|
|
|
|
|
|
by illud_tempus
1645 days ago
|
|
|
> Do you object outright to spyware, or to the client wanting to run their spyware on your equipment? I don't know for a fact that it is spyware. For now I just think of it as an "hostile agent". I object because a) I don't want frustrations at work. I want to focus on the problems I am there to solve (which are quite interesting), b) I don't want a hostile agent from a company selling data to "targeted marketing" in my network, c) I don't want such companies even to know my real name, d) I take security seriously - I hate security theater. That's what I object to. |
|
|
Another approach you can try is to conform to their requirements on one machine, but do all your actual work on another.
In the past I've been faced with similar situations where corporate IT required ne to run a "security agent" if I wanted to bring my own device to their network. I ended up bringing a Raspberry Pi which ran their "security agent", but then I did all my work on a laptop that connected through the Pi via NAT.
This was at a high school where I was a teacher. The "agent" did an SSL MITM attack, allowing the school IT to see all my traffic. I'm fine with needing that stuff to keep the kids safe but I objected to the school needing to inspect staff traffic. If they mistrusted me to the level of needing to read my email, what the hell were they doing leaving me in a roomful of children all day?
If you had two spare Pis you could do a three machine shit-sandwich: (1) trusted-pi is all yours and connects to your home network offering strictly controlled minimal internet access to... (2) the security-theatre-pi, running the client's weird spy/monitoring software; and then (3) your personal laptop connects via the security-theatre-pi.
I'd prefer to be direct and up-front with them – it doesn't feel great to have to be duplicitous with people the way I did / suggest you do – but a $50 pi might be able to tick their box and let you get on with the interesting stuff.