[shaggyfrog]

Create a firewall between your personal and professional time. Another name for this is “setting healthy boundaries”.

Always create new accounts for anything work related -- GitHub, Apple ID, whatever.

Don’t install work apps on your personal phone. Don’t enrol your personal phone in corporate MDM. If they want you to use a device for work, ask them to give you one.

Don’t do personal stuff on your work devices. Don’t do side project work on your work devices. Only do work for your employer on your work devices. Turn it off when you’re done work and leave it off until you start work the next day.

Be very clear on all your contractual obligations related to this before you start a new job. Ask to see ahead of time all the paperwork they will ask you to sign, so there are no last-minute surprises (“oh, you want to own anything I create outside of working hours?”).

Firewall yourself to protect yourself.

Edit: One more: don’t use corporate WiFi with your personal devices

[Cd00d]

I get that in the "most secure boundary" sense, I should have a work provided phone for work stuff, BUT...

I don't want to carry two phones. I'm part of a team that owns some responsibility for fixing things that break in the night. I find it freeing to be able to reply to a Slack or Outlook email while I'm with my kids at the playground.

I see the above advice all the time, but I can't help but think it only relates to an IC with no career ambition, no outside responsibility distractions (kids schedules), that's 100% committed to 9-5 life and has little opportunity for big promotion based on being part of a chain of ownership for things that are customer facing.

Personally, I've mostly worked at small companies (my preference), and have ambitions. I have a healthy work/life balance, but also don't want my products to fail and occasionally want the flexibility to help my colleagues while AFK.

In the end, the above advice is very popular, but I just see a jaded burnout mercenary in a company with tens or hundreds of thousand employees.

[xenophonf]

> I find it freeing to be able to reply to a Slack or Outlook email while I'm with my kids at the playground.

You can spend as much time on work as you want, but you only get so much time with your children. OP's point is that you should guard the time you have and spend it wisely. Personally, I find carrying a second device and keeping things separate part of maintaining a healthy balance between my work and my personal time.

I also don't want my personal devices or projects tied up in some corporate legal proceeding, so I keep them separate for that reason as well.

[shakezula]

I can attest to the importance of this legal separation. I had a personal laptop stolen that had work files on it from before my work had given me a laptop, and I had the uncomfortable responsibility of disclosing that to my boss.

I hadn't even done anything wrong but it made me hella uncomfortable thinking about my work or the cops getting their hands on my laptop. It just feels too personal.

I had to file police reports and everything, and ultimately it was never found, but I still hate the idea and sometimes think about where that laptop ended up.

[merrywhether]

Part of the thought process is that he wouldn’t be at the playground with his kids in the middle of the day at all if it made him completely unavailable to respond to stuff. Similarly, I go surfing some mornings and respond to people on my watch to keep them unblocked while I’m having some fun at a time strict 9-5 wouldn’t allow.

[Cd00d]

This is exactly correct.

[convnet]

I maintain a pretty optimal WLB at my current job (I don't remember the last time I've done any work outside of normal work hours) but I do like having work Slack and calendar on my phone. In my case I feel it adds freedom to my day since it makes it easier to just go run a quick mid-day errand without worrying that you're missing a meeting or something. I didn't used to have any of it on my phone because I always heard it was bad psychologically, but as a result I always felt nervous stepping away from my desk for too long because I'd have no way of knowing if someone needed me. I think if I was in a position where I was asked to do work outside of work hours I'd feel differently about this though, but the extent of my after work Slack is mostly requesting days off and browsing some announcement threads.

[smabie]

Some people don't want any boundaries, and that's fine too.

[anigbrowl]

You can be ambitious and committed to the success of your team/projects while still maintaining clear boundaries. Indeed if you're that ambitious (as you repeatedly emphasize), I think it's wiser to maintain such a clear boundary. What if you either have to leave your firm due to an emerging problem or receive an offer that you dearly wish to accept, but you're so entangled with your employer that disconnection if going to be fraught and/or have legal complications? What if your employer winds up in messy litigation and your personal data ends up as part of the evidentiary record, as mentioned in that Twitter thread?

I've known people who are very driven and can't unplug, who later on end up being very resentful of their own careers because they've structured everything around pleasing others and never saying no.

[kodah]

This is where I think the new line of Linux phones need to put in a lot of work. Properly sandboxing applications and defending against corporate snoopers should be a top priority of any open source phone OS.

[XorNot]

I mean you need an undetectable virtual machine for a phone really. That's the reality: I'm content with my phone running some type of hard to crack secure element so companies can convince themselves it's secure, but what I want is that thing isolated and it's network and cellular access gated.

[perryizgr8]

This is what Samsung Knox is. I use it for my company email and slack etc.

[fshbbdssbbgdd]

I think you are dramatically overestimating the actual challenge of carrying two phones. Phones these days have great battery life, and they make pretty small models. The phone is like 0.2% the mass of your body. It’s not that big of a load.

I’ve been promoted several times while having separate work and personal phones.

[blitzar]

If more phones is less ambitious, is having 0 phones the maximum ambition? I have tapped away on slack on my work phone while at the playground or sports or recital on weekends etc 100's of times.

Yes I feel like a right prick pulling two phones out of my pocket - I mitigate this by not being the kind of person who sits down and places their phone on the table face up at dinner.

