It's always been hard to know the extent of how draconian tracking actually is (IT pros tend to not talk about it much).
In the US, there's the expectation that when you use an employer-provided device that any and all activity on it can be fully monitored/recorded and used against the employee for any reason. In practice, however, few people worry about reasonable amounts web-surfing, being on hacker-news or doing life-activities on their work machines. Oh, here I am on hacker-news when I should be working.
With AI, this changes significantly since the man can now employ a robot to categorize and finely scrutinize every little thing with the pretext of "training" (to take your job). We will soon have to brace ourselves for an absolute draconian level of tracking.
This is something that genuinely runs the gamut across different companies—plenty don't even know the serial numbers of company-owned machines, never mind which devices individuals have, while others do effectively have live feeds of every employee's screen available to managers at all times. In between you have many businesses that manage their devices but only insofar as to enforce some basic protection and reserve the right to investigate it in the case that something does go wrong. In having conversations about this kind of stuff with company leaders, many will strongly reject any of the most invasive tracking stuff, believe it or not.
I do agree, though, that for any type of surveillance, the rise of AI presents a really problematic opportunity to allow more targeted observation, since nobody has to spend their own time looking for what people are doing, they can ask an AI to keep tabs and look out for the things they care about.
On that note, I think one of the more realistic risks for an everyday person doing personal things on a work machine is probably insider threat from a rogue IT admin, whose access allows them insight into company devices without enough oversight.
I think IT departments also tend to underestimate the risk they pose when they manage machines. Look at Stryker, where intruders used Intune to wipe all the company's devices. The ability to do that shouldn't exist, but the IT department happily rolled out the means of their own destruction in the name of compliance and making their lives easier.
Device management is definitely a big hole to punch into each machine, but, once you're above a handful of staff, managing devices manually is not really tenable, and I do think the restrictions provided by device management have tangible benefits (it's amazing what people will download and run without a thought).
Arguably the risks of the MDM should be assessed and mitigated with some kind of defense in depth approach—highly sensitive things like bulk wipe disabled with multi-person approval required to re-enable, hardware MFA requirements, anomaly detection + alerting for weird behavior, etc etc. I'd argue the risks stem more from badly configured MDM where a compromise of one sysadmin's browser has a company-wide blast radius, rather than the fundamental presence of device management itself.
I think I'm probably coming at this from a different perspective than IT people.
I've worked on IoT products where we've deployed fleets of thousands of devices without user interfaces placed all over the world in random, inaccessible places, hanging off cellular radios. We're definitely not managing those manually. Architecting management systems for that is always interesting. Sometimes the question would come up, "why don't we do X?" where X necessarily included the ability to brick the entire fleet (and probably kill the company) in 5 minutes. My philosophy was that certain things are too dangerous to exist, no matter how useful they might be.
Are you IoT devices ALSO used by humans directly, where they would be forced to have some admin permission to do their work if there was no MDM system?
MDM are clearly a possible SPOF for certain attack vectors, but are also the only defense against others (unless you want to hire a legion of IT helpdesk specialists)
There are also individual-level risks. If you capture everything, you might capture bank account numbers when setting up direct deposit or credit card numbers from corporate purchases (these are clearly valid uses of company equipment). In a only slightly less valid use, you might submit a medical claim (using a company benefit), and surveillance software gets part of your medical record.
There are underappreciated liabilities companies take on with this monitoring.
Yeah, many companies don't want the liability issues. Like what happens if I open my bank account on my work computer? You could argue I can expect someone to be watching but I have no warning that someone is? Here in the EU that would probably be an easy lawsuit.
Why would you ever login to a sensitive account on a device you don't own and have root on? Like I trust my employer not to do anything shifty with my banking info, if I were to use it, but I'm not going to take that chance for a dozen reasons.
> Why would you ever login to a sensitive account on a device you don't own and have root on?
You mean like the phones that everyone uses with banking apps?
I don't. No financial transactions for me on something so easily lost or stolen, with any number of possible exploits lurking out there. Phones should be treated as compromised from day one.
I have my problems with this as well, but at least no one else already has root on my phone.
You probably use direct deposit in which case your employer already has your banking info
They have my account and transit number and stuff, sure, that's different than my username and password for online banking. We print them out on cheques that can be (reasonably) safely given to my plumber.
patio11/bitsaboutmoney has some good writing about this
In most cases, that's an external payroll service, not the actual employer that has that info.
People often have accounts at multiple banks…
your employer knows how much they paid you and what account they paid to. They don't know your balance, where else you might be getting money from (selling science fiction short stories eh, Cosgrove?! This job should be enough for you!!), that you have donated money to the Democrats recently!! We suggested that was bad!! And lots of other things that come under banking info.
What are the reasons?
Can’t speak for the EU, but the companies I’ve worked for in the US explicitly state what they do not track in their privacy/use policy when giving out laptops/phones/tablets.
