If they provide you with a laptop and there are various profiles and security software on it, you should use it.
There might not be a specific rule to point to yet, but you don’t want to be the reason they make that official rule.
I know at my company, if I were to put company details on my personal laptop I’d be walked right out the door. How many company secrets are in the code and when you leave the company they don’t want to take your word for it that you’re not keeping all of that and doing who knows what with it. It’s a huge liability on both sides.
Or using your laptop could get you embroiled in a lawsuit with that very employer regarding IP. You could cause yourself a lot of headache if someone gets upset that the code you work on leaves the building every day.
Something that wasn’t really touched in other comments is that you shouldn’t be in the business of doing charitable work for companies.
If the company provided you hardware that is subpar, you shouldn’t spend your own money (wrt to owning/depreciating your own hardware) for the company’s benefit.
Does that slow you down? You have to ask IT every time you need elevated privileges? Well, it is the company’s policy, you shouldn’t rob them the opportunity to feel the consequences of their own decisions.
A decent manager would understand how those internal processes are slowing you down, and a bad manager, well, they’ll find other ways to screw you if that’s what they want.
> A decent manager would understand how those internal processes are slowing you down, and a bad manager, well, they’ll find other ways to screw you if that’s what they want.
You're putting a lot of faith in them having a decent manager.
Your next job is contingent on being able to deliver at your current job.
The reality is that you need to do what you need to do to get work done.
> You're putting a lot of faith in them having a decent manager.
If you have a bad manager, using your own hardware to deliver things faster maybe will make them like you. If it doesn’t, then it wouldn’t matter in the first place if you used your own hardware or not. They’ll find a reason to sack you.
Remember that hardware is extremely cheap compared to western salaries, relatively speaking. A beefy machine costs 1-3 weeks of the employee’s salary, yet it holds current for 3-5 years, and even if you are rotating employees often, it’s perfectly fine to hand down used ones. It is mostly a choice.
> Your next job is contingent on being able to deliver at your current job
The sad reality is your next job is only dependent of being able to pass interview rounds, and increasingly less about your previous work.
"If the company provided you hardware that is subpar, you shouldn’t spend your own money".
Hard disagree. I've always supplemented or augmented my tools for work. I do this because my value for efficacy and comfort exceeds that of most of my collegues and employers. I went with SDDs, multiple large high qiality monitors, decent switches keyboards, 'gaming' mice, Safari subscription (back when books were still a thing) even better IDE's long before a lott of these became popular and prices commoditized.
If tools are holding you back, that might prompt you to look for a different employer, but why waste your own time just to 'retaliate' with holding back?
Holding back is retaliation against employers who don't want to invest into maximum employee efficiency.
But you make a good point about that also hurting yourself. Sub-par tools hurt.
I'd agree with you to invest in tools you use to work, but not to give the return of investment to the company. Instead one should work fewer hours if those hours are more productive.
I’d do that if that benefitted me. What do I get if I deliver the project earlier? The 2 weeks that I delivered it earlier because I already had root in my machine vs waiting for IT, do I get to take those as vacation, or I’ll just be assigned a new project?
If you are investing in increasing your output, only do so if you are going to reap some benefits too.
To me the driver is not increasing output. It is a mental satisfaction of spending my working time with tools I enjoy using rather than spending totally avoidable mental energy and frustration on coping with already solved limitations.
Alternative take, if i can do more work in less time, and company outputs are low due to shit infra, then i can Convert my assets into free time. I see that as a win.
That only holds true if you are able to use that free time. If you deliver things faster and just get assigned a new project sooner, you paid your employer to do work.
It is incredibly risky to use your personal computer for work. If you are pwned by malware that could put the company at risk. Vice versa if the company gets in some legal situation and you need to submit your work laptop as evidence, that could be extended to your personal laptop. These are both extreme examples, but they do happen.
This is the biggest risk. Even just a spurious lawsuit could result in a legal hold on your laptop, phone or any other device that touches the business.
The entire contents will be copied and everything will be reviewed by a human. By both the lawyers suing and your own company’s legal team.
