There’s not much you can do about Bossware spying on you


Whether you work at home, in an office, or a little bit of both, chances are your employer monitors what you do on it when you use a company computer. Since we last covered what not to do on your work computer in 2019, the use of “bossware” has become even more widespread. In one survey, up to 60% of employers say they use some form of tracking software to monitor keystrokes, take screenshots, enable webcams or microphones, or log how much time employees spend on different apps and websites. And most companies still don’t have many worker protections in place regarding the use of this software.

Most people understand that their employer can access just about everything they do digitally through whatever service it runs — Slack, Gmail, Teams, or any other similar tool — especially on a company-issued laptop. However, since there are no federal laws governing these surveillance tools, only a few states can allow employees to know of their presence. Effective May 7, 2022, New York employers must notify new employees if the company monitors email, internet usage, or phone calls. New York joins only two other states, Connecticut and Delaware, with similar laws. Meanwhile, a proposed California law designed to address the problem, specifically by imposing limits on workplace surveillance and employee tracking, was withdrawn in April before a vote.

Although more people now know that they shouldn’t conduct personal business on their work computers and shouldn’t expect privacy in enterprise software like Slack or Google Docs, Bossware’s proliferation goes one step further. Imagine a world where your manager can look over your shoulder all day and you’ll get a good idea of ​​what this software can do. In 2020, the Electronic Frontier Foundation examined a number of these tools and found that some can be set to be “invisible,” so most employees aren’t even aware the software is running. New York’s new law doesn’t specifically mention bossware, but since most of this software includes tools that can track email and web usage, employers will likely need to inform their employees about usage in the state.

The same survey that found that 60% of employers use monitoring software also found that the top reason employers use this software is to “understand how employees spend their time,” followed by a desire to “confirm that employees work a whole day”. In both cases, employee productivity seems to be the end goal. Other commonly cited reasons typically involve security and compliance concerns, particularly in workplaces where employees have access to customers’ personal information, medical records, or credit card numbers.

But much of this software, including tools like Prodoscore, funnels data into “productivity scores” that could theoretically be linked to bonus metrics or penalties that experts say are far more sinister purposes. According to a report published by the University of California’s Berkeley Labor Center (PDF), such assessments are dehumanizing because they undermine basic autonomy and dignity in the workplace. There’s also the uncomfortable notion that the more data employers have on employees, the greater the potential for harm that data has following a breach, data-sharing agreement, or sale.

Unless you are in a state that requires notification, your only option — if you’re okay with it — is to ask your boss what kind of monitoring your employer does, whether it applies to computers that are both prior location as well as remote, and how that data is used. If you can figure out what the software is, you can consult reviews to get a better idea of ​​what your employer can learn from it. Our older advice still applies: use private chats on other platforms, don’t log into social media accounts, and don’t store personal files on your work computer. However, if your employer aggressively monitors webcams or microphones, you may need to take extra precautions to protect your privacy.

A privacy tip: Disable your TV’s snooping features

Most modern televisions have a technology called Automatic Content Recognition (ACR) that attempts to identify what you are watching and then sends that information to the television manufacturer and its business partners, typically for marketing purposes.

You can search your TV’s settings to find the option to turn off this technology, but TV manufacturers tend to use all sorts of names that hide what they’re doing, like “Show Information Services” or “Live Plus.” The New York Times has guidance on disabling this tracking on models from most major TV manufacturers, and while this article is a few years old, we found that many of the settings appear to be in the same places. If you come across an option to opt out of “interest-based” or “personalized” ad tracking when browsing for the ACR setting, we recommend disabling that as well. We also recommend turning off these types of ad personalization settings on set-top boxes like Roku and Apple TV devices.

Other privacy news we monitor

⌨️ Most people assume that when they fill out forms online, their input is not sent to the company until they click the submit button. However, new research suggests that this is not always the case with an increasing number of websites. “Leaky forms” may send details like an email address or other information you enter to the site owner, even if you never fill out the form completely. Although there’s not much you can do to prevent this, researchers are working on a Firefox extension that will tell you if you’ve landed on a website that appears to be doing this.

💍 Wedding planning site Zola confirmed to TechCrunch that their accounts were hacked. (Wirecutter has recommended and covered Zola in the past.) If you have an account on the site, now is the time to change your password; Additionally, if your bank accounts or credit cards are linked to a Zola Account, be sure to check them for fraudulent activity. If you don’t already use a password manager, set one up and use a unique password on every website.

🔎 Privacy-focused search engine DuckDuckGo drew negative attention when a security researcher found that the company’s mobile browsers didn’t block Microsoft ad trackers. It turns out the behavior is related to a contract DuckDuckGo has with Microsoft that the company (apparently) had not previously disclosed. For now, the search engine itself is still a more private choice than its competitors, although we’ll keep an eye on any new disclosures for the apps.

This article was edited by Mark Smirniotis.


Comments are closed.