| ▲ | crispyambulance 2 hours ago |
| It's always been hard to know the extent of how draconian tracking actually is (IT pros tend to not talk about it much). In the US, there's the expectation that when you use an employer-provided device that any and all activity on it can be fully monitored/recorded and used against the employee for any reason. In practice, however, few people worry about reasonable amounts web-surfing, being on hacker-news or doing life-activities on their work machines. Oh, here I am on hacker-news when I should be working. With AI, this changes significantly since the man can now employ a robot to categorize and finely scrutinize every little thing with the pretext of "training" (to take your job). We will soon have to brace ourselves for an absolute draconian level of tracking. |
|
| ▲ | macNchz an hour ago | parent | next [-] |
| This is something that genuinely runs the gamut across different companies—plenty don't even know the serial numbers of company-owned machines, never mind which devices individuals have, while others do effectively have live feeds of every employee's screen available to managers at all times. In between you have many businesses that manage their devices but only insofar as to enforce some basic protection and reserve the right to investigate it in the case that something does go wrong. In having conversations about this kind of stuff with company leaders, many will strongly reject any of the most invasive tracking stuff, believe it or not. I do agree, though, that for any type of surveillance, the rise of AI presents a really problematic opportunity to allow more targeted observation, since nobody has to spend their own time looking for what people are doing, they can ask an AI to keep tabs and look out for the things they care about. On that note, I think one of the more realistic risks for an everyday person doing personal things on a work machine is probably insider threat from a rogue IT admin, whose access allows them insight into company devices without enough oversight. |
| |
| ▲ | schnitzelstoat 29 minutes ago | parent [-] | | Yeah, many companies don't want the liability issues. Like what happens if I open my bank account on my work computer? You could argue I can expect someone to be watching but I have no warning that someone is? Here in the EU that would probably be an easy lawsuit. | | |
| ▲ | wpsimon3 21 minutes ago | parent | next [-] | | Can’t speak for the EU, but the companies I’ve worked for in the US explicitly state what they do not track in their privacy/use policy when giving out laptops/phones/tablets. E.g. their anti-virus or firewall system may ignore URLs related to banking, medical, or political affiliation and chose not to log or decrypt that traffic | | |
| ▲ | galleywest200 18 minutes ago | parent [-] | | Once I was trying to find a scene from a TV show at work for a joke with colleagues, and the quote I used ended up triggering a very NSFW search. Did not get fired, not even talked to. Thank goodness! |
| |
| ▲ | jbuhbjlnjbn 18 minutes ago | parent | prev [-] | | How do you expect an employee to prove their banking actions on the company computer were spied on? I imagine this impossible to prove. | | |
|
|
|
| ▲ | caymanjim an hour ago | parent | prev | next [-] |
| > In the US, there's the expectation that when you use an employer-provided device that any and all activity on it can be fully monitored/recorded I don't expect this. I know that some companies install spyware on their devices, but I don't expect it, I don't accept it, and if they did it without disclosing it I'd be furious. I understand they're allowed to do it. I'd never work anywhere that did. |
| |
| ▲ | jbuhbjlnjbn 10 minutes ago | parent | next [-] | | You can rest assured a company firing you for what they saw while surveilling your work computer will not be so stupid as to reveil this fact. That would indeed be a liability for them. They will simply invent a different reason for firing. Because they know it's not allowed (or at least frowned upon), but they decided to do it anyways, the company surveillance is kept secret and downplayed and plausibly denied as much as possible. | |
| ▲ | stingraycharles an hour ago | parent | prev | next [-] | | I think the keyword is “can”. It is allowed, contrary to eg the EU, where this is not allowed. | | |
| ▲ | KaiserPro 14 minutes ago | parent | next [-] | | > It is allowed, contrary to eg the EU, where this is not allowed. Its allows in most of the EU apart from germany where there are strict limits. however you can still record what your users are doing for purposes of detecting fraud. This is where it differs from the USA, where they can do anything because they have no data protection laws. | |
| ▲ | caymanjim 43 minutes ago | parent | prev | next [-] | | Yeah, I know they can. I just can't believe it's normalized and that people simply accept it. Good on the EU for pushing back. | | |