E.g. their anti-virus or firewall system may ignore URLs related to banking, medical, or political affiliation and chose not to log or decrypt that traffic
Once I was trying to find a scene from a TV show at work for a joke with colleagues, and the quote I used ended up triggering a very NSFW search. Did not get fired, not even talked to. Thank goodness!
A lot is tolerated, until they want to get rid of you. But in the EU i'm pretty sure they can't use regular non-compliance stuff (general browsing, etc) in evidence. In DE you can't even identify an individual.
Moreover: what is the upside?
Spying on employees is not free. If you want to spend serious resources doing it, there has to be an upside.
How do you expect an employee to prove their banking actions on the company computer were spied on? I imagine this impossible to prove.
If the employer is spying on everything, it's quite easy.
In discovery you can ask for the records. Of course you would need some initial evidence to show it’s likely it exists.
By having it in a small window that's always on the screen.
Isn't Facebook training their AIs on their finest engineer's computer use so the AIs can become better computer users?
In this case, the more insidious yet subtle risk and attack vector for humans using these Facebook computers, is that Facebook begins to use this data to discriminate (legally) on performance metrics. They can then use these to automatically disseminate performance improvement plans, lead to higher productivity (perceived, as whats measured no longer ends up being a useful metric) and control and urge people to do more of what they desire.
And my curiosity is: does what Facebook desire align with what the humans who work for Facebook desire? I think with AI, that's a no. The company desires as low a labor/workforce/compensation cost as possible, while the humans desire as much compensation as possible.
I've always, throughout a 25+ year career, kept personal business on personal devices and work business on work devices, and never cross the streams.
Oddly, this is really controversial on HN, though! I've gotten so many weirdly angry responses when suggesting people try it, like it's a huge inconvenience to just bring a personal phone to work in order to do your banking and fuck around posting on HN. It's so much easier now than pre-smartphone to keep worlds separate.
There's no reason my employer needs to know what personal errands I need to attend to throughout the day, and they obviously are not going to approve of me doing confidential work business on my personal devices, so it's a win-win.
> like it's a huge inconvenience to just bring a personal phone to work
It's not inconvenient to bring a phone, but it is very inconvenient to have to conduct personal business on a phone rather than on a laptop.
Nonetheless, I agree that it's a bad idea to conduct personal business on an employer-owned machine.
But I don't want to pretend that it's super convenient to have to carry a second laptop, either.
Now with the Macbook Neo, the new XPS 13" or the Chuwi Minibook X (discussed at length at HN yesterday), it is more convenient than ever.
> I've always, throughout a 25+ year career, kept personal business on personal devices and work business on work devices, and never cross the streams.
Interestingly, I have a similar career and I have never ever split personal and work businesses on different notebooks/phones. On the other hand I would never even consider working with a company that monitors my screen or has insight into the computer I'm working on.
I'm the same.
When people who maintain this separation travel for work, do they just bring both along? My laptop is often the heaviest thing in my bag, I'd hate to bring two.
[late edit: I meant work travel]
Yeah, I do. My personal laptop is a Macbook Air, so not too much of a burden.
I don't generally bring either. If I'm traveling, I'm on vacation.
Last time I travelled for work I brought only my work laptop.
But I do commute on bicycle with both in a bag clipped to a child seat. Combined weight of the devices is 4kg.
I believe they do not bring work laptop. A separation is a separation.
Travel doesn’t always mean vacation, or work. For me, it’s rarely only one.
I very rarely use my personal laptop. I stream on my phone, if I want a bigger screen, I either cast or use the app on the TV. So for me it's work laptop and two phones, not bad at all for the peace of mind. I literally turn off work. I used to run mixed, and I really wish I had changed earlier.
I did find this odd at first too, but then I realized something: it's a pain to maintain a device. Customizing it to the way you like it is not only a waste of time, it's tedious and never ends in an age where defaults are often adversarial to your interests. It's enough work taking care of one pet/kid, you might not want another.
Now I'm a nerd and I went through a realization that I should treat my devices as 'livestock not pets' and went to the trouble of building a NixOS config so that I can have two or three machines that all behave the same. But that's its own labor and still doesn't solve the phone problem. Or the fact your employer won't provision you a Linux with root.
Living by this personal/business separation is probably something most folks would aspire to, but technology as we practice it conspires against them.
"your employer won't provision you a Linux with root" - there's your problem!
In the years before the subprime mortgage meltdown, I was writing code at a massive bank. Didn’t have an iPhone yet and Gmail was blocked on the work computers, so I’d step across the street during the middle of the workday to sign into a law school library and use their computers to check my personal email. A lot of friends still didn’t want to spend money on per-message SMS fees so I could find out if anyone was inviting me to do something after work in my Gmail inbox (a lot of us used Gchat in those days but the only way I could access it was on a desktop/laptop, no mobile yet).
I agree that these days it’s vastly easier to avoid crossing streams since we all have a personal mobile smartphone.
