Nearly 20 years ago we used to install monitoring software to tell if a user's mouse or keyboard hadn't been used in a while. More and more places use traffic inspection "for security". Desks now use sensors to tell when warm bodies are near. Doesn't matter whether you're working from office or in the home, surveillance is here to stay.
Good businesses should only care if work is getting accomplished. Bad businesses will continue to use draconian methods to try to squeeze productivity rather than foster it. Quit the bad ones, join the good ones.
in the United States. Europe has very strict rules about surveiling employees.
Example: In Austria we are not allowed to use some of the functions that Azure-AD joined computers would be capable of because employers _might_ push remote control software the user hasn't agreed to
Same here. Employers can't even look inside user's mailboxes because there is no guarantee that it doesn't contain anything personal. Even if the company has a rule that you're not allowed to use it for personal things, the law supersedes that and you still can't do it willy nilly.
As a foreign developer living in Austria I'd like to offer a counter perspective: that might be why Austria, even in the tech scene has some of the lowest and least flexibly WFH possibilities I've ever seen in any EU job market: so the bosses can keep a close eye on you at the office, because they can't via SW.
Every job I applied to, even the most liberal ones mandates at least 2 day per week at the office in the best case, with some SW companies having max 1 day per week WFH because "we're more efficient at the office" lol. Every time I ask at an interview if they let me work 100% from home, so I don't waste 2h/day commuting, they look at me like I asked them to let me f*ck their mom.
Also, many Austrian companies keep rigid track of your time and breaks at the office via electronic card punch in/out systems which are a government mandated legalized forms of workplace surveillance, meaning I have to spend 8h per day at the office regardless of my work being done in 5 and unable to do anything remotely productive for the remaining 3 because my brain is fried, while some companies even make you punch out for coffee breaks so you're not taking a break on your employer's dime, meaning you need to spend even more time at the office what's beyond your legal allowed 30 min lunch break which is also not included in your 8h closely-recorded workday.
So IMHO, it's not all as progresive as you make it sound. It feels like an archaic system designed to keep unionized factory workers strictly in line to their mandated 30 min lunch breaks and making sure no overtime occurs on their shift, but is severely out of place in the world of digital knowledge work where it's used in some companies to keep employees at the office glued for 8 hours to their chairs.
Universal income covering the very basic would still keep people making beyond minimum wage vulnerable.
Paying meaningful money would be too expensive at scale. Then few jobs could pay meaningfully more than the universal income. Why work if you get +/- not working?
You'd think people would learn after the covid money printer that giving people paper with funny pictures doesn't actually do anything.
UBI, like Roko's basilisk, is the magical thinking of our age. We need a working government to meet people's needs because the market sure as hell can't. That's a lot harder than just brrrr.
Meanwhile in 2023 a favourite argument of management who want everyone back in the office is that it's essential to have those casual interactions around the watercooler. When of course your keyboard and mouse won't be used at all.
> Good businesses should only care if work is getting accomplished.
This always comes across as people wanting to have the cake and eat it. Employers should only care that the work is getting done, but if the work isn't done, then the employee should still be able to go home after 8 hours and get full salary?
If the work is not getting done, spying on people isn’t going to improve things. If you want people to work, you have to properly motivate them. That means fair wages and non-toxic management.
You have to pay full salary regardless of whatever you deem work is and however you judge the status to be done or not. You can ask the employee to stay longer do it enough and that employee now pushes off their night and starts coming in later to.. because they are going to be staying late anyways. And nothing gets done after 5pm aside from making plans to hit the bar at 7/8/9. The CEO notices this and this employee has a rep of staying late. Soon he is your boss.
What would you rather have again? An employee finishing early sounds good to me
lol oh the good old days. The funniest part is, it would take screenshots of desktop periodically, but I would know when it's happening due to micro lag in mouse movement as it happened. It was so hilarious. I didn't give a crap because I worked hard anyway. Ended up staying at the place for 17 years.
> Good businesses should only care if work is getting accomplished.
Goodhart's Law (HN might be annoyed at how often I reference this)
Goodhart's Law isn't just about that setting a metric as a target leads to that metric being exploited, but is more about how difficult things are to measure and evaluate. The lesson to be learned here is that measurements should only ever be considered as indicators at best, and usually as weak signals.
