Sr. Systems Admin here. IT does not give 2 shits about what you browse UNLESS something is reported or something trips our Alerts (has to be something major like Child Porn).
We don't sit there and actively monitor and watch what you are browsing. We investigate when something is reported by a worker or an Alert/Filter gets tripped
Second. I once had a staff member come to me all embarrassed because someone sent a dick pick via some dating app while they was on our corporate wifi. I was like, "I promise we don't care".
Yeah, but the it's a good rule anyway, for some of the same reasons as the "Don't put it in an email if you wouldn't want it read aloud in a deposition" rule.
Everybody has a cell phone nowadays. There's no excuse not to use your cell phone for private stuff. In fact don't use the company Wi-Fi. You must use the company Wi-Fi then you must use a VPN
But no excuse anymore not to use your phone, you don't need to use the word computer to browse, send emails, flirt, whatever
All of my colleagues have work provided phones and laptops. They do all their personal shit on these devices (they don't have their own)
They think i'm a huge weirdo for having my own personal devices.... "Why waste money? Work gives us computer/phone... Lol, you carry two phones like a drug dealer?"
Mine does. They also keep an eye on it because I had gotten through it and that only worked a few days before it was blocked too. Didn't want to press my luck after that.
I never browse personal stuff on a company device. That's what phones are for. I also don't connect to company Wi-Fi on any personal device, because my company makes me sign in with my company's credentials. This should be common sense.
Of course they can, they literally own the machine. You don't own it, so don't treat it like it's your own private job hunting platform or porn viewer.
It actually depends on what tier of Slack license the company uses. Private is a black hole for anything short of Enterprise Grid, unless they reset your password and login as you, obviously doable but not at all subtle.
Until you get asked by HR why you're breaking their policies by clearing history and why you're doing it. If it's a work device that's not yours, don't expect privacy. It's their property.
They don't need the computer to see everywhere you've gone. I've never heard of anyone getting in trouble for clearing their history, but lots of people who have had problems visiting questionable sites.
I have a very hard time believing that lol. Doesn't matter what country, it's still the companies property, and the work you're doing in it is still considered their property. It's not a personal device. What a pretentious statement.
Unfortunately, words on paper frequently fail to prevent organizations, public of private, from doing things they are technically not allowed to do. See the security state apparatus of any of the nations around the world including the 5, 9 and 14 eyes, or any number of tech companies that claim and market privacy respective policies only for people to uncover later that what they pitch publicly diverges in spirit from what they do or what is in the actual terms of service.
Hopefully if people find their employer going outside the bounds of the contract they can catch it, catalog it and hold them to account. Accountability can often be tricky and costly though.
Any personal matters I may have attended to during work hours were done on a personal device, through a VPN, preferably borrowing some other WiFi signal than one run by any company I work for.
If its even more personal, just drop WiFi I don't control all together. Either use the phones data plan for 10 minutes, or tether it to a computer and do the same.
Hmm, no Onionshare is for anonymity, Wormhole or Syncthing are good for security, anything AES basically. You are simply using random Tor servers to share files withing a company...
We have that capability but dont really have the time or need for it. having said that, it only takes one rouge employee to mess it up for everyone else.
I'm not on the IT team but have elevated permissions. I can dial into any of my subordinates computers "invisibility" I might add, and watch their screen. I can copy data remotely. It'll take me a few minutes to grab an image of their computer "for backup" reasons, restore it on another computer, and then safely view their history.
By invisibility, I still leave log traces on their computer.
I'm not going to, because wtf. But I totally do have that power.
I work in cybersec - I’m not going to speak for all businesses or individuals but I will give you my perspective.
Sometimes we need to see browser history to help with timeline correlation, it’s mainly to see “how did this file get here, was it downloaded etc.
Sometimes the investigators need to check out the things they need to check out, BUT
BUT
It needs to be done precisely and sparingly where needed only. This means instead of going through the entire history file, or doing unrelated correlation work (spying on you without cause) you are going to only grab specific timeframes from things you suspect explicitly to prevent any overreach. It’s a tricky balance to hold but also why it’s so important for people in tech to be privacy advocates as well.
There’s a difference between searching for answers to a problem that arose and looking for/predicting problems (thought crime detected!)
I also work in cybersecurity. Second everything this person said.
This thread is a good reminder, because at many organizations HR / management can and will look at your browser history (and computer activity in general) as a method of monitoring performance and staying in control.
But at my organization, we have never once looked at anyone's browser history (and I know that HR hasn't because they would have to go through us). We certainly could if we were asked to and we would if there was an incident (what we would care about is sensitive / confidential information getting leaked or suspicious activity on the network using a specific person's credentials, suggesting those credentials may be compromised). But in almost 2 years (we're a startup in the aerospace electronics sector) we have never once had cause to do that and we have a philosophy that happy relaxed employees who feel trusted by their employer are the kinds of employees that we want, so we wouldn't intrude that way without cause ever.
