Why YSK: It appears several Lemmy Instances are flagged as suspicious and at least 1 instance intentionally using the name of ransomware. A couple of the big enterprise monitoring suites (Fortiguard, ZScaler) will flag your account and may end up with you being pulled into an office for an explanation, or worse.
TL;DR: Keep browsing to your local instance at work for now.
TL;DR: Keep browsing to your local instance at work for now.
YSK even the local tab on any instance will load many transcluded images from other instances.
if you’re worried about your employer monitoring for suspicious hostnames, you’re rolling the dice every time you do any personal web browsing (outside of sites that don’t transclude 3rd party images, like wikipedia, and, ironically, facebook…).
I’m against transclusion. Unless that clusion is inclusion, then I’m for it.
VPN 4tw.
If you just run a VPN things like zscalar will still get you. They’ll just send the web traffic through the VPN to their proxies and still log everything you do.
There’s ways round it, but all of them will no doubt violate corporate policies.
The only real solution is not to use work computers for non work use.
If you use a private VPN on a company computer, they can still monitor what you’re doing on the local machine, and/or report home through the VPN. And some companies won’t even wait to ask what you’re doing with a personal VPN on their machine - you’ll be in trouble just for installing it.
Or you could be like the company I previously worked for and not monitor anything with any seriousness, but a lowly tech managing some one-off software installs for the office PCs (me) might notice software that shouldn’t exist and report it. Happened to a new guy, the VPN to his home got higher ups combing through his work, and was the final icing on the cake after they also found emails from work to a personal email with customer information attached. They didn’t even entertain an excuse, he was sacked same day. (This was all pre COVID, there was no such thing as work from home)
So yea, definitely…VPN might not be the hammer that falls, but it can start the hunt and still burn you. Someone might use it to browse lemmy, other people might use it to steal company data. It’s not worth the risk for a company to attempt to differentiate between the two. Obligatory ‘your mileage may vary’, especially now with the COVID push to work from home, but it happens!
Don’t use company computers for personal stuff, it all gets logged and can be used against you at the very least as evidence that you weren’t working come performance reviews.
Depends on your work. I agree with you, but for example my work is different.
Yes, we have managed devices as well, but my department specifically went for unmanaged devices. Just plain old laptops. Install whatever OS you want, do whatever you want. I only have the base windows install on there for some compatibility reasons, I mostly just use PopOS.
And we’re also explicitly allowed to browse private content - as long as the work gets done and we stay in budget, do whatever.
Do the other departments use managed devices? IT might get pretty mad if your department went over them and bought computers themselves, lol.
It’s not optimal from a security and legal point of view.
IT specifically has an option for unmanaged devices, exactly for developers like me :)
Alright. Seems reasonable as long as the devices are sandboxed from the company network and resources.
They aren’t, and our private phones are also connected to the network ;)
But then again, it’s a fairly large organization vpn’d up over multiple locations, with server farms in different VLANs and so on, so the network we usually access when working are in a different subnet.
I do know what you mean though - it really depends on what the company does. Prior, I worked at a company that developed and manufactured hardware cryptography devices - I learned proper security procedures there :) our ‘actual work computers’ weren’t even connected to the Internet, and the unmanaged laptops accessed the same WiFi guests would access that, well, only went to the Internet. Just wpa2.
They aren’t, and our private phones are also connected to the network ;)
Why though‽ Most consumer routers even have a guest network enabled by default.
it really depends on what the company does.
That’s true, but an attack could probably cause a lot of damage to any company (especially a big one) without proper security. Regardless of what they do.
Well at least you don’t have to deal with ITs PC policies, which can get pretty annoying. Allowing any device to join the company network seems incredibly stupid though.
Let’s just hope that none of your unmanaged machines get compromised.
At my previous company, only domain work computers could join the PC WiFi (with a certificate, so no passwords) and work smartphones could only join the work WiFi for mobiles.
Private devices and very limited amount of non domain computers were only allowed on the guest network and couldn’t connect to any other.
The company didn’t do anything special that needed extra security.
If you are on their network they can see what you are doing. At the end of the day, the business will protect itself.
Do what you want at your own risk. But never assume that any company is on your side.
Of course they can. That’s why I usually use my phone as a hot spot when I’m browsing private stuff ;)
This is so simple, whatever policy they have if something goes wrong they will try their best to find a scape goat.
Why do you people have phones with gigabytes of daya for?
Additionally, do your best not to be part of the company where you might get into trouble for just using internet.
And the same goes for company wifi if you have to log in with your own username.
I usually used a VPN if I was on the WiFi. Made me feel better even if I’m just browsing memes
Connecting to an “unauthorized” VPN is against IT policy for some companies, especially if your job involves handling sensitive data.
