My boss has us using a bossware SaaS app that tracks our work with exquisite detail. It's called GitHub. The tracking consists of our trail of commits to various repos. (Along with the resulting error logs and tickets.) He can see exactly what we're doing for the project and when. In fact he has a team that "peer reviews" the tracking data line by line and are not shy about pointing out deficiencies.
To track other things, like time on task or web surfing habits, would not even be redundant, just superfluous.
People who truly think this is any useful kind of metric are probably the ones who think # lines of code written = productive work. Or, as Bill Gates put it so nicely, they are measuring the progress on the aircraft by its weight.
I used to work at a company that hired temps off Craigslist to do fairly sensitive healthcare work. The economics and extreme seasonality made that the only viable approach. Software like this was absolutely critical to limiting what people could do and preventing things like identity theft etc. Strong deterrent effect too- during orientation they would show people exactly what they could see. Not great in a general work environment with FTEs but these tools have legitimate uses.
I'm sorry, that company does what? It is absolutely insane that temps off Craigslist could be trusted with such sensitive information under any circumstances. That company is asking for a data breach and to be sued into oblivion.
The fundamental problem here is that that company is cutting corners to save money. Full stop.
My worry is that companies like Zoom will start offering enterprises higher paid plans that effectively install this software. So think about the next time you join a meeting you may be installing something like this. And... what if you join some of those meetings on your personal laptop?
Micromanagement is a bad habit of insecurity that rots leadership, it affects the company health so much. One more source of emotional distress that makes good people leave.
Accountability (AKA delivery, outcome) is the best metric for me.
Legal Problem; the moment you log this crap as a company... It's discoverable. That sexual harassment lawsuit that just came up? You are legally required to now do data hold on all these keylogs and screenshots you took. Oh and now you have to explain to a jury how you don't fall into the common charge of "could have or should have known" that abuse was occuring. I mean, you had all these logs and you still let this go on!?
Any corporation that collects these logs is asking for danger. Give a good law firm that much data, they will nail you.
Not to mention if you fire someone for burning time and they sue for wrongful termination and you get an e discovery request..to see if you applied that surveillance to everyone equally. Let's request a random selection of logs from 10 staff members in the same or related roles.
This level of monitoring can get you in some huge problems.
Yes, I think the larger your company the less effective this "bossware" is. If you imagine collecting this amount of data on every sales, design, eng, product manager, director, vp, exec at a place like Google or Facebook the sheer amount of legally precarious logs would probably tilt toward liability.
I worked at a medium-sized tech company, and one employee sent an e-mail to another employee about how one of our product logos looked very similar to another logo in a similar product space. It was similar enough, and the products closely related enough, that this concern would have kicked off a re-branding effort or something like that... but since it was an e-mail, it sent off red flags all the way up to executive level. Triggered overseas flights, high-level meetings, legal involvement. Everyone working on the project immediately put on white gloves.
Made me think that more often then not, it's just better off for management to "not know", or at least have what they call plausible deniability.
I've heard a few stories about how Japanese companies are using these. There's one company which deployed a webcam app on their employees laptop to "track attentiveness" and dock pay for periods of time where they take their eyes off the screen. Another company is asking employees to wear a device (with camera and sensors) around their necks in order to track their overall "happiness". Stuff right out of 1984.
The fact there are people in my profession working on such things troubles me.
Hmm when I was visiting Japan they had a serious problem with work exhaustion related suicides. The workload and pressure to perform at higher and higher levels was too much so they ended it. That was just a few years ago.
So, to hear that there is a new level of control for this already judgemental and “honor” based society is just appalling.
This is a cardinal rule for me. I have a personally-owned PC that is used for my work, but it is exclusively used for that purpose. The only extent of personal use on my work PC is this website. Everything else I will RDP from my work PC to a personal machine, or physically go use it. I've extended this ideology to other areas. I have a separate physical machine I use only for banking and stock transactions. It's kinda like a shitty DIY Bloomberg terminal in my kitchen.
I find that having multiple physical computers, each with a very specific purpose, is an excellent way to context switch and maintain that psychological isolation between duties. There are definitely security/privacy benefits as well, but I hesitate to delve into that rabbit hole of a discussion here.
