A clear breakdown of everything your employer can (or can't) see on your computer

My Wirecutter colleague Thorin Klosowski has written a great new article on what not to do on your employer-issued computer. He consulted with security experts at the New York Times as well as Vantage Technology Consulting Group and more to get an overall idea of the different kinds of access levels that different companies can get.

Employers can install software to monitor what you do on your work-issued laptop or desktop. In the most watchful of workplaces, this may include keyloggers that can see everything you type or screenshot tools that track your productivity. What type of surveillance and security software is installed on your company computer is often based on two factors: how large the company is (and what resources it has to dedicate to this) and what type of information you deal with in your role. If you work with sensitive materials, such as health records, financial data, or government contracts, you can count on your employer keeping a careful eye on what you do.

For most of us, the fear of being heavily surveilled at work is unwarranted. Jesse Krembs, senior information security analyst at The New York Times, said, “Without supporting evidence, at scale this is pretty rare. It tends to generate a lot of useless data, rope the employer into liability issues, and generally make the team that monitors these surveillance systems miserable. That being said, almost all large companies have a targeted program for doing this, especially for dealing with suspected insider threat or fraud.”

Read the rest

Web analytics companies offer "replay sessions" that let corporations watch every click and keystroke for individual users

The "replay sessions" captured by surveillance-oriented "analytics" companies like Fullstory allow their customers -- "Walgreens, Zocdoc, Shopify, CareerBuilder, SeatGeek, Wix.com, Digital Ocean, DonorsChoose.org, and more" -- to watch everything you do when you're on their webpages -- every move of the mouse, every keystroke (even keystrokes you delete before submitting), and more, all attached to your real name, stored indefinitely, and shared widely with many, many "partners." Read the rest

HP's stupid audio-driver logs every keystroke you make (and it has an API!)

The Swiss security research firm Modzero just published a report documenting a grave flaw in HP laptops: an audio-driver made by Conexant that captures every keystroke (to detect volume up/down and mute-button presses) and saves them to an unencrypted file on the local system, which can then be exfiltrated via a debugging API that allows remote parties to see every keystroke in realtime. Read the rest