573

Not that you guys need the reminder, but your work sees all your browser history and you may not even be able to delete it if you wanted to (lemmy.ca)

submitted 10 months ago by t0fr@lemmy.ca to c/privacy@lemmy.ml

245 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] Pons_Aelius@kbin.social 224 points 10 months ago

Never do anything on work machines/networks you don't want to have to explain to hr/legal.

[-] ech0@lemmy.world 118 points 10 months ago* (last edited 10 months ago)

Sr. Systems Admin here. IT does not give 2 shits about what you browse UNLESS something is reported or something trips our Alerts (has to be something major like Child Porn).

We don't sit there and actively monitor and watch what you are browsing. We investigate when something is reported by a worker or an Alert/Filter gets tripped

HR also doesn't know unless we tell them.

[-] ensignrick@startrek.website 31 points 10 months ago

Second. I once had a staff member come to me all embarrassed because someone sent a dick pick via some dating app while they was on our corporate wifi. I was like, "I promise we don't care".

[-] Pantherina@feddit.de 15 points 10 months ago

I mean, its HTTPS right?

[-] Pixel@lemmy.sdf.org 21 points 10 months ago

Https is no match for work monitoring: pre-installed software, certs.

[-] library_napper@monyet.cc 4 points 10 months ago

Pre installed certs would be a huge vulnerability

[-] ech0@lemmy.world -2 points 10 months ago* (last edited 10 months ago)

Uh no? Most organizations use preinstaed certs. They are usually baked into the Windows image for deployment... They are what allow a corporate device to connect to WiFi networks without a password.

[-] library_napper@monyet.cc 1 points 10 months ago

RADIUS doesn't depend on preinstalled certs. But I wouldn't use Windows anwyay.

[-] jasondj@ttrpg.network 1 points 10 months ago* (last edited 10 months ago)

All of the “privacy experts” in this sub wouldn’t know a certificate if it bit them in the ass. Most don’t even know of VPNs outside of the “privacy” services hawked by YouTubers.

Certificates can be used to authenticate machines to wired or wireless. This is true. They are much easier to maintain at scale than pre-shared key, especially when you run an internal CA and can issue or revoke them easily/automatically, and when you run a domain and can push out additional trusted root CAs to endpoints.

And if you have either an internal CA or a domain (ideally both), it’s very simple to have your firewall or web filter perform man-in-the-middle “attacks”. Most everything nowadays can handle TLS1.2 and many are starting to support TLS1.3. They essentially break open the traffic for inspection and re-sign it with a certificate that your system trusts so there is no error to the user. Some sites and apps have a hard time with this because of HSTS and pinning, but that’s a bit of a tangent.

I say “attacks” in quotes because they own the hardware and they own the time of the person using it.

Anyways, don’t do anything on a work computer you wouldn’t want your boss to know about. We usually aren’t actively watching the traffic, but some things are hard to ignore, and sometimes the CEO just wants to know who else has a diaper fetish for “official reasons”.

[-] Lyricism6055@lemmy.world 0 points 10 months ago* (last edited 10 months ago)

I'm not sure what you're saying? Those certs log to somewhere and in my experience HR is nowhere near technically literate enough to monitor and track that stuff.

Usually a manager asks a sysadmin to watch someone's stuff, then the sysadmin and manager tell HR what they find.

We had a contractor spending 90% of his day on reddit who got fired. Hr wouldn't have been able to pull this info since they don't have access to the system that tracks it

[-] DM_ME_SQUIRRELS@lemmy.world 2 points 10 months ago

That only applies to work devices. If you're using your personal device, they would be able to see traffic to/from a dating website but not the actual content.

[-] JokeDeity@lemm.ee 19 points 10 months ago

Depends on the company size and the people above IT. Sometimes the boss is a chode and demands everyone be supervised like children constantly.

[-] HellAwaits@lemm.ee 0 points 10 months ago

That's still inline with what they said.

[-] ryeonwheat@lemmy.ml 1 points 10 months ago

Yeah, but the it's a good rule anyway, for some of the same reasons as the "Don't put it in an email if you wouldn't want it read aloud in a deposition" rule.

[-] teft@startrek.website 36 points 10 months ago

Also do some really weird things that are innocuous so the HR lady looks at you weird from now on.

[-] JoeBigelow@lemmy.ca 16 points 10 months ago

Examples please?

[-] t0fr@lemmy.ca 7 points 10 months ago

Absolutely. Everyone could use that reminder

this post was submitted on 22 Aug 2023

573 points (97.0% liked)

Privacy

29884 readers

1219 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS