86
Browse safely on corporate laptop
(lemmy.ml)
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)
Just run portable Firefox without the root cert?
.
It's good to know that they can't bypass wireguard or Tor. I was a worried about that.
As others have suggests, I will probably use a separate device to check my mail. That seems the safest and fairest option both from the company and my perspective.
Protecting your traffic over the wire also doesn't stop them from getting the data directly from the OS or program itself.
It's their hardware, you're just allowed to use it (and according to papers you signed when hired, likely only for work use).
My company uses a similar MITM technique on all our network traffic, but we have also used a number of other tools that don't have the ability to snoop on the network traffic but can still get browsing data from user machines. Most browsers have "enterprise mode" features, or just store browsing history in a file that other programs can read.
We've also used systems that installed at the BIOS and/or bootloader level to allow us to track the location of and take certain remote actions on company hardware that was taken off the company network. If the device got an internet connection at all, it was still ours to control. Was very handy for people who tried to keep their laptop after they quit.
Technically they could use OCR on automatic screencaptures, which would bypass anything you could do. There's a ton of "management" software that does automatic screen captures, or allows someone to look at an overview of desktops like a security guard looking at a bank of camera monitors. Usually that's something schools use, but it is available for companies.
They could use a keylogger too.
The point is, you cannot control, or have any foolproof knowledge of, what they have installed on your work machine. That means that you cannot effectively work around or bypass it. If you absolutely need to, make a new "personal" email account to use for things like spotify or youtube on your work machine, and just use your damn phone for personal stuff.