I do the same. Its very easy today with portable devices and plentiful mobile data. I have my personal phone and personal laptop, connected to mobile data, for lunch breaks or the odd search I need to do during the workday. My work laptop and associated accounts are strictly for work activities and information.
Edit: From what my employer has explained, they do not have a live-view of our workstations. They can (and have) changed Google Workspace or Microsoft account passwords in order to access the accounts for internal investigations or sharing in the case of a criminal investigation. Of course, once they have the work device they could do forensics on the work device. They also have security logs from badges and alarm codes and video from security cameras in public areas.
I’d note that my concern with Meta tracking my keystrokes isn’t that I’m mixing work with personal but that Meta is an intensely metrics driven culture with KPI optimization fixation (iRev is the heart of all their decisions, even at the cost of doing things that are clearly wrong, likely illegal, or immoral). The place is a pressure cooker of performance management and while this data likely is used for model training, there’s zero chance it’s not also going to be used to measure your relative performance and determine when to fire you because you aren’t conformant enough with whatever bizarrely poorly thought out metrics some VP pushed some director pushed some M2 to conceive of then everyone nods and signs off on as long as they can wave a data scientist at it to say “statsig,” with the ultimate goal of producing a classifier that can automate the process of end to end reviews (how do you really do a 50:1 IC:Manager ratio without performance review automation?)
They’ve already structured the model to be a binary classifier - every six months they’re going to let go 10% for performance, and they are flattening the performance range in the upside to show no signal. They billed this as a great thing for ICs because they won’t have to compete for classification and there’s no bubble zone of impeding doom, but they gloss over the top grading range went from 10->15% per year (in 2025) to 21% (as the 10 percent twice a year compounds) performance cuts, and they try to hide the fact LLMs will be doing the reviews for managers (not to mention a 50:1 IC to manager compression implies letting go 80% of managers - so the managers are now in full on squid game mode using ICs as meat shields).
So I think the “will they see my personal stuff” is not at all what is going on inside the mind of meta employees. It’s the fact they’re being fed into a stochastic parrot wood chipper.
I also find this weird. Even though the companies I worked for didn’t have any crazy rules or restrictions (never had phone from work), but I never used my work laptop or computer for anything personal. I have friends doing their own side projects on theirs. Even though in the countries where I worked/work they have to let you know what they track if they track, I still remember one of my contracts that stated that any work done on the work computer belongs to the company. That’s why, even if maybe it’s not legal for them to say that, I never ever used any subscriptions, hardware or tools provided by my employer for personal use.
My last employer had a very generous moonlighting policy. You could absolutely use their hardware.
Agree with this. The > the organization the > the big brother dystopia. Big corps that say use outlook will ask for admin permissions on your cell which include delete access, reading media, etc if you want to use teams/outlook. So i never opt in. Probably good for work life bal. They can call me in emergencies.
Especially because many employers use security tools that log your activity, including keystrokes.
Which means your keystrokes (passwords, cc numbers, anything you type on your work laptop) may now be sitting in clear text in logs somewhere.
I fully agree with you.
I think large majority on HN works in cool startups without IT rules that could even cost their job when failing security assessments.
Another one, there is no cowboy instalation of dependencies, the CI/CD servers can only talk to internal nexus, jfrog,...
Yeah, that's pretty clear. There's a comment saying that just managing PCs is risky. I don't think most people here understand how 1000s of devices are managed in larger companies and the damage an average non technical user is capable of if just left to their own devices.
I'm the exact same way. If it's a work device, I'll literally never use it for something personal. Why give them any ammunition? Plus, laptops are so thin these days it's not really a burden to pack two, or use a phone like you said. It's one of those things where it almost certainly doesn't matter... until it does.
> We will soon have to brace ourselves for an absolute draconian level of tracking.
Somehow this reminds me of the old adage in finance :"The optimal amount of fraud is not 0"
Meaning that you could of course come up with a system in your accounting or banking or stocks or whatever that is totally 100% fraud proof.
But that system would be so onerous that none would use it. They'd go back to a more fraudulent system that is easier. Like, 15 retinal scans, a blood draw, and a bank approved minder just to buy a taco isn't workable, duh.
I'd say the same here too. You can of course use AIs and LLMs to figure out exactly how much work a person is doing and try to optimize them down to the second. Amazon is currently doing this in their warehouses. Any given month comes up with yet another instance of a worker dying on the floor and people having to continue working around the literal corpse.
And Amazon then has to run through communities, one after another, trying to hire people to work in that system. Their SEC filings note, incredibly, that population exhaustion is a real threat to the workforce.
Thus, the optimal amount of surveillance for an evil megacorp is not 100%.
Draconian, sure. But Amazon is already over the balance point and is trying to squeegee back towards the optimum. So far, it seems to be a lot further back than we thought.
Same principle as too much security. One of the things that contributes to this is that the safety side usually doesn't have any incentive to reign itself in.
There is an old adage for that general idea.
