It's incredible to me how many people log into personal account on work devices. People should really research the amount of data security tools harvest.
It certainly sounds foolish at first, but what's the real risk? Is your employer really going transfer themselves your balance or snoop on your utility bills?
Now if you loaded a crypto wallet on your work device, that would be another story..
I know there are bad actors trying to get into my company's network. They are a high visibility target and have fallen victim to ransomware attacks before. Even if I trusted my employer, I don't trust what else may be lurking there.
You will probably find that your corporate TLS MitM proxy excludes financial institutions so that employees can do their banking without any doubt that their own company would respect the confidentiality of their finances. If not, your cybersecurity team needs some help.
If your employer isn't requiring you to log in with a personal account on a work device (and they're not), and your personal data doesn't have anything you'd mind your employer seeing, then why not?
Because then there's no slippery slope and you're making a conscious choice. A lot of people lead really boring lives and just want the convenience of using their personal e-mail on the work device. Their employer knowing that the kids need to be picked up from soccer at 6 is a non-issue.
Obviously, if you do have things it's important that your employer/police/government/etc. not know, then don't, a million times.
But if you don't care, then let people make that choice.
> Their employer knowing that the kids need to be picked up from soccer at 6 is a non-issue.
That's great and fine, until anything non-trivial in your life happens. Illness, relationship drama, recruiter conversation, off-hand low-context remarks to/from friends...
The corporate suckware hoovers up the data, and a) exposes you professionally to the company's whims of self-protection, and b) exposes the company legally to your personal imperfections.
Don't forget you don't own your work device and could lose access to it with zero notice.
It's a personal pet peeve of mine that MacOS has no way to install with a "forget everything about iCloud" option. I love it for my personal devices but on a work device you quickly notice how it's got it's little hooks all over the OS.
I worked with someone who uploaded private git repositories to his email before quitting. People are not very smart.
It's best to completely remove that avenue / temptation anyway, IMO. You can handle personal stuff on your phone. Logging in your work PC is asking for trouble.
It's been quite a few years since I did anything in this space, but back in the day you could get quite a lot of information simply by wrapping things in sandbox-exec [0] and progressively adding allow rules as the application inevitably blew up. It's a fair bit of manual effort, and I wouldn't be surprised if someone has written a wrapper around it that automatically figures it out, but last I checked this was the most reliable way to explicitly see what a rogue application does.
In my case I "lend" my personal device for work (Git, Slack, Figma, Miro... use one Chrome for work and Chrome Beta for personal). So I suppose there's no software running behind the scenes. Should I still worry in this case?