Comment by JuniperMesos
14 hours ago
I already assume that on a work computer everything I'm doing could be monitored by work IT. At every job I've had, I've made a point of not using work hardware for anything I even remotely thought someone at the job might object to. Instead I use my own hardware for that kind of thing - I own a smartphone, I own multiple computers, this is not hard to do.
When I worked at a startup that had some internal conflict between the software engineers and management, someone made a Signal group to chat about the issues among the software engineers privately and everyone joined that group with their own Signal accounts, without any kind of issue.
This actually came up with multiple companies I worked at in Sweden. Apparently the law here is quite strict that you _can_ use your computer for personal matters and that your employer is not allowed to spy on you on those matters.
So they can monitor your email and slack server-side, but not your client-side stuff that doesn't touch their servers. However if you use a VPN then they can also monitor your DNS requests and every website you visit. Any kind of client-side telemetry is limited to a few things, however those things can involve what applications you have installed (like spotify) for security reasons or USB sticks plugged in.
This may be legally challenging if you’re not allowed to communicate company internal information and especially files outside of company hardware.
> Yes they could have accessed logs before but there’s a difference between directed checking after incidents and active surveillance at scale.
Not really from the perspective of my own risk/reward calculation. I don't know in advance what's going to be considered an "incident" that will make corporate IT suddenly want to search my work computer. Better to simply have a policy of never using a computer my work controls for personal data, especially when I already have my own computers for that that I use regardless of what job I happen to be working at.
Keep in mind this isn't just about personal data on work hardware. It also leads to things like "we noticed you didn't move your mouse or type anything for 45 minutes, what were you doing?" type of micromanagement.