Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
necovek 4 hours ago

This is still very general, and in opposition to the previous advice. A solution to this seems to be "use separate directories", not "use separate machines".

sshine 4 hours ago | parent [-]

Using separate directories does not guarantee proper deletion.

necovek 4 hours ago | parent [-]

Using separate laptops does not guarantee proper deletion. Not sure what your point is?

(Contractual terms between an employee/contractor and employer/company is what ensures there is no abuse for the most part)

sshine 4 hours ago | parent [-]

I should say:

Using separate directories makes improper deletion likely.

Using separate computers with full-disk encryption and shredding procedures makes proper deletion a happy path.

It's not that you cannot properly isolate environments on a single computer.

It's that a single computer is, unless you're a Qubes/BSD/Hypervisor fanatic, not very isolated at all.

So if/when your personal computer gets compromised because of a browser zero-day, your work's intellectual property is potentially compromised.

When you combine that with likely not deleting files properly (or at all), the window of opportunity for IP theft is much bigger.

When you further add the complete unlikeliness that former employees/contractors will report that their personal computers were compromised after having neglected to properly purge your intellectual property, the case for buying your employees/contractors dedicated machinery becomes a no-brainer. Simply from a corporate risk perspective.

It's not a practical problem, but a principal + legal problem.

necovek 3 hours ago | parent [-]

I fully agree it's a legal problem, which is what my point was from the beginning — depending on the circumstances, it might apply to you or not.

Companies both have to have a set of "processes" in place for legal/compliance reasons, and an employee is liable if they do something that's outside the recommended practice (like using a personal device when forbidden by such policies).

Still, the focus should be on liability and ensuring compliance with legal terms, and an employee needs to make sure they do that. In some cases, that's easier done with a separate computer. In others (when there is no direct spelled-out requirement), downsides of using a separate device outweight the benefits of making compliance with legal terms easier.

As a side note, a browser zero-day is probably even more likely to target work computers, so that example is pretty bad — company data remaining on personal devices by accident is where the problem really is.