Proper evaluation requires significant nuance, exceptions to the rules, and care. It requires being human: messy, a bit chaotic, and inconsistent. There's good reason for our desire for good metrics. It can help make things fair, consistent, reduce bias, and help control for bad actors. There is that appeal to act mechanically, as machines are often highly interpretable and controllable. But over-reliance on metrics end up with the exact same results. Humans will always exploit a metric. Humans aren't machines. Hell, AI always exploits metrics (which creates a big irony that there's so much benchmarkism in the field). For this reason meritocracy can never exist, as unbiased metrics and evaluations can never exist. Doesn't mean we shouldn't strive for it, but rather that we need to think slow and with care. Unfortunately, our brain is lazy and wants to think fast and on autopilot. An irony with how often HN references Kahneman's book. The most human thing we can do is actually override our autopilot, as that's what differentiates us from the other animals and machines.
Good businesses should only care if work is getting accomplished. That's hard to measure. But one needs to recognize this rather than chase mechanistic one-size-fits-all metrics. You need to embrace the chaos to navigate it. Set guidelines, not rules. Managers and business owners, take heed.
> surveillance is here to stay
I'm unconvinced. This happens because there is little to no pushback because people are convinced that the hierarchical structures are too powerful. But as I said above to embrace the chaos, this too is how you can attack these structures. I talked about this longer in another thread, but remember that you're <6 steps from any person. Ideas spread like viruses (memes), and the control only exists when we stop talking and communicating. If we self censor (e.g. are afraid to tell others our salaries because we think they'll be mad at us instead of the person that controls the pay) then the hierarchy has too much power. Hierarchies are good, but power gets abused. It isn't good for your business to have that power abused. But it also requires care: to not chase short term gains but think long term and remain fluid (environments change. Adapt or die).
>Why shouldn't the "productivity" of these staff be measured? Because you don't like it?
No one is arguing against this. Stop creating strawmen.
People are against draconian practices aimed at micromanaging people when data is already available, individuals are meeting targets or the targets aren't met due to something out of their control.
In the case of programming, if you have any decent system, you can query commit dates, opened bugs/features, closed bugs/features, time in meetings put on the public agenda, and more. None of this requires surveillance during the development process, only measuring inputs and outputs.
Of course you have to be very alert for quality of boxes, and for selection of boxes. A savvy employee will only choose the easiest tasks as all are ranked equally.
Exactly the same with ticket based jobs. Any measure you have can and will be gamed.
> If you work at "big shipping co" and "box" 1 item a day and your colleagues do 100, should you not be fired?
If each of those boxes earns >100 times the profit, the boss would be kinda dumb to fire me. At any rate measuring that doesn't require surveillance software.
During covid when WFH, I received a legitimate looking SMS message with a link, so rather than clicking it, I curl --verbose'd it (and one subsequent redirect) before seeing it was an obvious phishing / troll. The next day, my VPN & SSO was disabled with instructions to contact corporate security. My use of curl had been detected and while they didn't accuse me of anything, they claimed that they wanted to make sure that I hadn't been hacked. I've never felt safe since then - I don't know how "deep" this spying goes. Yes it's their equipment, their network, etc. But I hate the way this makes me feel.
I sympathize - it must’ve been stressful to go through this.
Yet I just can’t stop to imagine the other side’s perspective and it’s making me laugh:
I’m sitting in front of the monitoring dashboard, chewing a sandwich, and then a spike of intranet activity shows on one of the charts. I look at the dashboard and immediately notice that it’s effect of some SMS broadcast. Nothing to see here: lazy Tuesday.
Then on the dashboard with user agents new column shows. 1 request. Curl’s user agent sticks out like a sore thumb.
“Oh, someone probably just copy & pasted contents of the text message to check it out through curl in order to be safe” wouldn’t take place in Top 10 thoughts that’d I have after seeing that.
If I'm using curl, I'm probably also using git, ssh and wget. I think an active threat would be more likely to try to blend in (a giveaway would probably to use a user agent that declared I was using a different OS because it was hardcoded into the payload.)
What I end up thinking about is that even though I'm back at the office full time (and I'm one of the weirdos that actually prefer it) I have doctors appointments, school teacher meetings and such that have all moved online. So convenient!, except there's no way I can realistically attend them privately, so a 5 minute meds appointment is now once again a 3 hour travel ordeal.