In my ignorance of youth I used to use my company devices for personal use (within reason, nothing bad) but a long time ago I made a clean cut.
My work phone is boring as hell. Same with my laptop. Nothing but work related info.
I would definitely not give that up. If I did have to turn it in I'd wipe it first.
But I thought this couldn't happen because our phone apps are all cloud stored anyway so they can get to everything there. On my byod phone I'm not even able to download anything locally.
Ps: I'm not in the US but in Europe and we have pretty strong privacy protections so I couldn't imagine this would be a thing.
But even for legal holds in the US (which is incredibly much more litigious anyway) our company just freezes cloud assets afaik.
I just looked it up for Germany, because I was pretty sure you had to hand over your phone, but it’s a bit more complex. If you wipe your phone before handing it over, and you do it to protect your employer, that would be „Strafvereitelung“ which is illegal. If you do it to also protect yourself because the data on the phone would incriminate you, too, that would be legal because you don’t have to help the state to prosecute you. Since you wiped it, it would be hard to prove why you wiped the phone. Apparently, the fact that you wiped the phone can be used as an indication of guilt against you though, because it means you have something you want to hide.
I’m not a lawyer though, so I’m happy to be corrected if my understanding is inaccurate.
I would not do it to protect my employer (I don't care about them) but to protect my privacy, not to protect myself from any illegal actions because I'm not really doing any :)
But I'm very principled on this and I will never willingly give it up.
^ this is the biggest reason. Everything on a computer used for work can end up subject to court discovery. If there’s something you don’t want to discuss in court don’t say or do it on a computer used for work.
They image the whole machine and both sides pour though it. Then there’s some back and forth as the lawyers decide what’s relevant to the case, but they review everything.
> gets in some legal situation and you need to submit your work laptop as evidence, that could be extended to your personal laptop. These are both extreme examples, but they do happen.
Can confirm this happens. And yeah, the "extra-curricular" images they find will make their rounds and everyone will know.
Dude, just hold your head high, give a wink and nod to the oldest & homeliest of the office ladies (it'll screw with the others), and wear the reputation with pride: you earned it King! :^)
Rephrase that as “is it a good idea to fake app usage to create misleading metrics for IT, while bypassing their filters for ISO compliance” and hopefully you will get your answer.
Yes - it's a mistake to use your personal laptop for work.
The laptop you use for work, whether it be personally supplied or supplied by the business, is subject to legal discovery and may be confiscated by law enforcement. Your company has no control over this. If you attempt to delete evidence from your personal laptop then you've committed a felony.
The only way I'd use a personal device for work is if I were using it to access a work-provided and maintained VDI.
Fun question: my company security policy required that, when I installed Linux on the laptop, I enabled disk encryption at rest. If it's seized for legal discovery, am I obligated to unlock it for them? Who is in trouble if I refuse? (me, obviously, because the resulting interrogation will be unpleasant, but it's the principle of the thing)
I am not a lawyer, but I would presume you would be in legal trouble.
If the company refused to tell you to unlock the laptop, they would be in trouble for refusing legal discovery, and if they were wanting to refuse legal discovery, they wouldn't have handed over the laptop in the first place.
If the company ordered you to unlock the laptop and you refused, you would be violating a lawful order of the court and would be held responsible.
That said, once again, I am not a lawyer, so I could be completely wrong
I doubt it. The companies that require whole disk encryption should have the keys. They generally implement multi-key setups or keep the key at the IT and block the user from changing it. If they didn't and you forgot your key -- ah well. My 2c.
The context of the question was the person installed Linux on their laptop and enabled FDE themselves without using the corporate setup, so presumably corporate wouldn't have the keys to unlock it.
Pretty sure it’s per-case per-judge basis, not a general rule. Generalizing over a half-confessed guy makes a good scary headline. In the article the guy unlocked his phone app (a hint he was initially talked into confession). Which gave extra evidence to what his sister claimed. And it was a csam case which rendered him way less sympathetic. Remove any of that and the balance may change. The judge has to find a reasonable cause for contempt first. Would they charge him with contempt if he just lawyered up and forgot everything from the start?