I've increasingly heard of places requiring that you put it on your personal phone for working class jobs. BYOD gone horribly wrong. The same app will also be the only way to get your timesheets, clock in, or trade shifts, etc.
That's not what a reasonable objection is about, and you're being intellectually dishonest when you attack this, the weakest argument. Here is a stronger argument, for your benefit:
Working requires us to form social relationships with our coworkers to get work done. Oftentimes, we're establishing shared language, and working tempo with coworkers through "inside" jokes, and other human forms of camaraderie. Not only would it be unethical to stamp the social aspect out of our working lives–which make up the majority of our waking hours, and a gross majority of our social ties–but it would also be imprudent, since removing social elements from working relationships would cripple them. It is necessary, and desirable, that we socialize with our coworkers to some extent.
The firm pits individuals–and groups–against one another in competition. Even in an ostensibly friendly, collegial workplace, the zero-sum reality of budgets and headcount encourage workers to jockey for position and push difficult, or unprofitable work onto others. Surveillance like this enables the most manipulative to exploit secret knowledge of the social relationships that are, again, necessary throughout the firm. A secondary effect of surveillance is the chilling effect: trust and camaraderie are hampered by the knowledge that one's every word can be used against them without recourse.
Firms regularly use information freely given to prioritize workers for layoffs. Decades of "employee satisfaction" surveys have facilitated the efficient firing of dissatisfied, burnt-out or mistreated workers. Surveillance offers the same facility, at higher fidelity.
If you are an executive, and you want to maintain dehumanizing working conditions, surveillance is a necessity and a boon. As surveillance increases, our working life becomes more prison-like, and our society progresses towards private autocracy. What astonishes me is how giddily those who profess to love Liberty readily shed it at work.
I'd be interested in a tool or list of reliable detection methods for the presence of these programs. Do regular antivirus programs that can be user added detect these by default? I woud assume the one supplied in the company configuration has these whitelisted.
I'm almost inspired enough to create an open source "killer" of these background programs. "Bossware" is one of the most infuriating things I've seen wrt employment in a little while.
In a contract between two parties, no party has any kind of legally elevated position over the other.
Many employment contracts are written by employers though, so this culture that the employer is some kind of gentle but strict super entity pervades through the language of employment contracts.
The company is just another Joe, and you have just as much right to dictate the terms of your employment as they do, just as you have equal standing in any contract you enter into with your mom, your husband, or your church.
One thing that helps pick apart the engrained culture of faux company superiority is to imagine they are a church instead.
Quoting the following part of EFF’s article makes me feel like they are still toeing the line.
> [the state] must also establish protections for churchgoers: surveillance of parishioners should be necessary and proportionate [and] parishioners should have the right to know what exactly their priests are collecting.
Like, I’m stuck on solving a problem. I look and I look. I can’t find it. I walk away, thinking about it. Still nothing. I drive home, then, I get my a-hah! moment.
I solve the problem. And it was a one liner, to fix the problem.
> Let’s be clear: this software is specifically designed to help employers read workers’ private messages without their knowledge or consent. By any measure, this is unnecessary and unethical.
I am too European to understand how this can be legal.
Many years ago I spied on employees (of my client). Specifically, there were always few sales guys who'd spend hours a day lost in games, dating sites, etc.
Who hasn't gotten lost on the internet? However, these guys were at it every day. From my perspective, they were caught in a trap that wasn't good for them or the company. I wanted was to help them find their way back to doing what they were good at.
I setup a squid proxy, got good at regex & category blocking.
After hitting my proxy, the sales guys would get a little frustrated but they invariably redirected themselves and that'd be the end of it. No need to involve management.
Non-stupid employers know that what employees need are duties they can care about & opportunities to make something better.
What employees don't need, to excel at their jobs, is to be surveilled, micromanaged or tightly restricted. (Granted, a few might hit a dark patch & need some guidance. A rare few might be beyond guiding and have to be let go.)
tl;dr: Don't be a crapty employer & you won't have an imaginary need to spy on your employees.
One of my coworkers at my last job was involved on writing a piece of such "bossware" (although nothing as extreme as the examples in the article). It used some WMI interfaces to track what users were doing. He seemed to express at least some level of uncomfort with it, but ultimately wrote it anyway.
