Man does this Google Chrome ad bum me out. It offers Chrome as a tool for companies to surveil and control their employees.
For starters, your Chrome browser can prevent you from pasting, printing, uploading, or downloading content. 1/
But that’s not all! Chrome can also report back to your bosses about whether you are a “high-risk user.” Like Amanda and Amir. Those two are in troooouuble!! 2/
I get it. Employers are worried about confidential data, IP, or plans going missing. But browsers as chokepoints for control of information access really worry me. 3/
If You Build It, They Will Come. Once companies build technology to control Internet users’ access to information, governments and plaintiffs will show up demanding new uses to suppress new kinds of information. Like adding similar functionality to non-enterprise Chrome. 4/
This especially makes me sad because I was the lawyer for Chrome from its conception to about a month before launch. (When I went on maternity leave and handed it off.) At least it’s open source. Kind of. Not quite. 5/
www.reddit.com/r/linuxquest...
At first I thought that Amanda Jones—the worst problem employee in the ad—had the same name as the female lead in Max Headroom. She was a censor for the networks in a dystopian sci fi future where your TV monitors your behavior, it’s illegal to turn it off, and TV networks control info access. 7/
for Chromium to be truly open source I think it would need to go to an open foundation; I know there are good reasons to restrict who has checkin rights and people who understand javascript perf are extremely expensive, but it's taken someone as big as Microsoft to get some things into Chromium
These are actually really basic information protection measures for enterprise security. How do you prevent people from, say, sharing credentials over unsecured channels given that no amount of user education has ever stopped that behavior?
I just don't want these built into the same product people use in their private lives. Or built into an adjacent product in ways that make it easy to migrate into the consumer version, when the inevitable govt pressure to do so comes along.
Which has always been a factor. Google is about 10 years late on this. Comes down to managed accounts vs personal accounts. They're separate entire lines of functionality and always have been
Similar thoughts. If we're talking Chrome on a personal device, that's different. But work computer your boss pays for, and supports for work purposes? Don't kid yourself: they can see everything you do, and in some cases are required by law to log when you access certain databases.
There's also a huge difference between this and productivity/ screen monitoring behavior, where the employer is tracking your every move.
Although this does make me wonder on the impact of this and password managers, because we don't want to go back to simple to remember/ type 123password again.
I just don't want these built into the same product people use in their private lives. Or built into an adjacent product in ways that make it easy to migrate into the consumer version, when the inevitable govt pressure to do so comes along.
The problem here is businesses have to choose having actually useful security, especially with the new SEC rules
The way these systems are implemented doesn't scale. The infrastructure cost to force those versions on people are absurdly high, and the systems break entirely beyond a certain point
It's going to be a long run but there's only ever more push toward trying to get away from passwords entirely. And that's exactly why, they're a bad measure. To your point though yeah, I'm worried that's where we might backslide in the short term
One of the first things I explain when going over the basics. Don't sensitive personal information in work emails isn't just advocating for work-only on devices.
If you leave? Someone will need to have access to your email to continue your job. Do you want them to see your doctor's notes?
I work in healthcare IT. Restricting employee's ability to download documents onto a local machine or personal drive, or copy and paste data into a location where it can be acceses outside the bounds if work functions, is critical for avoiding PHI exposure.
My company does not currently do this, nor did my last company. I can easily download it otherwise steal thousands of patient names, diagnoses, medically procedures, you name it. If I were a compliance officer I would install this immediately.
I just don't want these built into the same product people use in their private lives. Or built into an adjacent product in ways that make it easy to migrate into the consumer version, when the inevitable govt pressure to do so comes along.
