YSK: Browsing "ALL" at work might get you pulled into an office, even with NSFW off.
YSK: Browsing "ALL" at work might get you pulled into an office, even with NSFW off.
Why YSK: It appears several Lemmy Instances are flagged as suspicious and at least 1 instance intentionally using the name of ransomware. A couple of the big enterprise monitoring suites (Fortiguard, ZScaler) will flag your account and may end up with you being pulled into an office for an explanation, or worse.
TL;DR: Keep browsing to your local instance at work for now.
Don’t use company computers for personal stuff, it all gets logged and can be used against you at the very least as evidence that you weren’t working come performance reviews.
It's fucking insane people don't know this in 2023.
Work computers are for work, and pretty much every employer monitors what you do on it.
I occasionally click on the little wether icon and see what the forecast looks like. Hope I don't get fired!
At my old job we had to research customers which frequently involved looking on Facebook and other sites. I was very intentionally not logged in, which probably wouldn't work now, and kept any and all searches to items that I could prove were related to a work item. It's insane that people don't follow that advice.
Work computers are for work, and pretty much every employer monitors what you do on it.
Depends heavily on where you work. My employer don't track what we use the computers for (of course there's a 'TOS' of sorts which says that it's company property and should only be used for company stuff) but as long as you are at least somewhat reasonable on what you use the system for it's fair play. Things like checking your personal email and occasional visit to lemmy/whatever your social media poison is doesn't raise any flags as long as you get the job done and that's it. Of course you can't install anything on the system but as long as a browser session on incognito mode is enough and it doesn't harm your duties, while technically forbidden, no one really cares.
And yes, I know this for sure, as I'm one of the guys who enforces the policies for our gear. YMMV.
And the same goes for company wifi if you have to log in with your own username.
Depends on your work. I agree with you, but for example my work is different.
Yes, we have managed devices as well, but my department specifically went for unmanaged devices. Just plain old laptops. Install whatever OS you want, do whatever you want. I only have the base windows install on there for some compatibility reasons, I mostly just use PopOS.
And we're also explicitly allowed to browse private content - as long as the work gets done and we stay in budget, do whatever.
agreed with the point. However, lemmy might soon be the new reddit for information, asking questions, troubleshooting.
So I guess a solution for accessing lemmy for such resources on company computer without being flagged would be good, especially this gets a bit more complicated with the decentralized nature of the fediverse (multiple domains of lemmy)
Just don't use a work computer for anything but work. Use your personal cell phone and don't use their wifi.
It constantly surprises me how many people use their work computers as as if it was a personal computer. They've got family pictures, shopping, browsing, socials, everything. I've tried mentioning before, in a roundabout way, but people really don't care. And then when they get laid off or quit then they're shocked as hell once the computer's remotely locked and wiped and then they make a big stink about how all of their stuff was on there. It's like what did you expect to happen.
My work phone is specifically partitioned to separate personal and work activities. I can't even copy and paste text between the two sides, they are so disconnected from each other. This is done specifically so people can use their work phone for personal business without cross-contamination.
I still refuse to use my work phone for anything but work. I only log into my personal accounts long enough to install/update a few apps from the Play Store that aren't allowed on the work side but are still useful (MS Teams, WhatsApp).
Part of that is not wanting to enter a 12 character password every time I want to do anything simple . But the other part is that I just don't want to mix my personal and work lives more than I have to.
The reason I used to use my work PC for online purchases/personal finances because the network at my employer was much more secure than my home network. But it was a smaller company back then, now that we're "corporate" (partnered a larger entity) I don't.
Or just use a VPN on the Wi-Fi
Stay off company resources when using technology for personal use.
Underrated comment right here...
Yall got phones jfc
Why would people not just use their phones? I would never browse any social media on a work computer.
I had a lady in the marketing department open a ticket with us many years ago when ILoveYou was running rampant and we had blocked yahoo mail, gmail, etc on our corporate network and she was PISSED because "I need to access that for my other job!". Yes, she put that in the ticket. That was a brief discussion with her manager and a resume generating event for her.
"Resume generating event" - that took me a moment, but then I laughed
I use my own Internet for my phone. No point messing with work Internet unless necessary.
Exactly. Use the work equipment for work purposes and there is no issue.
This is the way. My work tends to block a lot of websites that aren't relevant to the job anyway.
Why do people use work computers anymore when cellphones exist?
