Comment by JuniperMesos
17 hours ago
I already assume that on a work computer everything I'm doing could be monitored by work IT. At every job I've had, I've made a point of not using work hardware for anything I even remotely thought someone at the job might object to. Instead I use my own hardware for that kind of thing - I own a smartphone, I own multiple computers, this is not hard to do.
When I worked at a startup that had some internal conflict between the software engineers and management, someone made a Signal group to chat about the issues among the software engineers privately and everyone joined that group with their own Signal accounts, without any kind of issue.
This actually came up with multiple companies I worked at in Sweden. Apparently the law here is quite strict that you _can_ use your computer for personal matters and that your employer is not allowed to spy on you on those matters.
So they can monitor your email and slack server-side, but not your client-side stuff that doesn't touch their servers. However if you use a VPN then they can also monitor your DNS requests and every website you visit. Any kind of client-side telemetry is limited to a few things, however those things can involve what applications you have installed (like spotify) for security reasons or USB sticks plugged in.
There is no expectation of privacy on your work machine - that's a given.
We know this is not for security - this data will be collected and weaponized against employees during layoffs. Meta is already doing this for those who are not enthusiastically switching from coding to prompting.
I expect to be monitored, I do not expect to be watched.
If I need to kick back for 20 minutes to think on a problem, I don't want the company to be chewing me out because my mouse movements were not frantic.
This may be legally challenging if you’re not allowed to communicate company internal information and especially files outside of company hardware.
> Yes they could have accessed logs before but there’s a difference between directed checking after incidents and active surveillance at scale.
Not really from the perspective of my own risk/reward calculation. I don't know in advance what's going to be considered an "incident" that will make corporate IT suddenly want to search my work computer. Better to simply have a policy of never using a computer my work controls for personal data, especially when I already have my own computers for that that I use regardless of what job I happen to be working at.
Keep in mind this isn't just about personal data on work hardware. It also leads to things like "we noticed you didn't move your mouse or type anything for 45 minutes, what were you doing?" type of micromanagement.