Why YSK: It appears several Lemmy Instances are flagged as suspicious and at least 1 instance intentionally using the name of ransomware. A couple of the big enterprise monitoring suites (Fortiguard, ZScaler) will flag your account and may end up with you being pulled into an office for an explanation, or worse.
TL;DR: Keep browsing to your local instance at work for now.
This does not apply for most european users. Source: I am the one who gets these requests and anyone who isn’t a judge gets jack shit. Go pound sand. Anything else would be illegal under privacy and work laws. Even police wont get ANYTHING (judge will reject it) if the crime in question isn’t worth at least 2 years of jail time.
Suspected malware domains just get blocked, no further action will ever take place.
Exactly. American workplace monitoring is crazy.
Rough day at work today, OP…?
While VPNs aren’t perfect, vpn and DNS over HTTPS will help you avoid this.
Be careful though, as many companies also flag VPN usage as suspicious by default.
If you’re just looking to hide from your employer, you might want to consider self-hosting a VPN/HTTPS proxy server, or, for more technical users, self-host a VPN/proxy server that forwards the incoming traffic through a commercial VPN. If you use a commercial cloud hosting platform, all they can really see in that case is that you’re accessing, say, a Digitalocean server, which can also be for any number of benigin websites. Make sure you have your VPN client set to connect over port 443 and not the official OpenVPN or Wireguard port, as well as use the networking interlock (internet killswitch) feature that disables internet access without the VPN connection active.
Still not perfect obviously, but I imagine better than using a well-known commercial VPN directly.
That’s a given. Who wants some VPN provider in south asia knowing you surf history? (same for DoH and Cloudflare btw) Just set up a private VPN in your router.
Why do people use work computers anymore when cellphones exist?
I’m not personally surfing Lemmy on my work computer, but larger screen + physical keyboard and mouse.
I have a work account on programming.dev, using the internet for work is pretty common.
I worked for a small earmold company that made hearing aids and plugs. The PC I used had zero security. I decked it out with every possible imaginable tool to make my job easier, even had it where I could vpn in and do work from home, and while I didn’t utilize this feature, the ceo’s son did after I told him about it for a few weeks after I quit.
Our HR manager constantly asked for email counts each day, so I automated a spreadsheet for her. I set a webcam up in an office with a laser engraver so I knew when the staff would put molds down for engraving without being in the room. I had syncthing cloning directories and a virtual desktop. I’d often model blender models on lunch and sync them back to my nas. Sometimes I’d make custom things for the company, then 3D print them and bring them in the next day.
I had waaaasay too much power, though. I could go pick through the company samba server, look at anything, potentially delete everything. They kept backups on dated copies made on external drives and deleted everything four years old.
I’ve worked a job that required using an app on my phone, and in order to install that app I had to give ROOT ACCESS and full remote control to the IT department and was subject to the same monitoring as when using a company desk or laptop. I just grabbed an older phone I had lying around and used that for work because I wasn’t about to give complete remote access to the phone I actually used every day.
This does not sound legal. What country are we talking about?
US. California, specifically.
It’s ridiculous how we call ourselves the land of the free unless you want to bike to work, drive a small car, have privacy or do anything different/differently from everyone else is not ok here
Wait, your job required root access to your personal cell phone phone at all times? So if you were at home off the clock you were still restricted on your personal phone as to what websites you could view?
It’s also a legal issue. If something happens legally that’s work related and your phone becomes part of the discovery process someone would sift through your personal data
I mean that’s one thing to have access as part of an investigation, but to have remote access to it 24/7 seems excessive.
I use a Pixel 1 for the same purpose. It’s just a couple authentication apps in my case, but I still don’t want their shit on my personal phone.
Not sure why they’ve got to use proprietary shit instead of just using standards. I even offered my own Yubikey.
Fuck that. Our company gives us phones because they know they’re secure. And we don’t use them for anything but work related apps. I still make all my phone calls from my personal or office phone
I say, “We,” but that’s not entirely true. There are a couple of jackasses that do everything on them, but I assume the company can see it of they want to. So, fuck that
Why did the company not supply the phone to be used for company purposes?
They were cheap bastards and were forever “in the process of getting” new company phones for brand new hires like I was at the time.
