That's a big reason that I purchased my own, personal computer, many years ago. I was paid well enough, that it was quite possible.
Back then, they hadn't really gotten going with all the monitoring stuff, but I did it from a sense of personal integrity.
I was writing open-source stuff, and there was no way that I was going to allow my company to try to claim it. I didn't use company time, and I didn't use company equipment.
I did not have a "shower clause" in my employment contract, so I was free to work on my own stuff, on my own time.
However, I worked at a company that employed a ton of photographers, and there is no way that they would be able to get photographers to sign over that kind of authority to the company.
That said, I was there for almost 27 years, and a lot could change, in that time.
By the time I left, their HR was starting to get downright rapacious, so newer employees might have had to sign over those kinds of rights.
As many others said, assume that it does, by default.
Do you have admin rights, including to the firmware? Can you, and did you setup from scratch the device that you received from the from the employer? If not, then it is almost 100% there is surveillance. If they let you do all the setup, then maybe 50%.
Just isolate any box your employer touches, both physically and in the network sense, separate visible and sound space as possible, separate WiFi network, etc..
Generally you won’t, but some vendors documentation lists folder paths you can check, like if this folder exists in your computer it’s running Teramind [1]:
There's a (_relatively_ benign) bossware-like software on my work provided laptop. It forces updates of browsers and common software like the company VPN. When it updates and restarts my browser, it helpfully mentions that if the browser itself was unable to restore my tabs, I can always ask IT to look up what tabs I had open before the update. Maybe ask your IT services if they can help you remember what you had open a few days ago.
We have some ridiculous timeout on our work machines that triggers the screensaver after 2 minutes of idle time (we can’t change this).
After it’s triggered, you need to enter your password to unlock (company mandated, 10 chars minimum, no repeating chars, at least 1 upper and 1 lower case char, at least 1 special symbol, change every 90 days, can't be too similar to last 10(!) passwords).
Okay, this is annoying. So, for the longest time, I used an open source mouse jiggler app (basically simulated cursor movement).
This worked fine until a recent software update. I wondered why my screen saver was being triggered again. Oh, the mouse jiggler isn’t running! Let’s open it up.
A big dialog box appears on the screen: “THIS APPLICATION VIOLATES COMPANY POLICY AND ITS USAGE HAS BEEN REPORTED.”
Oh… cool.
I went on Amazon and ordered some $5 hardware mouse jiggler dongle. That worked for about a month or so.
Then suddenly, I started getting CrowdStrike notifications: “Functions of a USB device were restricted according to company policy.”
Fun times!
It’s only a matter of time until Zoom starts sending reports of whether I had the window in focus or not during meetings with management.
This... sounds like their security is doing their job, tbh? Like, yes, if you have access to sensitive data your computer _should_ lock when you are away from it, and you shouldn't be able to circumvent this.
I am, generally, very sceptical of corporate surveillance stuff, and think that it should be largely banned. But this particular case isn't surveillance, it's security.
You are the user I fear most; clever enough the be dangerous and aware of the bullshit.
If you were really smart you would lobby your IT department to change the ridiculously short timeout, and protest by not working when it locks on you during normal pauses.
The dangerous ones are these misguided IT departments.
Of course it's a balance, but think of the wasted productivity from a 2 minute timeout with stupid password requirements like that. That incurs a cost.
I bet they also have many other wonderful ideas and overly-bureaucratic processes that are strangling efficiency and preventing innovation.
Hah. I'd like to think there's nothing to fear from me as a user.
Look, I get why some of these policies are in place -- a bunch of it stems from locking down our systems and protecting critical data due to various Sarbanes-Oxley requirements. Plus, sometimes smart people do dumb things, and it leads to bad things (e.g, see the LinkedIn incident) [1].
But man, oh man, is it annoying! Especially if I'm in my own home, with no one around, and I otherwise get my work done.
I thoroughly agree - Two minutes is an insane timeout, and exactly the kind of security stupidity that makes users like yourself build ways to circumvent it, making it worse than useless because now you're plugging in sketchy dongles into your corporate PC.
Ah, that's an interesting point. I haven't tried to correlate that, but it must be true. For example, the screensaver never seems to appear during Zoom calls!
That might also be implemented as "don't start the screensaver if the camera is in use". Easy to detect in either /proc/ or /sys/, I forget which one I was fiddling with.
The trick that I heard is to just place the mouse on a clock. The second hand jiggles the mouse every minute. Can be stashed away in a drawer or something. Never tried this though.
If you're on MacOS or Windows, start a WebEx or zoom call; the timeout for screen locks is reset while a meeting is running. Also, it means that your boss sees "in a meeting" if they look at your status, which makes you look busy, which bosses think means productive.
I mean, you can just make a copy and name it whatever? You can even have it generate a new name every time you run it if you'd like. Imo this is a rather pointless cat and mouse game with developers, because either they can't do their work properly or there will be ways to work around stuff like this.
If you're on a work VPN, presumably you wouldn't want this in the DNS logs. Best to make a local clone! Simply "Save" from the browser, assuming the whole trick is within a client-side script that doesn't phone home, which appears to be the case.
i solved this by putting an optical mouse on a 12 inch wall clock (laid flat under my desk). the second hand moves the mouse a little bit once a minute.
