind how many healthcare providers routinely transfer sensitive information over insecure channels like email in the first place and ask the patients or carers involved to do the same. The most basic data protection regulations enshrined in law in my country are being openly violated, to say nothing of medical ethics and patient confidentiality.
I had a co-worker that signed up with everything with his work email.
Actually he did all his internet stuff from work (didn't have home access oddly) After some badgering from us he got his own email. when he was hit in the second round of layoffs this helped him a lot.. Even if he was initially schlepping to library to get his email..
> Most big companies have a department in compliance or counsel that reads your mail
Thankfully that's illegal herearound. And I work in finance.
There certainly are automated controls on all communication systems and all mails (and relevant phone calls) are recorded and retained. This being a regulatory requirement.
I'm also pretty sure that there's pattern detection software running on those systems to flag potentially problematic communications.
But indiscriminate email monitoring is illegal without a very good reason (suspected fraud, circumvention of regulatory or compliance requirements, etc) is illegal.
This still doesn't mean that I would mix the personal with work on my personal device but I'm glad there are such protections in place.
And if you can't resist using a work device for something non-work-related, please restrict your use to things you wouldn't mind having printed out and sitting on your boss's desk.
"legal forced me" and "permanent evidence locker" = these texts are part of a legal discovery process (e.g. somebody sued Apple and their lawyers get a certain kind of access to Apple's corporate data)
If there's value for the other side to present the boob pictures as evidence in trial (e.g. in an attempt of character assassination), it will be rather hard to have them not passed around in court now that they're part of the "evidence locker" (as they call it) even though there were 100% personal and unrelated.
my cutoff is whether I would send the email to my grandmother or not lol. I would never merge a personal and work account. They would just have to hand me my pink slip if they didn't like that.
I agree with most of this, but I'm curious about the specific case of Github. If I join a company, are there any big dangers to just having them add my personal GH account to their organizations or private repos, and then if I leave the company they can remove me again? This seems to be how a lot of developers in my orbit do things.
(I mean any dangers at the account/permissions/privacy level - separate from "having two separate accounts might be better for work/life balance" sorts of concerns.)
There have definitely been cases where hosting services have allowed someone to link a personal account into a corporate one belonging to their employer, then at the end of the employment the corporate account has been given control of everything within the personal account. I don't recall whether GitHub specifically was one of the services mentioned, but I would avoid creating that kind of link on any hosting service where I had my own data. Maintaining clear separation between personal and professional devices and accounts is a sound policy and there are very few sensible reasons not to follow it.
No. Having a separate GitHub is just a pain. GitHub provides adequate separation itself (you can add multiple emails and configure notifications accordingly)
Personally, I like knowing that my personal GitHub credentials stay only on my personal devices and my work credentials stay only on my work devices. I never have to worry about the two mixing and any problems that might arise.
Separating accounts is a fine principle, but for anything social (github, twitter..) some people have good reasons for doing their work from their existing personal accounts. E.g. evangelists, folks in devrel, those whose jobs include contributing to OSS or participating in open standards, and so on.
Presuming you also contribute to FOSS projects, and that you additionally use the FOSS you work on personally at work, there will come a point at which a bug you find at work will require you to fix the upstream FOSS project on your work laptop. At that point, getting the git-commit attribution correct gets annoying.
Well, if I work on it at work for work then the attribution should be under my work email. Otherwise, it should be under my personal email.
So far, the only problem I've ever had with separate accounts (including contributing to FOSS) is one time (once!) somebody selected the wrong email alias to review a CL. That took all of (literally) 10 seconds to fix.
This isn't too hard - Git supports folder path separated config settings, so usually I just have a "foss" and "work" profile.
More annoying can be commit signing, but this is actually something GPG has baked right into it - I issue and sign a new key with my work email address while I'm there, and when I quit revoke the key as superceded (and set the expiry to roughly my contract renewal period/performance eval period).
