Forget chrome management. Any IT shop worth their salt is protecting their egress with a proxy, explicitly or transparently set.
Don’t browse the net on your employer’s network or devices. Use your phone. Get on 4G/5G.
Never do anything on work machines/networks you don’t want to have to explain to hr/legal.
Also do some really weird things that are innocuous so the HR lady looks at you weird from now on.
Examples please?
deleted by creator
Oh no, my employer might find out I’m looking for other jobs after being overloaded for a year and a half and constantly having my concerns/feedback/process improvement initiatives brushed aside.
I have been hinting to my manager for 6-9 months that he needs to move part of my workload elsewhere so that I can focus and actually achieve something. To think, all it took was for me to tell him straight that I was unhappy and unfulfilled to the point that I was considering resigning. Suddenly he’s all apologies and let’s make changes because you’re kind of vital and we don’t want to lose you.
And I was fired for it. Depends on the market demand I suppose, some industries there is no denying your worth, in others you’re disposable.
I love the fact that firing me what the person you’re answering mentioned is illegal here.
Peace of mind.
Yeah pretty outrageous, I soon found out employment rights in Ontario Canada are practically useless. I had no idea, I thought I had some basic protections, it’s almost nothing.
if you don’t have your personal browsing using a private profile of a secondary browser which you know you can delete, you are doing it wrong.
That might not be enough. I could monitor that on all the devices I manage, if I need to. There are tools to dump browsing info as it’s being committed, or it’s easy to pipe all the traffic from your machine through a VPN to a firewall I manage with a trusted cert injection into your device and inspect the traffic in transit. If you don’t want your employer to see what your up to, don’t use their infrastructure.
Well, yeah, if I worked at home I would use my personal computer for personal things and the workstation for work, it would be pristine. But alas, in the office there’s so much time I can spend pretending that I’m working because I finished my tasks before I implode.
Some risks are necessary :)
It’s not really about IT not knowing, but about being discreet enough that your boss doesn’t see your personal accounts logged in or even worse, to have two chrome profiles, both with obscure names, press the wrong one and to share the screen of saved tabs with Facebook, Instagram, pornhub… Yeah I’ve seen those bookmarks.
It’s… Wtf… If you’re going to be that deranged, at the very least be discreet… Sigh.
Some risks are necessary :)
No, it’s zero-trust all the way down!
not really about IT not knowing
All true, and I’m sure your IT doesn’t care as long as you’re not taking stupid risks
If you’re going to be that deranged, at the very least be discreet
…
I’ve seen things you people wouldn’t believe… a folder full of photos of a sales rep’s feet taken under the table at a meeting… a bookmarked playlist of adult baby porn labelled “Potential Suppliers”… I watched a modded BitTorrent client try to fake VLAN tags for unrestricted Internet access. All those moments will be lost in time, like that expensive label printer from my locked desk drawer… time to get another coffee…
As an IT administrator, if your org has GPOs controlling if you can delete your browsing history or not, there is no chance you will be able to install a second browser without admin credentials.
I can confirm there are places where that is possible.
Also as long as they do not whitelist executables, you could use a portable version of a browser.
And you would still get caught on the company device trusting company CAs, thus enabling them to decrypt all your traffic.
Use a personal device on a personal network for personal stuff.
I was talking about the history on device, of course I agree: never expect privacy on a device controlled by someone else.
Yeah, I can still see that activity. You’re still doing it wrong.
Personal device not on corporate network or you’re doing it wrong.
Sure but people see that you are on the phone while the IT people don’t really care what you do and by bosses aren’t checking those logs so idc. it’s about being discreet on some layers.
If I were at home I wouldn’t need to do anything to hide it since I would use my pc but since I’m in the office I have to get creative.
Also, 5hisbpost was 7 days old :)
Well, since I am IT, I am not about go to snitch on myself.
I work in cybersec - I’m not going to speak for all businesses or individuals but I will give you my perspective.
Sometimes we need to see browser history to help with timeline correlation, it’s mainly to see “how did this file get here, was it downloaded etc.
Sometimes the investigators need to check out the things they need to check out, BUT
BUT
It needs to be done precisely and sparingly where needed only. This means instead of going through the entire history file, or doing unrelated correlation work (spying on you without cause) you are going to only grab specific timeframes from things you suspect explicitly to prevent any overreach. It’s a tricky balance to hold but also why it’s so important for people in tech to be privacy advocates as well.
There’s a difference between searching for answers to a problem that arose and looking for/predicting problems (thought crime detected!)
your work sees all your browser history
Possibly, if they’ve bothered to configure their machines that way. And only on the browsers they’ve configured that way and only on their machines.