As for the suggestion that the seperation or work/personal is a sign of less ambition, that you somehow care less about work than your personal life - my work phone is set to ring 24 hours a day, my personal phone vibrate only. There are times where I am not keeping my work life from getting in the way of my personal life, but keeping my personal life from getting in the way of work.

Watching someone go to check their work slack on their phone only to have their attention dragged away to group chats with friends on competing attention apps gives me pause to consider. At the end of the day, whatever works for people, I have found what I think works for me.

[treebot]

I also just want to say, as a full time remote worker, I need Slack on my personal phone. Remote work allows you to work anytime and thus break out of the 9-5. But to properly do that and still be a member of a team, I need to be reachable on my regular phone. If I decide to switch up my day and work at night, I need to still be reachable for random things during other people's working hours. It's usually just someone has a quick question. Team members in other time zones have discussions on Slack that are outside of the time I'm sitting in front of my computer. I like seeing these discussions and contributing while I'm at the grocery store or some such. If mission critical software is blowing up, I need to know that I need to get back to my computer. If I don't have any real work to do that day, I can go do something else, and just check my phone to see if I need to get back to my computer because someone who actually is working needs me. I can actually sort of take days off this way, without having to actually ask for the day off.

In general, as a remote worker, having Slack on my personal phone allows me to work less and more efficiently. It gives the illusion that I am always working, whereas I'm actually working only when I want to and am most effective.

[jasonkester]

You don’t have to do that.

I also work remote, in a different time zone to my team who communicate mainly on slack. I would never consider installing it on my phone.

Yes, it is possible that somebody will send me a message when I’m not at my machine. They’ll get a response the next morning I’m in.

To me, that’s just the most basic form of boundary setting. If I’m not at work, I’m not working. Being remote doesn’t change that.

[beermonster]

> I don't want to carry two phones.

Neither did Hilary Clinton

[sysadmindotfail]

Relevant Between Two Ferns: https://youtu.be/xrkPe-9rM1Q?t=317

[jay_kyburz]

When things break at night, can't they just call your personal phone? Can't you login to slack on your personal phone, from the browser if you have to?

Why does cooperate IT need to own your tech just for you to be reachable.

[nxpnsv]

I have found few things as freeing as removing slack from my phone, especially at the playground - i enjoy the time i spend with my kids more.

[vanviegen]

To me, being at the playground is not a prime example of spending time with my kids. I'm fine with replying to some work related messages while basically watching my kids play.

Playing soccer together, reading to them, playing a board game, doing a joint Lego construction project, learning them to skate, etc. That's spending time together. It doesn't mix well with work.

[nxpnsv]

What activities mean what depends on the kids age a lot, and the kids and the parent. We agree that spending time together doesn’t mix well with work.

[JohnFen]

> To me, being at the playground is not a prime example of spending time with my kids.

It is if you actually play with them while there.

[megablast]

You take your kids to the playground at night?? Ok.

[lmm]

If you're trying to get promoted by doing unpaid overtime and/or unpaid oncall shifts, you're a class traitor screwing over your colleagues. Help them by setting healthy boundaries even if you don't actually need them yourself.

[dylan604]

This is just not a good outlook. Class traitor is ridiculous. If someone is of marrying age and/or child rearing age, are they a traitor to their class because they choose to work instead of whatever your preconceived notions are? People are different and have different work/life conditions than you. You're just going to need to come to terms with this.

[mattigames]

The key term in their comment is "unpaid overtime", that's the part that makes them a traitor to their class.

[anigbrowl]

It might make them a sucker, it might make them a sycophant, but you have no right to dictate someone else's values like that. I think this sort of tankie rhetoric is worse than useless.

[dylan604]

if they want to work because they have no life, that's fine and really none of your business. if you work for a company where working off the clock like this is accepted, then it should be taken as a red flag.

when employees are on the clock, there are protections established for both employee and employer. if someone is injured while on the clock, workers comp is at play as well as corp insurance. if someone is working off the clock and injury occurs, shit storms are coming. if you were clocked out and working because company expects it, you can sue them. if you were doing it on your own to be "a good employee", you can get the blame.

in terms of coders, say you're off the clock and you accidentally truncate a table while connected to production when you thought you were in dev. if you're off the clock, you can actually be accused of "hacking" and doing a malicious act by the corp. if you were on the clock, then they would have a harder time with those accusations.

on the other end, i've worked for companies that were very good on the on clock/off clock recognition. if you were on a paid vacation and the company needed you to answer a call or respond to email, they would credit you that vacation day back even if it only took 5 mins. i miss that company. best work/life balance company i every worked.

[smabie]

Salaried workers don't get over-time.

Also what's a class traitor? it's not like I'm working so hard not to become filthy rich. All my colleagues are doing the same.

[lmm]

> Salaried workers don't get over-time.

Abusive employers classify many de facto line workers as overtime-exempt, often illegally, and workers should not be complicit in this. An employer who tried to treat a unionized industry the way programmers are treated would be laughed at.

> Also what's a class traitor? it's not like I'm working so hard not to become filthy rich. All my colleagues are doing the same.

