Comment by mrandish

> automatically update their work location to reflect the building they're working from.

So, either this minimal description is A: an attempt to mask the feature's true purpose of dystopian pocket spying under an innocent-sounding cover, or B: negligently deploying a technical capability with far-reaching consequences without proper diligence or care.

Even if the goal was to enable a pocket panopticon for middle manager spying on WFH staff, in less than 10 seconds I came up with a list of other negative impacts and threat vectors which should freak out any large org's corporate security, legal, compliance and HR teams.

* Like lower level employees not in the 'shielded compartment' seeing that {M&A exec} is currently on {potential acquisition target company's} guest wifi. This kind of accidental location knowledge leak has actually happened between MSFT and Google via a freak analog coincidence and it changed the course of a huge acquisition. This feature makes that accident 1000x more likely.

* Or an employee sues for being dismissed and their lawyer proves through discovery that a manager could have seen they were connected to the wifi of a competitor they might have been interviewing with or an abortion clinic or gay bar, etc.

* Or as part of a harassment claim an employee says the company's required app showed them the phrase "Big Titz Rule!!!" because it was the name of a wifi network another employee was connected to.

Just having an opt-out or hours limit is woefully inadequate. Even if those should prevent senior execs and M&A teams location being accidentally visible to employees not in a trust circle (or worse contractors, vendors or customers looped into a Teams group), it STILL creates huge new threat surfaces. At a minimum the 'feature' needs ways to limit it to only show wifi network names: A. On an approved list, B. Matching a regex pattern, C. limited within a list of IP sub-domains, etc. And at many companies, as part of compliance, all those wifi network names will need to be passed through the "problematic words" list maintained by the HR and security teams (and in many companies hits on those lists trigger auto-reports which will now create discoverable "evidence" in any future lawsuit keyword search).

The unintended-but-foreseable consequences stretch for miles. And this isn't the MSFT Office/Teams group's first self-inflicted trip to this rodeo. I just don't understand how they keep repeating the Same. Obvious. Mistakes.