The real problem is corporate IT doesn't understand encryption or signing beyond how their vendors pitch it too them as "secure" so trying to extend any of this to actually support business processes is a losing battle.
Spot on on all accounts. It's been my policy for a very long time now. I consider having a hard separation between my personal systems and work systems to be a security measure that protects both myself and my employer.
In ignorance of this policy I've been violating it all along. They're certainly not enforcing it aggressively (though how could they if you're using your work email).
Having a workplace sponsor a separate GitHub account for your work there would be reasonable, but is this actually common practice? I certainly wish it were, for the above reason, but I can't speak to the reality.
My question was more, if I create a free account and it is linked to an organization, is that a paid account? The company didn't make my account, I did.
Without actually reading the ToS properly, I imagine you're good if your org is paying for your seat in their org (as opposed to a free org, but if it's a company with private repos I'd assume it's the case). That'd be reasonable.
If reality is that you actually meed individual billing for each individual account, that would be kind of crazy and I hope that's not the case.
You also should not do work stuff on personal devices. Yes, this does include checking work email on your phone. Ask the company to give you one if your work requires that you do.
This may be slightly more controversial, but I would extend this firewall to conversations with coworkers --- don't tell them anything that could be used against you either, i.e. mentions of personal projects or accounts. I keep a clear "no real name" policy for personal things which are publicly visible --- including HN --- which avoids the delicate situation of people I know who have had their employer complain about stuff with their name on it, in their personal life, that someone else had found and didn't like.
I'm really surprised at the number of personal GitHub accounts that are being used in my org and at others. I guarantee their access isn't being removed when they depart.
GitHub actually manages attaching business org to personal accounts very well.
You can make notification emails related to the business org repos go to your work email, while all other notification emails go to your personal email.
When you fork a business org private repo into your account, it stays attached to the business org. Other members of the org can push to your fork of that repo but not your other personal or open-source repos. When your account is separated from the org, you lose access to your fork.
If the business org requires extra SAML/OIDC through their central auth service, you can still access your personal and public repos without doing it.
So yeah the business still has to remember to disconnect you from the org when you leave the company, but that's still true if you make a new github account anyway?
Shouldn't you mostly be using them on separate computers though? The rare times I need my personal one at work (to view how I solved something before), I just open Incognito.
I'm self-employed and always on-call. Not suggesting this is the right way for anyone else, but trying to unravel a combined life to even multiple accounts on a single computer sounds like a nightmare.
You can set up a new host in your ssh config and specify a key different from your main account and it should swap your accounts based on the key. Additionally, you can set a git config to be included if you’re in a particular directory so that you can change your commit details.
I’m on a mobile device so excuse the vagueness, but if there’s interest I can provide some resources and go more in depth.
[user]
email = john@example.com
name = John Doe
[url "git@github.com-corp"]
insteadOf = git@github.com
Now all repos under the path /home/john/corp/ will use that config. Then you can put a new host in your SSH config:
Host github.com-corp
HostName github.com
User git
IdentityFile /home/john/.ssh/corp_github
This way you can have different e-mail address and name in your commit messages as well.
Due to the nature of git you can't scope it via GH URL (you can have many remotes in the same local repo). Though you can still manually rewrite when you add a remote with just the SSH config change, e.g.
I guess if you have a more complex matrix of personas and remote servers (not only GH), structure and predictability becomes more important than terseness.
In the example, fnord77 posted, you can replace all the places that they used personal.github.com. It will be usable anywhere you would use ssh, including when going through a few tools that ultimately resolve to an ssh invocation. I won't copy the host block in .ssh/config but you could, for example:
`sshuttle -r my-cloud-server 0/0` for a poor man's vpn
`ssh some-enterprise-server` for when the server has a user unfriendly domain name that you don't want to bother remembering
`git clone git@github-personal:myusername/somerepo.git` when you want to clone using your personal key from GitHub.
There is the caveat, though, that you may have some nested dependencies that will use the plain ole every day host name in which case things will break for you. It rarely comes up, though, in my experience.
