There’s not much you can do about Bossware spying


Whether you work at home, in the office, or a bit of both, chances are that if you use a company-owned computer, your employer is watching what you do on it. Since we last covered what not to do on your work computer in 2019, the use of “bossware” has become even more widespread. In a survey, up to 60% of employers say they use some sort of tracking software to monitor keystrokes, take screenshots, activate webcams or mics, or log the time employees spend in various apps and websites. And in most companies, there still aren’t many employee protections regarding the use of this software.

Most people understand that their employer can access almost everything they do digitally on any service they run (Slack, Gmail, Teams, or any other similar tool), especially on a company-provided laptop. company. But since there are no federal laws regarding these monitoring tools, employees can only know about their presence in a few states. As of May 7, 2022, employers in New York must now notify new employees if the company monitors email, internet usage or phone conversations. New York joins only two other states, Connecticut and Delaware, with similar laws. Meanwhile, a proposed California law to address the issue, specifically drawing boundaries around workplace surveillance and employee tracking, was withdrawn in April before being passed into law.

Although more and more people now know not to conduct personal business on their work computers and not to expect privacy in enterprise software like Slack or Google Docs, the prevalence of bossware goes one step further. Imagine a world where your manager can look over your shoulder all day, and you’ll have a good idea of ​​what this software can do. In 2020, the Electronic Frontier Foundation reviewed a number of these tools, noting that several can be set to “invisible” so that most employees won’t even notice the software is running. New York’s new law does not explicitly mention bossware, but since most such software includes tools capable of capturing email and Internet usage, employers will likely be required to inform their employees of its use. in the state.

The same survey that found 60% of employers use monitoring software also found that the top reason employers deploy this software is to “understand how employees spend their time,” followed by a desire to “confirm that employees work a full day. Either way, employee productivity seems to be the end goal. Other frequently cited reasons tend to involve security and compliance issues, especially in workplaces where employees have access to customers’ personally identifiable information, medical records, or credit card numbers.

But much of this software, including tools like Prodoscore, funnels data into “productivity scores” that could theoretically be tied to bonus measures or punitive measures, which experts note as goals many more obscure. According to a report by the University of California, Berkeley Labor Center (PDF), these types of scores are dehumanizing because they take away fundamental autonomy and dignity in the workplace. There’s also the uncomfortable idea that the more data employers have about workers, the more likely the data is to harm following a breach, data-sharing agreement, or sale.

If you’re not in a state that requires notice, your only option – if you’re comfortable with it – is to ask your boss what kind of monitoring your employer does, if that applies to the computers used both onsite and remotely. , and how this data is used. If you can figure out what the software is, you can check out the reviews to get a better idea of ​​the types of information your employer can get from it. Our old advice still stands: have private chats on other platforms, don’t log into any social media accounts, and don’t store any personal files on your work computer. But if your employer is aggressively monitoring webcams or microphones, you may need to take extra precautions to protect your privacy.

A privacy tip: Disable spy features on your TV

Most modern TVs include a technology called Automatic Content Recognition (ACR), which tries to identify what you’re watching and then sends that information to the TV manufacturer and its business partners, usually for marketing purposes.

You can dig into your TV’s settings to find the option to disable this technology, but TV manufacturers tend to use all sorts of names that hide what it does, such as “Viewing Information Services” or “Live More”. The New York Times has a guide to disabling this tracking on models from most major TV manufacturers, and although that article is a few years old, we found that many of the settings seem to be in the same places. While looking for the ACR setting, if you come across the option to opt out of any “interest-based” or “personalized” ad tracking, we suggest you opt out of that as well. We also suggest disabling these types of ad personalization settings on set-top boxes such as Roku and Apple TV devices.

Other privacy news we are monitoring

⌨️ Most people would assume that when filling out forms online, what they type in isn’t transmitted to the company until they click the submit button. But new research suggests that for a growing number of websites, that’s not always the case. Leaky forms can send details such as an email address or other information that you enter to the website owner, even if you never finish filling out the form. While there’s not much you can do to prevent this, researchers are working on a Firefox extension that will tell you if you’ve landed on a site that appears to be doing this.

💍 Wedding planning site Zola has confirmed to TechCrunch that its user accounts have been hacked. (Wirecutter has recommended and covered Zola in the past.) If you have an account on the site, now is the time to change your password; Also, if your bank accounts or credit cards are linked to a Zola account, be sure to check them for any fraudulent activity. If you don’t already use a password manager, set one up and use a unique password on each site.

🔎 Privacy-focused search engine DuckDuckGo received negative attention when a security researcher noticed that the company’s mobile browsers weren’t blocking Microsoft’s ad trackers. It turns out the behavior is tied to a contract DuckDuckGo has with Microsoft, which the company had (apparently) previously not disclosed. For now, the search engine itself is still a more private choice than its rivals, although we’ll keep an eye out for any further disclosures for apps.

This article was edited by Mark Smirniotis.


About Author

Comments are closed.