* personal ChatGPT and copilot subscriptions, since company doesn’t pay for these
* Trello account for keeping track of my todo list (following up with people, running deploys)
* Obsidian for keeping notes, as a personal knowledge-base (things like technologies and reminders)
* Apple account for music, copy/paste, sharing photos from my travel with coworkers, synching docs related to my work visa and taxes
* Personal slack login for communicating with my partner in our private server
* personal GitHub account credentials for synching my private dotfiles repo with my neovim config. basically can’t work without my dotfiles, but I could theoretically email these to myself or something, to prevent this one.
And sure, I could be stubborn and not use any of this, but I’d be way less productive and kinda miserable.
* Stack Overflow
* Job Search sites
I don't remember if Jetbrains needs a password to get to personal licenses, but they definitely do to use their bug database. I suspect they're not the only one.
Letting other people blow off steam can be an act of self-preservation. Insisting that people only ever do 100% work things at work or on work hardware slightly raises your low-but-never-zero chances of being murdered by coworkers. Or less ironically, hilariously intense bridge-burning activities.
Also most of this conversation is happening during work hours so I think we can infer that grandparent is being a little hypocritical.
I’m now understanding how people get sued when going from company to company.
> personal Obsidian for keeping meeting notes, and recording conversations as a personal knowledge-base
I'm not a lawyer, but I'm pretty sure these could subject a lot of your other personal data to potential subpoena should your employer get sued by a sufficiently determined attacker.
Don't cross the streams.
> Obsidian is free for personal and non-profit use. However, if you use Obsidian for work-related activities that generate revenue in a company with two or more people, you must purchase a commercial license for each user. Non-profit organizations are exempt from this requirement.
You are making your work take on an extraordinary risk in hiring you.
My notes are text files on the computer, so we’d have problems regardless if they got that. But maybe I should’ve left it out of the list above in that case… nothing else seems very damning.
But you do raise a valid concern, and it’s worth reevaluating!
Does your workplace restrict you from bringing it in?
I’m fine with it because I know there’s no management software on this laptop, but yeah it’s a totally different story if I had to use a newer one with SSO and management software
It’s really easy to say ‘don’t use your personal stuff at work’, but when work is some locked-down behemoth whose view of productivity software is ‘just use Office’, and you’re really trying to be better at your job, using your own tools can be the only solution.
And in my situation, yeah, they didn’t want you bringing things in. I worked in a secure area.
Also, people just do things for convenience. (Although I tend to pipe these passwords over an SSH connection, so that they're not resident on the work laptop. Though there is a good argument to be had about me permitting my work laptop SSH access to my personal laptop. From a technical standpoint, my employer could hack/compromise my personal laptop. From a legal and trust standpoint, I presume they won't.)
You trust all personnel with access to your employers network?
What's more surprising is that they trust you to setup adhoc ssh connections to arbitrary endpoints; unless you're the person in charge of network security?
Would anyone notice if you, or an intruder, dumped terabytes of data over that connection?
I don't work in IT but this just doesn't feel right to me.
Absolutely none of my personal stuff ever touches a corporate machine. Ever. I wouldn't even log in to the W2 downloading app as an employee from the work machine.
Granting work ssh keys access to your personal machine is crazy; if your work machine gets compromised, they steal your entire personal system's home directory too. Why would you unnecessarily expand the blast radius of a compromise like this?
