undefined | Better HN

0 pointsriffic9y ago0 comments

  If you're using your company's network, then they have every right to monitor all of the activity on it.

This is tantamount to steaming open and resealing the envelopes of all physical mail. Have some god damn ethics, I'd sooner quit than snoop traffic in this manner.

0 comments

7 comments · 4 top-level

btbuilder9y ago· 3 in thread

All MITM proxies I know require an enterprise CA trusted by the end-point. If that CA is on your machine the endpoint is probably owned by your employer. It is legal in most jurisdictions for your employer to monitor the usage of resources they have provided, be it computer or network.

I would never trust a company device, or company network, with anything I consider sensitive. Use your own device and keep it on cellular.

Also though I don't like it, employers in the US do have the right to open mail addressed to you personally if delivered to the office.

NoGravitas9y ago

Legal and ethical aren't the same thing, though. I agree it's legal for your employer to monitor traffic on their network. But an ethical sysadmin would not facilitate their doing so (unless there were a fairly significant and unusual justification in context).

(Note: I would also never trust a company device or company network, and I keep my personal devices completely separate from the company network for this reason. But I consider this a workaround for a deplorable situation, rather than just the way things are.)

btbuilder9y ago

Personally I think that is too simplistic a position and the reality is more complex. Most people would agree that using this approach to spy on your employees to track their banking activity is unethical. Using MITM-SSL as a way to get visibility on certain APTs using products such as FireEye is controversial, but I don't personally believe to be unethical.

I would argue against such an approach if there are alternatives but if the organization's leaders were set on it I would engage with the process and make sure that it did not evolve into more unethical practices such as logging all traffic contents or the above banking example.

fulafel9y ago

This is not a US discussion though, it's about the whole web.

dagss9y ago

If the use of the MITM is public it is more like requiring you to leave outbound paper mail in an outbox without an envelope, then have the internal mail office archive it and add the envelope. Perfectly reasonable.

What you do while on work should not be personal and thus cannot be snooped upon.

If you need to send a personal paper letter, you would go to the post office, not send it using the company's stamps, right?

travoc9y ago

You'll never be able to work for an American financial institution. These controls are mandated by regulators.

mysticmarvel9y ago

Then you will never work in finance, education, medicine, or any company where data exfiltration or IP theft is a business risk.

j / k navigate · click thread line to collapse