"The treatment should not be worse than the disease"
What a relief, it won't be 100% but just to the extent that Amazon does it in their warehouses.
>Thus, the optimal amount of surveillance for an evil megacorp is not 100%.
Yes, and they will do it anyway, as long as they can afford it, and even if they can't.
Business decisions aren't always optimal.
> In the US, there's the expectation that when you use an employer-provided device that any and all activity on it can be fully monitored/recorded
I don't expect this. I know that some companies install spyware on their devices, but I don't expect it, I don't accept it, and if they did it without disclosing it I'd be furious. I understand they're allowed to do it. I'd never work anywhere that did.
You can rest assured a company firing you for what they saw while surveilling your work computer will not be so stupid as to reveil this fact. That would indeed be a liability for them. They will simply invent a different reason for firing.
Because they know it's not allowed (or at least frowned upon), but they decided to do it anyways, the company surveillance is kept secret and downplayed and plausibly denied as much as possible.
Well, usually they would never tell the person the real reason for the firing or layoff anyways. there's no benefit for them to tell you, it just increases liability.
Or they just find another way to show you did it - the idea is very similar to how law enforcement uses illegal spying. They simply find another way to prove what they already caught you doing - it’s called Parallel Reconstruction.
parallel construction
I think the keyword is “can”.
It is allowed, contrary to eg the EU, where this is not allowed.
It’s not true that it’s not allowed in the EU. There’s the Barbalescu ruling which is case law that says employers must fulfill a bunch of criteria around informing employees, the necessity of the monitoring, and they are not allowed to impose blanket bans on private use, but it is still legal to monitor employees in the EU.
It can be legal, but demonstrating the necessity is a significant bar.
Yeah, I know they can. I just can't believe it's normalized and that people simply accept it. Good on the EU for pushing back.
I guess from my perspective there are even more dire problems in the US that I'm surprised people accept. But it seems they don't know, or care, or know that they should care.
Perhaps it's the lack of proper authoritarian regime in the US' past that drives this. I believe the temporal proximity of such makes people aware of, and angry against, the many traps that such systems leave in their "law", so you can be imprisoned anytime for anything. EU has a bunch of countries with varying degree of such past.
Most people need to work to support themselves so it's quite inconvenient to single-handedly solve all of the problems in the US. Suggesting people simply don't know or care is very naive.
On the time where Europeans fought for their worker rights they had to work, too. Often even not yet having other civil liberties.
However a thing that changed is impact: A handful coal workers could interrupt work in significant ways.
I’m sympathetic to this view, butI don’t see any evidence they actually do know or care though. This (workers rights) gains no traction in US elections. You have this weird macho culture around it, almost like complaining about this abuse would be a sign of personal weakness.
You should expect it because it's the safest position to work from. Don't use your work device for non-work, they may be tracking something or everything and do you want that in that record.
Additionally, don't use personal devices for work, but that is because of other reasons.
I'm surprised you can't believe it.
Most companies large enough to have their own IT have monitoring and know what's going through their network. The larger the company, the more likely they're watching. I've personally never seen that information used against anybody unless they were looking at shady stuff (porn, hacking websites, etc.), but I'm sure they're monitoring.
Even outsourced IT for small companies will often put "security" software like Sentinel One or Sophos on machines they manage, and those can track and block web traffic, report everything being installed, and even MITM HTTPS traffic.
Personally I don't see the big deal. If I don't want my employer watching something, I don't do it on their network. I monitor what's going on in my tiny home network, and I expect anybody administrating larger networks does the same thing.
Why the scare quotes around security?
It is allowed under certain circumstances.
I am pretty sure there would have to be a court order, i.e. a severe violation would have to have good ground to be suspected.
No court order. Just a suspicion against an individual, and a process to follow. Plus, you have to tell them. There is no mass surveillance without notice, correct.
> It is allowed, contrary to eg the EU, where this is not allowed.
Its allows in most of the EU apart from germany where there are strict limits.
however you can still record what your users are doing for purposes of detecting fraud. This is where it differs from the USA, where they can do anything because they have no data protection laws.
I always assume it is the case that my company will spy on my work computer. It’s naive to assume otherwise; there are just too many incentives/externalities for it to not happen given enough time and a reasonably funded infosec department.
if it's a device provided by your company, it's very likely it'll have some spyware on it.
Regarding what is available, imagine a system with reports and dashboards showing a timeline of which application was in focus and for how long, metrics on "activity" like keypresses and mouse clicks, periods of inactivity, lists of websites visited, whether you are joining scheduled zoom meetings, whether your camera was on, when you badged into and out of the office, periodic photos being taken from your webcam, geolocation on where you sign in from, and I could go on.
Most of these things are available bundled with most of the business Microsoft subscriptions while other telemetry comes from other tools or homegrown sources and is available to managers and IT staff on demand. Now, most of the time no one was really looking at most of this unless they had a reason to, and while I am no longer in this end of things since LLMs have reached this stage of maturity, I can imagine they are now being tasked with constantly watching for patterns in worker activity which deviate from the expected norm and are fully capable of notifying your manager automatically along with a detailed analysis of your activity.