Sure, but remember that you're not actually a "temporarily embarrassed millionaire" - you most likely have much more common interest with your colleagues than with your bosses. When you find yourself in a prisoner's dilemma situation, remember that the correct metastrategy is to cooperate with people like you and with people who will cooperate themselves, not with a group that's well known to select for sociopathy.

[brokenmachine]

I agree with you in principle, but you come off as a dick for the way you expressed it.

[anigbrowl]

class traitor

I talk about class issues and economic justice a lot, but nobody owes prior allegiance to a particular class in a way that you can call them a traitor, unless it's some extreme example like a union official being willingly corrupted by a corporate fat cat - in which case a person is reneging on a promise they made, not some unilateral obligation.

You might not like or disapprove of someone's work/life choices or values, this person's certainly don't appeal to me as expressed. But someone's failure to share my values does not in any way make them a 'traitor'. That sort of assumption of mandatory loyalty and cultish denouncement isn't any kind of socialism or liberation; you cannot bully people into freedom.

This is an asinine and immature way of doing politics and I urge you grow out of it.

[lmm]

They're framing their position as wanting to "help their colleagues" and not be a "mercenary", while in actually they're harming those colleagues for the sake of their "big promotion"; they're not just embracing a different value system but performing allegiance to communal values while actually undermining them. I'd have a certain respect for someone who openly acknowledged that they were trying to win a race to the bottom, but not for that kind of disingenuity and hypocrisy.

[anigbrowl]

That kind of reasoning is a great way to impress other Marxist-Leninists (of which I am not one) and alienate everyone else. I seriously doubt this person has ever professed or aimed to perform 'allegiance to communal values'; You're excoriating them for going back on a promise they never made, which is a kind of rhetorical sleight of hand. Whether that's what you intended or a reflex you've developed, it has no basis in reality.

As I said, I don't think much of this person's choices or attitudes, but you can't betray that which you never signed up for to begin with.

[lmm]

I'm by no means a Marxist-Leninist; I meant communal in the normal everyday sense of "belonging to this community". Again, they talk about wanting to help their colleagues and not wanting to be too mercenary - values most of us will sympathise with - but their actions are actually opposed to those values.

[Cd00d]

You might want to check that anger a bit.

As I said, I do have a healthy work life balance. I also have responsibilities to my family and to my colleagues, and balancing those is difficult. Especially during a pandemic with no child care - I'm full time working and full time parenting.

Can you empathize with that?

[lmm]

> As I said, I do have a healthy work life balance.

If you're working overtime and on-call outside of work hours then no, you don't. That's not healthy and there's no way to make it healthy. You talk about "owning" responsibility for fixing this thing if it breaks, but real ownership is two-sided - do you have a meaningful equity stake (token stock options don't count) in whatever that system does so that you're getting the upside as well as the downside?

If you're choosing to spend your life and health on something you actually own, fair enough, it's your funeral. But if you're a worker then it's not your job to deal with that. I can understand that as a parent you're vulnerable, you don't want to lose your job, and when the bosses say the business wouldn't be viable if they had to pay for a proper night shift (or whatever rate it would take for them to get enough coverage from you and your colleagues voluntarily taking those shifts - funny how the biggest fans of "free markets" don't seem to like being on the receiving end) then it's hard to stand up to that. But doing free favours for the bosses is like paying Danegeld - once you start it will only get worse.

You keep talking about responsibility to your colleagues, but what you're doing hurts them a lot. That's where my anger comes from.

[Cd00d]

I'm not actually working meaningful overtime.

I am working a more flexible schedule where I handle some details from my phone AFK and work dedicated hours at times that fit better with family obligations.

I actually believe setting that expectation helps my colleagues.

And again, I work at small companies by choice. If we fail a product, the company may fail, then we are all out of a job.

[lmm]

> If we fail a product, the company may fail, then we are all out of a job.

My view remains that if you're going above and beyond then that shouldn't be just to avoid the downside - you should also be getting a proportionate piece of the upside. For a small software company skilled workers are often bringing most of the value to the table, so you should have a corresponding ownership stake (I don't mean that purely rhetorically - from a friend who works at a consultancy that's structured as a cooperative it sounds like it's very much a "normal job" in practice).

Of course in a more capital-intensive business, or if you're blitzscaling, then maybe the owners are bringing something else to the table that you couldn't replicate with just a gang of programmers. But in that case capital is almost always a part of what they're bringing, and that means the company should be in a position to be paying what things cost.

[Razengan]

Maybe they want to ascend to a higher class?

[roudaki]

You are wasting your breath. You know he thinks most people are lazy and earning below 200k "for a reason."

A guy won Nobel prize proving your quality of life or happiness does not improve above 75k. Thats what you need.

And in IT you dont need to do unpaid overtime or sacrifice your time with family to get to 75k. Everything above that and you are doing it on purpose cause you value money over family and personal relationships. And that is your choice. But that is not healthy and that should not be norm.

And if you need your workers to work 16h a day with unpaid overtime but they are refusing your workers are not lazy you are incompetent CEO. Or just evil level of greedy.

[merrywhether]

That Nobel winner wasn’t trying to buy a house in the Bay Area.

[bumby]

That study is old, but I still suspect there’s a grain of truth that the financial cutoff is lower than many would suspect.

