if you don’t have your personal browsing using a private profile of a secondary browser which you know you can delete, you are doing it wrong.
Yeah, I can still see that activity. You’re still doing it wrong.
Personal device not on corporate network or you’re doing it wrong.
Sure but people see that you are on the phone while the IT people don’t really care what you do and by bosses aren’t checking those logs so idc. it’s about being discreet on some layers.
If I were at home I wouldn’t need to do anything to hide it since I would use my pc but since I’m in the office I have to get creative.
Also, 5hisbpost was 7 days old :)
That might not be enough. I could monitor that on all the devices I manage, if I need to. There are tools to dump browsing info as it’s being committed, or it’s easy to pipe all the traffic from your machine through a VPN to a firewall I manage with a trusted cert injection into your device and inspect the traffic in transit. If you don’t want your employer to see what your up to, don’t use their infrastructure.
Well, yeah, if I worked at home I would use my personal computer for personal things and the workstation for work, it would be pristine. But alas, in the office there’s so much time I can spend pretending that I’m working because I finished my tasks before I implode.
Some risks are necessary :)
It’s not really about IT not knowing, but about being discreet enough that your boss doesn’t see your personal accounts logged in or even worse, to have two chrome profiles, both with obscure names, press the wrong one and to share the screen of saved tabs with Facebook, Instagram, pornhub… Yeah I’ve seen those bookmarks.
It’s… Wtf… If you’re going to be that deranged, at the very least be discreet… Sigh.
Some risks are necessary :)
No, it’s zero-trust all the way down!
not really about IT not knowing
All true, and I’m sure your IT doesn’t care as long as you’re not taking stupid risks
If you’re going to be that deranged, at the very least be discreet
…
I’ve seen things you people wouldn’t believe… a folder full of photos of a sales rep’s feet taken under the table at a meeting… a bookmarked playlist of adult baby porn labelled “Potential Suppliers”… I watched a modded BitTorrent client try to fake VLAN tags for unrestricted Internet access. All those moments will be lost in time, like that expensive label printer from my locked desk drawer… time to get another coffee…
As an IT administrator, if your org has GPOs controlling if you can delete your browsing history or not, there is no chance you will be able to install a second browser without admin credentials.
I can confirm there are places where that is possible.
Also as long as they do not whitelist executables, you could use a portable version of a browser.
And you would still get caught on the company device trusting company CAs, thus enabling them to decrypt all your traffic.
Use a personal device on a personal network for personal stuff.
I was talking about the history on device, of course I agree: never expect privacy on a device controlled by someone else.
Never do anything on work machines/networks you don’t want to have to explain to hr/legal.
Also do some really weird things that are innocuous so the HR lady looks at you weird from now on.
Examples please?
deleted by creator
Reload every five seconds the global doomsday countdown clock.
You sick €%#¥! /s
Sr. Systems Admin here. IT does not give 2 shits about what you browse UNLESS something is reported or something trips our Alerts (has to be something major like Child Porn).
We don’t sit there and actively monitor and watch what you are browsing. We investigate when something is reported by a worker or an Alert/Filter gets tripped
HR also doesn’t know unless we tell them.
deleted by creator
Probably for audit/investigation reasons.
IT generally doesn’t care (doesn’t want to care) but you still shouldn’t do personal stuff on work machines/profiles.
Yeah, but the it’s a good rule anyway, for some of the same reasons as the “Don’t put it in an email if you wouldn’t want it read aloud in a deposition” rule.
Depends on the company size and the people above IT. Sometimes the boss is a chode and demands everyone be supervised like children constantly.
That’s still inline with what they said.
Some companies try to be incredibly controlling
Second. I once had a staff member come to me all embarrassed because someone sent a dick pick via some dating app while they was on our corporate wifi. I was like, “I promise we don’t care”.
I mean, its HTTPS right?
Https is no match for work monitoring: pre-installed software, certs.
That only applies to work devices. If you’re using your personal device, they would be able to see traffic to/from a dating website but not the actual content.
Pre installed certs would be a huge vulnerability
Uh no? Most organizations use preinstaed certs. They are usually baked into the Windows image for deployment… They are what allow a corporate device to connect to WiFi networks without a password.
All of the “privacy experts” in this sub wouldn’t know a certificate if it bit them in the ass. Most don’t even know of VPNs outside of the “privacy” services hawked by YouTubers.
Certificates can be used to authenticate machines to wired or wireless. This is true. They are much easier to maintain at scale than pre-shared key, especially when you run an internal CA and can issue or revoke them easily/automatically, and when you run a domain and can push out additional trusted root CAs to endpoints.
