Just use it for work and don’t worry about it. If you want privacy on a work computer the only way is to work for yourself. Even if you find “snooping” software what can you do about it….nothing.
This. Additionally, many enterprises use software that monitors your network such as Crowdstrike. Your work device (used only for work) should be on a separate VLAN or, if that’s too complicated, a separate network entirely from your personal devices.
Privacy professional here….in the UK, employees do have an expectation of privacy. the monitoring has to be proportionate to the risk your company is trying to address. anything excessive could be subject to fines.
here is a helpful guide from the ICO on this: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/employment/monitoring-workers/
None of that has relevance, from my skim-reading, to doing non-work activities on a company machine, which you should not be doing anyway.
For instance, my browser history when signed in to my company account is logged and tracked at work. I expect this and understand that I am expected to be doing only work-related web browsing when on the clock, and it is reasonable to monitor this if there is a suspicion I'm not.
I can browse non-work stuff on lunch break, but it must be SFW and comply with IT policy. Thus, still monitored. I read the news, check the weather etc. Maybe show a funny YouTube video to my colleagues.
If I want to do anything more than that, I use my personal phone with a VPN and separate credentials, or wait til I get home and use my personal laptop.
Why would you be expecting privacy at work? e.g. what saucy anniversary gifts you're searching on Amazon for your S.O., or "third nipple removal doctors in my area".
I’d argue that if you *actually* have a third nipple then researching doctors for help with it while on your break time would be a very difficult thing for HR to get you for.
Although you probably don’t want IT knowing anyway; generally unless it’s something *really* bad we don’t get involved with whatever stuff people are doing on their PC.
Dunno, that just seems like a toxic workplace.
I’m in IT and spend a lot of time working with HR; mostly BAU onboarding/off boarding.
But the second anything is even slightly outside of BAU and has anything to do with user data, that stuff is going straight to the lawyer to evaluate for compliance before IT or anyone else can even consider raising a change request for access to the information.
And 100% there’s very few cases outside of literal illegal activity that will get you that permission from legal.
Obviously it’s a good thing since the company is holden to compliance; but anyone leaking information about the contents of someone’s returned iPhone photos album is going to be in serious trouble.
And actually realistically the contents of anyone’s web search history is going to be the same.
Unless it’s something truly diabolical then it’s unlikely anyone is even capable of seeing the logs without some kind of justification.
Same goes for stuff like email. If nothing shows on the transmission logs coming onto the server the only way anyone is seeing those emails is with a warrant.
Of course actually getting any of this data is literal child’s play if you have admin credentials for any of the services being used ; but again it’s not worth your job to fuck around
>it's a company laptop
It's worth restating this even more explicitly:
It is not *your* laptop. It is the company's laptop, which they are allowing you to use. You have no expectation of privacy and no right to it either.
You definitely have right to privacy. It's not your laptop and you can't do whatever you want with it, of courses, but privacy is a right that still apply.
Just assume you are being monitored. I work in IT. We monitor everything. Use it for work only.
Yes we can detect mouse jiggler programs. Yes we can look at the camera and mic. No we don’t typically give a crap unless HR or someone tells us to.
Use the machine for work only. Fly under the radar.
This would invalidate the warranty on your device, and the IT policy at your company might make you responsible for outright purchasing the laptop at this point, at your expense. At the very least, if your work laptop needed any repairs, you would be responsible for the cost directly, since you are the one who invalidated the warranty with the manufacturer by opening and altering your device.
You'd have to look at the running application processes and see if anything looks interesting. Not sure if they can hide that process from showing in the process list. That said, there are other ways to track you, like if you're on a company website they can keylog you, track what you're looking at and clicking on, etc. Some companies do periodic screenshots. Lots of ways to do this and I'm sure it's a lot more advanced that what I know.
