Our trick was to use the unlocked account to message everyone on the general slack channel that we would bring donuts the next morning. The account owner was expected to commit to that.
What a great trick. You make an (effectively) inconsequential oversight, now you have to work for free for hours to days (pizza and drinks for 50-ish people was the worst I've seen), that's so clever. The best part has always been when they try to harass people into complying, especially the low-paid people with kids. /s
I'm glad I haven't worked at a place that had such informal "policies" in a while. There have been a few attempts by twenty-something engineers with no commitments to establish such rules, but the culture wasn't that toxic, so they (politely) got told to shut up, and that was that. People's desktop background still get changed sometimes, but respecting people's boundaries goes a long way to make work bearable for everyone. And even with desktop background pranks, if in the slightest bit unsure, communicate beforehand and accept a "no". And don't do what one guy at another company did and use a homophobic meme right before their victim's demo call with an important customer, or you deserve everything that happens afterwards.
It is not an inconsequential oversight. Most people will at least have sessions open to internal/private systems, sometimes sensitive credentials. And part of the teams will go see clients with their company laptops. You absolutely do not want people to be careless about leaving their computers unlocked.
Hence the "(effectively)" in front of inconsequential. This isn't something that will definitely and automatically result in a lot of damage, it usually won't cause any damage at all (especially if people work on desktop machines in an office that opens to a small number of badges). It may be a vector for a critical breach if enough stars align, and there happens to be an attacker nearby that is motivated, capable and willing to take the risk, and the machine is completely unobserved for long enough, but for most people, that's going to be pretty rare. Setting a short non-overridable screensaver delay is still a good idea, and screen locking should be part of security trainings and all that. It's one possible vector for deep penetration and should be treated accordingly.
But if you're effectively harassing people out of a part of their salary, I'd expect the reason to be something truly overridingly critical, and in all settings where I've seen this sort of rule instituted, it was far from that – and if it were, why would you resort to bottom-up hazing to control that risk? That disincentivizes actually improving security (by giving people another pretext to depend on uncompromised user machines), oversights absolutely will still happen and any damage that actually does occur will be hidden and conceiled even harder, since now you've created an emotional link to public shaming and people respond to that viscerally.
It was a grassroots honor thing, a game between willing participants. It was not a policy nor was it enforced. Not bringing in donuts would not penalize you in any way. There was no harassment, if you didn't manifest interest you wouldn't be picked on or left out of other (social|professional) activities. I honestly feel there was nothing toxic in the slightest in the practice, just good clean office fun.
Also, nothing was said about having to bring donuts for _everybody_. A single box of a dozen fresh assorted donuts left on the kitchen counter would do it. You'd then announce donuts to be available on a first come first serve on the same Slack channel and leave the hungriest ones fend for themselves in the hallways.
I'm glad I haven't worked at a place that had such informal "policies" in a while. There have been a few attempts by twenty-something engineers with no commitments to establish such rules, but the culture wasn't that toxic, so they (politely) got told to shut up, and that was that. People's desktop background still get changed sometimes, but respecting people's boundaries goes a long way to make work bearable for everyone. And even with desktop background pranks, if in the slightest bit unsure, communicate beforehand and accept a "no". And don't do what one guy at another company did and use a homophobic meme right before their victim's demo call with an important customer, or you deserve everything that happens afterwards.