End-to-End encryption doesn't matter if your employer is scraping your device. I know this is all obvious, but it didn't need to be this way.
At the beginning of the covid it became popular to hire some companies that send those links, and then report back who opened them to you, so you could train the people.
You may have been caught in one of those exercises.
But anyway, always assume your workplace's VPN logs every access. The obvious retention period vary from one place to another, but the logs seem to always exist.
I'm personally not too concerned with cases like this. I mostly avoid personal activities on work equipment unless they're benefit-adjacent. My thinking is if they over-snoop and see health or financial data they shouldn't see (and it gets out), it'll look bad because I was managing benefits that are part of my employment.
Outside of that, I keep my use very benign. I'm logged into the Financial Times and Stackoverflow. Most companies with knowledge workers won't look at any metrics they collect unless it's a security thing or they have a reason to look. But yes, assume that they can look if they want to.
Once they start snooping around, they're probably going to fire you regardless. They just need a story to tell.
Wait, so you curled a phishing link while connected to a corporate network and you didn't think that would be monitored? I am sorry but your company's security team is not doing well if you're surprised by this. What is your expectation if I may ask? Because I spend a LOT if time just looking at what what people are doing via email, endpoint and network logs (looking for malicious activity, don't care about their performance or going to naughty sites), do you not know that is happening?
Yeah. Like... monitoring network activity on the VPN for security is one of the areas I would be surprised if the employer IT wasn't doing. I don't know why that would surprise anybody.
Hard disagree. I've worked at multiple companies that care about security. Monitoring employee equipment use for activity that could indicate a compromise is a positive signal.
Agreed. Where do you guys work to be monitored like that?
I dick around all day at work, I watched YouTube video in the background, I still use paper notes so my cursor can be still for an hour sometimes, etc and I never received anything like that. That's over 4 employers since I went full time remote.
Not saying they're not "watching" me, but they don't seem to care.
Is there a typical profile for companies that go that far in the 1984 crazyness?
Were they taking issue with your use of a tool, or the fact that you apparently click on phishing links? Was that a test run by your company's cybersecurity department?
Is your phone personal? BYOD? Company-issued?
I can't fathom how "detecting curl" can put you in the doghouse, but I would shut you down too, for accessing malicious websites.
Ah yes the famous phishing tests. They bypass every spam filter, and if your company is like mine, that uses a new external website every week for something, it's completely impossible to tell apart phishing from actual email.
> Y.T.'s mom pulls up the new memo, checks the time, and starts reading it. The estimated reading time is 15.62 minutes. Later, when Marietta does her end-of-day statistical roundup, sitting in her private office at 9:00 P.M., she will see the name of each employee and next to it, the amount of time spent reading this memo...
> Y.T.'s mom decides to spend between fourteen and fifteen minutes reading the memo. It's better for younger workers to spend too long, to show that they're careful, not cocky. It's better for older workers to go a little fast, to show good management potential. She's pushing forty. She scans through the memo, hitting the Page Down button at reasonably regular intervals, occasionally paging back up to pretend to reread some earlier section. The computer is going to notice all this. It approves of rereading. It's a small thing, but over a decade or so this stuff really shows up on your work-habits summary.
"Global demand for employee monitoring software increased by 108% in April, and 70% in May 2020 compared with searches carried out the preceding year."
Every time one of these stories comes out I sigh a little and conclude that it's more showing the failure of modern management practices and the legal environments these companies are required to operate in than anything about employee responsibility.
Companies should be judging their people by results. If someone's performance is acceptable then all of these surveillance metrics don't matter. If someone's performance is not acceptable then all of these surveillance metrics still don't matter. If the company can't tell if an employee's performance is acceptable then maybe that's something they should think about first.
Some of the nastier management practices are also CYA policies because of potential liability if the employee does something they shouldn't or suffers some harm personally while working from home and the company is held responsible even if there was little it could or should practically do to avoid the harm. It seems likely that some of our legal frameworks for employment relationships are outdated in the WFH era and could benefit from review. It should be clear what responsibilities an employer has to a WFH employee - for example providing WFH staff with suitable equipment to do their job properly and safely - but I don't think we should burden employers with responsibility for bad things that happen beyond their reasonable control. Maybe some of the perceived need for these aggressive and often covert surveillance measures goes away if some of the arguably unreasonable liabilities for bad things happening are also taken away.
