DevRanters,

What's your take on your employer mandating keystroke monitoring software installed on your machine when you want to work remotely?

A huge deal-breaker. I left a job because of that.

It is fucking stupid.

I agree with @theKarlisK, but I'd also like to add: it's a severe security risk.

In your BAU you'll probably be typing secrets (passwords, keys, etc.), and they will be all logged and accessible by someone to read. And potentially impersonate you in your workplace by using your secrets to log in as you and do things under your name.

If you gained access to that log repository, you could impersonate anyone in the company.

Before agreeing to this type of surveillance, I'd be cautious and discuss the above concern with mgmt. Also, I'd like a job agreement mentioning secrets being logged and mechanisms in place protecting my secrets from being misused when obtained from keylogger logs.

Also, are these logs cached locally, in the filesystem, potentially exposing them to any malware that may come across your work laptop?

IDK, it smells bad. I don't like it.

Also, it gives me a signal that an employer does not trust its employees.

For me, not having admin on a development machine is a deal breaker, so if I had admin I don't give a fuck what spyware they include. It's getting faked/bypassed/deactivated.

Dumb employer is dumb. What's that gonna achieve? Is he going to reprimand you if you stop typing for five minutes?

Verdict: leave the dumb company

Forcing workers to install tracking or monitoring software on their own computers for security is never justified. In the sequence of precautions you take to improve security, issuing centrally controlled laptops comes before wiretapping.

If they're doing it to verify working hours, then it's probably disproportionately invasive and as such illegal. A lot of countries have laws that limit employers (and clients, in the case of contract work) to security and monitoring procedures whose invasiveness is proportional to the value being protected. (I actually learned this from DevRant, but it was so long ago I wouldn't find it)

@theKarlisK In prison, you'd record the display and not the keyboard. You don't care about the inmate's passwords, and you don't want that stuff to end up with your typical prison guard anyway. However, you do want to observe both sides of conversations if you're observing conversations anyway.

most definetly illegal here in Germany

and it should be everywhere

A Dutch court even deemed it a human rights violation

https://arstechnica.com/tech-policy...

I would always assume that monitoring is in place…it’s not a big deal unless you are prone to repeatably typing the word ‘cunt’ in every chat and email

Illegal, retarded and shows company has no trust into its employees. There are way better less invasive ways to measure progress. Also such techniques are prone to security infractions. Imagine you type in the root password of your main production database, and the managers laptop is able to see that password... And that laptop has malware installed because said manager has zero notions of security mindfulness....

Imagine the damages that scenario may cause.

Leave! Run Forrest! Run!

Fuck-off territory.

my take is that it's not my employer and never will be.

Sure.

For 5.000 a month on top of my salary I would be willing to sell my privacy on ONE of my devices.