YSK: Browsing "ALL" at work might get you pulled into an office, even with NSFW off.
Why YSK: It appears several Lemmy Instances are flagged as suspicious and at least 1 instance intentionally using the name of ransomware. A couple of the big enterprise monitoring suites (Fortiguard, ZScaler) will flag your account and may end up with you being pulled into an office for an explanation, or worse.
TL;DR: Keep browsing to your local instance at work for now.
This does not apply for most european users. Source: I am the one who gets these requests and anyone who isn’t a judge gets jack shit. Go pound sand. Anything else would be illegal under privacy and work laws. Even police wont get ANYTHING (judge will reject it) if the crime in question isn’t worth at least 2 years of jail time.
Suspected malware domains just get blocked, no further action will ever take place.
When I read stuff like this, I feel there is a whole part of Lemmy that I am totally clueless about.
I have no idea even where the areas that OP is talking about even exist, and with the way the servers seem to go down all the time or I need to reload a browser, it makes it that much more difficult to wander around and get to know the place because you never know if a certain page is empty because its really empty or it just didn’t load correctly.
I used to sign in to my personal accounts on my work computer. And then a place laid me off and remotely locked the computer before I could sign out of anything, and I realized I had been stupid.
Now I just use my phone. But I also work from home so there’s no one to creep on me and report I’m looking at my phone instead of click clacking away.
Protip use anydesk to connect to your own computer remltely and do personal stuff from there. Then the only link to be severed is anydesk, which can be protected by password and 2fa
Pro tip, use KVM switches and USB mouse movers. Also if your work is hardcore enough to restrict software… Just RDP to your home computer. But I leave no trace of my slack on my work machine.
The other day I was on all and there was fucking porn without any NSFW filter on it on some cumsluts community, no co-workers were around thankfully but it was a good wake up call that all is not a place you wanna be unless you are at home.
DoT uses the TLS protocol as far as I know while DoH uses the general HTTPS (443) protocol. But both of them are encrypted so you shouldn’t worry about security with any of them. Just use the one that is supported with your device/app
That was my response. You shouldn’t be doing personal tasks on a work phone. Has that ever been a thing corporations wouldn’t immediately fire you for? VPN or not, NSFW or SFW, don’t browse Lemmy or other social media on your work devices. Ever. Depending on who you work for, it could even be highly illegal, especially if it’s a government job.
Yes there has ever been a corp that wouldn’t fire you for that. Everywhere I have worked actually. They just warn you that they can see what you are doing.
Eh, my work explicitly states we can use our work laptop for personal use as long as it doesn’t interfere with work. We can even install software if we want, but there are a lot of security features that ensure you can’t put anything wonky on there.
That said, I usually steer away from social media on my work laptop, except some highly moderated and text-focused places like resetera.
A lot of people really just don’t get this. I had to explain to a couple people they can go look at basically anything they want as to what you’re looking at. Less is more. We have an app on all company phones called lookout that monitors everything including GPS than you can’t turn off. I hate it. I have to keep my phone on when I’m at home too so I extra don’t like it.
There's some at mine that don't even have a personal and I don't get it. You leave and have to change your number and deal with all that crap plus if you have to have an account sent you a text.
They told me that was an option an I was like Fuuuuck no, I keep that shit separate. I still get calls on my work phone when the previous guys kid needs to be picked up from daycare.
This is why we have a Palo Alto firewall. All internet traffic from a single PC being tunneled over a VPN would set off some flags and quickly be remedied. Good, modern firewalls can do what are essentially “man-in-the-middle” attacks to snoop on traffic. If this was prevented by a VPN it will be immediately known.
“You should be using a VPN” is not universal advice. It’s not up to you when you do not own the internet connection you are using.
Why would you join your phone to the company wifi? Mobile data is cheap (at least where I am). I’ve never joined my personal phone to an employer’s wifi. At least not in the last five or so years.