The thing to understand is that the modern office is a veritable panopticon.
This is the fruition of Microsoft's dream, since it's the most obvious way to drive copilot usage in a way that A) burns mad tokens, B) is actually useful to paying customers.
Though, I have to wonder if distracting leadership with shit like this will be bad for business in the long-term. Both because leadership will fail to do their jobs, being too busy playing peeping tom on employees, but also because it takes their eyes off the prize - measuring the things that make money.
Doesn't visiting hacker news count as personal growth? Or am I supposed to grow professionally outside the work?
Yep.
One time my manager did a hour long lecture for our team on how personal growth is important and that we all should expand our horizons and learn new stuff.
When I tried to reserve 2 hours A WEEK for studying tasks I got push back that I should do it on my own time. It was a complete joke.
This sounds like the "everything you create in your own time is company property since we cannot distinguish if what you do in your own time isn't company related" clause in some contracts. Under no circumstance is it actable where I live, but it can sure scare the hell out of people and presents a line of thought. Yes, some companies think they can own copyright on the things you write at home.
I call that the "shower clause," because the company claims ownership of any ideas you come up with, in the shower.
I think, like noncompetes, there's limits to how far the company can actually enforce it, but they bank on the fact that they have lawyers on permanent retainer, and you don't. Even standing up for your rights, against blatant corporate overreach, is expensive.
[dead]
I always ask companies to remove that clause from contracts, I think all offers I've ever got had that clause, but also 100% removed it on request.
Interesting. I've always asked, too, and 0% were willing to make any changes to their policies. I suppose it has a lot to do with the size of the company and your relative bargaining power.
Probably cultural norms and location play a huge role here, I'm in a nordic country and feel like trust is generally high and people are reasonable.
My bargaining power is not that high and managed to do this from tiny companies to global corporates.
If my contract says that I must be available immediately at any time, do I have ANY personal time? Or is all of my time their time too?
Absolutely. Your personal time is that time which, in retrospect, the company didn't need you for. It's strictly a backward-looking definition.
In the US, the enforceability of that sort of thing depends on the state. Generally, if that state enforces non-competes (other than for selling the business, or managerial staff), then it most likely enforces "you're salaried, so everything you invent belongs to us".
The legal term to search is "work for hire".
> When I tried to reserve 2 hours A WEEK for studying tasks
I've never understood why employees push for official approval like this. It's not surprising you don't get officially dedicated "study time". The vast majority of programmers aren't hourly anyway, so officially sanctioned study hours doesn't even fit in with how work is prioritized. Not to mention the optics look terrible if your team is ever behind your manager is now in the awkward position have having "non-work" on record as part of what you're getting paid for.
Just bring your book with you and read during slow period, when a job is running, model training etc. You're not hourly anyway, so in theory any non-project time is your time anyway.
I've never had official permission to study at work about I've also never had any problem studying at work. If you're shipping consistently and high quality nobody is going to care if you're occasionally reading through a book chapter or watching a lecture online.
My last employer had a monthly Day of Learning where you could study whatever you want (so long as you could sort of tie it back to work). It was great. They’d organize presentations from employees but you could spend the whole day essentially however you wanted.
> you could spend the whole day essentially however you wanted
Then, can I just not go to work on that day? Or am I forced to waste time in the office? Honest question.
> If you're shipping consistently and high quality nobody is going to care if you're occasionally reading through a book chapter or watching a lecture online.
Or if they do, it's a toxic workplace.
>I've never understood why employees push for official approval like this.
>I've never had official permission to study at work. I've also never had any problem studying at work.
In this case, since the manager was the one pushing for "personal growth", asking ensured that
- the activity is sanctioned, and one doesn't have to bet on nobody asking questions
- it effectively gets put on record, in a quantifiable way, and can be used for promotion/salary boost at performance reviews
- it also enables others to do the same, even if they're not "shipping consistently and high quality" (in the eyes of the management). So that they could reach that level, y'know. Learning that benefits the employer isn't a reward one should earn for high performance.
- in case of denial (as in this case), one gets a clear signal about where the priorities are and what's bullshit, and can act accordingly. By updating their resume, at the very least.
>If you're shipping consistently and high quality
I cannot emphasize strongly enough that this "if" kills your entire point.
>You're not hourly anyway, so in theory any non-project time is your time anyway.
I don't know what fantasy world you live in, but when I was in Google, we were told to bring our entire selves to work.
That's to say, while you were there, Google has your entire self. You're no longer a mere person, you're a Googler, and there's no such thing as non-Googler time while you're on the payrolls.
The consequence of "you're not hourly" isn't that you get to have non-project time to yourself. It's that you don't get to have your time. All your time belongs to the company; you are bringing your entire self to work.
Sure, you're allowed to spend some of that time doing other things. The Corporate will graciously avert their eyes. You will be held accountable for what you do in that time though.
