[1vuio0pswjnm7]

As an employer I would prefer employees not to use the corporate network for personal email. The network exists for business use.

As an employee I prefer not to use the corporate network for truly personal email.

If I am the employer that responsibly monitors the traffic to and from our network, including TLS traffic, an employee that uses our network for personal use with a surveillance "tech" company service such as Google Mail, Facebook, etc. is putting her own privacy at risk. Because I can extract her cookies from the traffic, all she has to do is forget to log out once and I now have a "bearer token", i.e., a cookie, with no expiration,^1 that lets me access her account at any time in the future.

1 The type of cookie that lets users stay "logged in" indefinitely. A non-"tech" company with sufficient legitimate sources of revenue besides online ads may not use such cookies. For example, if an employee logs in to her personal bank account using the corporate network but forgets to log out, the bank website will log her out automatically, the cookies will expire.

[xxpor]

>As an employer I would prefer employees not to use the corporate network for personal email. The network exists for business use.

And as an employee that actually exists in 2021, I'd tell you to get a clue.

>As an employee I prefer not to use the corporate network for truly personal email.

And that's your preference. If you think everyone shares that preference or even realizes the implications you're delusional.

>If I am the employer that responsibly monitors the traffic to and from our network, including TLS traffic, an employee that uses our network for personal use with a surveillance "tech" company service such as Google Mail, Facebook, etc. is putting her own privacy at risk.

No, you're putting them at risk by MITMing their traffic. There's absolutely nothing that forces you to do that. If you don't have separation between the network where humans live, and where The Business lives, that's what's irresponsible.

[tbrownaw]

... As someone who exists in 2021, I have a smartphone. Why would I want to do my stuff on someone else's machine?

[nitinreddy88]

Probably you might need to re-read your employee agreement. Some of these policies are clearly stated and you signed up for them when you are employeed

[yomly]

Don't know why you are getting downvoted and people are getting emotional.

I have family members who work in compliance. Everything is fair game for surveillance. I know of someone who got fired for accidentally uploading his whatsapp chat history via work email (this is how chat history backup used to work) and they got fired from JPMorgan for having references to drugs.

You can choose not to work for companies like this (indeed I have always fully owned my machine at work) but you're just kidding yourself if you think bigco aren't monitoring everything you do.

[Techonomicon]

And the standard startup contract says business hours are "9-5"

The poster's point is that what they say doesn't match reality, contract or otherwise

[1vuio0pswjnm7]

I doubt he read it the first time. :)

[Thorrez]

I assume you're talking only about employees using corporate devices on the corporate network. If the employee can connect a personal device to the corporate network the employee will be safe from the MITM.

[1vuio0pswjnm7]

"If the employee can connect a personal device to the corporate network..."

Why not use the cellular network.

[Thorrez]

It's slower, and you have to pay for cell data.

But anyways, my point is not whether or not you should use a personal device on a corporate network, my point is that if you do use a personal device on a corporate network you will be secure from MITMs.

[1vuio0pswjnm7]

Why shouldnt you pay. If its personal use why should the employer subsidise that.

My point is if you dont use a personal device on the corporate network paid for by your employer and instead use the personal device on the cellular network you pay for, then you will be "secure from MITMs".

More than one way to be "secure from MITMs".

[Thorrez]

I'm not saying the employer should subsidize it. Some employers might. If your employer provides that perk, it might make sense to use it. Similar to how if a restaurant provides free wifi it might make sense to use it.

I think the real way to be secure from MITMs is to use a device that you control the root CAs of. If you control the root CAs, you'll be safe no matter what network you're on. If you don't control the root CAs, you'll be vulnerable no matter what network you're on (but some networks will carry a higher likelihood of an attack).