A rough off-the-cuff calculation is that $75k is roughly double the median US income. If the same rough estimate is applied to SV, that’s about $110k. I bet that’s much much lower than many SV/HN would suspect for a happiness threshold. If you can’t find a way to be happy on double the median income, it implies the system is rigged to make an awfully lot of people miserable.

The problem is often not that happiness isn’t possible, but that we compare ourselves to our peer group to calibrate our expectations. As Roosevelt said, comparison is the thief of joy.

[Cd00d]

You sure are projecting a lot about me.

Might want to introspect on that a bit.

I haven't called anyone lazy.

[techrat]

> I don't want to carry two phones.

Ah, so you're willing to trade privacy for convenience.

[fuyu]

I'm not sure what tone your comment is intended to give off, but does there exist a person who _isn't_ willing to trade privacy for convenience to some degree? One certainly couldn't be using the internet or participating in society if they weren't willing to give up some privacy.

[manmal]

Privacy vs convenience is a spectrum, the question is not _whether_ you trade between those, but rather _how much_.

[janderland]

In many circumstances, yes I am. :)

[smabie]

You are too

[aaronbrethorst]

OK, Dave Morin.

[Spooky23]

This. +100

I used to think people were paranoid about this stuff until I ran a big email system. Most big companies have a department in compliance or counsel that reads your mail, either in response to a complaint or randomly depending on the industry.

Accused of sexual harassment? Your JDate and Match emails support the idea that you’re lonely. An external entity thinks somebody embezzled money? Your late credit card notice projects that you have money woes.

[renerthr]

> Most big companies have a department in compliance or counsel that reads your mail

They read the email of your personal email account if you use it in the company-owned phone? Or they read the email of your company email account?

In other words, when you say 'This. +100', what do you mean by 'This'? The parent comment raised many points and I'm confused as to which one you're referring to.

Edit: To be clear, it's my fault because I'm new to these things and I don't understand them well.

[dylan604]

+100 to the entire way of thinking from the original post. work/personal should be treated like church/state where they are kept separate.

yes, if you read your personal email on a corp device, then there's a good chance corp is reading your personal emails. and 100% yes, the corp can/do read your corp email. they are required to keep copies of every email sent by employees, so just assume at some point some corp lawyer can/will be reading them.

[renerthr]

> they are required to keep copies of every email sent by employees

Required by who? (Sorry, I'm not so knowledegable about these things)

[dylan604]

Corporations have to follow guidelines/rules/laws in order to be in good standing. If the corp is sued, the corp will have to respond to discovery requests from the plantiff's attorneys. In the past, so many companies have deleted emails so that they did not have to turn over incriminating evidence has lead to laws being passed that require a minimum amount of document storage. I don't know the details other than it is a thing.

Edit: search "email retention laws" for more precise rules and specifics

[tpxl]

The corp having to give out emails on legal requests does not in any way shape or form imply they read your mails regularly. They certainly aren't allowed to in some parts of Europe, even though they have to respond to legal requests.

[Spooky23]

There are a few different dimensions here. Note that I’m in the US and have experience specific to larger entities.

For you conducting any personal business on work devices, it is pretty easy for employers to get tools that can detect and even capture that activity. That ranges from grabbing files on the device to periodically or continuously recording screen content.

For conducting personal business on work services, that is trivially searchable with O365 or Google Workplace. Some industries (banking, finance) are required to retain all mail and sample it for policy violations. Sometimes contractors are roped into doing this by contract terms. Sometimes dating coworkers becomes a problem when you communicate on work systems in unexpected ways — anything you do is essentially public.

For conducting business on personal devices, employers cannot generally search through your content. (Unless security or other products are present — for example Crowdstrike or similar EDR tools will log most executable launches) But, if evidence exists that you use personal stuff for business and there is a litigation event or investigation, you can be compelled by a court to turn over your personal gear. That risk depends on what you do for a living and for who. (For example, a government employer may have an inspector general with police subpoena powers, if you are a decision maker in a company, a civil suit may focus on something you said or didn’t say)

All-in-all, the best policy is to keep work away from your personal business and vice versa within reason. The meaning of “Within reason” depends on your circumstances. The issues for a unionized white collar worker at a factory are different than an at-will financial analyst at some big bank.

[ashtonkem]

Plus, if you quit then recovering all those accounts is incredibly annoying.

[tlogan]

Exactly. And do not sign up for online services you are using personaly with work email.

[lostlogin]

I work in healthcare. It blows my mind how many people use a work email for communication regarding medical appointments including results and very personal information.

I’m a complete outlier in how conservative I am with this stuff and I’m nowhere near as fastidious as the HN gold standard.

[Silhouette]

It blows my mind how many healthcare providers routinely transfer sensitive information over insecure channels like email in the first place and ask the patients or carers involved to do the same. The most basic data protection regulations enshrined in law in my country are being openly violated, to say nothing of medical ethics and patient confidentiality.

[lostlogin]

In New Zealand the move to email comes after faxes were deemed insecure. It’s pretty much universally used, despite the issues.

[Spooky23]

I’m not looking forward to the day the US government stops believing in the magical security properties of fax machines with respect to HIPAA.