If you are android, there is an app called Shelter that lets you create customized contained work profile inside which apps can be killed completely until you enable work profile again. This would usually be enabled by certain official app by your employer’s IT policy, such as MS’s Company Policy, so you don’t normally have control over what app to put in the profile, but with Shelter you can pick and choose any app into the work profile freely. If you have other apps you don’t trust, you can also use it to contain them too
Phone got small screen. Computer got big screen.
My work laptop just got replaced, and what’s great is the dock that came with it. It only connects to my laptop thru a USB C. So. Now I unhook my laptop, and plug my phone into it, which uses Dex. It’s like Samsung’s own desktop OS. And I can use my big screens and keyboard and mouse
I also make sure my phone isn’t using the network cable plugged into it and only use my own internet. I don’t think it’d let me anyways
How do you like dexs? Would you consider using it as a daily driver? I mean not having a laptop at all.
Not really. It’s okay for some just casual internet browsing and a few apps that are made for it, and I think you can use Office on it, but I’ve only used it to entertain myself at work. If you had access to a laptop or PC, you can plug a USB cable into any of the flagship Samsung phones and test it out.
Itd be nice if more people used it though, so itd get more support
If you’re familiar with Linux at all, there are some versions you can put on a rooted Android phone, and use it like a Linux PC. I never tried it, but I know it was a thing about 10 years ago, and I’m sure it’s still being worked on
deleted by creator
They might work in a place that doesn’t allow personal electronic devices (government, military, high-security site, etc.).
I’m visiting other companies for work every now and then.
If they are in a fancy new steel-and-concrete office building with open space offices, chances are that cell reception is very bad. I once was in an office where I’m certain they had installed cell blockers on the toilets.
I think my workplace had that until they realized that it also stopped management from being reachable. Fucking lol.
I don’t even connect to my work’s wifi
See I’d connect, but it would be on a VPN the whole time.
I imagine the socialist/ML and pro-union content also plays into this (speaking as a socialist/ML and extremely pro-union, mind you). Corporations hate and are terrified of any sort of dissidence that threatens their profits and will absolutely police your activity on it. Weirdly enough Western “freedom of speech” doesn’t seem to extend to this kind of stuff in practice, can’t imagine why.
Given that I can literally access my unions resources from my employers internet, I doubt that’s an issue.
Could it be that in your country your employer is required by law, or there exists an union contract that specifies your right to access this information?
it couldnt be, we just established that “Western “freedom of speech” doesn’t seem to extend to this kind of stuff in practice”
The wifi at my work won’t let me browse Lemmy at all. I have to enable a VPN on my phone to browse, or go to mobile data.
This is what you should be doing on all corporate networks. What personal sites you go to is none of their business.
Alternatively, don’t use their network and use your cell connection, but for some people, that’s not gonna work, I know.
It is the business’s business to be aware of what sites its employers are using.
Only on company equipment.
Nah, they sure do want to know, though. It’s not businesses business to know what book you are reading on lunch break, it’s not businesses business to know what newspaper you are reading at work, it’s not businesses business to know what social media sites you are reading.
I am of the perspective that if you are accessing that book or newspaper or social media sites using company equipment and network resources, then the company, as the network operator, sets the terms and conditions of you using their network. That can extend to SSL decryption of all connections or blocking unwanted programs or websites or nothing at all, it is all down to the company policies at that point since they own the equipment and pay for the ISP connection.
I don’t think it’s a good idea to use company networking equipment or connections with the same expectation of privacy (or control) as an internet connection you pay for. (eg. Home ISP, wireless carrier, etc) Even consumer ISP connections have certain well-known protocols blocked at the carrier as part of the terms and conditions of utilizing the ISP’s connections. It may be your traffic, but it may not be your network it is traversing. Most network operators have an inherent interest in the traffic traversing their networks.
You’re perspective is a very authoritarian hellhole of a perspective I’ve gotta say. If you think just because the company controls the network connection they get full obliterating rights to your every waking moment and you get zero levels of privacy then we are on very different sides of worker rights.
deleted by creator
Yeah I get domain blocked popups sometimes while browsing at work. I mainly see that it’s happening for lemmy.today.
Why would people not just use their phones? I would never browse any social media on a work computer.