This is a limitation that I haven't really found a way through. I haven't tried too hard though because I've found that I can often just let the complicating set up have the 'plain' github.com host and use the custom host for the other set up. If I found that both professionally and personally I needed submodules, though, I'd probably be in trouble.
Also, if the submodules are public, the plain host will work fine because it doesn't matter what key you authenticate with.
I doubt it. I've never heard first-hand of anyone running into any trouble that this would mitigate. Some people are just crazy overzealously fearful of employers and BigCos.
And it's not about being fearful. It's about realizing that the relationship between you and your employer is often adversarial. They want to pay you as little as they can get away with for the most work possible. You want the exact opposite. Otherwise why would you have to "negotiate" for a higher salary when you were hired?
There is another perspective: many companies don't want their employees to use company resources for personal use. They don't want that email from their domain name to be misconstrued as official business, to be entangled in their employees' legally or morally questionable actions, or simply to foot the bill for the resources used. It is a bit odd that a business would ask their employees to merge personal and professional accounts.
It's also worth noting that using personal accounts for professional purposes can confuse things. Personally, I forward any email that my supervisors inadvertently send to my personal account to my work account so that everything is archived and is in one place. Given the amount of filtering of some services (e.g. email) correspondence sent between internal accounts also tends to be more reliable. I have seen situations where dozens of employees did not receive a vital message since it was either sent to a spam folder, or simply dropped, since almost everyone found their personal email provider more convenient.
I've personally started working for a company that demanded any code that I write during employment for company is owned by them regardless if I write it during working hours or at home. I had to list out each project that I had worked on or continuing to work on to establish a history of before/after start of employment. Any new personal project had to be added to the list after a discussion to see how that project and continued employment could co-exist.
The concept here is that if you learned something new at work and then implement it into your own private projects, the company wants that project since they paid for your time learning new something. Also, NDAs and other forms of copyright and what not gets weird.
To me, the gold standard of how to do this is how Woz handled the creation of the first Apple computer. He took it to his employeer multiple times being told they did not claim any ownsership on each occassion.
> The concept here is that if you learned something new at work and then implement it into your own private projects, the company wants that project since they paid for your time learning new something.
This is not how the law works if you’re in California at least. They’ll still get you for other things if you work at a large company, but not for that.
You also wouldn't hear about the trouble someone didn't avoid if the subsequent legal settlement included a gag clause as well as seizing control of the affected IP and a large financial element.
Never accept terms that give your employer control over anything you do independent of work that doesn't affect your performance at work. There is nothing in it for you and the only reason it would be of value to them is if they intend to abuse it.
Do apple let you have multiple accounts? Facebook don't (as I understand it, I have one less). Don't google also say you have to use your real name etc?
If they do it's the stroke of a key to make it a ToS violation for employees to have any personal, privacy. Which seems to be their endgame for everyone. Their issue with facebook google etc is that it's not apple doing it as far as I can tell.
This makes sense for most employees of a corporation; is this also relevant for upper management or C suite executives? I'm curious about if these kinds of boundaries are established even in the "upper levels"
This. Its not a problem until someone is looking to get rid of you. Then they dump the logs.
I've seen people fired for watching DVDs at work. Conversly people watching youtube a lot and nothing happening. Early in the web days an admin assistant came to me because they clicked on something on the web and a bunch of pron windows started popping up. She panicked and turned off her computer and was wondering if it was safe to turn back on or would she be fired. It was safe, and nothing happened to her.
Someone at a job complained I was reading the news on the web to my boss, when that was my habit at lunch. That was fun.
I think the rule is people usually don't care unless it hits them directly at which point it is already game over.
I am not super religious about, but I do have boundaries. It is mostly like you said. It is all great until it isn't and employer is building a case against you.
It’s not infrequent I’ll leave YouTube videos playing while I work on my actual work machine so I don’t think they need to do that much sleuth work if they want to accuse me of using YouTube on the clock.
I've had issues in the past with employers wanting me to add work email and work apps to my own phone.