Its worth noting, you cant actually MITM most traffic without device acess. To MITM my lemmy traffic, you would need either a copy of the certificate and private key of for example lemmy.world, which they would never willingly provide, or you would need to get a valid certificate from a CA for lemmy.world, which you could never get without verifying ownership of the domain.
If you are using a company owned device to browse Lemmy, then 100% they can very easily install a custom Root CA and make their own certificates, and you should assume all your traffic is monitored. But if they allow BYOB or for your phone to be on the network, then they would be unable to see that traffic without you being able to tell, because you would get certificate errors.
But if they allow you to install a VPN, then just use TOR with a TOR bridge and you wouldnt have issues, because they cant tell its VPN / TOR traffic akaik
Unless you’re handing your phone over and letting them root it, they almost certainly are not MITMing your traffic. At best, they can see you’re using a VPN. If they are able to snoop your traffic, either your VPN is absolutely shit, or you changed some setting you shouldn’t have and fucked yourself.
omg people, dont do personal stuff on your work machine or connected to your work network. A vpn wont save you from all the software they install in your machine to track you. Use your phone with your mobile data.
That doesn’t make the PC, network, and connection belong to the employees. You’re making ideological leaps that are not in tune with the reality of the situation. Obviously the company can’t exist without employees. That doesn’t matter in this situation. Fact, a company run by capitalists. Fact, I am paid a wage. Fact, my wage is what I agreed to take as payment for my labor. Fact, this PC I use to perform my duties IS NOT FUCKING MINE.
Nah, they sure do want to know, though. It’s not businesses business to know what book you are reading on lunch break, it’s not businesses business to know what newspaper you are reading at work, it’s not businesses business to know what social media sites you are reading.
I am of the perspective that if you are accessing that book or newspaper or social media sites using company equipment and network resources, then the company, as the network operator, sets the terms and conditions of you using their network. That can extend to SSL decryption of all connections or blocking unwanted programs or websites or nothing at all, it is all down to the company policies at that point since they own the equipment and pay for the ISP connection.
I don’t think it’s a good idea to use company networking equipment or connections with the same expectation of privacy (or control) as an internet connection you pay for. (eg. Home ISP, wireless carrier, etc) Even consumer ISP connections have certain well-known protocols blocked at the carrier as part of the terms and conditions of utilizing the ISP’s connections. It may be your traffic, but it may not be your network it is traversing. Most network operators have an inherent interest in the traffic traversing their networks.
You’re perspective is a very authoritarian hellhole of a perspective I’ve gotta say. If you think just because the company controls the network connection they get full obliterating rights to your every waking moment and you get zero levels of privacy then we are on very different sides of worker rights.
No, I understood you, I didn’t misconstrue anything. We just differ massively in opinion. You think the network operator gets to decide the content that flows over the network. I say the network operator pushes packets and has no right to interfere in your private life.
The move to further and less breakable forms of encryption between clients heavily suggests that the tide is turning in my direction.
I imagine the socialist/ML and pro-union content also plays into this (speaking as a socialist/ML and extremely pro-union, mind you). Corporations hate and are terrified of any sort of dissidence that threatens their profits and will absolutely police your activity on it. Weirdly enough Western “freedom of speech” doesn’t seem to extend to this kind of stuff in practice, can’t imagine why.
I do. I also competently complete all the work that’s given to me and then some. I’m being paid to do a job and I do it well. If I’m not engaged in work and caught up I’m going to discretely “fuck around” while still being on hand for anything that needs me.
That’s what most jobs are: you’re paid to complete specific tasks and be available for when something comes up.
Oh, I could be doing more work? – I’d love to … for more pay or time off. The expectation of “looking busy” and “busy work” is for jackasses, and I don’t work for free.
Could it be that in your country your employer is required by law, or there exists an union contract that specifies your right to access this information?