I had a lady in the marketing department open a ticket with us many years ago when ILoveYou was running rampant and we had blocked yahoo mail, gmail, etc on our corporate network and she was PISSED because “I need to access that for my other job!”. Yes, she put that in the ticket. That was a brief discussion with her manager and a resume generating event for her.
“Resume generating event” - that took me a moment, but then I laughed
deleted by creator
Ironically I would have been happy to help her figure out a solution had she not been a complete and utter bitch about it. Instead she got her ass fired for misusing company resources. I suspect her boss was looking for an excuse, 'cause this woman was a 100% Karen stereotype.
That only helps if you aren’t on company wifi. Guess it’s time to stop misusing the corporate wifi password I shouldn’t have.
A VPN would be fine, no?
Most corps block vpn traffic, I know there are ways to “tunnel” traffic to get around this but I’m not very familiar with them
You assume the average person is reasonably smart.
My company uses zscalar. It’s essentially a company endorsed MitM attack and for that reason alone I don’t use the work laptop for anything but work.
that reason alone I don’t use the work laptop for anything but work
I think that was the goal.
We use zscaler too, I never knew what it did, only that it fucks with printing when it needs to be reauthenticated. I hate it so much. Nothing but a nuisance.
seriously, why don’t people just use their phones for non-work stuff in the office? you can leave those disconnected from wifi so nothing is visible to the company.
I’m not in an office. I just swap to my own desktop if I need to do anything non work related.
Better idea… you could work. Or use a VPN on your phone.
Working is stupid
Tell me how else I’m supposed to afford food and a place to live!
That’s why it’s stupid.
deleted by creator
Just make sure your parents are billionaires.
Or just use LTE and not Company WiFi which is obviously monitored. Like how dumb is OP lol
Yeah that would also work.
Working at work. Psshh
At the very least browse in a private tab.
Yeah better not take a break and use the phone while on it.
By all means, please do. IT departments can look for this type of traffic and report it to HR, which saves the company money.
I find it funny that people seem to think that browsing reddit at work is ok, as long as it’s not porn. I don’t think employers see it that way.
…y’all can’t seem to break your reddit habits for shit 😂😂😂😂
This, this thread is basically this songs bridge exemplified. 😅
TL;DR: Keep browsing to your local instance at work for now.
YSK even the local tab on any instance will load many transcluded images from other instances.
if you’re worried about your employer monitoring for suspicious hostnames, you’re rolling the dice every time you do any personal web browsing (outside of sites that don’t transclude 3rd party images, like wikipedia, and, ironically, facebook…).
I’m against transclusion. Unless that clusion is inclusion, then I’m for it.
Browsing personal sites, especially social media, on a work computer is insane
Insane? I wouldn’t go so far, everybody has downtimes from time to time, unless you are doing something crazy… It is fine.
So why not using your personal phone instead?
Really depends on the place of work. I work in the IT of out company and my PC isn’t monitored. My door is constantly open though and there are a lot of people passing. Me looking at the screen is normal and part of my work. Me looking at my phone is always seen as me not working.
Nah
Cool, good sources… Thank you!
Well, you should be using a VPN for privacy anyway, so that wouldn’t be a problem.
omg people, dont do personal stuff on your work machine or connected to your work network. A vpn wont save you from all the software they install in your machine to track you. Use your phone with your mobile data.
deleted by creator
So if you were, say, using a VPN on your personal phone at work on their internet, would you also get in trouble?
If it’s a personal device, at worst they would see you are using a VPN and maybe ask what’s up with that, but they can’t mitm you on your own device.
Most probably not. Unless you’ve installed custom root certificate provided by them. (which you most probably didn’t)
Why would you join your phone to the company wifi? Mobile data is cheap (at least where I am). I’ve never joined my personal phone to an employer’s wifi. At least not in the last five or so years.
cell reception is spotty where I work and there’s a guest WiFi option and they allow VPN. works Wi-Fi works for my use case.
True. I wouldn’t, I was just curious.
Why would you join your phone to the company wifi? Mobile data is cheap (at least where I am).
Where I am, I’m on prepaid. It’s not cost-effective to pay for a full plan (when eg.: I already have internet at home).
Unless you’re handing your phone over and letting them root it, they almost certainly are not MITMing your traffic. At best, they can see you’re using a VPN. If they are able to snoop your traffic, either your VPN is absolutely shit, or you changed some setting you shouldn’t have and fucked yourself.