With a key/screen logger on your personal, or corporate device, what happens to your gmail login (assuming you're permitted personal email at work)? The company where I work permits a small amount of time for personal affairs, checking bank/email if required, I've never personally done this as I'm fully aware of a MITM proxy.
All that aside, if you were to log into your personal bank account, or personal email, what are the restrictions around where the data is logged, or who has access to the data. This should extend to the disk storage replacement, if a disk is upgraded, or becomes faulty, where does the data centre remote hands put the faulty/old disk once popped from the tray?
Lets hope that gmail account didn't provide MFA for another site login.
Should this type of software be announced in employment terms?
The thought that apparently some employers think it is a good idea to spy on their employees on such an invasive and unethical level makes me sick. Not to mention that the lack of trust in such a company has probably eroded productivity a long time ago.
I deleted my org’s off my computer since I have root privs. They asked to put it back and I’ve been ignoring them. I signed an NDA, if that’s not good enough... idk what to tell you.
[+] [-] hirundo|5 years ago|reply
To track other things, like time on task or web surfing habits, would not even be redundant, just superfluous.
[+] [-] posedge|5 years ago|reply
[+] [-] gorgoiler|5 years ago|reply
[+] [-] onion2k|5 years ago|reply
[+] [-] mobiledev2014|5 years ago|reply
I might switch to doing it once a sprint :)
[+] [-] qznc|5 years ago|reply
[+] [-] lrem|5 years ago|reply
[+] [-] tyxodiwktis|5 years ago|reply
[+] [-] deeblering4|5 years ago|reply
[+] [-] titzer|5 years ago|reply
The fundamental problem here is that that company is cutting corners to save money. Full stop.
[+] [-] novok|5 years ago|reply
[+] [-] temporaryvector|5 years ago|reply
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] gentleman11|5 years ago|reply
[+] [-] noneeeed|5 years ago|reply
[+] [-] pphysch|5 years ago|reply
[+] [-] yepthatsreality|5 years ago|reply
[+] [-] dagav|5 years ago|reply
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] koheripbal|5 years ago|reply
[+] [-] rhacker|5 years ago|reply
[+] [-] emersonrsantos|5 years ago|reply
Accountability (AKA delivery, outcome) is the best metric for me.
[+] [-] crmrc114|5 years ago|reply
Any corporation that collects these logs is asking for danger. Give a good law firm that much data, they will nail you.
Not to mention if you fire someone for burning time and they sue for wrongful termination and you get an e discovery request..to see if you applied that surveillance to everyone equally. Let's request a random selection of logs from 10 staff members in the same or related roles.
This level of monitoring can get you in some huge problems.
[+] [-] hbosch|5 years ago|reply
I worked at a medium-sized tech company, and one employee sent an e-mail to another employee about how one of our product logos looked very similar to another logo in a similar product space. It was similar enough, and the products closely related enough, that this concern would have kicked off a re-branding effort or something like that... but since it was an e-mail, it sent off red flags all the way up to executive level. Triggered overseas flights, high-level meetings, legal involvement. Everyone working on the project immediately put on white gloves.
Made me think that more often then not, it's just better off for management to "not know", or at least have what they call plausible deniability.
Of course, for the "big crimes", it's good to have some level of logs collected and stored. For instance, no company should tolerate something like this happening, naturally: https://www.reuters.com/article/us-usa-insidertrading-expedi...
[+] [-] tjpnz|5 years ago|reply
The fact there are people in my profession working on such things troubles me.
[+] [-] ddrt|5 years ago|reply
So, to hear that there is a new level of control for this already judgemental and “honor” based society is just appalling.
[+] [-] koheripbal|5 years ago|reply
We discovered one person who, while "working from home" logged in at 9am, wrote one email, then again at 5pm, and did nothing in between.
We suspected as much, but the surveillance software allowed us to provide the evidence for that person's dismissal.
[+] [-] abstrct|5 years ago|reply
[+] [-] bob1029|5 years ago|reply
I find that having multiple physical computers, each with a very specific purpose, is an excellent way to context switch and maintain that psychological isolation between duties. There are definitely security/privacy benefits as well, but I hesitate to delve into that rabbit hole of a discussion here.