I've worked a job that required using an app on my phone, and in order to install that app I had to give ROOT ACCESS and full remote control to the IT department and was subject to the same monitoring as when using a company desk or laptop. I just grabbed an older phone I had lying around and used that for work because I wasn't about to give complete remote access to the phone I actually used every day.
Fuck that. Our company gives us phones because they know they're secure. And we don't use them for anything but work related apps. I still make all my phone calls from my personal or office phone
I say, "We," but that's not entirely true. There are a couple of jackasses that do everything on them, but I assume the company can see it of they want to. So, fuck that
If you are android, there is an app called Shelter that lets you create customized contained work profile inside which apps can be killed completely until you enable work profile again. This would usually be enabled by certain official app by your employer's IT policy, such as MS's Company Policy, so you don't normally have control over what app to put in the profile, but with Shelter you can pick and choose any app into the work profile freely. If you have other apps you don't trust, you can also use it to contain them too
I use a Pixel 1 for the same purpose. It's just a couple authentication apps in my case, but I still don't want their shit on my personal phone.
Not sure why they've got to use proprietary shit instead of just using standards. I even offered my own Yubikey.
Phone got small screen. Computer got big screen.
My work laptop just got replaced, and what's great is the dock that came with it. It only connects to my laptop thru a USB C. So. Now I unhook my laptop, and plug my phone into it, which uses Dex. It's like Samsung's own desktop OS. And I can use my big screens and keyboard and mouse
I also make sure my phone isn't using the network cable plugged into it and only use my own internet. I don't think it'd let me anyways
I don't even connect to my work's wifi
See I'd connect, but it would be on a VPN the whole time.
I'm not personally surfing Lemmy on my work computer, but larger screen + physical keyboard and mouse.
I worked for a small earmold company that made hearing aids and plugs. The PC I used had zero security. I decked it out with every possible imaginable tool to make my job easier, even had it where I could vpn in and do work from home, and while I didn't utilize this feature, the ceo's son did after I told him about it for a few weeks after I quit.
Our HR manager constantly asked for email counts each day, so I automated a spreadsheet for her. I set a webcam up in an office with a laser engraver so I knew when the staff would put molds down for engraving without being in the room. I had syncthing cloning directories and a virtual desktop. I'd often model blender models on lunch and sync them back to my nas. Sometimes I'd make custom things for the company, then 3D print them and bring them in the next day.
I had waaaasay too much power, though. I could go pick through the company samba server, look at anything, potentially delete everything. They kept backups on dated copies made on external drives and deleted everything four years old.
They might work in a place that doesn't allow personal electronic devices (government, military, high-security site, etc.).
I'm visiting other companies for work every now and then.
If they are in a fancy new steel-and-concrete office building with open space offices, chances are that cell reception is very bad. I once was in an office where I'm certain they had installed cell blockers on the toilets.
I think my workplace had that until they realized that it also stopped management from being reachable. Fucking lol.
I have a work account on programming.dev, using the internet for work is pretty common.
Pro tip: Don't do not-work stuff on work owned hardware.
Or while connected to work networks
I used to sign in to my personal accounts on my work computer. And then a place laid me off and remotely locked the computer before I could sign out of anything, and I realized I had been stupid.
Now I just use my phone. But I also work from home so there's no one to creep on me and report I'm looking at my phone instead of click clacking away.
Rough day at work today, OP...?
Never attach a personal device to a company network!!!
I imagine the socialist/ML and pro-union content also plays into this (speaking as a socialist/ML and extremely pro-union, mind you). Corporations hate and are terrified of any sort of dissidence that threatens their profits and will absolutely police your activity on it. Weirdly enough Western "freedom of speech" doesn't seem to extend to this kind of stuff in practice, can't imagine why.
The company firewall very likely is using a "content filtering" function which for Sonicwall, for example, is a subscription service where the admin can select any number of "categories" of content to block. I found lemmy.world was being blocked because Sonicwall had that domain categorized as "gaming" which was disallowed. I reported the error to Sonicwall that it should be "social media" but haven't heard back (it takes a while) but some companies might block that category also. In short, it might not be blocked because of any positive action by your company but instead by accident because whoever first classified the site didn't understand what it was.
Why in the heck would anyone browse any social media on your company machine?
That's the whole reason I left Reddit because it forced me to have to use Reddit on a computer and it's one of the first things I remind new hires not to use social media on company property, it's always monitored from keyboard to Internet connection.
Good lord people...