[acomjean]

I had a co-worker that signed up with everything with his work email. Actually he did all his internet stuff from work (didn't have home access oddly) After some badgering from us he got his own email. when he was hit in the second round of layoffs this helped him a lot.. Even if he was initially schlepping to library to get his email..

[CaptainZapp]

> Most big companies have a department in compliance or counsel that reads your mail

Thankfully that's illegal herearound. And I work in finance.

There certainly are automated controls on all communication systems and all mails (and relevant phone calls) are recorded and retained. This being a regulatory requirement.

I'm also pretty sure that there's pattern detection software running on those systems to flag potentially problematic communications.

But indiscriminate email monitoring is illegal without a very good reason (suspected fraud, circumvention of regulatory or compliance requirements, etc) is illegal.

This still doesn't mean that I would mix the personal with work on my personal device but I'm glad there are such protections in place.

[Causality1]

And if you can't resist using a work device for something non-work-related, please restrict your use to things you wouldn't mind having printed out and sitting on your boss's desk.

[falcolas]

Or read out loud and passed around in court. See the parent of the linked tweet.

[renerthr]

I checked the parent tweet but still don't understand what you mean. Could you please elaborate?

[pgeorgi]

"legal forced me" and "permanent evidence locker" = these texts are part of a legal discovery process (e.g. somebody sued Apple and their lawyers get a certain kind of access to Apple's corporate data)

If there's value for the other side to present the boob pictures as evidence in trial (e.g. in an attempt of character assassination), it will be rather hard to have them not passed around in court now that they're part of the "evidence locker" (as they call it) even though there were 100% personal and unrelated.

[renerthr]

> their lawyers get a certain kind of access to Apple's corporate data

Whose lawyers? The plantiff's? Or the defendant (Apple)'s?

[stjohnswarts]

my cutoff is whether I would send the email to my grandmother or not lol. I would never merge a personal and work account. They would just have to hand me my pink slip if they didn't like that.

[fenomas]

I agree with most of this, but I'm curious about the specific case of Github. If I join a company, are there any big dangers to just having them add my personal GH account to their organizations or private repos, and then if I leave the company they can remove me again? This seems to be how a lot of developers in my orbit do things.

(I mean any dangers at the account/permissions/privacy level - separate from "having two separate accounts might be better for work/life balance" sorts of concerns.)

[Silhouette]

There have definitely been cases where hosting services have allowed someone to link a personal account into a corporate one belonging to their employer, then at the end of the employment the corporate account has been given control of everything within the personal account. I don't recall whether GitHub specifically was one of the services mentioned, but I would avoid creating that kind of link on any hosting service where I had my own data. Maintaining clear separation between personal and professional devices and accounts is a sound policy and there are very few sensible reasons not to follow it.

[fenomas]

Ah, great point. I remember hearing about a case like that, though I also don't remember which specific service it was.

[kkiinnpptt]

I recall pulling out of some AWS signup last minute because of this.

[ashtonkem]

My last couple jobs have been setup with GitHub or GitLab enterprise, which is on-prem and not connected to my personal account in any way.

[hoten]

No. Having a separate GitHub is just a pain. GitHub provides adequate separation itself (you can add multiple emails and configure notifications accordingly)

[barsonme]

What’s difficult about it?

Personally, I like knowing that my personal GitHub credentials stay only on my personal devices and my work credentials stay only on my work devices. I never have to worry about the two mixing and any problems that might arise.

[fenomas]

Separating accounts is a fine principle, but for anything social (github, twitter..) some people have good reasons for doing their work from their existing personal accounts. E.g. evangelists, folks in devrel, those whose jobs include contributing to OSS or participating in open standards, and so on.

[derefr]

Presuming you also contribute to FOSS projects, and that you additionally use the FOSS you work on personally at work, there will come a point at which a bug you find at work will require you to fix the upstream FOSS project on your work laptop. At that point, getting the git-commit attribution correct gets annoying.

[barsonme]

Well, if I work on it at work for work then the attribution should be under my work email. Otherwise, it should be under my personal email.

So far, the only problem I've ever had with separate accounts (including contributing to FOSS) is one time (once!) somebody selected the wrong email alias to review a CL. That took all of (literally) 10 seconds to fix.

[XorNot]

This isn't too hard - Git supports folder path separated config settings, so usually I just have a "foss" and "work" profile.

More annoying can be commit signing, but this is actually something GPG has baked right into it - I issue and sign a new key with my work email address while I'm there, and when I quit revoke the key as superceded (and set the expiry to roughly my contract renewal period/performance eval period).

The real problem is corporate IT doesn't understand encryption or signing beyond how their vendors pitch it too them as "secure" so trying to extend any of this to actually support business processes is a losing battle.

[JohnFen]

Spot on on all accounts. It's been my policy for a very long time now. I consider having a hard separation between my personal systems and work systems to be a security measure that protects both myself and my employer.

[silisili]

Great advice.

My company last year demanded we have MDM to access email. So now I don't read emails outside of work hours.

I assume there's decent reasons behind such mandates, but net net all it does is alienate many people.

[dasyatidprime]

GitHub forbids multiple free accounts. https://docs.github.com/en/github/site-policy/github-terms-o...

[Waterluvian]

Ideally your employer should pay for seats for their GH Org.