Its worth noting, you cant actually MITM most traffic without device acess. To MITM my lemmy traffic, you would need either a copy of the certificate and private key of for example lemmy.world, which they would never willingly provide, or you would need to get a valid certificate from a CA for lemmy.world, which you could never get without verifying ownership of the domain.
If you are using a company owned device to browse Lemmy, then 100% they can very easily install a custom Root CA and make their own certificates, and you should assume all your traffic is monitored. But if they allow BYOB or for your phone to be on the network, then they would be unable to see that traffic without you being able to tell, because you would get certificate errors.
But if they allow you to install a VPN, then just use TOR with a TOR bridge and you wouldnt have issues, because they cant tell its VPN / TOR traffic akaik
You put a VPN on your company phone?
You’re using personal software like Lemmy on your company phone?
No, I was asking if you did
That was my response. You shouldn’t be doing personal tasks on a work phone. Has that ever been a thing corporations wouldn’t immediately fire you for? VPN or not, NSFW or SFW, don’t browse Lemmy or other social media on your work devices. Ever. Depending on who you work for, it could even be highly illegal, especially if it’s a government job.
A lot of people really just don’t get this. I had to explain to a couple people they can go look at basically anything they want as to what you’re looking at. Less is more. We have an app on all company phones called lookout that monitors everything including GPS than you can’t turn off. I hate it. I have to keep my phone on when I’m at home too so I extra don’t like it.
There’s some at mine that don’t even have a personal and I don’t get it. You leave and have to change your number and deal with all that crap plus if you have to have an account sent you a text.
They told me that was an option an I was like Fuuuuck no, I keep that shit separate. I still get calls on my work phone when the previous guys kid needs to be picked up from daycare.
Eh, my work explicitly states we can use our work laptop for personal use as long as it doesn’t interfere with work. We can even install software if we want, but there are a lot of security features that ensure you can’t put anything wonky on there.
That said, I usually steer away from social media on my work laptop, except some highly moderated and text-focused places like resetera.
Yes there has ever been a corp that wouldn’t fire you for that. Everywhere I have worked actually. They just warn you that they can see what you are doing.
Do you guys not have phones?
My phone is exclusively used to play Diablo
Ah yes I understand this reference.
Why in the heck would anyone browse any social media on your company machine?
That’s the whole reason I left Reddit because it forced me to have to use Reddit on a computer and it’s one of the first things I remind new hires not to use social media on company property, it’s always monitored from keyboard to Internet connection.
Good lord people…
Because it’s fine?
Yeah some companies might monitor what you do but:
a) It’s not that common or not that detailed as some people imply it
b) It’s mostly for detecting malware or breaches, they don’t care about your social stuff.
c) Most people just check normal stuff in social media nothing to worry even if somebody from works check it
d) People have downtimes, checking Twitter or similar for a little while it’s not a firing offense…
e) Most of the time is not checked by anyone except if something flags it. Which again usually is set for malware and breaches not if you spend x time on YouTube or Twitter…
Yeah…use your phone if you can… But some people are painting this as the end of the world like the untouchable the forbidden fruit.
Coming from IT:
A: Disagree; it’s logged, analyzed, and stored in the name of efficiency.
B: Yes, but also no. Stopping malware is the original idea. But why would a business stop there when they can pressure 2% more time out of you by assigning ametric for everything?
C: Fair
D: It is if there’s budget cuts/Boss dislikes you. Leaving evidence of you not working on company time can be an anchor around your neck.
E: Yes, until no. See D.
I agree using work internet for personal shit isn’t career suicide, but it just opens the door for shit that isnt needed. Frivolous work internet usage is an example of “Free to those who can afford it, very expensive for those who can’t”.
Just use Data if you can, or shitpost after your shift
Good thing I live in a country where it’s forbidden (unless everyone approves of it, which if course almost never happens) that they monitor everything.
Sure internet movement could be looked up but even that needs to be because if a specific reason. They cannot just randomly look up everyone’s browser history.
I used to do social media marketing for a company. I used a company computer for that ¯\(ツ)/¯
Your ¯\_(ツ)_/¯ is missing several limbs, but at least the armpits are bushy.