All that said it doesn’t mean you want to risk it for some company, even remotely. The guy probably weighted both deals after realizing where he’s in and chose a lighter one. You may want to not get either one.
You should be keeping all your passwords in a password vault, at a minimum. Even better would be to use a password manager. You should have too many passwords of too high of complexity to commit them all to memory.
How would you get into such a password vault without first decrypting your disk? On my Linux machine with full disk encryption, the system doesn't even boot until I type in the password.
Each violation will be a security exception that the security and IT staff will have to account for. The penalties for violating the security protocols should be described in the policy. They probably start with a warning and proceed up to firing. How quickly they proceed depends on how much headache you cause people and how willfully you do so.
If the company were to be sued, would you be happy turning over your laptop to your company’s lawyer indefinitely for them to search and find documents that might be relevant to the lawsuit?
> In my contract, I’m not obligated to use the company laptop, and I believe these software tools are just to comply with some ISO standards.
This is SOP for basically all enterprise IT. If I didn't follow it I'd get a rap on the knuckle at best, and maybe fired at worst. I bought a separate laptop for contract jobs simply to ensure it stayed separate from personal stuff.
Other thoughts:
malware risks -- often aggressive efforts targeted at organizations compared to individuals; way more likely they get hacked first, and then it spills over to you. or, now you risk bringing down the company cuz you lookin at Pronz and get hacked and that gets back to their Active Directory, etc.
legal risks -- what happens if something legal goes down and there are fights about IP and ownership. looks like your laptop is seized. in every job I've had, anything I developed in on or around company property was theirs, and this may run afoul of that.
what happens if something breaks? now you're on the hook to fix it, and it may impact your ability to work and get paid. meanwhile if your work laptop is fried you call IT and it's on them until you're back.
Probably there's a handbook rule or policy your employer has that you must use their hardware. For example, it could be a data/IP protection policy that doesn't allow any company data on any storage medium not owned by the company (and that includes your personal laptop).
Another matter is software licensing. You mention the IDE. Is your IDE properly licensed for commercial use on your own laptop? If not, the company may need to throw out all that you do when they find out, or they risk losing all their commercial licenses.
If you really want to use your own hardware, I would seek a letter from HR/legal with a statement to the effect that the company allows it. But given that the company gives you a laptop with a software image, it's likely they have to for a real legal reason.
Or you could become a consultant/outsourced supplier where it will be expected, in most cases, that you will use your own hardware. Though not always.
If you don't properly handle this, the likeliest scenario is that you will be fired when they find out. If you are lucky, they won't tell this to your future employers when they ask for references. I think it's common to be lucky in that regard to be honest, but not everyone is. And if the org loses licenses or has to throw out a chunk of their codebase, you may find yourself in a lawsuit (possibly between a client/supplier of your employer and your employer). Of course, if it's a small start-up, personal consequences are less likely. But don't act this way towards a small company.
Do not put company data on personal devices. Just by putting their data on a device outside their control, you may be in breach of whatever IP agreements, compliance requirements, or even company handbook. The fact that you have to fake IDE usage should be a huge red flag.
Don't risk it, just use their machine.
There are so much better, more important and meaningful things to fight.
There are typically a lot of controls that are about generally protecting you and the firm through enforcing things that I'm sure most people on here do anyway as best practice.
For example - full disk encryption, enforced password access, and screen locking - if you lose it and it's not encrypted, doesn't have strong login creds required, lock screens, etc then all the data on it is out in the world. That can include customer data, access to your production systems, your companies code and ability to check it in and introduce other bad behavior in the product, etc.
Some of the other controls will be able access to internal systems. eg. VPNs, or cert-base auth controls other make sure that only employees can access those systems to protect them. If you're on an uncontrolled machine you lose the ability to guard who and what is connecting. I would expect there's more to your job than just Github - eg. where is your documentation, monitoring, infrastructure, etc. It's also possible in Github to setup cert-based and IP based access restrictions so your MacBook might not just work.