You better answer those stupid emails while you're loafing, because you weren't hired to answer emails, and the engineer's time is expensive. You are expected to demonstrate impact for every hour spent. Answering emails is not impactful. You still have to do it though.
So you do it in your "off the clock" time, when the corporate isn't looking.
There is no such thing as YOUR time. There merely is time when your performance is measured and judged (working hours).
It's showtime, when you compete with other employees for that promotion (or simply not being fired).
It's a precious resource that you have to ration for the pirouettes that get the most points from the judges, like coding and leading and doing other things with demonstrable impact.
An athlete doesn't stop being an athlete when the competition clock stops. Oh no, that's when the real work begins.
That's why the parent commentor asked.
The real question was: do I get points from the judges for this move?
If the answer isn't a "yes", then the judges expect you to do it in your "off work" hours when they aren't evaluating your performance. If they see you doing it, it will adversely impact your score.
You're only supposed to do things that count during the preciously small 8-hour window when The Corporate deigns to see what you're doing.
The things that you have to do to showcase this performance are the things you do on your own time.
You don't watch the Olympics to see the athletes do all the things that they have to do to be high-performing athletes.
There's a word for people who, say, only play soccer when there's a judge present to count the score, and go back to their lives in the end of the day.
The word is amateurs.
Amateurs don't get paid. And they're certainly not needed in the club.
It's not just Google, of course, other companies are the same or worse. The corporate chat shows who's online and when, inviting the employees to the after hours game.
Oh, and the best part is having everyone judge each other.
The Corporate promises not to look when the clock stops, but your peers aren't beholden to the same promise.
They will look, and they will judge.
No, the corporate doesn't expect you to help out a colleague in the "off hours". But someone's going to write that peer feedback in the end of the perf period. And you don't want to be the unhelpful one.
You can't complain about being messaged in the off-hours because the corporate says that you a aren't required to answer messages at that time, so there's nothing to complain about.
Prisoner's dilemma ensures that the judgment never stops.
The competition keeps going; you're just being judged for different things.
And none of them is the process personal growth.
During work hours, you'll be judged for how much you "personally grew".
But nobody wants to watch the paint dry or watch the grass (or you) grow.
[dead]
This is when I would look up the nearest course for the subject that the job would want me to study, including the cost, time and travel distance. Talk is always much cheaper than the real thing.
I wonder what happens when you have kids and you can no longer spend your free time to keep learning new things that your company wants you to know.
(Just kidding, I know what happens... they will fire you and hire someone who doesn't have kids.)
> (Just kidding, I know what happens... they will fire you and hire someone who doesn't have kids.)
And then the boss will blame young people for collapsing the demography and endangering the country.
Either get let go, fall behind, or pick up an expensive stimulant habit to try and eek out a little productivity at unholy hours.
You either fall behind/into a rut, or like you said, get let go. It’s scary
I'm experiencing a similar thing- company pushes online lectures but don't even think about putting them on the sprint board.
Most of my knowledge of new tools comes from newsletters, forums, and content creators. I find things through passive media consumption (and, where I can get it, discourse with other enthusiasts) more often than I find them in the course of trying to solve specific problems.
But not all managers think that your learning sources are valid, and care more that you spend time on their learning paths. Even if it's your off time.
(Yes, there is a story attached to this haha... and more importantly, several different writeups[1][2][3] on how random internet wanderings have been more beneficial to my overall technological capability than people who insist on the importance of a CS background when building dashboards and client UIs. In practice, thanks to a dev box with insufficient RAM, and your typical tabbed-browsing problem, I used `pkill` over `ssh` -- something I picked up from toying with Over the Wire levels in my off time -- a lot more often than I used linked lists at that job.)
[1] bhmt.dev/blog/scraping
[2] bhmt.dev/blog/ctf
[3] bhmt.dev/blog/feeds
One time my manager messaged me panicking about a big nextjs vulnerability. I told him, no worries, I saw it on HN and we patched weeks ago. He told me to use HN at work as much as I want.
No. You should grow professionally outside of work by also following the work-mandated professional development plan. And you will be punished if you don't do it, or you do it at a pace that doesn't match expectations.
You know, don't forget the details.
I once got told for an internal promotion I couldn't put anything regarding my current role, responsibilities and achievements in the role. I got told to put any volunteering or previous.
Reason given was it's what is expected at work everything you do in your role, you need to show above and beyond.
Seems like that'd just discourage people from going above and beyond at work. Why do more than the bare minimum to avoid being fired if nothing else you do counts?
>Look, we want you to express yourself, okay? Now if you feel that the bare minimum is enough, then okay. But some people choose to wear more and we encourage that, okay? You do want to express yourself, don't you?
(This is from Office Space for those who don’t know. Hilarious scene with Jennifer Aniston)
The Flair scene? Oh seriously than got me so much vicarious embarrassment, I feel uneasy just at the thought of it.