> Companies should be judging their people by results.
You're not accounting for the many companies where a sizeable chunk of the workforce are "bullshit jobs" and are just there to create work for other bullshitters and/or be there for political reasons to pad someone's direct reports list and justify their salary. This is an major epidemic in some countries and cultures especially in Europe, and remote working threw a big wrench into this machinery by giving those workers a lot more power and perks that are usually reserved to elites within the company.
In this case there is no tangible output to measure, the only "output" is the suffering of the employee and the appearance of them working hard. This kind of spyware thus makes sense to force the employees to "work" hard and not become too complacent/comfortable in order to perpetuate the charade.
I don't expect this being used in startups or smaller/more modern enterprises where the org chart isn't (yet?) bloated and productivity is measurable based on output, but to be fair this is also not a vertical that Microsoft is targeting (nor can compete in even if they wanted to). This is targeted at large, bloated companies where they need to keep herds of bullshit jobs under control and make sure they don't get too comfortable - otherwise it would rock the boat if some low-level employee appeared to "have it easy" more than some high-level director/VP/executive, regardless of their actual productive output (if any). The spyware will efficiently detect such occurrences and make sure they are addressed.
This is a naive take imo, especially in a small business where you're signing checks from your personal bank account to your employees. When I'm paying someone for work out of my own pocket, I'm going to make sure that they're reaching peak productivity. I don't know why this expectation wouldn't exist at a larger company as well.
Two things can be true at once: my employee can be delivering good results, and my employee can deliver even better results. Just because an employee is delivering results doesn't mean that is their maximum potential.
The other thing you're not considering is the fact that management has a responsibility to maximize productivity with the workforce they have. Where you see management failure, I see managements responsibility.
Now, none of this means there aren't poor managers (I've had those), nor does it mean that the solution is straight up surveillance. What I am saying is as someone who does manage, and as someone who does pay employees, this issue isn't nearly as cut-and-dry as you're making it out to be.
I don't understand your objection. I also run a business. I also pay people to do things for that business. The amount of money that eventually reaches my personal bank account does depend on the performance of the business and that in turn does depend on how much we pay people and how good a job they do for us.
So I care very much about whether they get those jobs done well. But I couldn't care less how much time they spend with their backside in a chair or how many messages they sent last week or whether they took a 1h30 lunch break yesterday because they went out shopping for a birthday present for their kid.
I default to trusting people working for us to be honest and do their job to an acceptable standard. I'm only interested in intervening if that isn't happening. In that case the kind of metrics under discussion here aren't going to help me figure out the real problem and how we can fix it. They aren't even likely to be worth much if as a last resort we do have to lose someone who can't get the job done properly and later we have to defend that decision in some kind of dispute proceeding.
This isn't to say we can't give feedback and provide training to help anyone working for us to perform better. But I don't see what relevance these kinds of metrics have to that either. I've always found talking with people openly about how things are going to be far more effective. YMMV.
This is why I got really worried when MS somehow combined my private O365 with that of my employer. Likely happened because I had both accounts on the same iPhone. Suddenly, my work computer offered to open a word doc from my private OneDrive.
Microsoft is very intransparent here. They didn’t ask me, I couldn’t find out if that means my employer has access to my private data, and it kept coming back even after I found the “unlink” option. Creepy.
The link is because Microsoft's account system is such an old beast that a proper account switcher, like the one Google has, is completely out of the question. Instead, it seems the product team for M365 / Office.com created this high-level account linking process to make it at least palpable to the majority of users that only have one enterprise-based account and one personal account. If you happen to have more than 1 account, the account switchers on anything other than office web apps is going to break.
Why does it even need to be "request"? Are they that cheap these days that they won't pay unless asked (begged)? If the company needs you to use a computer, it needs to provide you one. I am sure not letting my personal and work machines mix, both for this and IP reasons, and on the other side, if I was in control of such things, using personal machines would be an exception.
Good employers already give you your own laptop and might offer to give you a phone. But good employers are few and far between, especially in recession-esque periods where everyone that doesn't have an extremely resilient IT staff (or isn't a public company) will have bean counters cutting costs in many areas, either downsizing new laptop purchases (making doing work harder) or cutting them all-together.