Some of the controls protect employees themselves. MDM on your laptop allows IT to reset your machine password and/or fix your machine in other ways. Similarly, enforcing patching for vulns, etc.
Contrary to popular belief some IT teams actually manage their fleets of machines to make it easier for employees to work.
You don't actually specify what the problem is with your work machine that means you don't want to use it for work.
When I was responsible for an engineering team, developers could choose between a company laptop or a personal one.
An MDM profile was required which forced full disk encryption, password-based screen locking, company-provided AV, and strong passwords. These were required to maintain SOC2 compliance, and in general are good practices.
If a person did not want to do this on their personal laptop, they needed to use the company provided one.
You don't want to be in a situation (like working at a financial institution and money is stolen) where there is a cyber security incident and it becomes difficult to tell if you intentionally hacked your company or your computer had just been compromised.
You use your laptop and you become civilly and possibly criminally liable if something goes wrong.
Same. I never had it in writing, but spoken contract. I'd wait til after negotiations and 'one more thing' them.
Two companies didn't care at all.
One did - the worst it ever got was asking me to boot up their supplied Windows laptop once a month for updates, so they could pass security audits.
Lately I've been recommending a strict policy: no work on personal devices, and no personal on work devices.
Reasons include your personal device is probably less secure, need to reinforce strict thinking about avoiding IP taint, need to to reinforce strict thinking about company IP being IP and secured, you really don't want your personal devices subpoenaed and gone through with forensics tools if the company is involved in a legal investigation, reassuring investor/buyer lawyers that the company really does own theIP, and whatever compliance rules apply.
Always use the work laptop, don't ever use your personal. If the work laptop is not powerful enough, it's the duty of the company to give you something that has enough memory, disk space etc. If not, run away from said company.
I would never use my personal equipment for work - even though my work has a policy stating it is acceptable provided certain conditions are met (AV software, lock screen, not a shared device etc).
If you are just a regular user using it to VPN in to check email, maybe . . . but if you are a dev, or admin, with elevated privileges or access to source code or secrets, you are just asking for trouble if anything goes wrong.(eg, malware that you may have acquired from some random software, or repo you tried)
Personally, whenever my employer (or client, for contract roles) gave me hardware to use, I stuck to using it exclusively. If the employer or client didn't give me hardware, then (if possible) I set aside a separate device specifically for that role; less cross-contamination that way.
Think of it this way - if it's stated in your contract that you shouldn't and you do it, there may be companies that are more lax, but will use it as ammunition if they need to get rid of you for whatever reason. If there are specific things that limit your typical workflow, maybe worth taking it up with the relevant department first.
As someone who works in a sensitive field, I would absolutely never run this risk. I'm grateful that my current employer invests in solid tooling to make the experience largely positive.
I may use my personal computer (not a laptop) for work when working from home. I live in germany and signed an agreement that I follow certain security standards. All work data is on a fully encrypted drive, the computer is locked when not used, AV is up-to-date.
I would not want to use my work laptop because my own PC is so much faster and already connected to my screens so I don't have to use a KVM and can use all the tools and hotkeys I'm used to without having to synchronize settings.
Whenever I have to use my work laptop I want to cry because it's so slow. But I do acknowledge that it's a risk for the company and am actually surprised they allow it at all.
I can't comment on the morality of the situation, but it would certainly be foolish.
At a previous job, my team found ourselves in a similar situation. After being acquired into a very large company, where the official standard corporate development laptop did not support the tools we wanted to use and came bogged down with overhead from antivirus and other nonsense, it became difficult to get work done.
Instead of individually going rogue and potentially getting ourselves into trouble, our manager bought us all MacBooks we could use alongside our corporate machines. We were still doing all our work on company-owned hardware this way, operating over the company intranet, everything kosher and above-board: but we still got to work on machines which suited us.
Perhaps your manager can help you find a similar solution.
