A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 84 users / day
- 537 users / week
- 1.5K users / month
- 6.58K users / 6 months
- 1 subscriber
- 2.31K Posts
- 53.4K Comments
- Modlog
you don’t know shit about my work fuck you!
if you don’t have your personal browsing using a private profile of a secondary browser which you know you can delete, you are doing it wrong.
Yeah, I can still see that activity. You’re still doing it wrong.
Personal device not on corporate network or you’re doing it wrong.
Sure but people see that you are on the phone while the IT people don’t really care what you do and by bosses aren’t checking those logs so idc. it’s about being discreet on some layers.
If I were at home I wouldn’t need to do anything to hide it since I would use my pc but since I’m in the office I have to get creative.
Also, 5hisbpost was 7 days old :)
As an IT administrator, if your org has GPOs controlling if you can delete your browsing history or not, there is no chance you will be able to install a second browser without admin credentials.
I can confirm there are places where that is possible.
Also as long as they do not whitelist executables, you could use a portable version of a browser.
And you would still get caught on the company device trusting company CAs, thus enabling them to decrypt all your traffic.
Use a personal device on a personal network for personal stuff.
I was talking about the history on device, of course I agree: never expect privacy on a device controlled by someone else.
That might not be enough. I could monitor that on all the devices I manage, if I need to. There are tools to dump browsing info as it’s being committed, or it’s easy to pipe all the traffic from your machine through a VPN to a firewall I manage with a trusted cert injection into your device and inspect the traffic in transit. If you don’t want your employer to see what your up to, don’t use their infrastructure.
Well, yeah, if I worked at home I would use my personal computer for personal things and the workstation for work, it would be pristine. But alas, in the office there’s so much time I can spend pretending that I’m working because I finished my tasks before I implode.
Some risks are necessary :)
It’s not really about IT not knowing, but about being discreet enough that your boss doesn’t see your personal accounts logged in or even worse, to have two chrome profiles, both with obscure names, press the wrong one and to share the screen of saved tabs with Facebook, Instagram, pornhub… Yeah I’ve seen those bookmarks.
It’s… Wtf… If you’re going to be that deranged, at the very least be discreet… Sigh.
No, it’s zero-trust all the way down!
All true, and I’m sure your IT doesn’t care as long as you’re not taking stupid risks
…
I’ve seen things you people wouldn’t believe… a folder full of photos of a sales rep’s feet taken under the table at a meeting… a bookmarked playlist of adult baby porn labelled “Potential Suppliers”… I watched a modded BitTorrent client try to fake VLAN tags for unrestricted Internet access. All those moments will be lost in time, like that expensive label printer from my locked desk drawer… time to get another coffee…
Well, since I am IT, I am not about go to snitch on myself.
Forget chrome management. Any IT shop worth their salt is protecting their egress with a proxy, explicitly or transparently set.
Don’t browse the net on your employer’s network or devices. Use your phone. Get on 4G/5G.
deleted by creator
I’m using it, as well as my boss!
I’m in the process of convincing my management to switch to Linux. The most important thing to them is having a way to remotely delete the pc in case it’s stolen. Does someone know of a solution in Linux for that?
I’m in a company that uses Microsoft stuff, but I use a lot of fedora and Linux mint in VMs. The latter is based off Ubuntu at least!
It’s actually kind of nice to be able to save the state of my VM since forced restarts are so infrequent.
deleted by creator
I’m on Ubuntu at work! The only employee on Linux at a tech company of >150 people! (Where are my Linux nerds?)
Kind of yeah, the rest of the working world uses Windows for good reasons.
deleted by creator
Legacy software with incredible backwards compatibility, exponetially more software options, user familiarity, pretty much everything that active directory provides from user management to group policies, the list goes on.
Im a linux guy, but the thought of rolling out even the most user friendly linux distro gives me nightmares.
deleted by creator
Aren’t they? Changing a legacy app can take years to do the needed research, approval, procurement, and implementation. “Because my IT guy doesn’t like Windows” is a terrible reason to undergo that process.
The same with retraining users on a whole new OS. You’ll spend hours over the course of months answering “where did my C:\ drive go?”. That’s a lot of time you’ll never get back.
Active Directory provides a lot of tools that are familiar to senior techs and easy enough for junior techs to figure out. I might prefer how Salt Stack works but I don’t have time to train dozens of fellow techs.
Linux is cool for a number of reasons, but it isn’t a magic easy button and a wise admin doesn’t swap out fundamental parts of his tech stack without careful consideration.
