DevRanters,

What's your take on your employer mandating keystroke monitoring software installed on your machine when you want to work remotely?

If it's on a work issued computer and you have a signed agreement, which allows you to be monitored ... then sure. However, if they ask you to work remotely but don't issue the computer to work on and none of your employee-employer job contracts/legal agreements ever mention anything about monitoring your every move ... then that's malware and they aren't legally warranted demands/requirements.

A huge deal-breaker. I left a job because of that.

Or heck, that's not even a warranted prerequisite for working remotely. There can, of course be exceptions, where one must work in a highly sensitive information, but even then, you just wouldn't be permitted to work with that outside of the designated work area.

It is fucking stupid.

I agree with @theKarlisK, but I'd also like to add: it's a severe security risk.

In your BAU you'll probably be typing secrets (passwords, keys, etc.), and they will be all logged and accessible by someone to read. And potentially impersonate you in your workplace by using your secrets to log in as you and do things under your name.

If you gained access to that log repository, you could impersonate anyone in the company.

Before agreeing to this type of surveillance, I'd be cautious and discuss the above concern with mgmt. Also, I'd like a job agreement mentioning secrets being logged and mechanisms in place protecting my secrets from being misused when obtained from keylogger logs.

Also, are these logs cached locally, in the filesystem, potentially exposing them to any malware that may come across your work laptop?

IDK, it smells bad. I don't like it.

Also, it gives me a signal that an employer does not trust its employees.

For me, not having admin on a development machine is a deal breaker, so if I had admin I don't give a fuck what spyware they include. It's getting faked/bypassed/deactivated.

Dumb employer is dumb. What's that gonna achieve? Is he going to reprimand you if you stop typing for five minutes?

Verdict: leave the dumb company

Forcing workers to install tracking or monitoring software on their own computers for security is never justified. In the sequence of precautions you take to improve security, issuing centrally controlled laptops comes before wiretapping.

If they're doing it to verify working hours, then it's probably disproportionately invasive and as such illegal. A lot of countries have laws that limit employers (and clients, in the case of contract work) to security and monitoring procedures whose invasiveness is proportional to the value being protected. (I actually learned this from DevRant, but it was so long ago I wouldn't find it)

Pretty much the only environment where I can see keyboard logging justified is prison.

@theKarlisK In prison, you'd record the display and not the keyboard. You don't care about the inmate's passwords, and you don't want that stuff to end up with your typical prison guard anyway. However, you do want to observe both sides of conversations if you're observing conversations anyway.

@netikras from a draconian, black&white, perfect world point of view based in the 90s when there was only phone, email and fax for business and work communications.. no personal stuff should be happening on the work PC and no sensitive info such as passwords should be input because everything and everyone is connected to Microshit Active Directory.

.. in the real world, in the 21st century, however, there's an ocean of communication channels and authentication interfaces. I can understand the batshit demand for it ... but clearly those who demand it don't understand the incurred risk costs and the potential fallout.

My personal opinion - if I was suddenly required to have surveillance software installed on my work-issued computer I wouldn't much care for it. In turn, I'd
1)find how to circumvent it
2)would take an equally draconian approach, such as no personal stuff on pc whatsoever & be available only during business hours - don't care if prod is down on Sunday, I'm back on monday

@lorentz sure, key logging would be the least effective way of monitoring if just that was being done ... but in principle as a whole, I can't imagine it as a completely normal thing being rolled out anywhere else but in prison. Again, I can see it being a requirement, I just can't think of any situations where that would be practical in the 21st century.

At the same time, just because I can't think of any, doesn't mean they don't exist.

most definetly illegal here in Germany

and it should be everywhere

A Dutch court even deemed it a human rights violation

https://arstechnica.com/tech-policy...

I would always assume that monitoring is in place…it’s not a big deal unless you are prone to repeatably typing the word ‘cunt’ in every chat and email

Illegal, retarded and shows company has no trust into its employees. There are way better less invasive ways to measure progress. Also such techniques are prone to security infractions. Imagine you type in the root password of your main production database, and the managers laptop is able to see that password... And that laptop has malware installed because said manager has zero notions of security mindfulness....

Imagine the damages that scenario may cause.

@jazznoodler "Dance like no one's watching, but assume everyone is..."

Leave! Run Forrest! Run!

Fuck-off territory.

my take is that it's not my employer and never will be.

Sure.

For 5.000 a month on top of my salary I would be willing to sell my privacy on ONE of my devices.