| ▲ | 3form 17 minutes ago | parent | next [-] | | I guess from my perspective there are even more dire problems in the US that I'm surprised people accept. But it seems they don't know, or care, or know that they should care. Perhaps it's the lack of proper authoritarian regime in the US' past that drives this. I believe the temporal proximity of such makes people aware of, and angry against, the many traps that such systems leave in their "law", so you can be imprisoned anytime for anything. EU has a bunch of countries with varying degree of such past. | | |
| ▲ | mrhottakes 11 minutes ago | parent [-] | | Most people need to work to support themselves so it's quite inconvenient to single-handedly solve all of the problems in the US. Suggesting people simply don't know or care is very naive. |
| |
| ▲ | mhurron 5 minutes ago | parent | prev [-] | | You should expect it because it's the safest position to work from. Don't use your work device for non-work, they may be tracking something or everything and do you want that in that record. Additionally, don't use personal devices for work, but that is because of other reasons. |
| |
| ▲ | throw1234567891 41 minutes ago | parent | prev [-] | | It is allowed under certain circumstances. | | |
| ▲ | prerok 22 minutes ago | parent [-] | | I am pretty sure there would have to be a court order, i.e. a severe violation would have to have good ground to be suspected. | | |
| ▲ | throw1234567891 10 minutes ago | parent [-] | | No court order. Just a suspicion against an individual, and a process to follow. Plus, you have to tell them. There is no mass surveillance without notice, correct. |
|
|
| |
| ▲ | sunsetSamurai 17 minutes ago | parent | prev [-] | | if it's a device provided by your company, it's very likely it'll have some spyware on it. |
|
|
| ▲ | paradox242 29 minutes ago | parent | prev | next [-] |
| Regarding what is available, imagine a system with reports and dashboards showing a timeline of which application was in focus and for how long, metrics on "activity" like keypresses and mouse clicks, periods of inactivity, lists of websites visited, whether you are joining scheduled zoom meetings, whether your camera was on, when you badged into and out of the office, periodic photos being taken from your webcam, geolocation on where you sign in from, and I could go on. Most of these things are available bundled with most of the business Microsoft subscriptions while other telemetry comes from other tools or homegrown sources and is available to managers and IT staff on demand. Now, most of the time no one was really looking at most of this unless they had a reason to, and while I am no longer in this end of things since LLMs have reached this stage of maturity, I can imagine they are now being tasked with constantly watching for patterns in worker activity which deviate from the expected norm and are fully capable of notifying your manager automatically along with a detailed analysis of your activity. The thing to understand is that the modern office is a veritable panopticon. |
| |
| ▲ | mywittyname 15 minutes ago | parent [-] | | This is the fruition of Microsoft's dream, since it's the most obvious way to drive copilot usage in a way that A) burns mad tokens, B) is actually useful to paying customers. Though, I have to wonder if distracting leadership with shit like this will be bad for business in the long-term. Both because leadership will fail to do their jobs, being too busy playing peeping tom on employees, but also because it takes their eyes off the prize - measuring the things that make money. |
|
|
| ▲ | p0w3n3d an hour ago | parent | prev | next [-] |
| Doesn't visiting hacker news count as personal growth? Or am I supposed to grow professionally outside the work? |
| |
| ▲ | veber-alex an hour ago | parent | next [-] | | Yep. One time my manager did a hour long lecture for our team on how personal growth is important and that we all should expand our horizons and learn new stuff. When I tried to reserve 2 hours A WEEK for studying tasks I got push back that I should do it on my own time. It was a complete joke. | | |
| ▲ | consp an hour ago | parent | next [-] | | This sounds like the "everything you create in your own time is company property since we cannot distinguish if what you do in your own time isn't company related" clause in some contracts. Under no circumstance is it actable where I live, but it can sure scare the hell out of people and presents a line of thought. Yes, some companies think they can own copyright on the things you write at home. | | |
| ▲ | ChrisMarshallNY 27 minutes ago | parent | next [-] | | I call that the "shower clause," because the company claims ownership of any ideas you come up with, in the shower. I think, like noncompetes, there's limits to how far the company can actually enforce it, but they bank on the fact that they have lawyers on permanent retainer, and you don't. Even standing up for your rights, against blatant corporate overreach, is expensive. | | | |
| ▲ | Tangurena2 14 minutes ago | parent | prev | next [-] | | In the US, the enforceability of that sort of thing depends on the state. Generally, if that state enforces non-competes (other than for selling the business, or managerial staff), then it most likely enforces "you're salaried, so everything you invent belongs to us". The legal term to search is "work for hire". | |