I always refused. My attitude was, like you said, if you want me to carry around a device connected to my work, then you need to pay for it.
But my main reason why though was knowing that managers preferred staff to put work email etc on personal phones, not due to the cost of buying devices for employees, but because it blurred the lines between personal and work domains. You can switch a work phone off at 6:00pm and turn it on again at 9:00am. With a personal phone you have to set up do not disturb profiles and stuff like that to achieve the same separation because you aren't likely to turn it off in the evenings. Admittedly, it's not the hardest thing in the world to setup - but still a bit more effort that just being able to hit the power button.
I still had to deal with the extreme annoyance of having my personal number passed around the company without my permission.
Exactly. I’m not saying trust my employer or that I dont, I don’t care that much. Logging into slack on my phone doesn’t give them access to all my life. I don’t have to be a slave to the company but I don’t have to be a slave to paranoia either.
Personally there is a difference between logging into Slack on my phone and logging into email (which requires me to enroll into the MDM). I do the former on my personal cell phone, but I would never do the latter. There are many mistakes the company can make (like wiping my personal phone after resigning from the company) to make me regret that decision. But installing Slack is different, I can shut off the notifications and it is oftentimes convenient for me to have the access there if I need it.
Agreed enrolling into MDM shouldn’t be taken lightly. I don’t see that in any modern tech company (at least small ones). For the most part I use gmail and login to the company google account.
I like that you're in a thread about Apple asking employees to straight up merge their personal data into a corporate-owned account and your response is "Phew, at least they didn't ask you to install MDM!"
That's not what people are talking about, they're talking about fully merging your personal and work accounts for things like iphoto, email, etc like Apple is talking about above.
I used to be very strict but I kind of had to give in on the work email because it was so inconvenient. From what I’ve read on iOS this gives them fairly limited access to my activities. Well, hopefully true.
As with any security advice, we each have to know our threat model and understand how it may differ from the advice-giver.
It’s undoubtedly more secure to maintain perfect separation between work and personal information contexts. It can also be expensive and annoying, and may not be worth it for everyone. It really depends strongly on the employer and one’s relationship with them.
I was sort of into the idea of having my calendar on my phone until I learned my company could remotely wipe my phone at any time. That’s a world of trouble from a misunderstanding, or a bitter IT person.
+1 on the MDM stuff. I recently had a guy I know lose all his photos after he left a company. The company said that they could only wipe the company partition on his Android phone, but somehow they could wipe the whole thing and pressed the wrong button.
Leaving a job is hard enough without having to disentangle a bunch of devices and accounts. If an employer wants the security of MDM, just have them provide you the device. Otherwise, it's your device, and you can be responsible for deleting the company related content on it when you separate.
Absolutely agree with separating phones, recently my company mandated MDM policy on phones, and it really messed my phone, there are apps which are separated with work profile but there are very few such apps, what about other apps?
Learnt the importance of creating a hard boundary the hard way.
you hop between companies in the same industry contacts are fluid. everyone takes their reputation with them. everything is blended.
you learn to never put anything questionable in writing. Most people dont even hint at things, just not worth the risk.
drinking create plausible deniability of what you said or what was remembered. information spreads deals get closed. and im talking about things that are perfectly clean but may not apear that way if written.
sort of like in person you can say “grab me a burrito” but if you write it as a request its hard for it to not come
off as demeaning.
The first tweet is sensationalist. If it was for a legal subpoena for discovery then their hands are tied, they have to deliver everything and cannot be seen to have deleted anything. It just is what it is and that is how the courts work. For the second one claiming apple requires you to use a personal account it sure just sounds like most people at apple have no idea how to properly provision a corp. account and just tell you to use a personal one as its easier. One of those things when you onboard where they tell you its not supposed to work like this but we will just do this to get you up and running and fix it later. Most of the time there is no later. I would not be surprised if many people in the heat of the moment and with a new job just say screw it, I'll fix it later. Again there is generally no later. That is on them as well as on apple.
