New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I believe this really depends on what kind of employee you are, i.e., are you exempt (salary) or non-exempt?
For non-exempt employees, due to the nature of how they're paid (i.e., you're at work for x hours and you get x * hourly_rate of pay), then "productivity" is absolutely important and therefore it makes sense to block social networks, monitor internet usage, etc., as any amount of time you're on the clock you should be performing work functions.
For exempt employees (management, professional, executive, etc.), the general mentality is/should be "Did you get your work done?" rather than "How many hours did you work and what did you get done during that time?" As an exempt employee, you're paid a flat rate (i.e., a weekly/monthly/yearly salary) for all work performed in a particular time frame, regardless of how much actual work was done. In other words, they're treated more along the lines of contractors rather than workers. Legally, you could come to work for a whole minute per week, not do any actual work, and the employer is still required to pay you your normal salary for that entire week; you probably won't keep your job for very long if you actually did that though. Therefore, for exempt employees, it's absolutely not okay for your internet usage to be monitored as all of your time is generally a mix of personal/work time, and ensuring that all employees are 100% "productive" while they're sitting at their desk doesn't follow these ideologies.
All that said, if your employer is monitoring your internet usage and you don't like it, you always have the option of voting with your job skills and taking them elsewhere.
Disclosure: I have been an exempt employee for several years and therefore my opinion may be skewed towards that category. Additionally, my comment is based on US law and may be different in your country. Lastly, this is not legal advice.
@petris I would have thought in the context of MITM the content to scan for malware would be considered acceptable providing it was detailed in the AUP for corporate IT resources.
In all odds the IT staff don't care what you're looking at on the internet they just don't want company data going out the door because you picked up a malware infection.
It might be acceptable in the context of legality, however it's generally not acceptable by professional (exempt) workers due to the nature of their jobs and how they're paid. Most people I know that work professional jobs, myself included, would find a new job should policies/practices be put into place that require MITMing of secure connections.
So some context, I set up SSL 'man-in-the-middle' as you call it at my workplace.
There are a few reasons.
1 we need to track outgoing data ( government ).
2 we need to be able to block sites such as porn/malware, so need to decrypt ssl to show block page.
3 we provide reports to managers of Internet usage
We don't intercept banking, etc....
It is MITM.
I should note, all employees accept this in the internet usage agreement.
Also all traffic except http/s is blocked. Even DNS is only allowed from internal servers.
@petris what field do you work in? I work for a financial firm where MITMing is basically required since we're talking billions of dollars on the line here and with all of the regulations in place employees have to go through special training and yearly testing just to use social media such as Facebook or Twitter if our place of employment is mentioned anywhere on said site (maybe the company I work for is just being safe, but the lawsuits are no joke so better safe than sorry).
I'm a software engineer but not in a government/banking industry. I'll agree that it may be needed in those industries however I wouldn't work in those nor any medical field anyway due to their legal requirements and liabilities.