top | item 28241958

(no title)

Create a firewall between your personal and professional time. Another name for this is “setting healthy boundaries”.

Always create new accounts for anything work related -- GitHub, Apple ID, whatever.

Don’t install work apps on your personal phone. Don’t enrol your personal phone in corporate MDM. If they want you to use a device for work, ask them to give you one.

Don’t do personal stuff on your work devices. Don’t do side project work on your work devices. Only do work for your employer on your work devices. Turn it off when you’re done work and leave it off until you start work the next day.

Be very clear on all your contractual obligations related to this before you start a new job. Ask to see ahead of time all the paperwork they will ask you to sign, so there are no last-minute surprises (“oh, you want to own anything I create outside of working hours?”).

Firewall yourself to protect yourself.

Edit: One more: don’t use corporate WiFi with your personal devices

discuss

Cd00d|4 years ago

I get that in the "most secure boundary" sense, I should have a work provided phone for work stuff, BUT...

I don't want to carry two phones. I'm part of a team that owns some responsibility for fixing things that break in the night. I find it freeing to be able to reply to a Slack or Outlook email while I'm with my kids at the playground.

I see the above advice all the time, but I can't help but think it only relates to an IC with no career ambition, no outside responsibility distractions (kids schedules), that's 100% committed to 9-5 life and has little opportunity for big promotion based on being part of a chain of ownership for things that are customer facing.

Personally, I've mostly worked at small companies (my preference), and have ambitions. I have a healthy work/life balance, but also don't want my products to fail and occasionally want the flexibility to help my colleagues while AFK.

In the end, the above advice is very popular, but I just see a jaded burnout mercenary in a company with tens or hundreds of thousand employees.

xenophonf|4 years ago

> I find it freeing to be able to reply to a Slack or Outlook email while I'm with my kids at the playground.

You can spend as much time on work as you want, but you only get so much time with your children. OP's point is that you should guard the time you have and spend it wisely. Personally, I find carrying a second device and keeping things separate part of maintaining a healthy balance between my work and my personal time.

I also don't want my personal devices or projects tied up in some corporate legal proceeding, so I keep them separate for that reason as well.

anigbrowl|4 years ago

You can be ambitious and committed to the success of your team/projects while still maintaining clear boundaries. Indeed if you're that ambitious (as you repeatedly emphasize), I think it's wiser to maintain such a clear boundary. What if you either have to leave your firm due to an emerging problem or receive an offer that you dearly wish to accept, but you're so entangled with your employer that disconnection if going to be fraught and/or have legal complications? What if your employer winds up in messy litigation and your personal data ends up as part of the evidentiary record, as mentioned in that Twitter thread?

I've known people who are very driven and can't unplug, who later on end up being very resentful of their own careers because they've structured everything around pleasing others and never saying no.

kodah|4 years ago

This is where I think the new line of Linux phones need to put in a lot of work. Properly sandboxing applications and defending against corporate snoopers should be a top priority of any open source phone OS.

fshbbdssbbgdd|4 years ago

I think you are dramatically overestimating the actual challenge of carrying two phones. Phones these days have great battery life, and they make pretty small models. The phone is like 0.2% the mass of your body. It’s not that big of a load.

I’ve been promoted several times while having separate work and personal phones.

treebot|4 years ago

I also just want to say, as a full time remote worker, I need Slack on my personal phone. Remote work allows you to work anytime and thus break out of the 9-5. But to properly do that and still be a member of a team, I need to be reachable on my regular phone. If I decide to switch up my day and work at night, I need to still be reachable for random things during other people's working hours. It's usually just someone has a quick question. Team members in other time zones have discussions on Slack that are outside of the time I'm sitting in front of my computer. I like seeing these discussions and contributing while I'm at the grocery store or some such. If mission critical software is blowing up, I need to know that I need to get back to my computer. If I don't have any real work to do that day, I can go do something else, and just check my phone to see if I need to get back to my computer because someone who actually is working needs me. I can actually sort of take days off this way, without having to actually ask for the day off.

In general, as a remote worker, having Slack on my personal phone allows me to work less and more efficiently. It gives the illusion that I am always working, whereas I'm actually working only when I want to and am most effective.

beermonster|4 years ago

> I don't want to carry two phones.

Neither did Hilary Clinton

jay_kyburz|4 years ago

When things break at night, can't they just call your personal phone? Can't you login to slack on your personal phone, from the browser if you have to?

Why does cooperate IT need to own your tech just for you to be reachable.

nxpnsv|4 years ago

I have found few things as freeing as removing slack from my phone, especially at the playground - i enjoy the time i spend with my kids more.

megablast|4 years ago

You take your kids to the playground at night?? Ok.

lmm|4 years ago

If you're trying to get promoted by doing unpaid overtime and/or unpaid oncall shifts, you're a class traitor screwing over your colleagues. Help them by setting healthy boundaries even if you don't actually need them yourself.

techrat|4 years ago

> I don't want to carry two phones.