Always use a VPN when on a network you can’t trust. There are plenty of free and trustworthy ones you can activate with one click, and then all the company sees is noise.
I trust my company’s wifi network a lot more than a free VPN app.
Different threat models. There’s the threat of being punished or fired by workplace surveillance;
Separately, there’s also the threat of some unknown third-party snooping on your data for whatever other reason (identify fraud, etc).
The post discusses the first and I’d argue that’s more compelling for most people, but the second is also valid.
deleted by creator
I use the free tier of Proton VPN, it’s been well audited and proven safe!
RiseupVPN, calynx and protonvpn are pretty great and trustworthy. 2 first ones are non profit based on donations only. And proton VPN is well audited (but require account while the first two doesn’t)
Cloudflare’s free VPN is trustworthy and very fast. You don’t get to pick server location though so it is only useful for cases like this.
If the company owns the endpoint there’s lots they can do to monitor your traffic even with a VPN. For phones if you sign in to work mail with your phone and allow them to manage your device just assume they have control of it now.
Never putting any of their software on your personal device is a good rule in general
Work computers are by definition not personal devices.
And refusing to install your company’s software on your work computer is a good way to get fired for cause.
But some people have the option to access work email, etc on their personal devices, as long as they install their company’s monitoring/security software.
Even if you don’t, there’s plenty of different ways to identify a user on company wifi.
For example, have your cellphone named “Stephano’s iPhone”? Narrows it down to the Stephanos working in range of that access point.
Not if my name’s not Stephano and I’m secretly trying to get Stephano fired because he insists on microwaving fish and popcorn every single day and stinks up the office.
EVERY SINGLE DAY YOU EAT FISH AND POPCORN STEPHANO? EVERY DAY?
Classic Stephano
agreed with the point. However, lemmy might soon be the new reddit for information, asking questions, troubleshooting.
So I guess a solution for accessing lemmy for such resources on company computer without being flagged would be good, especially this gets a bit more complicated with the decentralized nature of the fediverse (multiple domains of lemmy)
It’s fucking insane people don’t know this in 2023.
Work computers are for work, and pretty much every employer monitors what you do on it.
I occasionally click on the little wether icon and see what the forecast looks like. Hope I don’t get fired!
At my old job we had to research customers which frequently involved looking on Facebook and other sites. I was very intentionally not logged in, which probably wouldn’t work now, and kept any and all searches to items that I could prove were related to a work item. It’s insane that people don’t follow that advice.
Things like weather will be fine unless you have an unreasonable boss/job.
But people should only use work computers the way they would if they knew the entire company was watching a live stream of their desktop.
Even for working from home, I put my work laptop on the isolated guest wifi because I don’t trust them the same way they don’t trust me.
Work computers are for work, and pretty much every employer monitors what you do on it.
Depends heavily on where you work. My employer don’t track what we use the computers for (of course there’s a ‘TOS’ of sorts which says that it’s company property and should only be used for company stuff) but as long as you are at least somewhat reasonable on what you use the system for it’s fair play. Things like checking your personal email and occasional visit to lemmy/whatever your social media poison is doesn’t raise any flags as long as you get the job done and that’s it. Of course you can’t install anything on the system but as long as a browser session on incognito mode is enough and it doesn’t harm your duties, while technically forbidden, no one really cares.
And yes, I know this for sure, as I’m one of the guys who enforces the policies for our gear. YMMV.
Then your job probably isn’t that serious then like others where they get monitored.
Intelligent reasoning! Remarkable!
Here’s another take: it’s all down to the laws you let your law-makers write. If I quit my my boss is not allowed to read through or keep my account active - in their system.
Good advice always has its exceptions. But in general you should never use a work device for personal use because it’s very easy for that information to be either compromised and/or used against you.
My personal guidance is “if you don’t own the device, pretend the owner is looking over your shoulder” it’s incredibly easy for them to install keyloggers and trackers remotely and silently.
Yeah I get domain blocked popups sometimes while browsing at work. I mainly see that it’s happening for lemmy.today.
My company uses zscalar. It’s essentially a company endorsed MitM attack and for that reason alone I don’t use the work laptop for anything but work.
We use zscaler too, I never knew what it did, only that it fucks with printing when it needs to be reauthenticated. I hate it so much. Nothing but a nuisance.
seriously, why don’t people just use their phones for non-work stuff in the office? you can leave those disconnected from wifi so nothing is visible to the company.
I’m not in an office. I just swap to my own desktop if I need to do anything non work related.
that reason alone I don’t use the work laptop for anything but work
I think that was the goal.