I feel like I might be crazy but… isn’t this an issue with Apple products at work in general?
I am issued a MacBook Pro and iPhone from my employer. The IT dept. configured them to connect to our corporate infrastructure: Exchange, MS365, VPN, Dropbox, Slack, printers, etc.
IT did not issue me a corporate iCloud account. I can add my personal iCloud account to these devices if I want, and then I’ll get all my music, messages, etc. on them. Convenient! Or, I can use my work email to set up a new clean iCloud account and use that instead. I know from conversations that a lot of my colleagues add their personal iCloud accounts to corporate devices, especially phones.
Based on the comments elsewhere in this thread, it seems the weird thing at Apple is that @apple.com email addresses can’t be used in iCloud. Which makes it a bit trickier for Apple employees to set up a new clean iCloud for work.
Don’t add your personal iCloud account even if you want.
Your goal is to not have to repurchase your music, apps, etc., but not commingle your personal photos and messages. You can do this with iCloud family child accounts.
To use “your” stuff you paid for on a “work account” they ask you to set up using alternative email address, you can make the work account be a family child account.
Then the work account can use purchases etc., and you control its access even if work attempts to take it.
While things may have changed in the year since I left Apple the iCloud policy was thus:
Employees got a free upgrade to the higher tier of iCloud service (the 1TB of storage or whatever). There was also an iCloud@Work program rolled out a few years ago that was like a "behind the firewall" version of iCloud services. It was an approved means to share confidential company docs like shared Notes (in the Notes app) or iWork documents.
What was never clear was the level of integration of personal iCloud documents (photos, iWork, etc) and the @Work ones on the back end. No one gave you a straight answer if you asked if opting in for the @Work stuff allowed Apple to riffle through your photos or personal documents in iCloud.
I always assumed opting into the @Work stuff granted Apple back door access to everything in your iCloud account.
Backdoor access? Why would Apple conceivably need a backdoor for data you already willingly gave them? How could Apple not have frontdoor access to your iCloud?
I remember this story, this was the person how accused Apple of sexism because a superior gave her mild feedback about her presentations [1]. Shes also been very vocally negative about Apple on Twitter for months, airing internal complaints via Twitter [2]. And people have been spamming her tweets on HN for a while... in an attempt to build outrage I guess?
Color me real skeptical that she is telling the truth here.
They seem to imply the use of work devices also for personal use; this is a risky practice with every company, don't do that.
Huge privacy issues aside, it is possible that the employer could claim property or at least some leverage on your personal projects if they can demonstrate they have been worked on using the company assets during work time, which especially in times of remote working is hard to define.
Use work devices only for work related activities (no personal surfing, email or social media) and do the rest on your own devices you are never going to hand over to your employer.
There's a lot of people up in arms about this–either because they are mad because Apple is forcing employees to merge their accounts, or that they think this is completely false because this is not strictly required. As always, the real truth is somewhere in the middle.
Apple does not mandate that you use your personal iCloud on your work device. You can absolutely make a fresh account (from a new Gmail or something) and use that to sign in, and then throw it away once you have left. Some employees do this: it's possible, but fairly difficult.
However, it is also true that many (dare I say most?) employees do sign into their work devices with personal Apple IDs. Why? Because there are several fairly strong pressures for them to do so. New hire training has natural variation, but often the person will tell you to "just sign in" to when the iCloud screen shows up on your new computer, without explaining (sometimes not even knowing) that this doesn't have to be an account you actually use, and many people do so thinking it is required to go forwards in the setup process. And Apple rewards you for linking your account: you'll get iCloud storage and access to all of Apple's apps for free.
But that's not all: there's a very strong culture at Apple of "dogfooding": using the beta software for yourself to try it out and file bugs against it. Doing this effectively all but requires having an account you actually use, and for many this is the main reason why they only have one work phone rather than two phones. Plus, on Apple devices if you're not signed into an account that you share elsewhere, a lot of things will not work: your Apple Watch will not sync or unlock the device, you can't listen to your Apple Music, the iMessages your coworker sends you to pick a spot of lunch are not going to be seen.