I used to do social media marketing for a company. I used a company computer for that ¯\(ツ)/¯
Your ¯\_(ツ)_/¯ is missing several limbs, but at least the armpits are bushy.
Good thing I live in a country where it's forbidden (unless everyone approves of it, which if course almost never happens) that they monitor everything.
Sure internet movement could be looked up but even that needs to be because if a specific reason. They cannot just randomly look up everyone's browser history.
Because it's fine?
Yeah some companies might monitor what you do but:
a) It's not that common or not that detailed as some people imply it
b) It's mostly for detecting malware or breaches, they don't care about your social stuff.
c) Most people just check normal stuff in social media nothing to worry even if somebody from works check it
d) People have downtimes, checking Twitter or similar for a little while it's not a firing offense....
e) Most of the time is not checked by anyone except if something flags it. Which again usually is set for malware and breaches not if you spend x time on YouTube or Twitter....
Yeah...use your phone if you can... But some people are painting this as the end of the world like the untouchable the forbidden fruit.
Coming from IT:
A: Disagree; it's logged, analyzed, and stored in the name of efficiency.
B: Yes, but also no. Stopping malware is the original idea. But why would a business stop there when they can pressure 2% more time out of you by assigning ametric for everything?
C: Fair
D: It is if there's budget cuts/Boss dislikes you. Leaving evidence of you not working on company time can be an anchor around your neck.
E: Yes, until no. See D.
I agree using work internet for personal shit isn't career suicide, but it just opens the door for shit that isnt needed. Frivolous work internet usage is an example of "Free to those who can afford it, very expensive for those who can't".
Just use Data if you can, or shitpost after your shift
On phone, use LTE. On computer set up a cheap Linux shell on your vsp of choice. Then use an ssh socks proxy for your browser.
I don't think your company computer allows for the same things my company computer does
Pretty sure you can create a tunnel without any admin rights or installing anything. Might require you to run ssh on port 443 if they are really strict.
That was my default when I worked. Just ran the proxy from work through my home network. Never was asked about.
and MAKE SURE it's set up to use DNS over that socks5 connection.
TL;DR: Keep browsing to your local instance at work for now.
YSK even the local tab on any instance will load many transcluded images from other instances.
if you're worried about your employer monitoring for suspicious hostnames, you're rolling the dice every time you do any personal web browsing (outside of sites that don't transclude 3rd party images, like wikipedia, and, ironically, facebook...).
I'm against transclusion. Unless that clusion is inclusion, then I'm for it.
The other day I was on all and there was fucking porn without any NSFW filter on it on some cumsluts community, no co-workers were around thankfully but it was a good wake up call that all is not a place you wanna be unless you are at home.
Wait. Is everything from LemmyNSFW.com NOT auto-tagged, or is that community also on another instance?
I can't remember, I didn't take the time to screenshot it haha
I'm glad my work doesn't care what I do online as long as I get my shit done. It's not the highest paying job in the world, but perks like that keep me there.
Not caring what you do on your pc, within reason, is not the same as not monitoring for dangerous actions that could endanger your network or company (and client data). I don't care what my colleagues do on their pc either. As long as it doesn't cause me more work.
Logging security incidents is work. So we do block a lot of websites and keep an eye on what you try to run. If we see something wrong we just talk to you and explain why we don't want you to do that. 99,9% of the time everybody is happy after that.
The idea of this being something you can get fired for or that's taken into consideration for your evaluation is insane though. We have rights as workers. Keeping the network safe means I can see some extent of what you do. Your boss or their boss has no right to that information unless you state you will continue endangering the network. Even in that case I wouldn't even tell them the websites tbh.
The wifi at my work won't let me browse Lemmy at all. I have to enable a VPN on my phone to browse, or go to mobile data.
This is what you should be doing on all corporate networks. What personal sites you go to is none of their business.
Alternatively, don't use their network and use your cell connection, but for some people, that's not gonna work, I know.
Better idea.. you could work. Or use a VPN on your phone.
Or just use LTE and not Company WiFi which is obviously monitored. Like how dumb is OP lol
Yeah that would also work.
Yeah better not take a break and use the phone while on it.
Working at work. Psshh
Well, you should be using a VPN for privacy anyway, so that wouldn't be a problem.
omg people, dont do personal stuff on your work machine or connected to your work network. A vpn wont save you from all the software they install in your machine to track you. Use your phone with your mobile data.
You guys aren't using DoT (DNS-over-TLS) or DoH (DNS-over-HTTPS) ??