[emodendroket]

In ignorance of this policy I've been violating it all along. They're certainly not enforcing it aggressively (though how could they if you're using your work email).

[anonuser123456]

Pay for content and services.

[dasyatidprime]

Having a workplace sponsor a separate GitHub account for your work there would be reasonable, but is this actually common practice? I certainly wish it were, for the above reason, but I can't speak to the reality.

[MattGaiser]

Is it considered free if you are using it with an organization?

[3np]

Not if the org is paying for your seat.

[MattGaiser]

My question was more, if I create a free account and it is linked to an organization, is that a paid account? The company didn't make my account, I did.

[3np]

Note: Speculation.

Without actually reading the ToS properly, I imagine you're good if your org is paying for your seat in their org (as opposed to a free org, but if it's a company with private repos I'd assume it's the case). That'd be reasonable.

If reality is that you actually meed individual billing for each individual account, that would be kind of crazy and I hope that's not the case.

[userbinator]

You also should not do work stuff on personal devices. Yes, this does include checking work email on your phone. Ask the company to give you one if your work requires that you do.

This may be slightly more controversial, but I would extend this firewall to conversations with coworkers --- don't tell them anything that could be used against you either, i.e. mentions of personal projects or accounts. I keep a clear "no real name" policy for personal things which are publicly visible --- including HN --- which avoids the delicate situation of people I know who have had their employer complain about stuff with their name on it, in their personal life, that someone else had found and didn't like.

[MattGaiser]

I'm really surprised at the number of personal GitHub accounts that are being used in my org and at others. I guarantee their access isn't being removed when they depart.

And it seems common at a ton of companies.

[ploxiln]

GitHub actually manages attaching business org to personal accounts very well.

You can make notification emails related to the business org repos go to your work email, while all other notification emails go to your personal email.

When you fork a business org private repo into your account, it stays attached to the business org. Other members of the org can push to your fork of that repo but not your other personal or open-source repos. When your account is separated from the org, you lose access to your fork.

If the business org requires extra SAML/OIDC through their central auth service, you can still access your personal and public repos without doing it.

So yeah the business still has to remember to disconnect you from the org when you leave the company, but that's still true if you make a new github account anyway?

[kondro]

Because GitHub makes it hard (i.e. impossible) to manage multiple accounts.

No account switching on the website, no easy way to use multiple SSH keys to access multiple accounts when using Git.

[MattGaiser]

Shouldn't you mostly be using them on separate computers though? The rare times I need my personal one at work (to view how I solved something before), I just open Incognito.

[kondro]

I'm self-employed and always on-call. Not suggesting this is the right way for anyone else, but trying to unravel a combined life to even multiple accounts on a single computer sounds like a nightmare.

[lokedhs]

This is one of those times where Qubes OS makes these things so much easier. It allows you to easily split everything between the different roles.

[SturgeonsLaw]

Obligatory plug for Firefox Containers

[kondro]

Or, you know, having multiple profiles in Chrome (which have existed much longer).

[ukyrgf]

Or, you know, multiple profiles in Firefox which has existed even longer. I use both.

[powersurge360]

You can set up a new host in your ssh config and specify a key different from your main account and it should swap your accounts based on the key. Additionally, you can set a git config to be included if you’re in a particular directory so that you can change your commit details.

I’m on a mobile device so excuse the vagueness, but if there’s interest I can provide some resources and go more in depth.

[kondro]

A new host with what hostname? Because git uses github.com for all repos.

[3np]

So one thing you can do is put the following in your ~/.gitconfig:

  [includeIf "gitdir:/home/john/corp/**"]
      path = .gitconfig-corp

And then ~/.gitconfig-corp:

  [user]
    email = john@example.com
    name = John Doe


  [url "git@github.com-corp"]
    insteadOf = git@github.com

Now all repos under the path /home/john/corp/ will use that config. Then you can put a new host in your SSH config:

  Host github.com-corp
    HostName github.com
    User git
    IdentityFile /home/john/.ssh/corp_github

This way you can have different e-mail address and name in your commit messages as well.

Due to the nature of git you can't scope it via GH URL (you can have many remotes in the same local repo). Though you can still manually rewrite when you add a remote with just the SSH config change, e.g.

  git clone git@github.com-corp:corp/foobar.git

[renerthr]

Thank you. The `host` field always has to have the format `word.word`? Or it can be just `word` without any dot in the middle?

[fnord77]

put this in your ~/.ssh/config

    Host personal.github.com
          HostName github.com
          User git
          IdentityFile ~/.ssh/id_rsa_personal

then clone from git@personal.github.com/x.git for personal stuff

[powersurge360]

The host also doesn’t have to be a “real” host. You could do something like github-personal for example.

Thanks for the assist fnord77!

[kondro]

Wow! I don’t know why I hadn’t thought of that, even though I use aliases all the time for SSH. Seems my brain got stuck on the domain part. ^_^

[AzN1337c0d3r]

How do you deal with submodules?

[stjohnswarts]

Why should they? All that stuff is easily managed locally under your own control.

[eurasiantiger]

What the hell? Everything you claim is false.

[hammyhavoc]

This sounds like advice learned the hard way. Stay well, and don't burn out!

[pbreit]

I doubt it. I've never heard first-hand of anyone running into any trouble that this would mitigate. Some people are just crazy overzealously fearful of employers and BigCos.