If allowed, doesn’t DoH/DoT mitigate this issue?
Not if your employer has installed a root CA on your machine, enabling them to man-in-the-middle all your TLS connections.
Oh that’s a thing? That’s kinda frightening
Not necessarily, as the browser is still logging the history.
Well that’s what private mode is for, to dump the local data after closing the browser session
I know I’m here a week later, but a large number of system administrators disable browser proxy systems, dns over https, and incognito. It’s a neverending war.
Pretty much, but (noob question) how can they block DoH, wouldn’t they have to block HTTPS completely as well?
They control the browser settings itself. It’s either a work managed device or profile.
Ah ok that makes sense
Oh no, my employer might find out I’m looking for other jobs after being overloaded for a year and a half and constantly having my concerns/feedback/process improvement initiatives brushed aside.
Shot, i regularly browse jobs websites even though Im not looking to change jobs again soon. Just to keep them guessing.
I have been hinting to my manager for 6-9 months that he needs to move part of my workload elsewhere so that I can focus and actually achieve something. To think, all it took was for me to tell him straight that I was unhappy and unfulfilled to the point that I was considering resigning. Suddenly he’s all apologies and let’s make changes because you’re kind of vital and we don’t want to lose you.
And I was fired for it. Depends on the market demand I suppose, some industries there is no denying your worth, in others you’re disposable.
I love the fact that firing me what the person you’re answering mentioned is illegal here.
Peace of mind.
Yeah pretty outrageous, I soon found out employment rights in Ontario Canada are practically useless. I had no idea, I thought I had some basic protections, it’s almost nothing.
My work has a 100% mandatory vpn and mitm proxy for ssl scanning. I just use parsec to view my laptop from my desktop and browse what I want on my actual personal computer
Luckily my work hasn’t disabled the remote desktop application protocol. So I do the same, but without parsec.
Can’t install parsec on the work computer, and the web app displays a black screen.
Don’t forget the agents they install that take screenshots every 10 seconds!
Nothing to screenshot if all of my personal stuff is on a completely different pc
That doesn’t mean someone isn’t going to pull those up to reprimand you, or monitor your work.
There’s privacy from personal things, then there’s overbearing micro management who will literally track “Mouse hovering” and “Keyboard Idle Time” or how long you take to write an email.
Amingst the other creative ways they can try to keep you at a level “non promotable” status or whatever leverage to control you.
I’ve never had to suffer from it, I do my job, but as a systems admin/engineer for over 15 years, I’ve definitely worked at places that implemented it at our expense, or we had to set it up for our clients using it against their own staff.
Yep. Good point.
These are worse than useless. They are anti safety. If this box or its private keys get compromised ALL tls traffic of all employees is immediately plaintext.
Any company that buys one of these appliances from mcafee or whatever is asking for it (losing most/all their secrets)
That sort of thing is required for a lot of enterprise certifications. When you do work for government, healthcare, banking, etc. stupid “security” is mandatory for checking off compliance requirements. Not that any of it has to be in any way effective…
when breaking the internet and end-to-end encryption are part of any kind of “enterprise certification” that certification is worthless (or worse) and probably some kind of chinese or russian (or the CIA or whoever, certainly not your friend) psyop. Only a mindless idiot would implement it.
Oh I 1000% agree. But you try to convince my opsec colleagues
Wow, didn’t know that is possible. Is it same behavior with other browsers?
They can monitor anything they want.
They could even force you to connect to a mainframe instead of your own computer in order to work, and only allow you to click on 3 allowed buttons if they wanted to.
It is their hardware, they can do what they want.
Same can be said for any browser, any app, any connection while on the employers network IF they wished to monitor it. Even if you were able to delete all local browsing history and used private browsing, your employer would still be able to know every site you visit if they wished.
If you’ve authenticated with your credentials on the device, IT is able to see IPs visited and DNS queries and has access to all sorts of network tools to track, shape and otherwise manage your activity.
It’s best to assume that nothing you do on your employers network, even when logging into their corporate VPN from a personal device, is private.
I’m always shocked by privacy conscious people who do not have complete segregation of work and personal equipment and devices.
So only watch mainstream porn on work computers, got it.
I’ve always assumed work will be looking at the browser history. Anyone who assumes they won’t is an idiot.
Softcore is expressly permitted in the IT policy.
Those IT guys need to get off as well you know.
I mean, MS can literally track you between Windows installs, as long as you’re on the same hardware. No surprises here.