Ah, so you're willing to trade privacy for convenience.

Spooky23|4 years ago

This. +100

I used to think people were paranoid about this stuff until I ran a big email system. Most big companies have a department in compliance or counsel that reads your mail, either in response to a complaint or randomly depending on the industry.

Accused of sexual harassment? Your JDate and Match emails support the idea that you’re lonely. An external entity thinks somebody embezzled money? Your late credit card notice projects that you have money woes.

renerthr|4 years ago

> Most big companies have a department in compliance or counsel that reads your mail

They read the email of your personal email account if you use it in the company-owned phone? Or they read the email of your company email account?

In other words, when you say 'This. +100', what do you mean by 'This'? The parent comment raised many points and I'm confused as to which one you're referring to.

Edit: To be clear, it's my fault because I'm new to these things and I don't understand them well.

ashtonkem|4 years ago

Plus, if you quit then recovering all those accounts is incredibly annoying.

tlogan|4 years ago

Exactly. And do not sign up for online services you are using personaly with work email.

CaptainZapp|4 years ago

> Most big companies have a department in compliance or counsel that reads your mail

Thankfully that's illegal herearound. And I work in finance.

There certainly are automated controls on all communication systems and all mails (and relevant phone calls) are recorded and retained. This being a regulatory requirement.

I'm also pretty sure that there's pattern detection software running on those systems to flag potentially problematic communications.

But indiscriminate email monitoring is illegal without a very good reason (suspected fraud, circumvention of regulatory or compliance requirements, etc) is illegal.

This still doesn't mean that I would mix the personal with work on my personal device but I'm glad there are such protections in place.

Causality1|4 years ago

And if you can't resist using a work device for something non-work-related, please restrict your use to things you wouldn't mind having printed out and sitting on your boss's desk.

falcolas|4 years ago

Or read out loud and passed around in court. See the parent of the linked tweet.

stjohnswarts|4 years ago

my cutoff is whether I would send the email to my grandmother or not lol. I would never merge a personal and work account. They would just have to hand me my pink slip if they didn't like that.

fenomas|4 years ago

I agree with most of this, but I'm curious about the specific case of Github. If I join a company, are there any big dangers to just having them add my personal GH account to their organizations or private repos, and then if I leave the company they can remove me again? This seems to be how a lot of developers in my orbit do things.

(I mean any dangers at the account/permissions/privacy level - separate from "having two separate accounts might be better for work/life balance" sorts of concerns.)

Silhouette|4 years ago

There have definitely been cases where hosting services have allowed someone to link a personal account into a corporate one belonging to their employer, then at the end of the employment the corporate account has been given control of everything within the personal account. I don't recall whether GitHub specifically was one of the services mentioned, but I would avoid creating that kind of link on any hosting service where I had my own data. Maintaining clear separation between personal and professional devices and accounts is a sound policy and there are very few sensible reasons not to follow it.

ashtonkem|4 years ago

My last couple jobs have been setup with GitHub or GitLab enterprise, which is on-prem and not connected to my personal account in any way.

unknown|4 years ago

[deleted]

hoten|4 years ago

No. Having a separate GitHub is just a pain. GitHub provides adequate separation itself (you can add multiple emails and configure notifications accordingly)

JohnFen|4 years ago

Spot on on all accounts. It's been my policy for a very long time now. I consider having a hard separation between my personal systems and work systems to be a security measure that protects both myself and my employer.

silisili|4 years ago

Great advice.

My company last year demanded we have MDM to access email. So now I don't read emails outside of work hours.

I assume there's decent reasons behind such mandates, but net net all it does is alienate many people.

dasyatidprime|4 years ago

GitHub forbids multiple free accounts. https://docs.github.com/en/github/site-policy/github-terms-o...

Waterluvian|4 years ago

Ideally your employer should pay for seats for their GH Org.

emodendroket|4 years ago

In ignorance of this policy I've been violating it all along. They're certainly not enforcing it aggressively (though how could they if you're using your work email).

anonuser123456|4 years ago

Pay for content and services.

MattGaiser|4 years ago

Is it considered free if you are using it with an organization?

userbinator|4 years ago

You also should not do work stuff on personal devices. Yes, this does include checking work email on your phone. Ask the company to give you one if your work requires that you do.

This may be slightly more controversial, but I would extend this firewall to conversations with coworkers --- don't tell them anything that could be used against you either, i.e. mentions of personal projects or accounts. I keep a clear "no real name" policy for personal things which are publicly visible --- including HN --- which avoids the delicate situation of people I know who have had their employer complain about stuff with their name on it, in their personal life, that someone else had found and didn't like.

MattGaiser|4 years ago

I'm really surprised at the number of personal GitHub accounts that are being used in my org and at others. I guarantee their access isn't being removed when they depart.

And it seems common at a ton of companies.

ploxiln|4 years ago

GitHub actually manages attaching business org to personal accounts very well.

You can make notification emails related to the business org repos go to your work email, while all other notification emails go to your personal email.