[AlexandrB]

Not first-hand, but this other thread is an example: https://news.ycombinator.com/item?id=28241917

And it's not about being fearful. It's about realizing that the relationship between you and your employer is often adversarial. They want to pay you as little as they can get away with for the most work possible. You want the exact opposite. Otherwise why would you have to "negotiate" for a higher salary when you were hired?

[pbreit]

I guess I've never worked for such employers.

> why would you have to "negotiate" for a higher salary

Why not?

[falcolas]

Read the parent of the linked tweet. Nudes becoming part of a court record.

[pbreit]

I read it but couldn't really determine what exactly happened or how true it was.

[II2II]

There is another perspective: many companies don't want their employees to use company resources for personal use. They don't want that email from their domain name to be misconstrued as official business, to be entangled in their employees' legally or morally questionable actions, or simply to foot the bill for the resources used. It is a bit odd that a business would ask their employees to merge personal and professional accounts.

It's also worth noting that using personal accounts for professional purposes can confuse things. Personally, I forward any email that my supervisors inadvertently send to my personal account to my work account so that everything is archived and is in one place. Given the amount of filtering of some services (e.g. email) correspondence sent between internal accounts also tends to be more reliable. I have seen situations where dozens of employees did not receive a vital message since it was either sent to a spam folder, or simply dropped, since almost everyone found their personal email provider more convenient.

[dylan604]

I've personally started working for a company that demanded any code that I write during employment for company is owned by them regardless if I write it during working hours or at home. I had to list out each project that I had worked on or continuing to work on to establish a history of before/after start of employment. Any new personal project had to be added to the list after a discussion to see how that project and continued employment could co-exist.

The concept here is that if you learned something new at work and then implement it into your own private projects, the company wants that project since they paid for your time learning new something. Also, NDAs and other forms of copyright and what not gets weird.

To me, the gold standard of how to do this is how Woz handled the creation of the first Apple computer. He took it to his employeer multiple times being told they did not claim any ownsership on each occassion.

[saagarjha]

> The concept here is that if you learned something new at work and then implement it into your own private projects, the company wants that project since they paid for your time learning new something.

This is not how the law works if you’re in California at least. They’ll still get you for other things if you work at a large company, but not for that.

[pbreit]

How would they even remotely be able to enforce such and thing? And is there any chance they actually would?

[dylan604]

Depends on what the valuation of the project your developing is I'd guess. Also how similar your new project is to what your day job is.

[harry8]

You don't hear about the trouble that people avoid. So...

[Silhouette]

You also wouldn't hear about the trouble someone didn't avoid if the subsequent legal settlement included a gag clause as well as seizing control of the affected IP and a large financial element.

Never accept terms that give your employer control over anything you do independent of work that doesn't affect your performance at work. There is nothing in it for you and the only reason it would be of value to them is if they intend to abuse it.

[dheera]

> Don’t install work apps on your personal phone.

100%. If a company wants me to install an app they'd better provide the phone.

> Edit: One more: don’t use corporate WiFi with your personal devices

Yep, thankfully we don't need to do that anymore with 4G/5G

[harry8]

Do apple let you have multiple accounts? Facebook don't (as I understand it, I have one less). Don't google also say you have to use your real name etc?

If they do it's the stroke of a key to make it a ToS violation for employees to have any personal, privacy. Which seems to be their endgame for everyone. Their issue with facebook google etc is that it's not apple doing it as far as I can tell.

[brokenmachine]

Personally I think it's a great thing if Apple employees have to dogfood their own privacy violations!

It might be the only way things start heading in the right direction.

Hopefully an exec gets caught up in a CSAM hash collision fiasco.

[Jarwain]

This makes sense for most employees of a corporation; is this also relevant for upper management or C suite executives? I'm curious about if these kinds of boundaries are established even in the "upper levels"

[shadilay]

This is relevant to everyone. Executives are even more likely to be involved in litigation.

[Jarwain]

My bad I was imagining from a personal boundaries at work perspective, and not a litigation one

[shadilay]

The risks associated with cross contamination are numerous. Legal, social, etc.

[emodendroket]

> Edit: One more: don’t use corporate WiFi with your personal devices

Can't you use a VPN and the guest network and be essentially OK?

[jptech]

I don't ger this either. With TLS/SSL , how is it different than connecting to any public wifi?

[sumedh]

The workplace admin can see which domains you visit when you use the work wifi.

[acomjean]

This. Its not a problem until someone is looking to get rid of you. Then they dump the logs.

I've seen people fired for watching DVDs at work. Conversly people watching youtube a lot and nothing happening. Early in the web days an admin assistant came to me because they clicked on something on the web and a bunch of pron windows started popping up. She panicked and turned off her computer and was wondering if it was safe to turn back on or would she be fired. It was safe, and nothing happened to her.

Someone at a job complained I was reading the news on the web to my boss, when that was my habit at lunch. That was fun.

[A4ET8a8uTh0]

I think the rule is people usually don't care unless it hits them directly at which point it is already game over.

I am not super religious about, but I do have boundaries. It is mostly like you said. It is all great until it isn't and employer is building a case against you.

[philipswood]

Some corporate setups need a new root CA added - since TLS/SSL is inspected.