And if you have either an internal CA or a domain (ideally both), it’s very simple to have your firewall or web filter perform man-in-the-middle “attacks”. Most everything nowadays can handle TLS1.2 and many are starting to support TLS1.3. They essentially break open the traffic for inspection and re-sign it with a certificate that your system trusts so there is no error to the user. Some sites and apps have a hard time with this because of HSTS and pinning, but that’s a bit of a tangent.
I say “attacks” in quotes because they own the hardware and they own the time of the person using it.
Anyways, don’t do anything on a work computer you wouldn’t want your boss to know about. We usually aren’t actively watching the traffic, but some things are hard to ignore, and sometimes the CEO just wants to know who else has a diaper fetish for “official reasons”.
I’m not sure what you’re saying? Those certs log to somewhere and in my experience HR is nowhere near technically literate enough to monitor and track that stuff.
Usually a manager asks a sysadmin to watch someone’s stuff, then the sysadmin and manager tell HR what they find.
We had a contractor spending 90% of his day on reddit who got fired. Hr wouldn’t have been able to pull this info since they don’t have access to the system that tracks it
RADIUS doesn’t depend on preinstalled certs. But I wouldn’t use Windows anwyay.
Absolutely. Everyone could use that reminder
I used TOR at work once, to download some RPMs. Corp IT had a fucking meltdown
RPM in this context means what?
i think they are a package of some distribution.
like .deb for Ubuntu or .exe for windows.
RedHat Package Manager
Thank you
Actually it’s Raunchy Porn Movies
We’re not cool enough to know
I worked in security and trained all our staff on how to use Tor. Good data hygiene is important around the office.
Also Onion Share is the best way to securely share large sensitive files between users
Hmm, no Onionshare is for anonymity, Wormhole or Syncthing are good for security, anything AES basically. You are simply using random Tor servers to share files withing a company…
I can’t imagine why
Why would you download RPMs from a browser, to a work PC, and do they use RHEL?
Some of our servers used RHEL, and were airgapped, so I had to use TOR because they blocked the site (rpm.pbone I think)and then sneakernet that shit.
you don’t know shit about my work fuck you!
Well, since I am IT, I am not about go to snitch on myself.
deleted by creator
Most just monitor your browsing through the Antivirus.
Since they don’t want you visiting porn or malware websites on the corporate network, for good reasons.
Forget chrome management. Any IT shop worth their salt is protecting their egress with a proxy, explicitly or transparently set.
Don’t browse the net on your employer’s network or devices. Use your phone. Get on 4G/5G.
deleted by creator
I’m on Ubuntu at work! The only employee on Linux at a tech company of >150 people! (Where are my Linux nerds?)
I’m in the process of convincing my management to switch to Linux. The most important thing to them is having a way to remotely delete the pc in case it’s stolen. Does someone know of a solution in Linux for that?
I’m using it, as well as my boss!
I’m in a company that uses Microsoft stuff, but I use a lot of fedora and Linux mint in VMs. The latter is based off Ubuntu at least!
It’s actually kind of nice to be able to save the state of my VM since forced restarts are so infrequent.
deleted by creator
Kind of yeah, the rest of the working world uses Windows for good reasons.
deleted by creator
Legacy software with incredible backwards compatibility, exponetially more software options, user familiarity, pretty much everything that active directory provides from user management to group policies, the list goes on.
Im a linux guy, but the thought of rolling out even the most user friendly linux distro gives me nightmares.
deleted by creator
Aren’t they? Changing a legacy app can take years to do the needed research, approval, procurement, and implementation. “Because my IT guy doesn’t like Windows” is a terrible reason to undergo that process.
The same with retraining users on a whole new OS. You’ll spend hours over the course of months answering “where did my C:\ drive go?”. That’s a lot of time you’ll never get back.
Active Directory provides a lot of tools that are familiar to senior techs and easy enough for junior techs to figure out. I might prefer how Salt Stack works but I don’t have time to train dozens of fellow techs.
Linux is cool for a number of reasons, but it isn’t a magic easy button and a wise admin doesn’t swap out fundamental parts of his tech stack without careful consideration.
Oh no, my employer might find out I’m looking for other jobs after being overloaded for a year and a half and constantly having my concerns/feedback/process improvement initiatives brushed aside.
I have been hinting to my manager for 6-9 months that he needs to move part of my workload elsewhere so that I can focus and actually achieve something. To think, all it took was for me to tell him straight that I was unhappy and unfulfilled to the point that I was considering resigning. Suddenly he’s all apologies and let’s make changes because you’re kind of vital and we don’t want to lose you.
And I was fired for it. Depends on the market demand I suppose, some industries there is no denying your worth, in others you’re disposable.
I love the fact that firing me what the person you’re answering mentioned is illegal here.