| ▲ | tripledry 26 minutes ago | parent | prev | next [-] | | I always ask companies to remove that clause from contracts, I think all offers I've ever got had that clause, but also 100% removed it on request. | |
| ▲ | doubled112 31 minutes ago | parent | prev [-] | | If my contract says that I must be available immediately at any time, do I have ANY personal time? Or is all of my time their time too? | | |
| ▲ | daveshistory 22 minutes ago | parent [-] | | Absolutely. Your personal time is that time which, in retrospect, the company didn't need you for. It's strictly a backward-looking definition. |
|
| |
| ▲ | belorn 43 minutes ago | parent | prev | next [-] | | This is when I would look up the nearest course for the subject that the job would want me to study, including the cost, time and travel distance. Talk is always much cheaper than the real thing. | |
| ▲ | JTbane an hour ago | parent | prev | next [-] | | I'm experiencing a similar thing- company pushes online lectures but don't even think about putting them on the sprint board. | |
| ▲ | Viliam1234 39 minutes ago | parent | prev [-] | | I wonder what happens when you have kids and you can no longer spend your free time to keep learning new things that your company wants you to know. (Just kidding, I know what happens... they will fire you and hire someone who doesn't have kids.) | | |
| ▲ | stymaar 36 minutes ago | parent | next [-] | | > (Just kidding, I know what happens... they will fire you and hire someone who doesn't have kids.) And then the boss will blame young people for collapsing the demography and endangering the country. | |
| ▲ | ramgine 36 minutes ago | parent | prev [-] | | You either fall behind/into a rut, or like you said, get let go. It’s scary |
|
| |
| ▲ | chaosharmonic an hour ago | parent | prev | next [-] | | Most of my knowledge of new tools comes from newsletters, forums, and content creators. I find things through passive media consumption (and, where I can get it, discourse with other enthusiasts) more often than I find them in the course of trying to solve specific problems. But not all managers think that your learning sources are valid, and care more that you spend time on their learning paths. Even if it's your off time. (Yes, there is a story attached to this haha... and more importantly, several different writeups[1][2][3] on how random internet wanderings have been more beneficial to my overall technological capability than people who insist on the importance of a CS background when building dashboards and client UIs. In practice, thanks to a dev box with insufficient RAM, and your typical tabbed-browsing problem, I used `pkill` over `ssh` -- something I picked up from toying with Over the Wire levels in my off time -- a lot more often than I used linked lists at that job.) [1] bhmt.dev/blog/scraping [2] bhmt.dev/blog/ctf [3] bhmt.dev/blog/feeds | |
| ▲ | yoyohello13 an hour ago | parent | prev | next [-] | | One time my manager messaged me panicking about a big nextjs vulnerability. I told him, no worries, I saw it on HN and we patched weeks ago. He told me to use HN at work as much as I want. | |
| ▲ | javcasas an hour ago | parent | prev | next [-] | | No. You should grow professionally outside of work by also following the work-mandated professional development plan. And you will be punished if you don't do it, or you do it at a pace that doesn't match expectations. You know, don't forget the details. | |
| ▲ | chrismustcode an hour ago | parent | prev | next [-] | | I once got told for an internal promotion I couldn't put anything regarding my current role, responsibilities and achievements in the role. I got told to put any volunteering or previous. Reason given was it's what is expected at work everything you do in your role, you need to show above and beyond. | | |
| ▲ | LiquidSky an hour ago | parent [-] | | Seems like that'd just discourage people from going above and beyond at work. Why do more than the bare minimum to avoid being fired if nothing else you do counts? | | |
| ▲ | Forgeties79 an hour ago | parent [-] | | >Look, we want you to express yourself, okay? Now if you feel that the bare minimum is enough, then okay. But some people choose to wear more and we encourage that, okay? You do want to express yourself, don't you? (This is from Office Space for those who don’t know. Hilarious scene with Jennifer Aniston) | | |
| ▲ | eecc an hour ago | parent [-] | | The Flair scene? Oh seriously than got me so much vicarious embarrassment, I feel uneasy just at the thought of it. | | |
| ▲ | ProllyInfamous 8 minutes ago | parent [-] | | [Jennifer Anniston flips Mike Judge the bird, on-screen #inLove] >>"How's THIS for expression?!? I'm sick and TIRED of this ... job!" ---- I will never go above&beyond again – for any corporate entity – ever again. You can blame past corporate bullies, not yourselves. |
|
|
|
| |
| ▲ | mikeyinternews an hour ago | parent | prev | next [-] | | Or grow professionally during work hours using a personal device. | |
| ▲ | Hamuko an hour ago | parent | prev | next [-] | | Maybe? And yes. | |
| ▲ | taude an hour ago | parent | prev [-] | | You're 100% supposed to grow professionally outside of work. | | |
|
|
| ▲ | isodev 17 minutes ago | parent | prev | next [-] |
