[jpollock]

There are industries where compliance requires all work-related communications be logged and monitored.

This logging is typically done through proxy servers on the network, and avoiding them is a _bad_thing_. They will also track web traffic through a proxy and MITM any https traffic by forcing the use of specific keys. They're trying to look for insider trading. Avoiding the proxy is the problem.

Staff using their own apps for regulated communications just cost JPMorgan USD$200m.

https://www.cnbc.com/2021/12/17/jpmorgan-agrees-to-125-milli...

[ivraatiems]

It's absolutely reasonable to have security requirements. It's not reasonable to fire someone for a single, accidental violation. I hope the people in the above story realize that they've made a mistake.

[floatingatoll]

It is if you have a zero-tolerance policy and they break it.

Their IT department will certainly ban Brave to prevent future uses of Tor, now that they’re aware!

But there are many industries where a zero tolerance policy for Tor session origination from a desktop is absolutely legitimately appropriate, as it could otherwise be (even just one-time) exploited for massive potential harm to wealth and people.

There’s a popular view with some freedom folks that we shouldn’t have the right to search people who are visiting family in jail, and while they’re right from a purely theoretical “my rights” standpoint, from a pragmatic stance it is generally understood that it’s fair to try not to let weapons be given from visitors to criminals, even if abrogation of rights occurs — and if you forget and bring a knife someday, you may get banned from the jail, even though it’s just a mistake, because of how serious the safety and lives are at stake.

[ivraatiems]

Who would be comfortable working under such a policy? You'd never know what accidental action on your computer could lead to you being fired. Using a computer to do work is not like getting dressed and carrying a knife with you. You knew you put the knife there, you chose it. If you weren't thinking about the rules, that's on you.

A regime where any accidental fat-finger or triggering of an unknown keyboard shortcut results in dismissal will quickly produce an environment where nobody is able to work or do anything useful - as seems to be happening here.

[floatingatoll]

It doesn’t sound like a fun workplace, but nor should every workplace be fun. I’d really appreciate it if bankers and health insurance companies had to keep audited records and were disallowed encrypted / disposable backchannels, like Tor.

I assume that IT didn’t install Brave, the user did. No IT department at this strict of a company would approve a browser that actively inserts its own advertising into websites, much less has a Tor option builtin. So, then, why on earth would the user risk their employment by installing unapproved software without IT signoff?

If IT approved Brave and pre-installed it, then they would have grounds to contest the firing. That they’re let go suggests otherwise. One could likely predict the demographic of the let-go employee just by filtering for “would know and care about Brave” and “would not seek IT permission first”.

[ivraatiems]

Typically, workplaces this strict don't allow users to install software on their machines themselves at all.

This whole story still just sounds to me like a huge overreaction. I think we can invent a hypothetical situation where the company's behavior makes sense, or the employee's motives are impure, but I think it's much more likely that they just got scared and were rash and hurt an employee.

[GekkePrutser]

You can remove admin rights but portable software will still run just fine. It's actually really hard to stop unapproved software from running on Windows. You'll basically have to cut off all the methods of ingress like USB sticks and internet.

[GekkePrutser]

I thought in American prisons visitors mostly talk through glass? But maybe that's just something used in movies. Never been to an actual prison even here lol.

[ivraatiems]

I'm not an expert, but my understanding is: Often, but not all the time. Depends on how high-security the prison is, and what the purpose of the visit is. Meeting with an attorney, for example, you're likely in private and there may or may not be glass.

The addition of plexiglass (for instance) was considered an unwelcome one recently in some prisons: https://thecrimereport.org/2021/07/20/captives-behind-plexig...

[oyashirochama]

Imagine not having a key logger and mouse tracer on your computer at work. Our machines also lock your account, computer and ID if you plug mass storage devices.

[GekkePrutser]

What good will a mouse tracer do without context of what's on screen? Never heard this being put in place for workplace surveillance. Complete screen recording yes but just mouse (or even keyboard which does make some sense) no

[loudtieblahblah]

This is why I'm never not working from home again

Having a work machine and a personal machine side by side is invaluable to me..

[jmnicolas]

What do they do about personal devices?

[jpollock]

I'm not in the industry, but I am aware of this from various news articles. Quick googling...

Typically, devices are banned from restricted areas (trading floors). Where BYOD is "allowed", apply a corporate profile which prevents the installation of problematic apps. What these people do outside of office hours can get them in trouble too.

NYSE Rule 36 seems to cover this:

https://nyseguide.srorules.com/rules/document?treeNodeId=csh...

(d) Floor brokers must maintain records of the use of telephones and all other approved alternative communication devices, including logs of calls placed, for a period of not less than three years, the first two years in an accessible place. The Exchange reserves the right to periodically inspect such records pursuant to Rule 8210.

UK rules seem to ban BYOD?

https://www.lawyer-monthly.com/2018/03/fca-says-employees-ca...

[GekkePrutser]

Jeez even at home? Glad I don't work in that industry. I hate anything economic or financial anyway :P