I third(?) this. Security and IT teams are too busy to be monitoring your everyday habits. Sure, they can see your history if they wanted to, but they won’t unless there is an appropriate justification to do so, and it’s usually triggered by an incident or HR. There also stricit rules with doing so because employees still have the right to their own privacy. It’s not like HR can just go over to the security guy and ask them to pull someone’s browsing history.
Another Cybersec worker here, and I'll broadly agree with all this. That said, I'd also point out that, depending on your site setup, the browser history may be nothing more than another place to correlate information we have from elsewhere.
Several sites I have been at have used Data Loss Prevention (DLP) software which automagically records (and possibly blocks) data moving into and out of the environment. This can be very detailed, to the point of knowing when someone copy/pastes data to a web form. I've also been at sites which sniff web traffic at the firewall and record full pcaps and extract metadata for quick analysis. So yes, for those not aware, deleting browser history or using "in private" browsing or other steps to avoid us seeing your porn browsing, may not be as effective as you think.
All that said, I've never been on a Cybersec team which has had enough time to really care about porn browsing, so long as you are not putting the network at risk. And, so long as HR/Management doesn't tell us to care. We have better things to spend our time on.
Lastly, if you don't want us seeing it, don't so it on a work computer. Look, we have lots of ways to see what you are doing. Just, do that stuff at home, on your own hardware. And leave the work computer for work. Writing up misuse reports is something I really hate doing.
Oh no, my employer might find out I'm looking for other jobs after being overloaded for a year and a half and constantly having my concerns/feedback/process improvement initiatives brushed aside.
I have been hinting to my manager for 6-9 months that he needs to move part of my workload elsewhere so that I can focus and actually achieve something. To think, all it took was for me to tell him straight that I was unhappy and unfulfilled to the point that I was considering resigning. Suddenly he's all apologies and let's make changes because you're kind of vital and we don't want to lose you.
I’m an infrastructure analyst and at my workplace I implement such rules for specific reasons: 1) we need to be able to have evidence should an employee act maliciously with a company device. We do also monitor all queries but it’s passive. We can drill into your browsing history in great detail but won’t unless we have to (speaking personally here as I follow the code).
2) people will do dumb shit. And will lie to get support. Now, having been on the other end of a support ticket, I get it. Unless you lie a little, you may not get support promptly. Therefore, it’s part of my job to check what’s the lie and what’s the actual issue, which includes being able to see the download history. I would not be surprised if malware is accidentally downloaded and then it autonomously removes itself from the download history as It has happened before.
Strictly speaking, this is done for both your safety as well as that of the company. And generally speaking, you should NEVER use your work laptop/phone/iPad for personal use because of all of the above.
I use my personal laptop at work, no issues. Employer can't see what I'm doing which is the way it should be.
If they don't trust me, don't hire me then.
I would never work anywhere where people like you can watch what I'm doing. Luckily I'm in IT so I choose where I work.
I despise companies who don't give employees privacy. The reasons you gave means nothing. You can always argue for anything to protect the company. Who protects the employees?
Safest for the company would be if you have employees in small cells being watched by guards around the clock. That would be really good for the company.
If you've connected your personal laptop to your work wifi, they 100% can see all your browsing history (specifically whats passed through their network).
Hell, I only run a simple homelab and I can see the exact traffic/browsing history of every device on my home network. I'm only tracking via dns traffic, but your https traffic can even be intercepted and decrypted pretty easily. So don't even trust that.
This doesn't require installing anything on your device to fully monitor you.
I hear you, and fully get where you’re coming from.
I work in the finance industry and we have auditors to answer to as well as a ridiculous number of compliance regulations we have to abide by. Not every business is the same. I’m personally on the no-trust policy when you have more than 50 users to manage but it also depend on company policy.
No one is saying you can’t use your personal device at work. We don’t monitor the guest Wi-Fi in any way specifically because that would be an invasion of privacy.
I was referring specifically to using a work device, managed by the business, for personal use.
The employee is protected by being briefed during first day induction of he does and don’t with regards to the equipment that is provided to them to do their job.
Their personal privacy is not infringed upon as there is a clear agreement about what is expected from them. By the way, I’m in the uk (not sure if relevant).
There's a big difference between a giant corporation (that wants you to continue using its products) seeing every site you've visited, and your fucking employer, source of not being homeless and starving to death.
No not really. I mean you could never connect to the internet I guess. But that's the best mitigation there is as long as your using windows. Or run it in a VM?
So you can understand how this works, each device in your computer has a uid or hid, a unique id, or hardware id. This remains consisten as long as you have the hardware. Things that have this are like hard drives pcie cards, etc.
There's also just the fundamental unique ways your PC is built. Of all windows users how many have an Nvidia card? 90% of those 90% how many have the same drive configuration. 5% of those how many are running Intel CPU. Etc etc...
My work has a 100% mandatory vpn and mitm proxy for ssl scanning. I just use parsec to view my laptop from my desktop and browse what I want on my actual personal computer
My work has a 100% mandatory vpn and mitm proxy for ssl scanning
These are worse than useless. They are anti safety. If this box or its private keys get compromised ALL tls traffic of all employees is immediately plaintext.