My company would rather have me waste several days shuffling data around partitions rather than pay for the cloud disk that I actually need (3T, nothing insane).
Can you expand on this at all? Is it consciously better, or was the presence of work devices subconsciously affecting you? Did you notice particular improvements, or ...
So like, how does that work. I've got a pair of Asus routers with one acting as an access point (AI mesh).
Would I need to buy new routers? Do I daisy chain the routers or can I reuse the wifi ap? Or put Merlin on my existing ones?
I'm in tech but these network suggestions are all quite opaque to me.
Contracts between parties with asymmetrical power often require collective bargaining (regulation, reputation, unions, insurance) to design systems that meet the long-term needs of all participants. Compare the terms of EU-US data sovereignty negotiations, or corporation-corporation data rooms, with corporation-employee agreements.
Given the rate of change in surveillance telemetry, AI local/remote analytics, enterprise sysadmin competence, global threat models and "chat control" draft legislation to bypass E2EE confidentiality, it is unlikely that individual humans can negotiate balanced Terms-of-Service/Employment/Citizenship.
There are OSS-based systems (QubesOS, OpenXT, Android pKVM nested-virt replacement of TrustZone) which are architecturally compatible with remote management of isolated workloads by mutually-distrusting clouds and enterprises. This is the WFH inverse of cloud "confidential computing". Workload isolation is hard/intractable on pre-CHERI PC hardware that is littered with side channels and legacy complexity, but isolation of mutually-distrusting clouds can be practical with a combination of monitoring and legal agreements. WFH humans can collaborate on OSS code to enforce OSS legal agreements that mediate between employees and corporations.
> The series takes place in a dystopian Milwaukee in the year 2074, where many countries have gone bankrupt .. In the absence of effective government, powerful multinational corporations have become de facto governments, controlling areas called Green Zones. The remaining territories are called Red Zones, where governance is weak or non-existent.
Wi-Fi 7 Sensing routers (2024) can generate 3D images of human activity through the walls/floor/ceiling of homes and business, profiling human position, movements, breathing, typing, emotion and more, https://news.ycombinator.com/item?id=34480760. After standardization by IEEE in consumer routers, which remote parties would be interested in WFH WiFi Sensing Analytics? How could regulators, employers, employees and home-builders respond?
Readit News
Good businesses should only care if work is getting accomplished. Bad businesses will continue to use draconian methods to try to squeeze productivity rather than foster it. Quit the bad ones, join the good ones.
in the United States. Europe has very strict rules about surveiling employees.
Example: In Austria we are not allowed to use some of the functions that Azure-AD joined computers would be capable of because employers _might_ push remote control software the user hasn't agreed to
Every job I applied to, even the most liberal ones mandates at least 2 day per week at the office in the best case, with some SW companies having max 1 day per week WFH because "we're more efficient at the office" lol. Every time I ask at an interview if they let me work 100% from home, so I don't waste 2h/day commuting, they look at me like I asked them to let me f*ck their mom.
Also, many Austrian companies keep rigid track of your time and breaks at the office via electronic card punch in/out systems which are a government mandated legalized forms of workplace surveillance, meaning I have to spend 8h per day at the office regardless of my work being done in 5 and unable to do anything remotely productive for the remaining 3 because my brain is fried, while some companies even make you punch out for coffee breaks so you're not taking a break on your employer's dime, meaning you need to spend even more time at the office what's beyond your legal allowed 30 min lunch break which is also not included in your 8h closely-recorded workday.
So IMHO, it's not all as progresive as you make it sound. It feels like an archaic system designed to keep unionized factory workers strictly in line to their mandated 30 min lunch breaks and making sure no overtime occurs on their shift, but is severely out of place in the world of digital knowledge work where it's used in some companies to keep employees at the office glued for 8 hours to their chairs.
This is why universal income is extremely important, so that people can pursue better jobs without risking being vulnerable.
A better solution is to focus on worker’s rights and labor regulations. Of course that opens the internationalism question, but so too would ubi.
Paying meaningful money would be too expensive at scale. Then few jobs could pay meaningfully more than the universal income. Why work if you get +/- not working?
UBI, like Roko's basilisk, is the magical thinking of our age. We need a working government to meet people's needs because the market sure as hell can't. That's a lot harder than just brrrr.