When you fork a business org private repo into your account, it stays attached to the business org. Other members of the org can push to your fork of that repo but not your other personal or open-source repos. When your account is separated from the org, you lose access to your fork.

If the business org requires extra SAML/OIDC through their central auth service, you can still access your personal and public repos without doing it.

So yeah the business still has to remember to disconnect you from the org when you leave the company, but that's still true if you make a new github account anyway?

kondro|4 years ago

Because GitHub makes it hard (i.e. impossible) to manage multiple accounts.

No account switching on the website, no easy way to use multiple SSH keys to access multiple accounts when using Git.

hammyhavoc|4 years ago

This sounds like advice learned the hard way. Stay well, and don't burn out!

pbreit|4 years ago

I doubt it. I've never heard first-hand of anyone running into any trouble that this would mitigate. Some people are just crazy overzealously fearful of employers and BigCos.

dheera|4 years ago

> Don’t install work apps on your personal phone.

100%. If a company wants me to install an app they'd better provide the phone.

> Edit: One more: don’t use corporate WiFi with your personal devices

Yep, thankfully we don't need to do that anymore with 4G/5G

harry8|4 years ago

Do apple let you have multiple accounts? Facebook don't (as I understand it, I have one less). Don't google also say you have to use your real name etc?

If they do it's the stroke of a key to make it a ToS violation for employees to have any personal, privacy. Which seems to be their endgame for everyone. Their issue with facebook google etc is that it's not apple doing it as far as I can tell.

brokenmachine|4 years ago

Personally I think it's a great thing if Apple employees have to dogfood their own privacy violations!

It might be the only way things start heading in the right direction.

Hopefully an exec gets caught up in a CSAM hash collision fiasco.

Jarwain|4 years ago

This makes sense for most employees of a corporation; is this also relevant for upper management or C suite executives? I'm curious about if these kinds of boundaries are established even in the "upper levels"

shadilay|4 years ago

This is relevant to everyone. Executives are even more likely to be involved in litigation.

emodendroket|4 years ago

> Edit: One more: don’t use corporate WiFi with your personal devices

Can't you use a VPN and the guest network and be essentially OK?

jptech|4 years ago

I don't ger this either. With TLS/SSL , how is it different than connecting to any public wifi?

DoubleGlazing|4 years ago

I've had issues in the past with employers wanting me to add work email and work apps to my own phone.

I always refused. My attitude was, like you said, if you want me to carry around a device connected to my work, then you need to pay for it.

But my main reason why though was knowing that managers preferred staff to put work email etc on personal phones, not due to the cost of buying devices for employees, but because it blurred the lines between personal and work domains. You can switch a work phone off at 6:00pm and turn it on again at 9:00am. With a personal phone you have to set up do not disturb profiles and stuff like that to achieve the same separation because you aren't likely to turn it off in the evenings. Admittedly, it's not the hardest thing in the world to setup - but still a bit more effort that just being able to hit the power button.

I still had to deal with the extreme annoyance of having my personal number passed around the company without my permission.

pbreit|4 years ago

I don't follow ANY of this advice and am unlikely to do so anytime soon.

ramraj07|4 years ago

Exactly. I’m not saying trust my employer or that I dont, I don’t care that much. Logging into slack on my phone doesn’t give them access to all my life. I don’t have to be a slave to the company but I don’t have to be a slave to paranoia either.

snowwrestler|4 years ago

As with any security advice, we each have to know our threat model and understand how it may differ from the advice-giver.

It’s undoubtedly more secure to maintain perfect separation between work and personal information contexts. It can also be expensive and annoying, and may not be worth it for everyone. It really depends strongly on the employer and one’s relationship with them.

_ZeD_|4 years ago

Hi, secret apple HR worker!

sircastor|4 years ago

I was sort of into the idea of having my calendar on my phone until I learned my company could remotely wipe my phone at any time. That’s a world of trouble from a misunderstanding, or a bitter IT person.

cameldrv|4 years ago

+1 on the MDM stuff. I recently had a guy I know lose all his photos after he left a company. The company said that they could only wipe the company partition on his Android phone, but somehow they could wipe the whole thing and pressed the wrong button.

Leaving a job is hard enough without having to disentangle a bunch of devices and accounts. If an employer wants the security of MDM, just have them provide you the device. Otherwise, it's your device, and you can be responsible for deleting the company related content on it when you separate.

risfriend|4 years ago

Absolutely agree with separating phones, recently my company mandated MDM policy on phones, and it really messed my phone, there are apps which are separated with work profile but there are very few such apps, what about other apps? Learnt the importance of creating a hard boundary the hard way.

throwaway98797|4 years ago

lol

you havent worked in sales.

rtpg|4 years ago

Every salesperson I know has two cell phones.

MattGaiser|4 years ago

The need for "authenticity" with "this is my personal cell number"?

kova12|4 years ago

what's it like in sales?

kartoshechka|4 years ago

aaand nothing of this is relevant when WFH