Any company that buys one of these appliances from mcafee or whatever is asking for it (losing most/all their secrets)
That sort of thing is required for a lot of enterprise certifications. When you do work for government, healthcare, banking, etc. stupid "security" is mandatory for checking off compliance requirements. Not that any of it has to be in any way effective...
This is assuming that the website is encrypted (it starts with https://, not http://), which nowadays luckily most websites are. Otherwise they can see the specific page, it's content and most likely also all information you input on that page.
My work runs MITM with corporate certificates, so they can see everything no matter whether it's encrypted or not. If you don't accept the certificates to let them monitor, you can't browse.
if the company had installed something that uses similar technology as a pihole, wouldn't they technically be able to see everything even if you use https?
Every URL visited minimum unless you are going to an encrypted VPN outside their network first, then they will still see the network traffic to that vpn . I Know someone that got caught redditing on work wifi. granted they also had their device name set to use their name in it... so some of that is on them
That might not be enough. I could monitor that on all the devices I manage, if I need to. There are tools to dump browsing info as it's being committed, or it's easy to pipe all the traffic from your machine through a VPN to a firewall I manage with a trusted cert injection into your device and inspect the traffic in transit. If you don't want your employer to see what your up to, don't use their infrastructure.
Well, yeah, if I worked at home I would use my personal computer for personal things and the workstation for work, it would be pristine. But alas, in the office there's so much time I can spend pretending that I'm working because I finished my tasks before I implode.
Some risks are necessary :)
It's not really about IT not knowing, but about being discreet enough that your boss doesn't see your personal accounts logged in or even worse, to have two chrome profiles, both with obscure names, press the wrong one and to share the screen of saved tabs with Facebook, Instagram, pornhub.... Yeah I've seen those bookmarks.
It's... Wtf... If you're going to be that deranged, at the very least be discreet... Sigh.
As an IT administrator, if your org has GPOs controlling if you can delete your browsing history or not, there is no chance you will be able to install a second browser without admin credentials.
Sure but people see that you are on the phone while the IT people don't really care what you do and by bosses aren't checking those logs so idc. it's about being discreet on some layers.
If I were at home I wouldn't need to do anything to hide it since I would use my pc but since I'm in the office I have to get creative.
Same can be said for any browser, any app, any connection while on the employers network IF they wished to monitor it. Even if you were able to delete all local browsing history and used private browsing, your employer would still be able to know every site you visit if they wished.
If you've authenticated with your credentials on the device, IT is able to see IPs visited and DNS queries and has access to all sorts of network tools to track, shape and otherwise manage your activity.
It's best to assume that nothing you do on your employers network, even when logging into their corporate VPN from a personal device, is private.
I'm always shocked by privacy conscious people who do not have complete segregation of work and personal equipment and devices.
They could even force you to connect to a mainframe instead of your own computer in order to work, and only allow you to click on 3 allowed buttons if they wanted to.
I won't even connect to a wireless network at work with my phone without VPNing to my home network to browse. People use their work computers to browse for personal reasons? They are all.
Only tangentially relevant, human beings get along better with their agenda (that is, are more productive) when they're freely allowed to check email and their lemmy feeds, shop on Amazon and whatever other social media stuff they do. In fact, studies have shown an improvement when they drag overly-focused clerks to their mandated coffee breaks (actual coffee optional).
So if you're getting into trouble for chatting with your kids, or answering emails or resupplying your household with dog food, that might be an indicator your work environment is toxic and you might want to keep looking out for better offers.
Also when game dev teams are crunched, their productivity drops below 50%. When they're crunched for more than two weeks, it drops below 10%. So don't crunch your devs.
We record network traffic, not data from your browser. We can see every URL any device on the network hits, regardless if the traffic comes from a browser or even a phone app.
In addition, some companies install software on each employee's machine that enhances what they can monitor on that machine. It may not be labeled "corporate spyware" but something like "endpoint security", yet it may have the capacity to track pretty much everything you do.
How is this with mobile devices from your employer. I have a company iPhone and understand that there is a certain “space” on the phone which is controlled by the company, mostly all the Microsoft 365 apps (so, for example it is not possible to copy/paste stuff between MS and non-MS apps).
However, for the rest I would assume that all the other traffic does not go through company servers (probably no traffic at all, as I usually have a local IP), and that they can’t see what I am doing in my other apps. Otherwise they could spy on all my transactions I do in my banking apps for example. But AFAIK iOS apps are pretty much sandboxed anyway.
This might be different on my company PC / Laptop, though.
No, no, no. Private browsing isn't private like that. Your ISP and network adminstrator (in this case your employer) can still see every website you access. This is usually explained on the "New private tab" on browsers.
You can use Tor and your IT won't be able to see what you're browsing. They will be able to see that you're using Tor, and might get grumpy about that, though.
For US government employees USAJobs is probably one of the most accessed websites.
Also in Google searches, if you click the vertical ... next to the URL on results, click the down arrow in the pop-up, and click Cached you can likely access a version of the website your white/blacklist service doesn't block. If there are SFW sites you need access to. Generally all scripts are disabled, though.