Stay off company resources when using technology for personal use.
Underrated comment right here…
Yall got phones jfc
What’s the name of the instance that uses ransomware name?
Derp.foo
There’s malware named derpfoo?
It’s named DERP according to a quick search
They might be referring to lemmy.zip. Imagine this email.
I’ve attached the invoice. invoice.zip
Many things will render that as a clickable link. In case it didn’t, here is an explicit one. https://invoice.zip Go to this website. It explains the risks. In case it isn’t clear, zip is both a common file extension as well as a top level domain now. This means that it is great for phishing.
But I’m confused why OP thinks this is a problem on all specifically. Your client only talks to your instance. Only Lemmy instances talk to each other. Your instance does all aggregation for you.
One of the ones marked as sus, yes
I’m glad my work doesn’t care what I do online as long as I get my shit done. It’s not the highest paying job in the world, but perks like that keep me there.
Not caring what you do on your pc, within reason, is not the same as not monitoring for dangerous actions that could endanger your network or company (and client data). I don’t care what my colleagues do on their pc either. As long as it doesn’t cause me more work.
Logging security incidents is work. So we do block a lot of websites and keep an eye on what you try to run. If we see something wrong we just talk to you and explain why we don’t want you to do that. 99,9% of the time everybody is happy after that.
The idea of this being something you can get fired for or that’s taken into consideration for your evaluation is insane though. We have rights as workers. Keeping the network safe means I can see some extent of what you do. Your boss or their boss has no right to that information unless you state you will continue endangering the network. Even in that case I wouldn’t even tell them the websites tbh.
Yeah let me just install and use this 3rd party software on a company network…
You use a VPN on your own phone. Accessing any web site unrelated to work on your work computer is beyond retardation.
I would argue the same for using company WiFi. Definitely use a VPN if you have up use their connection but mobile data is better.
Why in the heck would anyone browse any social media on your company machine?
That’s the whole reason I left Reddit because it forced me to have to use Reddit on a computer and it’s one of the first things I remind new hires not to use social media on company property, it’s always monitored from keyboard to Internet connection.
Good lord people…
I used to do social media marketing for a company. I used a company computer for that ¯\(ツ)/¯
Your ¯\_(ツ)_/¯ is missing several limbs, but at least the armpits are bushy.
Because it’s fine?
Yeah some companies might monitor what you do but:
a) It’s not that common or not that detailed as some people imply it
b) It’s mostly for detecting malware or breaches, they don’t care about your social stuff.
c) Most people just check normal stuff in social media nothing to worry even if somebody from works check it
d) People have downtimes, checking Twitter or similar for a little while it’s not a firing offense…
e) Most of the time is not checked by anyone except if something flags it. Which again usually is set for malware and breaches not if you spend x time on YouTube or Twitter…
Yeah…use your phone if you can… But some people are painting this as the end of the world like the untouchable the forbidden fruit.
Coming from IT:
A: Disagree; it’s logged, analyzed, and stored in the name of efficiency.
B: Yes, but also no. Stopping malware is the original idea. But why would a business stop there when they can pressure 2% more time out of you by assigning ametric for everything?
C: Fair
D: It is if there’s budget cuts/Boss dislikes you. Leaving evidence of you not working on company time can be an anchor around your neck.
E: Yes, until no. See D.
I agree using work internet for personal shit isn’t career suicide, but it just opens the door for shit that isnt needed. Frivolous work internet usage is an example of “Free to those who can afford it, very expensive for those who can’t”.
Just use Data if you can, or shitpost after your shift
Good thing I live in a country where it’s forbidden (unless everyone approves of it, which if course almost never happens) that they monitor everything.
Sure internet movement could be looked up but even that needs to be because if a specific reason. They cannot just randomly look up everyone’s browser history.
I browse on my phone using data, I refuse to use company computers or wifi for anything that isn’t work related exactly for this reason.
i only browse on my private phone which is not connected to wifi
How? The client should only be talking to your home instance. Your home instance does all aggregation for you. Only Lemmy instances talk to each other and clients talk to one instance. That’s how federation works.
Non-textual content (media, and icons I believe) is still served from the other instance to prevent all federated instances from exploding in size.
Additionally, some browsers will preload/prefetch links to “improve the browsing experience”
You’re totally right and that was a dumb oversight on my part. Please forgive me, OP.
Nah, you’re good. Lemmy is still new stuff. 👍
deleted by creator
Even if you stick to subscribed, there’s nothing stopping people from spamming NSFW stuff in the comments and in posts except for the mods/admins though bad actors can always just register more accounts on any federated instance.
Hoping we see more improvements to mod tools/abilities.