Watercooler surveillance requires physical access for cameras and lip-reading, https://news.ycombinator.com/item?id=36188381
This always comes across as people wanting to have the cake and eat it. Employers should only care that the work is getting done, but if the work isn't done, then the employee should still be able to go home after 8 hours and get full salary?
Of course not. If the work isn't getting done, then the employee should be fired. And that's the case even with the surveillance.
What would you rather have again? An employee finishing early sounds good to me
Goodhart's Law (HN might be annoyed at how often I reference this)
Goodhart's Law isn't just about that setting a metric as a target leads to that metric being exploited, but is more about how difficult things are to measure and evaluate. The lesson to be learned here is that measurements should only ever be considered as indicators at best, and usually as weak signals.
Proper evaluation requires significant nuance, exceptions to the rules, and care. It requires being human: messy, a bit chaotic, and inconsistent. There's good reason for our desire for good metrics. It can help make things fair, consistent, reduce bias, and help control for bad actors. There is that appeal to act mechanically, as machines are often highly interpretable and controllable. But over-reliance on metrics end up with the exact same results. Humans will always exploit a metric. Humans aren't machines. Hell, AI always exploits metrics (which creates a big irony that there's so much benchmarkism in the field). For this reason meritocracy can never exist, as unbiased metrics and evaluations can never exist. Doesn't mean we shouldn't strive for it, but rather that we need to think slow and with care. Unfortunately, our brain is lazy and wants to think fast and on autopilot. An irony with how often HN references Kahneman's book. The most human thing we can do is actually override our autopilot, as that's what differentiates us from the other animals and machines.
Good businesses should only care if work is getting accomplished. That's hard to measure. But one needs to recognize this rather than chase mechanistic one-size-fits-all metrics. You need to embrace the chaos to navigate it. Set guidelines, not rules. Managers and business owners, take heed.
> surveillance is here to stay
I'm unconvinced. This happens because there is little to no pushback because people are convinced that the hierarchical structures are too powerful. But as I said above to embrace the chaos, this too is how you can attack these structures. I talked about this longer in another thread, but remember that you're <6 steps from any person. Ideas spread like viruses (memes), and the control only exists when we stop talking and communicating. If we self censor (e.g. are afraid to tell others our salaries because we think they'll be mad at us instead of the person that controls the pay) then the hierarchy has too much power. Hierarchies are good, but power gets abused. It isn't good for your business to have that power abused. But it also requires care: to not chase short term gains but think long term and remain fluid (environments change. Adapt or die).
It's literally a recession. IT just experienced historically massive layoffs over the last 6 months. Could you be any more out of touch?
Today I learned that Canada, Australia, South Korea, and Japan are third-world countries.
Thanks for the lesson in geopolitics, bboygravity!
Deleted Comment
What about jobs that aren't creative like coding or graphic design?
Some jobs are simply "sit in your chair and do work". The productivity metrics aren't speculative - they are measurable.
You may argue "these are jobs for AI" - but realistically alot of jobs are a way off from this.
Why shouldn't the "productivity" of these staff be measured? Because you don't like it?
If you work at "big shipping co" and "box" 1 item a day and your colleagues do 100, should you not be fired?
So measure the output, not the mouse, not the keyboard, not the chair, etc.
No one is arguing against this. Stop creating strawmen.
People are against draconian practices aimed at micromanaging people when data is already available, individuals are meeting targets or the targets aren't met due to something out of their control.
In the case of programming, if you have any decent system, you can query commit dates, opened bugs/features, closed bugs/features, time in meetings put on the public agenda, and more. None of this requires surveillance during the development process, only measuring inputs and outputs.
Of course you have to be very alert for quality of boxes, and for selection of boxes. A savvy employee will only choose the easiest tasks as all are ranked equally.
Exactly the same with ticket based jobs. Any measure you have can and will be gamed.
Those are results, and not measured by "is their ass in this chair for 8 hours?", same as monitoring keyboard and mouse usage.
No, because that isn't enough context.
If each of those boxes earns >100 times the profit, the boss would be kinda dumb to fire me. At any rate measuring that doesn't require surveillance software.
I don't understand, those are creative?
Yet I just can’t stop to imagine the other side’s perspective and it’s making me laugh:
I’m sitting in front of the monitoring dashboard, chewing a sandwich, and then a spike of intranet activity shows on one of the charts. I look at the dashboard and immediately notice that it’s effect of some SMS broadcast. Nothing to see here: lazy Tuesday.