[+] [-] monocasa|5 years ago|reply
[+] [-] userbinator|5 years ago|reply
[+] [-] aahhahahaaa|5 years ago|reply
[+] [-] fergie|5 years ago|reply
[+] [-] twirlock|5 years ago|reply
[+] [-] rexpop|5 years ago|reply
Working requires us to form social relationships with our coworkers to get work done. Oftentimes, we're establishing shared language, and working tempo with coworkers through "inside" jokes, and other human forms of camaraderie. Not only would it be unethical to stamp the social aspect out of our working lives–which make up the majority of our waking hours, and a gross majority of our social ties–but it would also be imprudent, since removing social elements from working relationships would cripple them. It is necessary, and desirable, that we socialize with our coworkers to some extent.
The firm pits individuals–and groups–against one another in competition. Even in an ostensibly friendly, collegial workplace, the zero-sum reality of budgets and headcount encourage workers to jockey for position and push difficult, or unprofitable work onto others. Surveillance like this enables the most manipulative to exploit secret knowledge of the social relationships that are, again, necessary throughout the firm. A secondary effect of surveillance is the chilling effect: trust and camaraderie are hampered by the knowledge that one's every word can be used against them without recourse.
Firms regularly use information freely given to prioritize workers for layoffs. Decades of "employee satisfaction" surveys have facilitated the efficient firing of dissatisfied, burnt-out or mistreated workers. Surveillance offers the same facility, at higher fidelity.
If you are an executive, and you want to maintain dehumanizing working conditions, surveillance is a necessity and a boon. As surveillance increases, our working life becomes more prison-like, and our society progresses towards private autocracy. What astonishes me is how giddily those who profess to love Liberty readily shed it at work.
[+] [-] PeterStuer|5 years ago|reply
[+] [-] daenz|5 years ago|reply
[+] [-] gorgoiler|5 years ago|reply
Many employment contracts are written by employers though, so this culture that the employer is some kind of gentle but strict super entity pervades through the language of employment contracts.
The company is just another Joe, and you have just as much right to dictate the terms of your employment as they do, just as you have equal standing in any contract you enter into with your mom, your husband, or your church.
One thing that helps pick apart the engrained culture of faux company superiority is to imagine they are a church instead.
Quoting the following part of EFF’s article makes me feel like they are still toeing the line.
> [the state] must also establish protections for churchgoers: surveillance of parishioners should be necessary and proportionate [and] parishioners should have the right to know what exactly their priests are collecting.
[+] [-] mjayhn|5 years ago|reply
[+] [-] blackrock|5 years ago|reply
Like, staring off into space.
Like, I’m stuck on solving a problem. I look and I look. I can’t find it. I walk away, thinking about it. Still nothing. I drive home, then, I get my a-hah! moment.
I solve the problem. And it was a one liner, to fix the problem.
[+] [-] toto444|5 years ago|reply
[+] [-] teddyh|5 years ago|reply
[+] [-] NumberCruncher|5 years ago|reply
I am too European to understand how this can be legal.
[+] [-] WarOnPrivacy|5 years ago|reply
Who hasn't gotten lost on the internet? However, these guys were at it every day. From my perspective, they were caught in a trap that wasn't good for them or the company. I wanted was to help them find their way back to doing what they were good at.
I setup a squid proxy, got good at regex & category blocking.
After hitting my proxy, the sales guys would get a little frustrated but they invariably redirected themselves and that'd be the end of it. No need to involve management.
Non-stupid employers know that what employees need are duties they can care about & opportunities to make something better.
What employees don't need, to excel at their jobs, is to be surveilled, micromanaged or tightly restricted. (Granted, a few might hit a dark patch & need some guidance. A rare few might be beyond guiding and have to be let go.)
tl;dr: Don't be a crapty employer & you won't have an imaginary need to spy on your employees.
[+] [-] non-entity|5 years ago|reply
[+] [-] 6c696e7578|5 years ago|reply
All that aside, if you were to log into your personal bank account, or personal email, what are the restrictions around where the data is logged, or who has access to the data. This should extend to the disk storage replacement, if a disk is upgraded, or becomes faulty, where does the data centre remote hands put the faulty/old disk once popped from the tray?
Lets hope that gmail account didn't provide MFA for another site login.
Should this type of software be announced in employment terms?
[+] [-] posedge|5 years ago|reply
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] analog31|5 years ago|reply
[+] [-] b34r|5 years ago|reply