There’s a big difference between a giant corporation (that wants you to continue using its products) seeing every site you’ve visited, and your fucking employer, source of not being homeless and starving to death.
deleted by creator
The only way those large corporations can use that ability, is when your employer pays for it.
Otherwise it wouldn’t happen.
Since if it did happen, they would get sued by every company that uses their software.
How? Is there a way to mitigate this?
No not really. I mean you could never connect to the internet I guess. But that’s the best mitigation there is as long as your using windows. Or run it in a VM?
So you can understand how this works, each device in your computer has a uid or hid, a unique id, or hardware id. This remains consisten as long as you have the hardware. Things that have this are like hard drives pcie cards, etc.
There’s also just the fundamental unique ways your PC is built. Of all windows users how many have an Nvidia card? 90% of those 90% how many have the same drive configuration. 5% of those how many are running Intel CPU. Etc etc…
You are sadly very unique.
Yep, I guessed this was the way. Thanks for clarifying :)
Install a Linux distro.
No thanks
I use Gentoo on my main computer. I was just curious.
Theclouds it is your friend trust me bro
Have you heard of Linux?
Linux is not an option in the real corporate world.
Doesn’t have the features necessary to run big businesses.
Nor does Linux have compatible software for the millions of different factory machines.
Of course I did. My only OS for the past 7 years
So that’s how you do it. :) 🤙🐧
The only way :) Once I stopped using all proprietary software, I also quit social media (this account is the first one after such a long time) and I’ve never felt happier. Linux and privacy for the win!
Couldn’t agree more!
What are you talking about? They definitely dont see what I browse in a whonix Qube…
Only tangentially relevant, human beings get along better with their agenda (that is, are more productive) when they’re freely allowed to check email and their lemmy feeds, shop on Amazon and whatever other social media stuff they do. In fact, studies have shown an improvement when they drag overly-focused clerks to their mandated coffee breaks (actual coffee optional).
So if you’re getting into trouble for chatting with your kids, or answering emails or resupplying your household with dog food, that might be an indicator your work environment is toxic and you might want to keep looking out for better offers.
Also when game dev teams are crunched, their productivity drops below 50%. When they’re crunched for more than two weeks, it drops below 10%. So don’t crunch your devs.
deleted by creator
Most just monitor your browsing through the Antivirus.
Since they don’t want you visiting porn or malware websites on the corporate network, for good reasons.
Until you get asked by HR why you’re breaking their policies by clearing history and why you’re doing it. If it’s a work device that’s not yours, don’t expect privacy. It’s their property.
This, but it won’t matter if you delete history. They know anyway if the want, and can enable logging it if they choose.
When I turn on my pc I get a prompt saying “this computer is managed by your organization, expect no privacy”
Sadly this.
Any personal matters I may have attended to during work hours were done on a personal device, through a VPN, preferably borrowing some other WiFi signal than one run by any company I work for.
If its even more personal, just drop WiFi I don’t control all together. Either use the phones data plan for 10 minutes, or tether it to a computer and do the same.
That’s not how it works in civilized countries that provide worker’s rights by law
Unfortunately, words on paper frequently fail to prevent organizations, public of private, from doing things they are technically not allowed to do. See the security state apparatus of any of the nations around the world including the 5, 9 and 14 eyes, or any number of tech companies that claim and market privacy respective policies only for people to uncover later that what they pitch publicly diverges in spirit from what they do or what is in the actual terms of service.
Hopefully if people find their employer going outside the bounds of the contract they can catch it, catalog it and hold them to account. Accountability can often be tricky and costly though.
This is why unions and NGOs exist.
So… not the United States. France, maybe? Germany?
I have a very hard time believing that lol. Doesn’t matter what country, it’s still the companies property, and the work you’re doing in it is still considered their property. It’s not a personal device. What a pretentious statement.
In Canada employees may have a limited expectation of privacy on work computers.
Quoting from this article, which references the same supreme court case as the above article:
Accidentally deleted my post lol, but the court case ultimately ruled for the company, and that these laws aren’t very strong to begin with.
And the article you linked still suggests it’s a bad idea to assume privacy.
This is more so to protect employees who are browsing facebook or something on a personal computer, that the employeer isn’t then allowed to snoop on their private social media accounts. For work related stuff, the rule still applies that it’s work property.
deleted by creator
They don’t need the computer to see everywhere you’ve gone. I’ve never heard of anyone getting in trouble for clearing their history, but lots of people who have had problems visiting questionable sites.
You underestimate just how dumb some corporate policies are lol. Even if you are completely right.