Then on the dashboard with user agents new column shows. 1 request. Curl’s user agent sticks out like a sore thumb.
“Oh, someone probably just copy & pasted contents of the text message to check it out through curl in order to be safe” wouldn’t take place in Top 10 thoughts that’d I have after seeing that.
What I end up thinking about is that even though I'm back at the office full time (and I'm one of the weirdos that actually prefer it) I have doctors appointments, school teacher meetings and such that have all moved online. So convenient!, except there's no way I can realistically attend them privately, so a 5 minute meds appointment is now once again a 3 hour travel ordeal.
End-to-End encryption doesn't matter if your employer is scraping your device. I know this is all obvious, but it didn't need to be this way.
You may have been caught in one of those exercises.
But anyway, always assume your workplace's VPN logs every access. The obvious retention period vary from one place to another, but the logs seem to always exist.
Outside of that, I keep my use very benign. I'm logged into the Financial Times and Stackoverflow. Most companies with knowledge workers won't look at any metrics they collect unless it's a security thing or they have a reason to look. But yes, assume that they can look if they want to.
Once they start snooping around, they're probably going to fire you regardless. They just need a story to tell.
I dick around all day at work, I watched YouTube video in the background, I still use paper notes so my cursor can be still for an hour sometimes, etc and I never received anything like that. That's over 4 employers since I went full time remote.
Not saying they're not "watching" me, but they don't seem to care.
Is there a typical profile for companies that go that far in the 1984 crazyness?
Is your phone personal? BYOD? Company-issued?
I can't fathom how "detecting curl" can put you in the doghouse, but I would shut you down too, for accessing malicious websites.
> Y.T.'s mom pulls up the new memo, checks the time, and starts reading it. The estimated reading time is 15.62 minutes. Later, when Marietta does her end-of-day statistical roundup, sitting in her private office at 9:00 P.M., she will see the name of each employee and next to it, the amount of time spent reading this memo...
> Y.T.'s mom decides to spend between fourteen and fifteen minutes reading the memo. It's better for younger workers to spend too long, to show that they're careful, not cocky. It's better for older workers to go a little fast, to show good management potential. She's pushing forty. She scans through the memo, hitting the Page Down button at reasonably regular intervals, occasionally paging back up to pretend to reread some earlier section. The computer is going to notice all this. It approves of rereading. It's a small thing, but over a decade or so this stuff really shows up on your work-habits summary.
Wait a moment. What was the install base of monitoring software in April/May 2019/2020? We don't know from this article. This article is only referencing an article https://www.zdnet.com/article/employee-surveillance-software... referencing another article https://www.top10vpn.com/research/covid-employee-surveillanc... that was only monitoring internet searches.
I would like to propose that in this situation searching for monitoring software in no way equates to utilizing monitoring software.
Let's just look at one of the companies mentioned in the article. Hubstaff customers up 25%, net revenue up 55%. https://blog.hubstaff.com/year-in-review/
Surveillance is of concern but I think the article is very misleading and very overhyped.
Companies should be judging their people by results. If someone's performance is acceptable then all of these surveillance metrics don't matter. If someone's performance is not acceptable then all of these surveillance metrics still don't matter. If the company can't tell if an employee's performance is acceptable then maybe that's something they should think about first.
Some of the nastier management practices are also CYA policies because of potential liability if the employee does something they shouldn't or suffers some harm personally while working from home and the company is held responsible even if there was little it could or should practically do to avoid the harm. It seems likely that some of our legal frameworks for employment relationships are outdated in the WFH era and could benefit from review. It should be clear what responsibilities an employer has to a WFH employee - for example providing WFH staff with suitable equipment to do their job properly and safely - but I don't think we should burden employers with responsibility for bad things that happen beyond their reasonable control. Maybe some of the perceived need for these aggressive and often covert surveillance measures goes away if some of the arguably unreasonable liabilities for bad things happening are also taken away.
You're not accounting for the many companies where a sizeable chunk of the workforce are "bullshit jobs" and are just there to create work for other bullshitters and/or be there for political reasons to pad someone's direct reports list and justify their salary. This is an major epidemic in some countries and cultures especially in Europe, and remote working threw a big wrench into this machinery by giving those workers a lot more power and perks that are usually reserved to elites within the company.
