|
|
|
|
|
|
by byron4242
1651 days ago
|
|
|
I recently did something similar. The ironic thing is that I work for a privacy-focused startup where such a practice is in total opposition to personal values held dearly by most people who work there. They claimed (and I assume that it's the truth) that this requirement was forced on them by the insurance industry. Apparently insurers are at the moment super-focused on cybersecurity threats and it's simply impossible for them to obtain general commercial insurance without having this in place. Going without the insurance means greatly diminished valuations and prospects for an exit. So I installed the agent on a webserver that I have that has absolutely no data other than the static files that it serves to the web and that consequently are by definition public. So far they haven't noticed that it's not my actual work machine, and I expect that, with this being a mere box-ticking-exercise that they don't really care about and are on some level even opposed to, they have zero intention of taking it beyond "don't ask don't tell". The thing I'm slightly worried about is that the agent logs logins and failed login-attempts. The problem is that employers who under normal circumstances never look at that data might suddenly get the idea of looking into it when employment disputes come up. So I'm a bit worried about creating an audit trail that basically says I never log in to my machine. Maybe I need a cron job which, with a small amount of random variance, logs into the machine in the mornings and out again in the evening, but that would be crossing a line, legally speaking. With the current state of affairs I can plausibly plead negligence (I meant to install it on my personal device and just didn't notice that I was actually connected to the server when I hit "install"), but with an elaborate setup involving cron jobs and such, I'm clearly establishing that I'm acting in bad faith. |
|
|
I have two qualities that makes customers willing to pay a premium. I am very good at what I do. I am honest. I don't want to compromise my integrity.