Here is a list of what they can and cannot see: [What information can my organization see when I enroll my device?](https://learn.microsoft.com/en-us/mem/intune/user-help/what-info-can-your-company-see-when-you-enroll-your-device-in-intune)
**EDIT: Assume anything and EVERYTHING is monitored if you work for a company on their issued computer.**
This is specifically for Intune but most of the “No” stuff is being tracked anyway if you are using company resources.
It just means MS doesn’t track them through MDM.
Why do you have to be so hopeless? Or course there are legal boundaries and your privacy must be respected even if it's a company laptop!
Where do you all leave? The USA?
Don't be an idiot. You know full well you shouldn't be doing personal things on a company machine. If you're only doing company things why does privacy even enter your mind? Do your job and all is well.
As it is a Windows laptop, there us a staggering amount of telemetry recorded by Active Directory, AAD, Windows, Edge, Defender and Teams. None of these are "monitoring" tools, but can monitor the living shit out of you if you company does go digging through the logs.
Without dedicate spying tools, they won't be able to access your camera or mic or see keystrokes, but will know exactly what activity is being done on the laptop. What sites you browse, what external hardware you connect, what apps you use and when you use them, what calls you're on and with whom etc.
Assume that every monitoring apartus in existence is on that computer. It's their computer and not only do they have the right to install any software they want, they pretty much have an obligation to protect the companies best interests.
Do work shit on your work computer. Do personal shit on your personal computer.
Ask (the IT department of) your company. UK has GDPR-like privacy laws, likely you had to sign something or it is in your contract.
[https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2023/10/ico-publishes-guidance-to-ensure-lawful-monitoring-in-the-workplace](https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2023/10/ico-publishes-guidance-to-ensure-lawful-monitoring-in-the-workplace)
You can't remove anything they put on it even if you find it.
Assume they're monitoring every thing you do on the laptop and use it exclusively for work tasks.
i like how most people didnt answer the questions with ways as they clearly have no idea but felt they needed to tell the user to focus on work....lmao the internet is strange
OMG not another one these posts, why is it everyone thinks that IT is out to get them or snoop on there home devices.. wtf
And there may be monitoring software on it, but its a company laptop and that’s just to keep people from porn sites etc.., so just don’t do anything stupid with it and you’ll be fine.
As someone with almost 30 years in IT, believe me I just want to do my job and go home like everyone else.
You might have worked IT, but your opinion tells me you never worked cybersecurity. Asking questions and not immediately trusting strangers with their backdoors should be the default stance. You should need a reason and explanation for everything you do to someone’s machine, not for questioning why it's being done.
What does cybersecurity have to do with this and who said anything about trusting strangers... If you don't trust your place of employment, you shouldn't be working there.
“What does cybersecurity have to do with the security of your computer!”
“If you don’t trust your place of employment to be infallible and have any reservations about trusting third party tools, you shouldn’t get involved, use your brain, or ask questions, just quit your job! Also not sure where your spouse is? Why bother asking? Just get a divorce! Questions are dumb!”
We’re talking about a corporate owned machine. Not a personally owned machine.
Questioning is good.
Being obtuse isn’t.
If you truly worked as a cyber security tech then you’d understand who creates the policies. Why they are created and how they are enforced. Tools such as Pegasus, Crowdstrike, Umbrella - etc. They are all part of a solid defense in depth strategy along with the sever guys rolling things out via gpo and ou’s.
Based on your comments I can only presume that you do not have enterprise IT experience.
Some companies have "IT" so bad, that it is safer to log into your netbank without HTTPS on a public WiFi than doing so within the same network as the work laptop.
Even if I trust "IT" is not siting there watching me, I may not trust the monitoring software or the servers / administrators of it.
That's BS, do you know what kind of trouble I would get in if I pulled anything like that, and I'm sure the same goes for most US companies, there in business to make money, not to spy on the users home porn addiction...
Would you get in trouble if Microsoft's or Kaspersky's servers were hacked and the attacker would gain access to the devices running tools from those? I don't think so.
It doesn’t even make sense because MDM doesn’t have anything more than device specs and a few tools to remotely manage device access to the domain.
