• NegativeLookBehind@lemmy.world
    link
    fedilink
    English
    arrow-up
    126
    arrow-down
    2
    ·
    5 months ago

    I refuse to install any work related software on my phone. Not only because I don’t want to be contacted after hours, but companies often “require” full read/write access on your device, so they can remotely wipe their data if you quit or get fired.

    Fuck that.

    • Kit@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      48
      arrow-down
      1
      ·
      5 months ago

      No modern MDM solution allows a company to access your personal data on BYOD. That’s why containerization of work profiles exist. Anything else would be a massive privacy scandal.

      Company-owned devices, though, do have that level of access when MDM enrolled.

      • brax@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        26
        ·
        5 months ago

        Intune installs as a device adminstration. I’m not sure how much I’d trust that on my personal device period.

        • BarbecueCowboy@lemmy.world
          link
          fedilink
          English
          arrow-up
          16
          ·
          5 months ago

          That’s a fair point. Microsoft says that they don’t… but, not that they can’t. It’s especially tricky on iOS.

        • corsicanguppy@lemmy.ca
          link
          fedilink
          English
          arrow-up
          7
          ·
          5 months ago

          They can say what they like.

          VERY few companies have been sued for being as big a bunch of lying dinks as Microsoft has.

          We need to learn from this shit. Ads on login screens? Privacy issues? Solarwinds sploit letting Russian hackers get to the windows source? How many more red flags are our security groups going to ignore?

          • tinkling4938@lemmynsfw.com
            link
            fedilink
            English
            arrow-up
            4
            ·
            5 months ago

            Good luck if you run a de-googled ROM. I can’t install sandboxed Google Play Services inside the profile because its not approved. I could try and sideload it in, but I’d rather just go without.

          • brax@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            2
            ·
            5 months ago

            This implies that the company has a competent IT team that rolls it out correctly, and that there won’t be some way to exploit it and dig in further than expected.

            Also:

            On personal devices, it’s normal and expected for users to check email, join meetings, update files, and more. Many organizations allow personal devices to access organization resources.

            (From the site)

            Lmao WHAT? It’s normal for users to do company shit on their personal phone? What kind of delusional Spongebob bullshit is that? Is the company gonna pay for data or subsidize the cost of my phone? Are they going to pay me to be on call if they expect me to of this shit outside of my working hours?

      • Potatos_are_not_friends@lemmy.world
        link
        fedilink
        English
        arrow-up
        11
        ·
        5 months ago

        I’d love to honestly believe that. But I still wouldn’t risk ever doing a BYOD with a company that forced me to install anything on my personal devices.

      • JackbyDev@programming.dev
        link
        fedilink
        English
        arrow-up
        7
        ·
        5 months ago

        Regardless, times I’ve tried to get access to work stuff on my phone I stopped because I had to agree to let my entire device be remotely wiped if they chose to. I had absolutely zero faith that they wouldn’t accidentally do it as a matter of procedure if/when I left the company so I didn’t do it.

        • Buddahriffic@lemmy.world
          link
          fedilink
          English
          arrow-up
          8
          ·
          5 months ago

          Not to mention the possibility of a disgruntled IT person deleting everything they can on their way out. Sure, it would be a whole can of worms for that person and they might regret it because of the consequences, but that wouldn’t bring my data back. Same if it was done accidentally because of incompetence.

      • conciselyverbose@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        5 months ago

        It honestly doesn’t matter to me.

        Even if it’s an absolute certainty that there’s no possible way they can do harm, I’m unconditionally not willing to install anything on my personal device that isn’t for my personal use.

    • InternetUser2012@midwest.social
      link
      fedilink
      English
      arrow-up
      30
      ·
      5 months ago

      I’m with you there. My previous employer wanted a bunch of their shit on my phone. I asked if they were supplying me with a work a phone, and they said no, you already have one. I said I do, and it’s mine, and I’m not putting anything on it for work because work and home are going to be two different things. They gave me a work phone and then wanted to know why I turned it off in the parking lot before I even got into my car. I’m done working for the day sir.

      • corsicanguppy@lemmy.ca
        link
        fedilink
        English
        arrow-up
        14
        ·
        5 months ago

        wanted to know why I turned it off in the parking lot before I even got into my car. I’m done working for the day sir.

        My co-worker locked his in his desk drawer when he went home for the night.

    • scrion@lemmy.world
      link
      fedilink
      English
      arrow-up
      19
      arrow-down
      1
      ·
      edit-2
      5 months ago

      This is absolutely correct. Heck, you’re free to deny that based on any reasoning, maybe the shoddy icon of the work app doesn’t match your phone wallpaper.

      The phone is your private property, if an employer requires an app to be installed to do your job, they can provide a phone.

      I would also never let corporate IT manage a device, e. g. a laptop connected to my private network at home.

      • Emerald@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        ·
        edit-2
        5 months ago

        I would also never let corporate IT manage a device, e. g. a laptop connected to my private network at home.

        If you ever must, buy a new laptop. And use it on a guest wifi network. Use it as you would a work laptop, nothing personal on it

        • scrion@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          ·
          5 months ago

          No, have the company buy a laptop, and if necessary, also have them buy the hardware that allows for proper network separation, if not already available.

          Just another thing to be aware of.

            • scrion@lemmy.world
              link
              fedilink
              English
              arrow-up
              5
              ·
              5 months ago

              Surely not. But also many employees won’t even ask for it, and change will only happen if people care about it.

              So first, raise awareness, and naturally, implement those things at any companies you manage or own.

              I’m not saying quit your job and become homeless if your employer won’t corporate with you on the issue. Everyone should think about how this could potentially affect them and what they can do within the constraints they operate in, though.

              As someone else in this thread said, a separate (VLAN, guest) network for work devices, reasonable access rules etc. can go a long way. Eventually, I would like this to become unacceptable though.

      • toddestan@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        5 months ago

        I would also never let corporate IT manage a device, e. g. a laptop connected to my private network at home.

        That’s pretty standard for working from home. I’m expected to use the company provided, managed laptop with my internet connection.

        I figured so long as I made sure of things like there weren’t any open file shares and things like routers and IP cameras were password protected there wasn’t a whole they could see.

        If I was really paranoid I could set up a VLAN or something.

        • scrion@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          5 months ago

          I know it is somewhat of an accepted practice, and a lot of people lack the means or the knowledge to handle it any other way, but I’d still like to raise awareness that you’re basically inviting a foreign actor into your network.

          The days were people would trust corporations, including their employers, to be generally benevolent and to do the right thing are long over.

    • phoneymouse@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      5 months ago

      Yeah and they want to install some profile that gives them access and puts your internet connection through their VPN. My coworkers look at me like I’m crazy because I carry a work device and a personal device. Like, why would I give my employer access to all of my web traffic on my phone? You’re crazy if you don’t carry two devices.

    • Weirdfish@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      5 months ago

      The two consessions I’ve made are Teams, and the MFA software.

      I am often running around to various sites and being able to use a quick chat is better than pulling out my laptop, and I turn it off when I’m off the clock.

    • brax@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      5 months ago

      Yup same. It’s crazy how many people willing installed Intune and shit on their personal phone. If my company wants me to have that level of portability, then they’ll be buying a work phone for me and paying me overtime any time I’m forced to use it out of regular hours