Don't use work laptops for personal stuff

there’s this fun setting in group policy editor that sends all the traffic from your computer to a given IP address. there’s another fun setting in IIS to receive all this data. every keystroke, every search pattern, every app installed, telemetry from “what’s on the screen” and point A to point B mouse clicks and what cortana hears.

EVEN MORE FUN FACT, this is default installed on all windows 10 machines and it points the traffic to microsoft. All users encouraged to find mentions of IP address in group policy on personal machines with windows on them and change them to “127.0.0.1” - microsoft not only publishes the software to track the living hell out of you, they publish it right into your machine. Don’t forget to set up a task to change all the IPs back to “localhost” after every windows update - those folks don’t give a crap about your settings they will just flip em back.

If you want to scare yourself, set up IIS server locally and review the data.

2 Likes

Not my machine…but then again I don’t run windows. :upside_down_face:

2 Likes

But I read Boing Boing on my work computer… :thinking:

4 Likes

Are you commenting on your work computer right now?

4 Likes

No. It’s the weekend. Before 8:30AM and after 5PM weekdays and on the weekends, I’m generally on my own laptop.

ETA: I do occasionally comment here and on another blog I follow on my work computer. I’ve been doing it for years, so I must be within parameters.

3 Likes

I’m the head IT person for my office. I don’t spy on anyone’s use of computers (either their own or company ones) but I have a few different observations.

  • I’m in a process of making sure that everyone has a work laptop. I don’t want anyone having to use their own money for a work computer. I am also concerned from a security perspective of computers I can’t control being used for work.
  • A limited amount of personal use on a work computer is fine. But don’t use it for your side gigs. I’ve seen this abused. And I don’t appreciate angry phone calls from staff because they have a problem sending a file to their client and want me to fix it while I’m commuting home or late at night.
  • Don’t use a work computer instead of buying a home computer. When you leave the office you might not have a chance to copy the only set of personal photos to your own device. Fortunately I’ve been able to assist people, but get annoyed after warning them 5 times to stop doing it. Plus I make sure I don’t back up their personal photos.
  • Don’t act entitled to buy your laptop when you quit your job. Chances are I want to pass it on to a co-worker who is using a less capable laptop.
  • Do not allow anyone else in your family to touch a computer used for work. I’ve had co-workers lie to me about children using their work laptops while I had evidence this happened.
14 Likes

This is something I always find to be a forehead slapper. I’ve read so many stories about coworkers getting their phones wiped because a child got a hold of their phone and entered too many incorrect PINs at the lock screen or because they let their children play games on their phones and they tried to get into something they shouldn’t have and triggered a wipe.

One thing Android seems to do well versus iOS is being able to partition work and personal stuff on the same device. On iOS I can’t workplace enroll my phone without IT policy and requirements taking over my entire device (so I don’t - and deal with the inconvenience of being locked out of some work stuff on my phone or needing buy a second device). In Android everything is nicely partitioned - to the extreme of where you need to duplicate apps. It’s not enough to make me want to switch from iOS to Android but it is a compelling feature.

4 Likes

I’ve used personal equipment to run Citrix sessions on and get work done (especially when I was running a bunch of VMs on the stupid corporate laptop). It’s reasonably safe and unobtrusive as these things go, although of course you still don’t want to do anything stupid.

3 Likes

Over the years when I have had to go into co-workers email boxes I managed to keep a gaze where I avoid seeing shit and catch the whatever it is I was asked to grab. I really learned over the years I just 'effing don’t want to know personal shit of my co-workers. Same goes dealing with their machines.

Still, It does amaze me the number of people that gladly want a work computer/phone and then use it for personal shit. That’s has been a hard nope for me for the better part of 20 years.

At this point in my work from home situation when I started to have to deal hard with work Microsoft accounts and tighter security connections was to just grab an old NUC I had and make that my work machine I RDP into and give it far more limited local network access at home. Both to protect me and work.

2 Likes

I know that gaze. I sat in a bullpen with a dude who basically spent all day every day on online dating sites on his work computer. And, uh… not the classy sites, let’s just say. There are so many layers of things wrong with that. I did my best to ignore it, until he started asking me for advice about which women he should write to. I tried to deflect and it didn’t work so finally I had to flat out say, “please don’t involve me in that activity, I am trying to work”. He was fired shortly thereafter.

The same guy parked his car illegally in front of the office every day and collected tickets which he never paid. After several warnings, the city booted his car, as they do in such situations. He flipped out on the phone with Parking Authority about how his mom was a lawyer and he was going to sue the city. All of us around him were like, “My dude- just pay your fucking parking tickets and stop parking there. This is adulting 101”.

9 Likes

Interestingly, while we aren’t allowed to do anything, basically, on our work equipment, as far as I understand it, by law, IT isn’t allowed to monitor the content of connections etc.

So, I think IT can see I am googling. I don’t know if they can see if I am logged in or not. But they would definitely not be allowed to see what I am googling. They can filter certain domains and also get flagged if it a domain I access is on a list of stuff which is illegal, or dangerous for IT security.

Of course they can, if a legitimate reason existed, go through my whole system and data. But that should rather be a good and legally sound reason, because basic law applies also to employees around here. Contrary to popular belief, you can’t completely give up privacy rights to your employer.

Disclaimer: IANAL. And reality sucks in ways I probably can’t even imagine. I still wouldn’t recommend using your workplace equipment for private stuff, but I dare say that I even Google for doctors from work if I must.

1 Like

You can very much waive all your privacy rights when you agree to use someone else’s computer.

Depending on the jurisdiction you are under.

2 Likes

In the US at least, your employer can run credit checks on you, run background checks on you, take out life insurance policies on you (how fucked up is that?), access your medical records (if you have company-funded health insurance), and any other number of privacy-invading things without them even telling you they are doing this. It’s all legal.

things poop GIF

ETA clarified health insurance - HIPAA protects a lot but there can be some loopholes

7 Likes

Categorically, they have no legal right to that and HIPAA would make it so cut and dried.

It’d be a super easy way to get a million dollar settlemsnt with no recourse for the company.

3 Likes

I believe the answer is “it depends”. If the company is self-insured they become a funder of your medical care and are given certain rights. In other cases they can ask for medical records if there’s a need. HIPAA is a great thing but it’s not perfect.

(This is just my understanding - I’m no expert here.)

2 Likes

I wouldn’t count on Citrix sessions or RDP to perfectly isolate you, because it doesn’t.

3 Likes

Indeed. The RDP protocol allows for the remote end to silently reach across to your local machine and access your files, USB devices, etc. I’d assume the closely related Citrix protocols would allow for the same.

Yep. The citrix ICA protocol came first and has the same capabilities. Really it is better (far more efficient on lower bandwidth connections) than RDP. RDP was Microsoft’s rather poor attempt to imitate ICA when Microsoft ripped the rug out from under Citrix in the late 90’s because Citrix was eating their lunch.

1 Like

Just to add on that employers don’t have access to individual medical records, but they do get an overall summary of records for health insurance pricing. The health insurance provider may tell an employer that X number of employees need to have access to Z type of drugs.