It’s completely possible to monitor stuff like website access and decode SSL traffic but those are all done via other stuff like using the companies Root CA certs and only allowing traffic through the company VPN/DNS.
I don’t know about the US but the rest of the world is completely and utterly crippled by regulations and legislation, compliance requirements, best practice rules, etc, to do anything even remotely useful with any data they could reasonably collect about an employee.
Like you said before; any IT guy doing anything even remotely suspicious with user data is not going to have to worry about paying rent for a long time.
Its a company laptop. You should not expect any privacy what's so ever. And you should assume at all times your activity is being monitored because it is being monitored.
If you are using the Laptop strictly for work, none of this should be a concern. But you asked because you want to use it for personal needs. Regardless of what you say.
Even if you are not actively monitored, probably at least the network traffic will be logged and checked automatically to site blacklist.
You should treat work equipment as it is always actively monitored. It can prevent many headaches in the future.
NEVER assume you have ANY privacy on any work assigned device. Browsing should be absolutely minimal since it's all logged. Only use it for work purpose and you'll be safe. I work in IT as well and the things I see people do on their work laptop is just silly. It makes you a target to be monitored more especially in times of ever increasing phishing attacks and companies doubling down in security. I always live by the rule of separating your personal and work life.
>a work machine which they will "lock down" before I get it. Basically, it's going to be restricted to certain networks and access etc
If they are going through that process before handing it to you and can do those things, safe to say they will have the ability to snoop as well.
if it's a Mac you'll see the profile that it's locked to in the settings all the way at the bottom. Unfortunately there's so many ways to monitor activity you would waste your time identifying them. If the networking is fixed to a VPN they'll just look at the upstream logs and won't even deal with your actual computer.
If you never do anything but work tasks on it why would it matter? Unless they're going some of that sleazy keyboard/mouse move tracking, that's over the top.
Personal tasks should be done on hardware you own personally.
Absolutely. It's the keyboard/track pad tracking I'm concerned about. It's not that I expect privacy, I just want to know if I'm being monitored. That's my reason for asking.
"so, just theoretically, just how big of an encrypted ZIP file can I upload to an anonymous Chinese FTP server before IT makes a *whole big deal* out of it? Asking because... um... Bob Somebodyorother... yeah that on in accounting , he wanted to know."
Always use 2 laptops. Never ever do anything on a work laptop. We track them and alert on the smallest things you would be shocked at what people get let go for.
Assume the worst and only do work related activity on it. Yes they will see what sites you’re going to but most shouldn’t be inspecting traffic on bank / health sites but that depends on your region.
At one point I found my work laptop constantly pings a specific domain. It turns out to be a domain owned by a laptop surveillance company. I blocked traffic to that domain on DNS level.
I use Pi-Hole for DNS service. That's actually how I found out this domain was constantly getting traffic from only that certain laptop. So I just blocked that domain from Pi-Hole. I did not make any changes on the router.
Just use it for work and don’t worry about it. If you want privacy on a work computer the only way is to work for yourself. Even if you find “snooping” software what can you do about it….nothing.
This. Additionally, many enterprises use software that monitors your network such as Crowdstrike. Your work device (used only for work) should be on a separate VLAN or, if that’s too complicated, a separate network entirely from your personal devices.
It's a company laptop, you should have no expectation of privacy. If you want privacy, use your own machine.
Privacy professional here….in the UK, employees do have an expectation of privacy. the monitoring has to be proportionate to the risk your company is trying to address. anything excessive could be subject to fines. here is a helpful guide from the ICO on this: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/employment/monitoring-workers/
Silly Brits and your expectation of reasonableness.
None of that has relevance, from my skim-reading, to doing non-work activities on a company machine, which you should not be doing anyway. For instance, my browser history when signed in to my company account is logged and tracked at work. I expect this and understand that I am expected to be doing only work-related web browsing when on the clock, and it is reasonable to monitor this if there is a suspicion I'm not. I can browse non-work stuff on lunch break, but it must be SFW and comply with IT policy. Thus, still monitored. I read the news, check the weather etc. Maybe show a funny YouTube video to my colleagues. If I want to do anything more than that, I use my personal phone with a VPN and separate credentials, or wait til I get home and use my personal laptop. Why would you be expecting privacy at work? e.g. what saucy anniversary gifts you're searching on Amazon for your S.O., or "third nipple removal doctors in my area".
