Dealing with monitoring software on work computers and transparency

Question

Does your company run any monitoring software on your work computer? If so, does it interfere at all with development tooling? My company's IT team has been very secretive with the tools and settings they are deploying. Their applications are interrupting build tools and there are rumors floating around web traffic is being monitored as well. The company can do as they wish with their property but I'm interested in where one draws the line.

runjake · Accepted Answer

I work on that IT side of the fence. You should assume that all activity is being monitored on your work machine and on your work network, because it probably is, and is your job worth testing the odds?
Additionally, modern OSes log and cache stuff all over the filesystem and even though you cleared your browser history and cache, it's highly likely there's still undeleted detritus sitting on your device's storage. I have recovered supposedly-cleared caches many times without having to resort to filesystem forensics tools, simply because of stuff like log rollovers, and routine snapshots of data caches.
Where do I draw the line? If I were subjected to it myself, I'd keep looking for a job where this kind of monitoring didn't happen. Not because I want to goof off on HN all day, but because its creepy, fosters distrust between employer and employee and hinders my tasks.

privcythrowy · Answer

> The company can do as they wish with their property but I'm interested in where one draws the line.
I'm not sure how universal that is. Personally I always prefer keeping my stuff away from a work machine, but this does not mean that surveillance is OK.
Where I live (Western Europe), it doesn't really matter whose property it is, surveillance is not allowed. If your employer is analyzing your web traffic and/or reading your e-mails this is illegal even if it's on their property or their network.

Jaruzel · Answer

I've worked in many large Corporates, mainly in the financial sector. I've also spent a large part of my early career designing and deploying the 'standard' build that gets put on all work end-user machines.
At the very least, a regular full audit of your machine will be done. It will be looking for unauthorised executables, scripts, and certain filenames. This is in addition to the normal malware/virus scanning with central reporting that will also be enabled.
Then there's the prevention of the user being elevated, so that normal users can't install anything (although stuff like Chrome, and some Chat apps try to bypass this) - some places totally rely on a central deployment platform (i.e. SCCM) other places allow exception via one-time codes.
It's this prevention that tends to fubar most dev tools, which assume the user has a high level of rights.
Web usage is definitely logged, with either auto alerts to line managers/HR based on keywords, or is only actively looked at if it's a problem employee. Most countries have employment laws, which mean that web usage HAS to be logged - it's to protect the employee as much as the employer.
Unscrupulous employers also install 'idle' monitors, to check that the user is actively working on the machine during the day (I'm looking at you, Barclays Bank!) - these are people no self respecting professional should ever work for in my opinion.
In short, if you think you are trying to do something on your work machine that you do not want you employer to know about, then it's probably something you should be doing on your personal device instead.

rojeee · Answer

Where I work it the software doesn&rsquo;t interfere with development tools but still, I don&rsquo;t like the idea of it. Luckily they only have such monitoring software for Mac OS and Windows, so the solution is to use Linux (for now). If your company allows you to use any OS then I would recommend switching away from Mac OS/Windows... I guess there are trade-offs though, most Linux distros are not as polished as Mac OS, for instance.

brundolf · Answer

If it bothers you, avoid larger companies. Only one of the companies I've ever worked at even had an IT department (it was two people), and even there I had admin permissions on my own MacBook because it was easier for everybody if I just set up my environment myself instead of filing a bunch of helpdesk tickets. Creepy surveillance-ware seems to be more prevalent at giant companies who a) have the money/man-hours to bother with it, and b) have enough distance between devs and management that they feel like it's necessary.

maps7 · Answer

In any big company, web traffic is being monitored.

scott31 · Answer

If your device is owned by your employer, they can technically do anything with it, including illegal spying on you. Whether something is legal or moral is irrelevant, you should just assume they are doing it and act accordingly. Trying to draw any other line is not helpful.

cpach · Answer

To the best of my knowledge, the companies I have worked for has never utilized any spyware as such. Only AV software.