The company firewall very likely is using a “content filtering” function which for Sonicwall, for example, is a subscription service where the admin can select any number of “categories” of content to block. I found lemmy.world was being blocked because Sonicwall had that domain categorized as “gaming” which was disallowed. I reported the error to Sonicwall that it should be “social media” but haven’t heard back (it takes a while) but some companies might block that category also. In short, it might not be blocked because of any positive action by your company but instead by accident because whoever first classified the site didn’t understand what it was.
I’m less worried about what they actively block with an in-your-face “this content is forbidden” screen and more worried about what they might silently flag to my supervisor, tbh. They’re unlikely to block pro-union content, for example, but might silently track who’s going on those kinds of sites.
Your personal security concerns are valid but every company is different, and it seems most people don’t work at a firm their whole lives anymore so there is less trust and less loyalty and decency, really. In my case the wifi given to employees for their personal phones is totally segregated from the work LAN so while it is definitely monitored and protected in the same way, its far less of a concern for company security. It is also throttled so watching videos is almost impossible, it blocks a hoard of malicious stuff (which makes using it safer for the user than when they leave), and many of those using it are on cheap limited plans so they might not be able to leave their comms open to their family or check the location of their kids during the workday, or even get updates otherwise. Many use it to stream radio stations or listen to podcasts usually into earbuds. Properly classified porn sites, etc. are blocked. However, I recently heard there will be changes imposed on us from above and all these users may soon be kicked off this wifi entirely. Managers and office workers will certainly be still allowed to use it but the people who really need it? I guess they are SOL.
The only people to know about it would be IT, if we even have an alert for it (we generally don’t) because we don’t care about someone trying to access something is blocked, we know its blocked so its no threat. Things we care about are real security concerns like when your machine suddenly is downloading a bunch of exe files, connecting to a database server in Brazil, scanning the network for open file shares and running powershell scripts to encrypt every file it finds. Most well-set-up places are running endpoint protection now though so the first thing you’ll notice is you will lose your internet. THEN you might get visited, but by then you’ll probably be calling us since nothing works LOL
Be careful though, as many companies also flag VPN usage as suspicious by default.
If you’re just looking to hide from your employer, you might want to consider self-hosting a VPN/HTTPS proxy server, or, for more technical users, self-host a VPN/proxy server that forwards the incoming traffic through a commercial VPN. If you use a commercial cloud hosting platform, all they can really see in that case is that you’re accessing, say, a Digitalocean server, which can also be for any number of benigin websites. Make sure you have your VPN client set to connect over port 443 (the normal HTTPS port) and not the official OpenVPN or Wireguard port, as well as use the networking interlock (internet killswitch) feature that disables internet access without the VPN connection active.
Still not perfect obviously, but I imagine better than using a well-known commercial VPN directly. Or, you can always just use cellular data/hotspot for personal browsing and completely prevent your employer from seeing it.
That’s a given. Who wants some VPN provider in south asia knowing you surf history? (same for DoH and Cloudflare btw) Just set up a private VPN in your router.
Pretty sure you can create a tunnel without any admin rights or installing anything. Might require you to run ssh on port 443 if they are really strict.
No, if he’s not in IT it should not be possible - I don’t know what email system you’re using but this person should not have the access you’re saying they do.
I’m not saying it shouldn’t be technically possible (I’m a sysadmin, I know what’s possible in a corporate environment), I’m saying your organization should not make it possible.
If he’s in some leadership position I’d be looking for other employment and/or reporting that person to your corporate compliance officer if you have one.
Yeah, well. He’s in admin, and I don’t feel like searching for a new tenured position. I’ll just skirt shit until he’s gone. And by then, keep skirting shit anyway.
I don’t know who you think I am, but I’m not in a position to hide some random person’s internet browsing on the web. I’ve already recommended options to avoid being traced.
Think to yourself, are there any possible other scenarios in which the person I’m talking to is not the boss of other people? Maybe this person has been employed and wanted to hide their own habits… maybe this person used to be in a position where they could monitor and / or control internet access… maybe this person snitched on their workers, maybe they didn’t.
But you’re right, I’m probably the boss. I’m probably actually Elon Musk.
Add comment