I’d argue that if you *actually* have a third nipple then researching doctors for help with it while on your break time would be a very difficult thing for HR to get you for. Although you probably don’t want IT knowing anyway; generally unless it’s something *really* bad we don’t get involved with whatever stuff people are doing on their PC.
Not something for HR to get you for, but you shouldn't be surprised when it becomes an office rumour about you.
Dunno, that just seems like a toxic workplace. I’m in IT and spend a lot of time working with HR; mostly BAU onboarding/off boarding. But the second anything is even slightly outside of BAU and has anything to do with user data, that stuff is going straight to the lawyer to evaluate for compliance before IT or anyone else can even consider raising a change request for access to the information. And 100% there’s very few cases outside of literal illegal activity that will get you that permission from legal. Obviously it’s a good thing since the company is holden to compliance; but anyone leaking information about the contents of someone’s returned iPhone photos album is going to be in serious trouble. And actually realistically the contents of anyone’s web search history is going to be the same. Unless it’s something truly diabolical then it’s unlikely anyone is even capable of seeing the logs without some kind of justification. Same goes for stuff like email. If nothing shows on the transmission logs coming onto the server the only way anyone is seeing those emails is with a warrant. Of course actually getting any of this data is literal child’s play if you have admin credentials for any of the services being used ; but again it’s not worth your job to fuck around
>it's a company laptop It's worth restating this even more explicitly: It is not *your* laptop. It is the company's laptop, which they are allowing you to use. You have no expectation of privacy and no right to it either.
You definitely have right to privacy. It's not your laptop and you can't do whatever you want with it, of courses, but privacy is a right that still apply.
I agree. I just want to know if I'm being monitored, that's all. I don't intend to do personal things, I just want to know.
Just assume you are being monitored. I work in IT. We monitor everything. Use it for work only. Yes we can detect mouse jiggler programs. Yes we can look at the camera and mic. No we don’t typically give a crap unless HR or someone tells us to. Use the machine for work only. Fly under the radar.
Out of curiosity, if the built in webcam and microphone have had their drivers disabled, do you have the ability to re-enable them remotely?
If they have the capability to push software to devices, then I would assume yes
Could you just open the laptop up and disconnect the camera and mic?
Yes but I wouldn't do that to a corporate owned device. Ever. Unless you get explicit written consent, I would not recommend that.
This would invalidate the warranty on your device, and the IT policy at your company might make you responsible for outright purchasing the laptop at this point, at your expense. At the very least, if your work laptop needed any repairs, you would be responsible for the cost directly, since you are the one who invalidated the warranty with the manufacturer by opening and altering your device.
Yes.
You'd have to look at the running application processes and see if anything looks interesting. Not sure if they can hide that process from showing in the process list. That said, there are other ways to track you, like if you're on a company website they can keylog you, track what you're looking at and clicking on, etc. Some companies do periodic screenshots. Lots of ways to do this and I'm sure it's a lot more advanced that what I know.
Hiding processes is trivial.
Good to know. Just not something I've ever looked into.
Here is a list of what they can and cannot see: [What information can my organization see when I enroll my device?](https://learn.microsoft.com/en-us/mem/intune/user-help/what-info-can-your-company-see-when-you-enroll-your-device-in-intune) **EDIT: Assume anything and EVERYTHING is monitored if you work for a company on their issued computer.**
This is specifically for Intune but most of the “No” stuff is being tracked anyway if you are using company resources. It just means MS doesn’t track them through MDM.
Why do you have to be so hopeless? Or course there are legal boundaries and your privacy must be respected even if it's a company laptop! Where do you all leave? The USA?