[Jennifer Anniston flips Mike Judge the bird, on-screen #inLove]
>>"How's THIS for expression?!? I'm sick and TIRED of this ... job!"
----
I will never go above&beyond again – for any corporate entity – ever again. You can blame past corporate bullies, not yourselves.
Or grow professionally during work hours using a personal device.
You're 100% supposed to grow professionally outside of work.
And catch up on chores during work hours
What else would you do when i̶t̶'s̶ c̶o̶m̶p̶i̶l̶i̶n̶g̶ claude is generating?
Says who?
pass
This is such a curious POV for me - I'd genuinely like to hear your thoughts on this. Who owns your career growth if not.. you?
(If you don't desire to grow your career, that's a viewpoint I can entirely understand.)
some people see 'career growth' as going to seminars and networking with manager types.
some people see 'career growth' as opening up a new technical manual and acquainting themselves with new stuff.
I think it's import to differentiate; networking with managers and going to industry-specific (or even company specific) seminars offers next to zero enticement for me, but I usually always have the time to read about a new language or tech.
In other words: If a growth opportunity arises, i'd rather it be personal growth.
Maybe? And yes.
> It's always been hard to know the extent of how draconian tracking actually is (IT pros tend to not talk about it much).
Having worked at a FAANG and then downsizing back to IT (it's pretty great if you don't need the paycheck), I'll say a bit here. I was FAANG for 8.5 years, though in a more limited role for half of that. I've been doing the IT thing since 2018, first at a small private company and then at a gov state agency.
We were ~25 people and we had one person who was a nightmare. They created a toxic work environment. I asked for a meeting with the owner and brought a laundry list of documentation about their behavior, including spending most time not performing the job (browsing online shopping instead). He asked if I knew their device name so he could pull it up and see what she was doing right then. I didn't know. I'm sure he checked later.
Every computer had management software that allowed remote viewing and remote control because of course they did; we managed fleets of machines. I genuinely don't think the owner ever had the impulse to spy or check up on anyone until that moment, when he was receiving really troubling news. I worried more about the security camera installed after a break-in because it could expose my long breaks when I came in super early in the morning.
Where I work now, users have to approve a screen sharing session. I can't just spy on someone like at my former employer. But there's undoubtedly metrics being recorded in case anyone ever needed to profile a user's work time (say a labor lawsuit, for example). We all know we can be tracked on work devices.
My expectation is that while your company can, theoretically, track everything, they have no motivation to waste their time unless given a reason. Maybe AI will change that as the cost of tracking creeps closer to nil (probably). And at Meta, I think they're evil enough to consider the cost worthwhile anyway. But probably not a big deal most places so long as you aren't up to anything beyond slacking off. People have work to do.
It's like a law of technology. As technology increases the ability to surveil increases. Then we learn why we weren't surveiled in the first place. It was just a lack of ability - not laws, benevolence of government, etc. I cannot imagine a world 100 years from now without much more surveillance.
Literal thought police is not a crazy idea. That might only require more usage of something like nueralink and progress in processing signals from your brain.
Why would you do that on the employer-provided device? I just use another laptop and my smartphone. I am even using headphones if I want to listen to something for privacy, no idea if my company would go as far as recording from my microphone but I am not willing to take the risk.
You bring a personal laptop to work with you?
I have been working from home for the last 8 years but when meeting the team onsite I have seen people bringing small personal laptops and ipads so it seems quite common. Those days at the office were so sporadic that I could do with my smartphone only.
I've never seen anyone do that across almost two decades in tech, it's a security risk that would absolutely get you the wrong kind of attention in an organization that takes itself seriously.
Personal laptops go on guest wifi with zero access to company resources, just like personal phones
+ everybody working in tech has a large mobile data plan, no reason to even connect to the wifi guest network.
+1, guest network is risky. Even VPN/ts is risky, since you're actively hiding what you are doing. Mobile data only.
So I assume your company that take itself seriously ask you to leave your personal smartphone at home.
I wonder if the AI's that replace us will be periodically web surfing and checking HN as part of their daily work flow?
Only on their 30-minute breaks, perhaps.
I don't think AI introduces anything new. In theory, manager could pull the reports of their 4-12 people to see which programs are active and what websites they are using for how long once a month, targeting individuals that they are looking for a reason to bump. No AI needed.
> In practice, however, few people worry about reasonable amounts web-surfing, being on hacker-news or doing life-activities on their work machines. Oh, here I am on hacker-news when I should be working.
This is all nice and good, till the employer needs a reason to fire an employee, then suddenly all such things become relevant. Maybe a bit less in at-will employment situations where there are low barriers for kicking people anyways.
What you’re concerned about doesn’t stop at the employer.
Anyone with access to data being processed about you may have incentives that align similarly with your employer’s use case.
Advertisers, Internet service providers, phone manufacturers, social networks, tech platform providers, schools, families, spouses, nosy neighbours, nosy governments.