Peace of mind.
Yeah pretty outrageous, I soon found out employment rights in Ontario Canada are practically useless. I had no idea, I thought I had some basic protections, it’s almost nothing.
Shot, i regularly browse jobs websites even though Im not looking to change jobs again soon. Just to keep them guessing.
My work has a 100% mandatory vpn and mitm proxy for ssl scanning. I just use parsec to view my laptop from my desktop and browse what I want on my actual personal computer
Luckily my work hasn’t disabled the remote desktop application protocol. So I do the same, but without parsec.
Can’t install parsec on the work computer, and the web app displays a black screen.
My work has a 100% mandatory vpn and mitm proxy for ssl scanning
These are worse than useless. They are anti safety. If this box or its private keys get compromised ALL tls traffic of all employees is immediately plaintext.
Any company that buys one of these appliances from mcafee or whatever is asking for it (losing most/all their secrets)
That sort of thing is required for a lot of enterprise certifications. When you do work for government, healthcare, banking, etc. stupid “security” is mandatory for checking off compliance requirements. Not that any of it has to be in any way effective…
when breaking the internet and end-to-end encryption are part of any kind of “enterprise certification” that certification is worthless (or worse) and probably some kind of chinese or russian (or the CIA or whoever, certainly not your friend) psyop. Only a mindless idiot would implement it.
Oh I 1000% agree. But you try to convince my opsec colleagues
Don’t forget the agents they install that take screenshots every 10 seconds!
So only watch mainstream porn on work computers, got it.
I’ve always assumed work will be looking at the browser history. Anyone who assumes they won’t is an idiot.
Softcore is expressly permitted in the IT policy.
Those IT guys need to get off as well you know.
I mean, MS can literally track you between Windows installs, as long as you’re on the same hardware. No surprises here.
your work
There’s a big difference between a giant corporation (that wants you to continue using its products) seeing every site you’ve visited, and your fucking employer, source of not being homeless and starving to death.
deleted by creator
The only way those large corporations can use that ability, is when your employer pays for it.
Otherwise it wouldn’t happen.
Since if it did happen, they would get sued by every company that uses their software.
How? Is there a way to mitigate this?
Install a Linux distro.
No thanks
I use Gentoo on my main computer. I was just curious.
Theclouds it is your friend trust me bro
Have you heard of Linux?
Of course I did. My only OS for the past 7 years
So that’s how you do it. :) 🤙🐧
The only way :) Once I stopped using all proprietary software, I also quit social media (this account is the first one after such a long time) and I’ve never felt happier. Linux and privacy for the win!
Couldn’t agree more!
Linux is not an option in the real corporate world.
Doesn’t have the features necessary to run big businesses.
Nor does Linux have compatible software for the millions of different factory machines.
No not really. I mean you could never connect to the internet I guess. But that’s the best mitigation there is as long as your using windows. Or run it in a VM?
So you can understand how this works, each device in your computer has a uid or hid, a unique id, or hardware id. This remains consisten as long as you have the hardware. Things that have this are like hard drives pcie cards, etc.
There’s also just the fundamental unique ways your PC is built. Of all windows users how many have an Nvidia card? 90% of those 90% how many have the same drive configuration. 5% of those how many are running Intel CPU. Etc etc…
You are sadly very unique.
Yep, I guessed this was the way. Thanks for clarifying :)
Only tangentially relevant, human beings get along better with their agenda (that is, are more productive) when they’re freely allowed to check email and their lemmy feeds, shop on Amazon and whatever other social media stuff they do. In fact, studies have shown an improvement when they drag overly-focused clerks to their mandated coffee breaks (actual coffee optional).
So if you’re getting into trouble for chatting with your kids, or answering emails or resupplying your household with dog food, that might be an indicator your work environment is toxic and you might want to keep looking out for better offers.
Also when game dev teams are crunched, their productivity drops below 50%. When they’re crunched for more than two weeks, it drops below 10%. So don’t crunch your devs.
What are you talking about? They definitely dont see what I browse in a whonix Qube…
If allowed, doesn’t DoH/DoT mitigate this issue?
Not if your employer has installed a root CA on your machine, enabling them to man-in-the-middle all your TLS connections.
Oh that’s a thing? That’s kinda frightening
Not necessarily, as the browser is still logging the history.
Well that’s what private mode is for, to dump the local data after closing the browser session
I know I’m here a week later, but a large number of system administrators disable browser proxy systems, dns over https, and incognito. It’s a neverending war.
Pretty much, but (noob question) how can they block DoH, wouldn’t they have to block HTTPS completely as well?
They control the browser settings itself. It’s either a work managed device or profile.
Ah ok that makes sense