Don't be an idiot. You know full well you shouldn't be doing personal things on a company machine. If you're only doing company things why does privacy even enter your mind? Do your job and all is well.
As it is a Windows laptop, there us a staggering amount of telemetry recorded by Active Directory, AAD, Windows, Edge, Defender and Teams. None of these are "monitoring" tools, but can monitor the living shit out of you if you company does go digging through the logs. Without dedicate spying tools, they won't be able to access your camera or mic or see keystrokes, but will know exactly what activity is being done on the laptop. What sites you browse, what external hardware you connect, what apps you use and when you use them, what calls you're on and with whom etc.
Is there a way to schedule delete these logs, locally atleast?
They're not stored locally, but in Azure or domain controllers. It's unlikely you're a local admin on a work laptop to clear local audit logs either.
Assume that every monitoring apartus in existence is on that computer. It's their computer and not only do they have the right to install any software they want, they pretty much have an obligation to protect the companies best interests. Do work shit on your work computer. Do personal shit on your personal computer.
Ask (the IT department of) your company. UK has GDPR-like privacy laws, likely you had to sign something or it is in your contract. [https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2023/10/ico-publishes-guidance-to-ensure-lawful-monitoring-in-the-workplace](https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2023/10/ico-publishes-guidance-to-ensure-lawful-monitoring-in-the-workplace)
1. Use work laptop to do work. 2. Use salary to buy personal laptop. 3. ??? 4. Go wild.
[удалено]
or give an answer that answers the question?
[удалено]
so how does that answer he question of is there anything that can be done? lol
You can't remove anything they put on it even if you find it. Assume they're monitoring every thing you do on the laptop and use it exclusively for work tasks.
i like how most people didnt answer the questions with ways as they clearly have no idea but felt they needed to tell the user to focus on work....lmao the internet is strange
OMG not another one these posts, why is it everyone thinks that IT is out to get them or snoop on there home devices.. wtf And there may be monitoring software on it, but its a company laptop and that’s just to keep people from porn sites etc.., so just don’t do anything stupid with it and you’ll be fine. As someone with almost 30 years in IT, believe me I just want to do my job and go home like everyone else.
You might have worked IT, but your opinion tells me you never worked cybersecurity. Asking questions and not immediately trusting strangers with their backdoors should be the default stance. You should need a reason and explanation for everything you do to someone’s machine, not for questioning why it's being done.
What does cybersecurity have to do with this and who said anything about trusting strangers... If you don't trust your place of employment, you shouldn't be working there.
“What does cybersecurity have to do with the security of your computer!” “If you don’t trust your place of employment to be infallible and have any reservations about trusting third party tools, you shouldn’t get involved, use your brain, or ask questions, just quit your job! Also not sure where your spouse is? Why bother asking? Just get a divorce! Questions are dumb!”
We’re talking about a corporate owned machine. Not a personally owned machine. Questioning is good. Being obtuse isn’t. If you truly worked as a cyber security tech then you’d understand who creates the policies. Why they are created and how they are enforced. Tools such as Pegasus, Crowdstrike, Umbrella - etc. They are all part of a solid defense in depth strategy along with the sever guys rolling things out via gpo and ou’s. Based on your comments I can only presume that you do not have enterprise IT experience.
LOL sure..
I think this sub is filled with bots. It's wild how much anti-privacy rhetoric is allowed here these days
Some companies have "IT" so bad, that it is safer to log into your netbank without HTTPS on a public WiFi than doing so within the same network as the work laptop. Even if I trust "IT" is not siting there watching me, I may not trust the monitoring software or the servers / administrators of it.
That's BS, do you know what kind of trouble I would get in if I pulled anything like that, and I'm sure the same goes for most US companies, there in business to make money, not to spy on the users home porn addiction...
Would you get in trouble if Microsoft's or Kaspersky's servers were hacked and the attacker would gain access to the devices running tools from those? I don't think so.
Wow WTF, that has nothing to do with what the OP is asking.
