this post was submitted on 30 Jun 2024
2233 points (99.5% liked)

Malicious Compliance

19541 readers
4 users here now

People conforming to the letter, but not the spirit, of a request. For now, this includes text posts, images, videos and links. Please ensure that the “malicious compliance” aspect is apparent - if you’re making a text post, be sure to explain this part; if it’s an image/video/link, use the “Body” field to elaborate.

======

======

Also check out the following communities:

[email protected] [email protected]

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 17 points 4 months ago* (last edited 4 months ago) (2 children)

This is absolutely correct. Heck, you're free to deny that based on any reasoning, maybe the shoddy icon of the work app doesn't match your phone wallpaper.

The phone is your private property, if an employer requires an app to be installed to do your job, they can provide a phone.

I would also never let corporate IT manage a device, e. g. a laptop connected to my private network at home.

[–] [email protected] 8 points 4 months ago* (last edited 4 months ago) (1 children)

I would also never let corporate IT manage a device, e. g. a laptop connected to my private network at home.

If you ever must, buy a new laptop. And use it on a guest wifi network. Use it as you would a work laptop, nothing personal on it

[–] [email protected] 4 points 4 months ago (1 children)

No, have the company buy a laptop, and if necessary, also have them buy the hardware that allows for proper network separation, if not already available.

Just another thing to be aware of.

[–] [email protected] 2 points 4 months ago (1 children)

Not all companies will do that

[–] [email protected] 3 points 4 months ago

Surely not. But also many employees won't even ask for it, and change will only happen if people care about it.

So first, raise awareness, and naturally, implement those things at any companies you manage or own.

I'm not saying quit your job and become homeless if your employer won't corporate with you on the issue. Everyone should think about how this could potentially affect them and what they can do within the constraints they operate in, though.

As someone else in this thread said, a separate (VLAN, guest) network for work devices, reasonable access rules etc. can go a long way. Eventually, I would like this to become unacceptable though.

[–] [email protected] 2 points 4 months ago* (last edited 4 months ago) (1 children)

I would also never let corporate IT manage a device, e. g. a laptop connected to my private network at home.

That's pretty standard for working from home. I'm expected to use the company provided, managed laptop with my internet connection.

I figured so long as I made sure of things like there weren't any open file shares and things like routers and IP cameras were password protected there wasn't a whole they could see.

If I was really paranoid I could set up a VLAN or something.

[–] [email protected] 2 points 4 months ago

I know it is somewhat of an accepted practice, and a lot of people lack the means or the knowledge to handle it any other way, but I'd still like to raise awareness that you're basically inviting a foreign actor into your network.

The days were people would trust corporations, including their employers, to be generally benevolent and to do the right thing are long over.