That won't hide the IP and really doesn't hide the domain name either if your company actually has any decent monitoring on the network.
General rule: if you're on the company hardware or network just assume your IT department knows where you're browsing.
There's a good chance that SSL inspection is being used if it's picking up the names of instances.
I use DoH. What's DoT? What are the differences?
DoT uses the TLS protocol as far as I know while DoH uses the general HTTPS (443) protocol. But both of them are encrypted so you shouldn't worry about security with any of them. Just use the one that is supported with your device/app
I find it crazy that you can get in trouble for browsing the wrong websites. It's illegal where I live to track people's computers.
If you're using company hardware on a company network and our security software says you're visiting ransomware like URLs, it's very much legal monitoring as it's for a technical reason. It's probably mandatory since you need to do this to protect the personal data your company stores.
More often than not you probably signed a document stating you understood and accepted this.
Just a distinction: It's most-likely a laptop issued by the company, not a personal computer.
In the US there is no reasonable expectation of privacy on company computers and company networks and to reinforce this usually on day 1 of a job you sign documents explicitly stating they can and will monitor traffic on company systems.
Without monitoring traffic on all company systems there would be no way to know if your company was subjected to a breach. There is mandatory reporting for public companies and part of the reporting includes the capability to monitor for said breaches.
To that end I have to wonder where you are that information security is basically prohibited by law.
My company uses zscalar. It's essentially a company endorsed MitM attack and for that reason alone I don't use the work laptop for anything but work.
that reason alone I don’t use the work laptop for anything but work
I think that was the goal.
We use zscaler too, I never knew what it did, only that it fucks with printing when it needs to be reauthenticated. I hate it so much. Nothing but a nuisance.
seriously, why don't people just use their phones for non-work stuff in the office? you can leave those disconnected from wifi so nothing is visible to the company.
I'm not in an office. I just swap to my own desktop if I need to do anything non work related.
And this is why I always use a VPN on my phone.
WFH FTW.
When I used to work in an office, I'd always use wireguard to tunnel my traffic on my phone back through my home IP. Got to use their wifi and still maintain my privacy
This is even easier now with tools like tailscale
This does not apply for most european users. Source: I am the one who gets these requests and anyone who isn't a judge gets jack shit. Go pound sand. Anything else would be illegal under privacy and work laws. Even police wont get ANYTHING (judge will reject it) if the crime in question isn't worth at least 2 years of jail time.
Suspected malware domains just get blocked, no further action will ever take place.
Exactly. American workplace monitoring is crazy.
What's the name of the instance that uses ransomware name?
They might be referring to lemmy.zip. Imagine this email.
I've attached the invoice. invoice.zip
Many things will render that as a clickable link. In case it didn't, here is an explicit one. https://invoice.zip Go to this website. It explains the risks. In case it isn't clear, zip is both a common file extension as well as a top level domain now. This means that it is great for phishing.
But I'm confused why OP thinks this is a problem on all specifically. Your client only talks to your instance. Only Lemmy instances talk to each other. Your instance does all aggregation for you.
One of the ones marked as sus, yes
How? The client should only be talking to your home instance. Your home instance does all aggregation for you. Only Lemmy instances talk to each other and clients talk to one instance. That's how federation works.
Non-textual content (media, and icons I believe) is still served from the other instance to prevent all federated instances from exploding in size.
Additionally, some browsers will preload/prefetch links to "improve the browsing experience"
VPN 4tw.
If you just run a VPN things like zscalar will still get you. They'll just send the web traffic through the VPN to their proxies and still log everything you do.
There's ways round it, but all of them will no doubt violate corporate policies.
The only real solution is not to use work computers for non work use.
If you use a private VPN on a company computer, they can still monitor what you're doing on the local machine, and/or report home through the VPN. And some companies won't even wait to ask what you're doing with a personal VPN on their machine - you'll be in trouble just for installing it.
Or you could be like the company I previously worked for and not monitor anything with any seriousness, but a lowly tech managing some one-off software installs for the office PCs (me) might notice software that shouldn't exist and report it. Happened to a new guy, the VPN to his home got higher ups combing through his work, and was the final icing on the cake after they also found emails from work to a personal email with customer information attached. They didn't even entertain an excuse, he was sacked same day. (This was all pre COVID, there was no such thing as work from home)
So yea, definitely...VPN might not be the hammer that falls, but it can start the hunt and still burn you. Someone might use it to browse lemmy, other people might use it to steal company data. It's not worth the risk for a company to attempt to differentiate between the two. Obligatory 'your mileage may vary', especially now with the COVID push to work from home, but it happens!