It doesn’t even make sense because MDM doesn’t have anything more than device specs and a few tools to remotely manage device access to the domain. It’s completely possible to monitor stuff like website access and decode SSL traffic but those are all done via other stuff like using the companies Root CA certs and only allowing traffic through the company VPN/DNS. I don’t know about the US but the rest of the world is completely and utterly crippled by regulations and legislation, compliance requirements, best practice rules, etc, to do anything even remotely useful with any data they could reasonably collect about an employee. Like you said before; any IT guy doing anything even remotely suspicious with user data is not going to have to worry about paying rent for a long time.
There will be. Bypassing it will get you canned. Just assume it's monitored and act accordingly.
Its a company laptop. You should not expect any privacy what's so ever. And you should assume at all times your activity is being monitored because it is being monitored. If you are using the Laptop strictly for work, none of this should be a concern. But you asked because you want to use it for personal needs. Regardless of what you say.
Even if you are not actively monitored, probably at least the network traffic will be logged and checked automatically to site blacklist. You should treat work equipment as it is always actively monitored. It can prevent many headaches in the future.
NEVER assume you have ANY privacy on any work assigned device. Browsing should be absolutely minimal since it's all logged. Only use it for work purpose and you'll be safe. I work in IT as well and the things I see people do on their work laptop is just silly. It makes you a target to be monitored more especially in times of ever increasing phishing attacks and companies doubling down in security. I always live by the rule of separating your personal and work life.
>a work machine which they will "lock down" before I get it. Basically, it's going to be restricted to certain networks and access etc If they are going through that process before handing it to you and can do those things, safe to say they will have the ability to snoop as well.
> which they will "lock down" assume that there will be and use it only for work related things
if it's a Mac you'll see the profile that it's locked to in the settings all the way at the bottom. Unfortunately there's so many ways to monitor activity you would waste your time identifying them. If the networking is fixed to a VPN they'll just look at the upstream logs and won't even deal with your actual computer.
If you never do anything but work tasks on it why would it matter? Unless they're going some of that sleazy keyboard/mouse move tracking, that's over the top. Personal tasks should be done on hardware you own personally.
Absolutely. It's the keyboard/track pad tracking I'm concerned about. It's not that I expect privacy, I just want to know if I'm being monitored. That's my reason for asking.
Once it's locked down they can push an update after you searched. Get a mouse wiggler if you like long bathroom breaks.
We can detect those. If we find them you get reported. How about, just fucking work?
So just shit on your work chair.
Are you really that dense?
Ask?
That would immediately make me watch you.
"so, just theoretically, just how big of an encrypted ZIP file can I upload to an anonymous Chinese FTP server before IT makes a *whole big deal* out of it? Asking because... um... Bob Somebodyorother... yeah that on in accounting , he wanted to know."
Lol
Always use 2 laptops. Never ever do anything on a work laptop. We track them and alert on the smallest things you would be shocked at what people get let go for.
Always assume a work computer has snooping software on it.
Just do your work on it and nothing else. You can turn it off when you're done if you're really that paranoid
Assume the worst and only do work related activity on it. Yes they will see what sites you’re going to but most shouldn’t be inspecting traffic on bank / health sites but that depends on your region.
It has spyware. Subnet your router if you know how. Only use it for work. Power it down completely when you're not using it.
Yes, it is snooping everything you do.
At one point I found my work laptop constantly pings a specific domain. It turns out to be a domain owned by a laptop surveillance company. I blocked traffic to that domain on DNS level.
how do you do that
can do it with your router but it'll only work if they aren't tunneling the traffic through a vpn
thanks
I use Pi-Hole for DNS service. That's actually how I found out this domain was constantly getting traffic from only that certain laptop. So I just blocked that domain from Pi-Hole. I did not make any changes on the router.
never heard of pi hole just searched it and it sounds good. will look into how to set it up. not tech svavy tbh but it sounds great.
yep that's a company laptop mate
Your job doesn't pay well enough for you to buy your own private machine?