| Regardless of your stance on AI, we shouldn’t normalise tracking of this magnitude at all. Some safety guardrails for security and IP protection - fine, most tools have that builtin. Anything beyond that is abuse, plain and simple. |
|
| ▲ | jimmydddd 36 minutes ago | parent | prev | next [-] |
| I wonder if the AI's that replace us will be periodically web surfing and checking HN as part of their daily work flow? |
| |
|
| ▲ | prmoustache 35 minutes ago | parent | prev | next [-] |
| Why would you do that on the employer-provided device? I just use another laptop and my smartphone. I am even using headphones if I want to listen to something for privacy, no idea if my company would go as far as recording from my microphone but I am not willing to take the risk. |
| |
|
| ▲ | 31 minutes ago | parent | prev | next [-] |
| [deleted] |
|
| ▲ | Qem 31 minutes ago | parent | prev | next [-] |
| With companies enrolling AI to help look over the shoulder of their employees, I wonder how hard it would be to do some prompt injection just changing what is displayed in the surveiled screen for it to see. Potential for a new vulnerability vector? |
|
| ▲ | an hour ago | parent | prev | next [-] |
| [deleted] |
|
| ▲ | apimade an hour ago | parent | prev | next [-] |
| What you’re concerned about doesn’t stop at the employer. Anyone with access to data being processed about you may have incentives that align similarly with your employer’s use case. Advertisers, Internet service providers, phone manufacturers, social networks, tech platform providers, schools, families, spouses, nosy neighbours, nosy governments. The scale at which you can build a summary about someone is astonishing. How they breach policies, how they break laws, how they mishandle sensitive data, how they materially negatively impact customers. This whole thing is now a litigation nightmare, and frankly I can’t believe Meta is doing this so publicly. They’ve created an incredibly dangerous and lucrative lever in which vexatious and otherwise incentivised individuals and organisations can subpoena and demand evidence which, provided the ample data available, will surely produce enough evidence given the expanse of their employer base. They simply need to have a thread to pull on, so a judge doesn’t deem it a fishing expedition. Similarly, I worry for democracies with no checks or balances to prevent ruling parties from exploiting or abusing this power. For example, in India, there’s accusations of their equivalent of the NSA being used to spy on the opposition —- under the guise of “keep them honest”. https://www.idsa.in/system/files/book/book_IntellegenceRefor... In other Western countries whenever this type of work is conducted, it’s usually at Director or Minister-level approval. There’s lawyers involved, it’s heavily documented. What happens when systems, or products, are given the implicit approval of this same function by their very nature? We’re in weird times. |
| |
| ▲ | eecc an hour ago | parent | next [-] | | Well, at the risk implying intention and thus anthropomorphizing Larry... you know sharks don't eat, they simply consume food, like a fire consumes wood, this is what Larry Ellison advocates for: "Citizens will be on their best behavior, because we’re constantly recording and reporting everything that is going on" | |
| ▲ | fragmede an hour ago | parent | prev [-] | | That smart TV you just got has ACR (Automatic Content Recognition), which takes a screenshot of what you're watching and sends it off to data brokers. |
|
|
| ▲ | giancarlostoro 16 minutes ago | parent | prev | next [-] |
| > (IT pros tend to not talk about it much)
> In the US, there's the expectation that when you use an employer-provided device that any and all activity on it can be fully monitored/recorded Uh, kind of, you have to explicitly be fully aware of it, if they don't tell you in a meaningful capacity, you still have a reasonable expectation to privacy and it could turn into a lawsuit in your favor. ESPECIALLY if you access anything personal, medial, or even financial it could land your employer in hot hot water. In fact, they probably added the 30 minute escape hatch because of those things I mentioned, because yes, those are valid scenarios to have total privacy. |
|
| ▲ | dheera 27 minutes ago | parent | prev | next [-] |
| > however, few people worry about reasonable amounts web-surfing, being on hacker-news or doing life-activities on their work machines I'd suggest doing it on your phone, not work PC. If you have urgent personal errands e.g. an email to respond to here and there and you'd rather have a keyboard, bring a personal laptop, connect it to 5G and do it from your car. |
|
| ▲ | tamimio an hour ago | parent | prev | next [-] |
| > employer-provided device that any and all activity on it can be fully monitored/recorded And the location, yes, your physical location as well |
| |
| ▲ | kelseydh an hour ago | parent [-] | | Work will even flag you for you using a VPN on your phone, e.g. if you check the company Slack. |
|
|
| ▲ | Onavo an hour ago | parent | prev | next [-] |
| If you can afford it, set up a proper trust fund for them. |
|
| ▲ | smohare an hour ago | parent | prev [-] |
| [dead] |
