[lofties]

It sounds to me like you installed spyware on your coworkers computer. What kind of company were you working at where people see this as a joke instead of a security breach? And let's not forget the trust coworkers have in you not to fuck with their machines.

[eckza]

Sometimes, it's okay to play practical jokes on your friends.

[slg]

A practical joke, especially in a work environment, should be good-natured and harmless. I think the screen recording aspect of this joke crosses that line. Every other aspect would make for a good prank, but there is just too much potential downside to watching their screen without them knowing. Even if OP didn't see anything but the Minesweeper games and the coworker has no legal expectation of privacy on a work computer, it still violates that person's trust and their likely assumed level of privacy.

[arethuza]

"coworker has no legal expectation of privacy on a work computer"

That does rather vary by country - Germany has some strict rules about what employers can and can't monitor.

Also, some organisations explicitly choose not to monitor computer usage too closely (e.g. by using proxies that intercept HTTPS traffic) out of the fear that this would expose the organisation to greater liabilities in the case that someone was doing personal banking from their work PC.

[tialaramex]

One of the fun things that happens with HTTPS proxies is people desire a policy that only spies on some things people do, and the people making these middleboxes (who are concerned first and foremost with selling a product not with whether that product works or even if such a product could in principle work) are eager to offer that.

This can't work, but, having sold it/ bought it then there's a lot of pressure to make it work.

The best case scenario with such products is that some fraction of traffic is unmolested but the product owner policies do not actually control what that traffic is (which might surprise them and make their overall security policies ineffective but otherwise is no big deal)

The worst case is that in the attempt to do this "selective proxying" some or all traffic security is compromised. Non-participants aren't affected (except it might introduce denial of service) but active participants give up potentially all security. e.g. the company laptop that's configured to the trust the MITM proxy, might not only be uploading your bank password to some screen accessible by an entry level IT guy it might also just inadvertently remove the security of the bank connection altogether so that now random bad guys on the Internet can see everything, whoops.

[lofties]

Spyware is not a prank. Let's not come up with vague definitions of what is, and isn't acceptable.

Coworker has remote access to other coworkers machine and is abusing this trust to install spyware, setting a president for other "jokes".

Sorry man, I don't see anything funny here.

[wruza]

>president for other "jokes"

CJO in modern terms.

[jpendry]

You must be fun at parties.

[loriverkutya]

He is probably fun at parties and not undermining his colleagues trust at work.

[rendall]

I might agree with you if the modified Minesweeper did anything more than (if I read correctly) allow OP only to view and modify that game alone, and only when the worker was actually playing it

Nothing was seen that couldn't be seen by shoulder-surfing.

[murgindrag]

I've been in both kinds of cultures: ones where these kinds of shenanigans were common, and ones where, if HR or IT found out, you'd find your key card deactivated, and a box of your things shipped home.

As ridiculous as it sounds to someone in either camp, both were okay.

The former was an organization where everyone fundamentally trusted each other, and the concept of anyone doing anything really wrong was just foreign. It's so dissimilar to most business in tech today (which are either trillion-dollar megacorps, or places where people jump jobs every 3 years). This was an organization where people stuck around for decades, and everyone really knew each other. Doors weren't locked, and everyone had access to everything. It worked well.

The latter is like most of the tech industry today. My machine is private, and if you've hacked my minesweeper, I'm going to reinstall my OS. I don't know you well enough to know you didn't root my machine or steal my personal files. I'm also talking to HR since you shouldn't work here.

[kbenson]

I think that's the right way to view it. People are viewing this through the lens of their current employment, but that's assuming a lot. I did something somewhat similar (in type, if not scope) when I was young and in tech support. The notable facts at the time were that a) we were friends, b) the computers were customized by us, but for the most part interchangeable because a web browser was the software needed, which allowed us to install Linux if we wanted, and c) I didn't really hack it as much as use an admin account he gave me to help in do something on his box.

Friendship comes fast when you're in your early 20's and there's lots of free time to screw around. It's twenty years later now, and I probably wouldn't do that to any of my coworkers. I probably would do it to any of my siblings though. How invasive you can get away with a prank being without upsetting the person targeted is largely based on trust.

When I pranked my friend, the company we were at had probably 30 people working for it, and there were maybe 16 of us in tech support total. It's easy to trust others when you're such a small group, because you can actually know most the people you work with. If your company employs even hundreds of people, that's much harder to do.