This logging is typically done through proxy servers on the network, and avoiding them is a _bad_thing_. They will also track web traffic through a proxy and MITM any https traffic by forcing the use of specific keys. They're trying to look for insider trading. Avoiding the proxy is the problem.
Staff using their own apps for regulated communications just cost JPMorgan USD$200m.
https://www.cnbc.com/2021/12/17/jpmorgan-agrees-to-125-milli...
Their IT department will certainly ban Brave to prevent future uses of Tor, now that they’re aware!
But there are many industries where a zero tolerance policy for Tor session origination from a desktop is absolutely legitimately appropriate, as it could otherwise be (even just one-time) exploited for massive potential harm to wealth and people.
There’s a popular view with some freedom folks that we shouldn’t have the right to search people who are visiting family in jail, and while they’re right from a purely theoretical “my rights” standpoint, from a pragmatic stance it is generally understood that it’s fair to try not to let weapons be given from visitors to criminals, even if abrogation of rights occurs — and if you forget and bring a knife someday, you may get banned from the jail, even though it’s just a mistake, because of how serious the safety and lives are at stake.
Having a work machine and a personal machine side by side is invaluable to me..
Typically, devices are banned from restricted areas (trading floors). Where BYOD is "allowed", apply a corporate profile which prevents the installation of problematic apps. What these people do outside of office hours can get them in trouble too.
NYSE Rule 36 seems to cover this:
https://nyseguide.srorules.com/rules/document?treeNodeId=csh...
(d) Floor brokers must maintain records of the use of telephones and all other approved alternative communication devices, including logs of calls placed, for a period of not less than three years, the first two years in an accessible place. The Exchange reserves the right to periodically inspect such records pursuant to Rule 8210.
UK rules seem to ban BYOD?
https://www.lawyer-monthly.com/2018/03/fca-says-employees-ca...
Trying to talk to IT about it is painful. I had to go through three levels of support over a week just to get a single site unblocked.
Before Work-from-Home started, Brave’s Tor support was a godsend just for getting actual work done.
Before my department got bought out, our old company had pretty draconian blocking as well, but if you explicitly plugged into the ethernet ports in the developer area they were wide open.
And no, we’re not in any sort of industry where it really matters. Privately held educational software company.
How much time should IT employees spend unblocking restaurant websites instead of, for example, developing new applications that increase productivity? Arguably, an IT employee who is spending time unblocking restaurant websites might be viewed as negative ROI for their salary.
And users have phones, so there is an easy workaround.
Every time an engineer doesn’t look into something at all, because they know odds are good they’re not going to be able to, that’s potentially millions lost.
Ran into this at $lastco, as a chemist. Used to look up alcohol water azeotrope charts and half would be on homebrew sites and got blocked.
I just used my phone to email the charts to myself.
Humans need to eat to survive, and one consequence of survival is that tickets are closed.
Just visiting a website shouldn't be a major risk. Any code injection exploits can be mitigated in the proxy (those MITM proxies are not just for logging!). And proper patching.
Really if you run browsers so old that they can be exploited in this way you have a bigger problem than banning unknown websites solves.
Don't talk to IT using their support channel. Escalate to your boss (and his boss potentially) about what you are trying to do, what's blocking you and how it's stalling the (revenue generating) project you are working on.
I'm surprised they didn't just block tor though. I'm sure we do though I've never tried :) Our proxy MITMs everything.
Of course if I worked at a place that was constantly looking for an excuse to fire you, I wouldn't work there for long (because I'd either find a more relaxing job, or get fired).
After I'd shown what it was, the sysadmins suggested leaving it seeding to see if we could get the university domain name to the top of the "top seeders" list.
Again, IF the description is accurate, the employee was using a browser allowed by IT and did not have any ill intentions.
If I do go into the office, I'll just use my cell-phone for personal browsing.
Why blur the lines on something like that? This reads more like an overreaction to a lapse of judgment more than anything else.
We allow developers to install their own software, so there isn't a good way to enforce browser policies. We ended up letting the developers know that connections to Tor generate alerts, and that these tie up security resources. That was enough that we haven't seen the issue again.
In our case the developer was using Brave and had opened the private window with Tor. That gave us a plausible explanation that didn't include malware, so we closed the ticket.
I'd say that there are very few legitimate reasons a Tor connection would come from a corporate network. So we'd like to keep the alert on, but any false positives tie up resources. Developers sometimes accidentally install malware, so we need to be vigilant about detecting and remediating that.
Just don't do things unrelated to work using work resources.
> Based on data across the CloudFlare network, 94% of requests that we see across the Tor network are per se malicious.
https://blog.cloudflare.com/the-trouble-with-tor/#:~:text=Ba....
So blocking Tor hinders attackers using it.
Fun times getting blocked by the public/corporate firewall for something, hovering the mouse in the right place and pressing “s” and going, ahhh, “fixed it!”