[willcipriano]

"jptech used 6.8 gb last month, must be watching Youtube all day"

[emodendroket]

It’s not infrequent I’ll leave YouTube videos playing while I work on my actual work machine so I don’t think they need to do that much sleuth work if they want to accuse me of using YouTube on the clock.

[DoubleGlazing]

I've had issues in the past with employers wanting me to add work email and work apps to my own phone.

I always refused. My attitude was, like you said, if you want me to carry around a device connected to my work, then you need to pay for it.

But my main reason why though was knowing that managers preferred staff to put work email etc on personal phones, not due to the cost of buying devices for employees, but because it blurred the lines between personal and work domains. You can switch a work phone off at 6:00pm and turn it on again at 9:00am. With a personal phone you have to set up do not disturb profiles and stuff like that to achieve the same separation because you aren't likely to turn it off in the evenings. Admittedly, it's not the hardest thing in the world to setup - but still a bit more effort that just being able to hit the power button.

I still had to deal with the extreme annoyance of having my personal number passed around the company without my permission.

[pbreit]

I don't follow ANY of this advice and am unlikely to do so anytime soon.

[ramraj07]

Exactly. I’m not saying trust my employer or that I dont, I don’t care that much. Logging into slack on my phone doesn’t give them access to all my life. I don’t have to be a slave to the company but I don’t have to be a slave to paranoia either.

[gurchik]

Personally there is a difference between logging into Slack on my phone and logging into email (which requires me to enroll into the MDM). I do the former on my personal cell phone, but I would never do the latter. There are many mistakes the company can make (like wiping my personal phone after resigning from the company) to make me regret that decision. But installing Slack is different, I can shut off the notifications and it is oftentimes convenient for me to have the access there if I need it.

[ramraj07]

Agreed enrolling into MDM shouldn’t be taken lightly. I don’t see that in any modern tech company (at least small ones). For the most part I use gmail and login to the company google account.

[loteck]

I like that you're in a thread about Apple asking employees to straight up merge their personal data into a corporate-owned account and your response is "Phew, at least they didn't ask you to install MDM!"

[emodendroket]

> There are many mistakes the company can make (like wiping my personal phone after resigning from the company) to make me regret that decision.

How much would you even notice this these days, with everything synced to the cloud?

[Riseed]

I would certainly notice because I go out of my way to ensure everything on my device is not synced to the cloud.

[emodendroket]

I'm going to guess there are not a lot of people who are assiduously avoiding any cloud sync and then adding their work e-mail to their phones.

[stjohnswarts]

That's not what people are talking about, they're talking about fully merging your personal and work accounts for things like iphoto, email, etc like Apple is talking about above.

[icelancer]

If you're ever caught up in discovery or a lawsuit, you'll realize why many of us believe in multi-device and firewall policies.

[emodendroket]

I used to be very strict but I kind of had to give in on the work email because it was so inconvenient. From what I’ve read on iOS this gives them fairly limited access to my activities. Well, hopefully true.

[throwaway81523]

Proverb from HPMOR: It's not paranoia if they really are out to get you.

[snowwrestler]

As with any security advice, we each have to know our threat model and understand how it may differ from the advice-giver.

It’s undoubtedly more secure to maintain perfect separation between work and personal information contexts. It can also be expensive and annoying, and may not be worth it for everyone. It really depends strongly on the employer and one’s relationship with them.

[_ZeD_]

Hi, secret apple HR worker!

[sircastor]

I was sort of into the idea of having my calendar on my phone until I learned my company could remotely wipe my phone at any time. That’s a world of trouble from a misunderstanding, or a bitter IT person.

[cameldrv]

+1 on the MDM stuff. I recently had a guy I know lose all his photos after he left a company. The company said that they could only wipe the company partition on his Android phone, but somehow they could wipe the whole thing and pressed the wrong button.

Leaving a job is hard enough without having to disentangle a bunch of devices and accounts. If an employer wants the security of MDM, just have them provide you the device. Otherwise, it's your device, and you can be responsible for deleting the company related content on it when you separate.

[risfriend]

Absolutely agree with separating phones, recently my company mandated MDM policy on phones, and it really messed my phone, there are apps which are separated with work profile but there are very few such apps, what about other apps? Learnt the importance of creating a hard boundary the hard way.

[throwaway98797]

lol

you havent worked in sales.

[rtpg]

Every salesperson I know has two cell phones.

[throwaway98797]

and some of the good contacts get the personal number.

[Teever]

Sounds like some people in sales have three phones.

[kevin_thibedeau]

Just need a dual SIM phone and Google Voice.

[MattGaiser]

The need for "authenticity" with "this is my personal cell number"?

[kova12]

what's it like in sales?

[throwaway98797]

you hop between companies in the same industry contacts are fluid. everyone takes their reputation with them. everything is blended.

you learn to never put anything questionable in writing. Most people dont even hint at things, just not worth the risk.

drinking create plausible deniability of what you said or what was remembered. information spreads deals get closed. and im talking about things that are perfectly clean but may not apear that way if written.

sort of like in person you can say “grab me a burrito” but if you write it as a request its hard for it to not come off as demeaning.

[kartoshechka]

aaand nothing of this is relevant when WFH