In this case there is no tangible output to measure, the only "output" is the suffering of the employee and the appearance of them working hard. This kind of spyware thus makes sense to force the employees to "work" hard and not become too complacent/comfortable in order to perpetuate the charade.
I don't expect this being used in startups or smaller/more modern enterprises where the org chart isn't (yet?) bloated and productivity is measurable based on output, but to be fair this is also not a vertical that Microsoft is targeting (nor can compete in even if they wanted to). This is targeted at large, bloated companies where they need to keep herds of bullshit jobs under control and make sure they don't get too comfortable - otherwise it would rock the boat if some low-level employee appeared to "have it easy" more than some high-level director/VP/executive, regardless of their actual productive output (if any). The spyware will efficiently detect such occurrences and make sure they are addressed.
Two things can be true at once: my employee can be delivering good results, and my employee can deliver even better results. Just because an employee is delivering results doesn't mean that is their maximum potential.
The other thing you're not considering is the fact that management has a responsibility to maximize productivity with the workforce they have. Where you see management failure, I see managements responsibility.
Now, none of this means there aren't poor managers (I've had those), nor does it mean that the solution is straight up surveillance. What I am saying is as someone who does manage, and as someone who does pay employees, this issue isn't nearly as cut-and-dry as you're making it out to be.
So I care very much about whether they get those jobs done well. But I couldn't care less how much time they spend with their backside in a chair or how many messages they sent last week or whether they took a 1h30 lunch break yesterday because they went out shopping for a birthday present for their kid.
I default to trusting people working for us to be honest and do their job to an acceptable standard. I'm only interested in intervening if that isn't happening. In that case the kind of metrics under discussion here aren't going to help me figure out the real problem and how we can fix it. They aren't even likely to be worth much if as a last resort we do have to lose someone who can't get the job done properly and later we have to defend that decision in some kind of dispute proceeding.
This isn't to say we can't give feedback and provide training to help anyone working for us to perform better. But I don't see what relevance these kinds of metrics have to that either. I've always found talking with people openly about how things are going to be far more effective. YMMV.
Microsoft is very intransparent here. They didn’t ask me, I couldn’t find out if that means my employer has access to my private data, and it kept coming back even after I found the “unlink” option. Creepy.
I won't go back as long as I'm able.
I'm in tech but these network suggestions are all quite opaque to me.
How is that allowed lol
From the company side, they dont know whats on my machine. I might have pirated everything and keyloggers out the wazoo, thats my choice.
Given the rate of change in surveillance telemetry, AI local/remote analytics, enterprise sysadmin competence, global threat models and "chat control" draft legislation to bypass E2EE confidentiality, it is unlikely that individual humans can negotiate balanced Terms-of-Service/Employment/Citizenship.
There are OSS-based systems (QubesOS, OpenXT, Android pKVM nested-virt replacement of TrustZone) which are architecturally compatible with remote management of isolated workloads by mutually-distrusting clouds and enterprises. This is the WFH inverse of cloud "confidential computing". Workload isolation is hard/intractable on pre-CHERI PC hardware that is littered with side channels and legacy complexity, but isolation of mutually-distrusting clouds can be practical with a combination of monitoring and legal agreements. WFH humans can collaborate on OSS code to enforce OSS legal agreements that mediate between employees and corporations.
Matt Damon and Ben Affleck's Incorporated (2017) TV series, https://www.youtube.com/watch?v=t7eKEHhSw00 & https://en.wikipedia.org/wiki/Incorporated_(TV_series), includes thought experiments on future workplace surveillance.
> The series takes place in a dystopian Milwaukee in the year 2074, where many countries have gone bankrupt .. In the absence of effective government, powerful multinational corporations have become de facto governments, controlling areas called Green Zones. The remaining territories are called Red Zones, where governance is weak or non-existent.
Wi-Fi 7 Sensing routers (2024) can generate 3D images of human activity through the walls/floor/ceiling of homes and business, profiling human position, movements, breathing, typing, emotion and more, https://news.ycombinator.com/item?id=34480760. After standardization by IEEE in consumer routers, which remote parties would be interested in WFH WiFi Sensing Analytics? How could regulators, employers, employees and home-builders respond?