The scale at which you can build a summary about someone is astonishing.
How they breach policies, how they break laws, how they mishandle sensitive data, how they materially negatively impact customers.
This whole thing is now a litigation nightmare, and frankly I can’t believe Meta is doing this so publicly. They’ve created an incredibly dangerous and lucrative lever in which vexatious and otherwise incentivised individuals and organisations can subpoena and demand evidence which, provided the ample data available, will surely produce enough evidence given the expanse of their employer base. They simply need to have a thread to pull on, so a judge doesn’t deem it a fishing expedition.
Similarly, I worry for democracies with no checks or balances to prevent ruling parties from exploiting or abusing this power. For example, in India, there’s accusations of their equivalent of the NSA being used to spy on the opposition —- under the guise of “keep them honest”. https://www.idsa.in/system/files/book/book_IntellegenceRefor...
In other Western countries whenever this type of work is conducted, it’s usually at Director or Minister-level approval. There’s lawyers involved, it’s heavily documented. What happens when systems, or products, are given the implicit approval of this same function by their very nature?
We’re in weird times.
Well, at the risk implying intention and thus anthropomorphizing Larry... you know sharks don't eat, they simply consume food, like a fire consumes wood, this is what Larry Ellison advocates for:
"Citizens will be on their best behavior, because we’re constantly recording and reporting everything that is going on"
That smart TV you just got has ACR (Automatic Content Recognition), which takes a screenshot of what you're watching, twice a second, and sends it off to data brokers.
If you touch it, in any way, it’s probably tracking
Ridiculous tracking happened before AI too. Go read the book about Bridgewater, describing, among other things, how internal security worked when it was led by James Comey (yes, the one you know from the news, and was later FBI director)
Regardless of your stance on AI, we shouldn’t normalise tracking of this magnitude at all. Some safety guardrails for security and IP protection - fine, most tools have that builtin. Anything beyond that is abuse, plain and simple.
> With AI, this changes significantly since the man can now employ a robot to categorize and finely scrutinize every little thing
Corporate endpoint monitoring software has been able to track time spent in apps and websites for a very long time. They could produce breakdowns of time spent in apps and even categorize popular websites based on a database.
This is unrelated to the topic, but worth mentioning in case someone assumes that AI tools were needed for time tracking and breakdowns.
In so far as bracing for draconian tracking, I already would have never worked for Meta and especially wouldn’t now. I think we can vote with our feet and not work for companies that do this.
Is it really that different with the current iteration of AI compared to what was possible 10 years ago? There may be some new awareness at the executive level of what is possible, but I feel like a "slacker detector" or whatever would have been possible with xgboost or lstms.
> Oh, here I am on hacker-news when I should be working.
What else am I supposed to be doing while Cursor does its thing?
And employees will employ robots to do hyper realistic work like activities to game the system. Here's an idea...... find good leaders who understand team building and culture and let the score take care of itself.
When AI takes all the jobs, it will also need to take care of supplying all the demand/customers, as humans will no longer have the resources for that.
With companies enrolling AI to help look over the shoulder of their employees, I wonder how hard it would be to do some prompt injection just changing what is displayed in the surveiled screen for it to see. Potential for a new vulnerability vector?
Reading hacker-news is work; and never tell my Boss otherwise.
Or, the tracking won't change much, it'll be the big-brothering that will dramatically accelerate
> (IT pros tend to not talk about it much) > In the US, there's the expectation that when you use an employer-provided device that any and all activity on it can be fully monitored/recorded
Uh, kind of, you have to explicitly be fully aware of it, if they don't tell you in a meaningful capacity, you still have a reasonable expectation to privacy and it could turn into a lawsuit in your favor. ESPECIALLY if you access anything personal, medial, or even financial it could land your employer in hot hot water.
In fact, they probably added the 30 minute escape hatch because of those things I mentioned, because yes, those are valid scenarios to have total privacy.
> however, few people worry about reasonable amounts web-surfing, being on hacker-news or doing life-activities on their work machines
I'd suggest doing it on your phone, not work PC.
If you have urgent personal errands e.g. an email to respond to here and there and you'd rather have a keyboard, bring a personal laptop, connect it to 5G and do it from your car.
> employer-provided device that any and all activity on it can be fully monitored/recorded
And the location, yes, your physical location as well
Work will even flag you for you using a VPN on your phone, e.g. if you check the company Slack.
Other than adding buzzwords to a features list, I don't see AI really moving the needle here. As you've said, it's always been the expectation that employers are watching over their networks.
There's already loads of monitoring software available that can scrutinize, categorize, and track everything going through corporate networks. A company I worked at ~20 years ago had an internal website showing a live display of URLs accessed through their whole network, a "top 100" list, a break down into categories (news, email, games, etc.) and other stuff along those lines. They were absolutely categorizing and scrutinizing everything way back then, no AI needed.
Does that work with https and dns over https?
If you can afford it, set up a proper trust fund for them.
[dead]