if you don’t have your personal browsing using a private profile of a secondary browser which you know you can delete, you are doing it wrong.
Your work can also read your private Slack messages. You have been warned.
Are they really called private messages? They should just be direct messages
It actually depends on what tier of Slack license the company uses. Private is a black hole for anything short of Enterprise Grid, unless they reset your password and login as you, obviously doable but not at all subtle.
deleted by creator
I work in cybersec - I’m not going to speak for all businesses or individuals but I will give you my perspective.
Sometimes we need to see browser history to help with timeline correlation, it’s mainly to see “how did this file get here, was it downloaded etc.
Sometimes the investigators need to check out the things they need to check out, BUT
BUT
It needs to be done precisely and sparingly where needed only. This means instead of going through the entire history file, or doing unrelated correlation work (spying on you without cause) you are going to only grab specific timeframes from things you suspect explicitly to prevent any overreach. It’s a tricky balance to hold but also why it’s so important for people in tech to be privacy advocates as well.
There’s a difference between searching for answers to a problem that arose and looking for/predicting problems (thought crime detected!)
I also work in cybersecurity. Second everything this person said.
This thread is a good reminder, because at many organizations HR / management can and will look at your browser history (and computer activity in general) as a method of monitoring performance and staying in control.
But at my organization, we have never once looked at anyone’s browser history (and I know that HR hasn’t because they would have to go through us). We certainly could if we were asked to and we would if there was an incident (what we would care about is sensitive / confidential information getting leaked or suspicious activity on the network using a specific person’s credentials, suggesting those credentials may be compromised). But in almost 2 years (we’re a startup in the aerospace electronics sector) we have never once had cause to do that and we have a philosophy that happy relaxed employees who feel trusted by their employer are the kinds of employees that we want, so we wouldn’t intrude that way without cause ever.
Same for our company, and all companies whose security folks I’ve had a chat with. We don’t give a fuck what you do on your computer. Almost all security folks are into privacy themselves, additionally to simply not having the time to look at people’s browser history or traffic or whatever.
Yes, we have the option to collect data. No, we don’t look at it unless there is a very good reason to do so. And we protect that data, HR or whoever can’t just have it if they feel like taking a look. There is a process to protect the data, because that means protecting the company.
Your security team is not the enemy.
Another Cybersec worker here, and I’ll broadly agree with all this. That said, I’d also point out that, depending on your site setup, the browser history may be nothing more than another place to correlate information we have from elsewhere.
Several sites I have been at have used Data Loss Prevention (DLP) software which automagically records (and possibly blocks) data moving into and out of the environment. This can be very detailed, to the point of knowing when someone copy/pastes data to a web form. I’ve also been at sites which sniff web traffic at the firewall and record full pcaps and extract metadata for quick analysis. So yes, for those not aware, deleting browser history or using “in private” browsing or other steps to avoid us seeing your porn browsing, may not be as effective as you think.
All that said, I’ve never been on a Cybersec team which has had enough time to really care about porn browsing, so long as you are not putting the network at risk. And, so long as HR/Management doesn’t tell us to care. We have better things to spend our time on.
Lastly, if you don’t want us seeing it, don’t so it on a work computer. Look, we have lots of ways to see what you are doing. Just, do that stuff at home, on your own hardware. And leave the work computer for work. Writing up misuse reports is something I really hate doing.
Oh no, my employer might find out I’m looking for other jobs after being overloaded for a year and a half and constantly having my concerns/feedback/process improvement initiatives brushed aside.
Shot, i regularly browse jobs websites even though Im not looking to change jobs again soon. Just to keep them guessing.
They see and scan all traffic, even what doesn’t go through the browser.
No one should use work laptops other than for work
I never browse personal stuff on a company device. That’s what phones are for. I also don’t connect to company Wi-Fi on any personal device, because my company makes me sign in with my company’s credentials. This should be common sense.
Anyone that uses work equipment for personal stuff deserves to be found out
I mean, MS can literally track you between Windows installs, as long as you’re on the same hardware. No surprises here.
How? Is there a way to mitigate this?
Have you heard of Linux?
Of course I did. My only OS for the past 7 years
So that’s how you do it. :) 🤙🐧
The only way :) Once I stopped using all proprietary software, I also quit social media (this account is the first one after such a long time) and I’ve never felt happier. Linux and privacy for the win!
Couldn’t agree more!
Install a Linux distro.
I use Gentoo on my main computer. I was just curious.
No thanks
Forget chrome management. Any IT shop worth their salt is protecting their egress with a proxy, explicitly or transparently set.
Don’t browse the net on your employer’s network or devices. Use your phone. Get on 4G/5G.
My work has a 100% mandatory vpn and mitm proxy for ssl scanning. I just use parsec to view my laptop from my desktop and browse what I want on my actual personal computer
My work has a 100% mandatory vpn and mitm proxy for ssl scanning
These are worse than useless. They are anti safety. If this box or its private keys get compromised ALL tls traffic of all employees is immediately plaintext.
Any company that buys one of these appliances from mcafee or whatever is asking for it (losing most/all their secrets)
Oh I 1000% agree. But you try to convince my opsec colleagues
That sort of thing is required for a lot of enterprise certifications. When you do work for government, healthcare, banking, etc. stupid “security” is mandatory for checking off compliance requirements. Not that any of it has to be in any way effective…
when breaking the internet and end-to-end encryption are part of any kind of “enterprise certification” that certification is worthless (or worse) and probably some kind of chinese or russian (or the CIA or whoever, certainly not your friend) psyop. Only a mindless idiot would implement it.
Don’t forget the agents they install that take screenshots every 10 seconds!
Nothing to screenshot if all of my personal stuff is on a completely different pc
That doesn’t mean someone isn’t going to pull those up to reprimand you, or monitor your work.
There’s privacy from personal things, then there’s overbearing micro management who will literally track “Mouse hovering” and “Keyboard Idle Time” or how long you take to write an email.
Amingst the other creative ways they can try to keep you at a level “non promotable” status or whatever leverage to control you.
I’ve never had to suffer from it, I do my job, but as a systems admin/engineer for over 15 years, I’ve definitely worked at places that implemented it at our expense, or we had to set it up for our clients using it against their own staff.
Yep. Good point.
Luckily my work hasn’t disabled the remote desktop application protocol. So I do the same, but without parsec.
Can’t install parsec on the work computer, and the web app displays a black screen.
Not my work.
Anyone know exactly what they could see if you’re on a personal device but work-wifi?
Only tangentially relevant, human beings get along better with their agenda (that is, are more productive) when they’re freely allowed to check email and their lemmy feeds, shop on Amazon and whatever other social media stuff they do. In fact, studies have shown an improvement when they drag overly-focused clerks to their mandated coffee breaks (actual coffee optional).
So if you’re getting into trouble for chatting with your kids, or answering emails or resupplying your household with dog food, that might be an indicator your work environment is toxic and you might want to keep looking out for better offers.
Also when game dev teams are crunched, their productivity drops below 50%. When they’re crunched for more than two weeks, it drops below 10%. So don’t crunch your devs.