Also, please don’t assume that your work operates the same way as everyone else’s work.
We have that capability but dont really have the time or need for it. having said that, it only takes one rouge employee to mess it up for everyone else.
it only takes one rouge employee
What about a pink employee?
Sir, that is not an employee. That is a pig.
They were tickled?
So only watch mainstream porn on work computers, got it.
I’ve always assumed work will be looking at the browser history. Anyone who assumes they won’t is an idiot.
Softcore is expressly permitted in the IT policy.
Those IT guys need to get off as well you know.
Your work can also read your private Slack messages. You have been warned.
Are they really called private messages? They should just be direct messages
I was the slack admin. We could not see private messages of clients. We could see company wide channels.
If I remember correctly you have to pay extra to be able to access private messages. Maybe you didn’t have this option enabled?
They can see it. I know because someone had an HR investigation happening and they showed me screenshots of his Slack conversations.
If it was a screenshot then they didn’t get it from slack. They have spyware that takes screenshots.
Obviously if they install malware that records keystrokes or the screen then they can see what you type and what’s on your screen.
But slack doesn’t let admins export private chats
Then they must have been able to capture his whole screen. Idk how they’d do that days later, but they had a screenshot of a private conversation in slack. Maybe he had already set off some flags before then and they were watching him or something.
Of course they can, they literally own the machine. You don’t own it, so don’t treat it like it’s your own private job hunting platform or porn viewer.
Yea, this regular “surprise” that work computers are… IDK… owned by work and are configured as the owner requires… is so strange to me.
deleted by creator
Only tangentially relevant, human beings get along better with their agenda (that is, are more productive) when they’re freely allowed to check email and their lemmy feeds, shop on Amazon and whatever other social media stuff they do. In fact, studies have shown an improvement when they drag overly-focused clerks to their mandated coffee breaks (actual coffee optional).
So if you’re getting into trouble for chatting with your kids, or answering emails or resupplying your household with dog food, that might be an indicator your work environment is toxic and you might want to keep looking out for better offers.
Also when game dev teams are crunched, their productivity drops below 50%. When they’re crunched for more than two weeks, it drops below 10%. So don’t crunch your devs.
What are you talking about? They definitely dont see what I browse in a whonix Qube…
If allowed, doesn’t DoH/DoT mitigate this issue?
Not if your employer has installed a root CA on your machine, enabling them to man-in-the-middle all your TLS connections.
Oh that’s a thing? That’s kinda frightening
Not necessarily, as the browser is still logging the history.
Well that’s what private mode is for, to dump the local data after closing the browser session
I know I’m here a week later, but a large number of system administrators disable browser proxy systems, dns over https, and incognito. It’s a neverending war.
Pretty much, but (noob question) how can they block DoH, wouldn’t they have to block HTTPS completely as well?
They control the browser settings itself. It’s either a work managed device or profile.
Ah ok that makes sense
Anyone know exactly what they could see if you’re on a personal device but work-wifi?
Usually the websites and apps you use, but not what specific page you visit and it’s content.
If you for example visit https://en.wikipedia.org/wiki/Labor_unions_in_the_United_States they could see that you visited https://en.wikipedia.org/ but nothing more.
This is assuming that the website is encrypted (it starts with https://, not http://), which nowadays luckily most websites are. Otherwise they can see the specific page, it’s content and most likely also all information you input on that page.
My work runs MITM with corporate certificates, so they can see everything no matter whether it’s encrypted or not. If you don’t accept the certificates to let them monitor, you can’t browse.
Therefore, I just don’t use it.
Is that for the VPN, or actually all wifi connections? Not sure how it would be possible for wifi
Corporate networks (especially those utilizing MITM) block vpn access altogether.
You can’t reach your vpn server, falling back to plain un-tunneled https. Then instead of dns retuning the true ip, it returns a local corporate ip; you connect to that with https and it serves you a cert generated on the fly for that particular domain signed by a root cert your browser already trusts. Your browser sees nothing wrong and transmits via that compromised connection.
You can usually check for this by connecting via mobile data, taking a screenshot of the cert details, then doing the same on work wifi and compare.
If the cert details change on wifi, your traffic is being intercepted, decrypted, read/logged, then re-encrypted and passed to the server you’re trying to reach.
I was talking about work VPN, the thing I connect to every morning to access work’s internal services.
I don’t see how a 3rd party device connecting to wifi can have https MITM. Otherwise many wifi out there would do it and steal your info.
deleted by creator
Can you link to something with more info on how it works? I know how certs work and CAs but not how some random wifi network can hijack that whole trust system. It sounds like it would defeat the whole purpose of https. Thanks in advance.