Obviously, it is always easy to tell an employee that they should trade privacy for convenience. But my point is that the culture explicitly pushes you in this direction, and Apple themselves are pretty bad about employee privacy. They've developed a full BYOD MDM solution that keeps your work data separate from your personal data, so companies can just access or delete that, but they don't actually use it internally. And you think you're being cool with your two iPhones that you bring to work? Nope, any device you bring onto the premises is subject to search, even if you have never MDMed it and only use it for personal work. So they, too, are way behind on where they should be with regards to maximizing privacy. It's regrettable that this employee found this out the hard way–but she certainly will not be the last, and I think it's entirely valid to call out Apple for not moving forwards as other companies have.
TL;DR: To use an iCloud personal account on corporate device =~ s/personal/child/ig.
As posted in a sibling subthread:
Don’t add your “personal” iCloud account even if you want.
Your goal is most likely to not have to repurchase your music, apps, etc., but also not commingle your personal photos and messages.
You can do this with iCloud Family “child” accounts.
To use “your” stuff you paid for on a “work account” they ask you to set up using alternative email address, you can make the work account be a family child account.
Then the work account can use purchases etc., and you control its access even if work attempts to take it.
I don’t get it. Why would you sign in with any personal information on a work device? Just create a free account and use it for work. I have zero sympathy for people who use personal accounts on work devices : just because they let you take it home doesn’t mean it’s not 100% work territory.
This sounds less like bad corporate policy and more like naive employees who didn’t think through the importance of separating work and personal devices.
If you have work information on your personal devices then they own it. Never give your employer that chance. Always firewall your work self and personal self.
Wonder when we hit the point where we're just workers 24/7 and our Alexa/Siri devices are spying on what we say constantly and scoring it against a neural net which computes a terrorism risk score, with employees getting an extra unionization score which is sent to a special internal team to handle.
Your recordings are all protected by hashing using advanced badthink crypto.
Each terrorism risk event is encrypted with a cryptographic safety voucher, which ensures a threshold of 30 badthink events need to be logged before the authorities are notified of your current location to be transported by iDrone to the Apple goodthink reeducation camp.
Facebook is the same; Even on non-corporate devices I saw internal admin tools in my feed while on campus. Why I had access to internal admin tools when I was as far from the main site as possible is a different story.
I personally won’t use any work app on my personal phone and vice versa. I can’t imagine being forced to merge accounts by a supervisor ever again. I’m willing to give my cell phone number for an emergency however.
this sounds strange. Apple compels their workers to mix their personal and corporate accounts? If I would start to work at Apple and say, "please give me a separate account solely for work, I don't want to compromise or mix my and your data", they're going to say nope?
Almost sounds not believable. Any place I've ever worked at has if anything insisted to never bring private data into corporate environments precisely for security and legal reasons.
> During a discovery thing 3yr ago, legal forced me to hand-over all my texts. They refused to let me delete anything, even "fully personal," even when I said "by fully personal I mean nudes." They said they're in their "permanent evidence locker
This doesn't sound like company policy, and more like they were subpoenaed or otherwise compelled to hand over communications.
> Another interesting Apple tidbit: the company tells employees to link their personal iCloud accounts if they need to collab with colleagues when they start. When they leave, they're asked to hand over their laptops w/o wiping them and give managers access to work systems.
I'm not sure how to parse this. Do you need to link your personal accounts with family photos and whatnot? Or can you just create a separate iCloud account just for work, to collaborate with coworkers?
I'm a firm believer in separating work and personal accounts. I usually try not to even log into email from my work computer if I don't need to, and I always use a spare phone for work if a company requires admin access or remote management tools of any kind. That said, reading these tweets I'm not really sure if Apple is asking employees to breach this separation. I'd just create a separate Apple ID for work and use that for the "personal" account that I'm supposed to merge. That's a separation I'm still comfortable with.