When I read stuff like this, I feel there is a whole part of Lemmy that I am totally clueless about.
I have no idea even where the areas that OP is talking about even exist, and with the way the servers seem to go down all the time or I need to reload a browser, it makes it that much more difficult to wander around and get to know the place because you never know if a certain page is empty because its really empty or it just didn't load correctly.
Good to know, thank you for posting this. I'll keep this is mind to avoid any issues.
And to everyone else wondering why you would use company computers to browse the Internet instead of just using your phone, some jobs out there do not allow you to do so. My employer for instance, has banned using phones everywhere except for the break rooms and offices. We can still have our phones on us for emergencies and take phone calls, but otherwise we are not allowed to have them our. If we have to take a phone call we have to exit the work area and move to a nearby break room to do so. We have been specifically told (in writing) to use the computers instead when there is nothing to do. We have even been told YouTube is fine as long as there is no work. Because of that, I do a ton of personal web browsing on company computers since my job is so feast or famine so having information like this is helpful.
Yeah I get domain blocked popups sometimes while browsing at work. I mainly see that it's happening for lemmy.today.
Yeah I was gonna say, don’t be browsing anything non work related directly on your work machine. I usually VPN to home then browse through RDP. If your work has screen monitoring software just browse from a personal device.
I browse on my phone using data, I refuse to use company computers or wifi for anything that isn't work related exactly for this reason.
Gah!!! Ffffuuck me I forgot about that. I take business calls on my phone through work WiFi and maybe I use my personal phone on breaks and such.. woopsie. So how bad does it look if I used an app or even a game without turning off wifi?
Overwhelming majority of workplaces won't give a shit. There's so many real issues to deal with and what games you have running on your phone is not one of them, that's a management problem - not an IT one.
Some incredibly high security environments might think otherwise but they'd never let you use your phone for business, you'd certainly be given one from the company.
Having a talk about it doesn't mean they care. They'd just want you to stop doing that on the work network.
Even if you stick to subscribed, there's nothing stopping people from spamming NSFW stuff in the comments and in posts except for the mods/admins though bad actors can always just register more accounts on any federated instance.
Hoping we see more improvements to mod tools/abilities.
Serious question: there isn't any tracking software installed on my work computer, and I use a VPN browser extension. Is it still possible for my employer to see what I'm doing?
I'm a systems admin. Last week, I had an employee using a VPN to try and hide their traffic. My monitoring software caught it. I couldn't see the traffic, but I could see it connected to a known Tor IP. My system saw the fishy connection and sent the alert. Just be careful and don't assume you're completely safe with the VPN.
It's best to assume your IT department can see everything you do, and keep personal stuff on personal devices.
Depending on the quality of your IT department; it's quite possible that tracking software could be on your work computer and you simply cannot detect it. And yes, corporate tracking can easily detect what you are doing even if you use a VPN. It's best if you simply use work computer for work only. Don't even check gmail on it. Don't even link your google account in your browser.
Depends on who owns the network as well and if you're connected to a corporate VPN. The rule of thumb is that you can't expect privacy if you're not the sole admin of that computer.
Security software isn't tracking software. It should be able to hook into every current semi popular browser without you being able to disable it.
On the other hand, allowing users who don't know the answer to the question you're asking to both install VPN software and allow them this kind of traffic is a compliance violation to begin with.
If you use a vpn, I don't think they can see your traffic
Depends. They might have a proxy in the network config or DNS or any number of non-network based methods of logging and tracking.
i only browse on my private phone which is not connected to wifi
I always forget that most people are on a computer at work a lot of the time.
I couldn’t stand that. I need to be outside being violent at boards and steel or I go insane.
That's why you use the guest WIFI
No! If you're doing personal stuff use your cell phone data. Do not use work Wi-Fi, do not use the work network, use your cell phones personal cell phone data plan. Do not transit personal stuff over the corporate network. It will be logged it will be monitored and there may be questions.
At the very least have your phone use a VPN if you're going to use the Wi-Fi.
This is also managed by IT and is fully traceable as well.
I have unlimited data on my cell and just stay off WiFi altogether. The price premium is worth it to me for this one specific reason alone, let alone the other benefits/convenience.
Source: work in IT.
Don't use work computer or networks for personal use. Zero benefits really and at least some risk.