Perhaps it is not ideal, and you carry some expense and risk to yourself and the business by doing so, but in some organisations the constraints are so absurd that the competitive advantage you get by doing this and breaking the rules highly incentivises this. If the cyber security departments involved had any skin the game, or any sense of proportionality, then it would not be difficult to have a company issued laptop that also provides adequate security. But they don't, so developers like me end up having to make a tough decision. Break the rules, or work somewhere else.
I did this at one of my first corporate jobs, because the computer they issued me was an abomination. In retrospect, I don't regret it at all, it was the only feasible way to get my work done. I later got fired for other reasons. If it was only a matter of having spyware installed, but the computer is otherwise on par or better than my personal one, I'd just suck it up and use theirs. Partly because theirs in my case is now better than my personal, and partly because I'd rather separate that work from my personal life, and I'm not inclined to use their's for my personal stuff... generally.
IMO, you should always completely separate your work devices from your personal devices. Only do company work on the company device. Never use your personal device to do or store company stuff.
If you use your personal devices to do company stuff and there is some legal action (criminal or civil) then you may be forced to give your personal devices to law enforcement or some other 3rd party during the legal proceedings. You may or may not get the devices back.
It's just best to not mix business stuff with personal stuff.
I use Qubes OS, so any concerns I have of contaminating upstream are very low. My main worries would be legal risks, if suddenly they want access to your system because X Y Z. Probably best to split the middle and get a second personal laptop (I like Thinkpad P16-family), put Qubes OS on and use that as one's personal-work device (I am still king of my kingdom, nothing personal is present if turned over on demand).
Other than IT not having 100% leash on you, there's pretty much no technical risk doing it using Qubes OS.
In the event you get social engineered, it's still better to have been social engineered on corporate hardware than your own IMHO - if nothing else, it makes it easier to review and investigate that it was indeed social engineering and not insider threat.
Using a personal Mac or PC is fine in a startup - there are no strict rules at all.
But if it's a big company, they would love to spy on everyone by any means - like installing root ca for mitm, blocking all plugins for chrome, even using AI to identify user activities... a way of making trade-offs is the policy called BYOD - usually IT team will set up the whole remote working infrastructure, and we can install a remote desktop client in our personal computer to connect into the company network.
This is a hot topic.
I always refused to use company devices for so many reasons, it's a device not managed by me exposing my home network to risks I wouldn't otherwise have.
I use Linux and will always use Linux.
It's a gaming laptop(office laptop are overpriced and weak) with high performance memory, 8/16 CPU, 2x NVMe.
Any task performed on it takes a blink of eye to complete. No special tools required other than AWS VPN.
I was given a Windows laptop to use
recently that I'm yet to finish setting it up.
It's slow asf, it's Windows so there are 3 or so business security software to "protect it", the boot will take 1min vs 10s, to install Windows Subsystem for Linux on it was a pain in the arse.
It just feels wrong and retrocession.
The likelihood of me getting a virus or anything related on my personal Linux PC is minimal close to irrelevant.
The likelihood of me getting a virus or anything related on that Windows laptop w all those security software in place plus exposing my home network is 99.99%.
Yes you're very special but most of the time I promise you it is the other way around and many many enterprise breaches have been because an employee got a keylogger on their personal device that they synced credentials to or used for work.
I recently was provided a company laptop but it came with Rippling or something. No thank you. I'm not doing any spyware or remote device management under any circumstances. It sat in storage.
Your contract won't say anything about this directly, but it will undoubtedly contain an obligation for you to follow the company's policies and its lawful directions. There will likely be a policy that says not to do this.
If the company needs to provide all of their employees info for an investigation, you might be left without your personal computer until it is done. Not to mention that you are e security risk now.
That's an excellent reason _not to do work_ until your work provides you with a better laptop.
Or at the very least only run these tests from CI, which will slow you down. But it's not your fault or your responsibility.
It is wildly unnaceptable for your work to require you to use a personal device because of this. Unless this is what you agreed on when signing the contract, I guess - but I gather this is not the case since your work provided you with a work laptop in the first place.
Oh that's how it's been the past 18 months, and it hasn't been a complete showstopper. We're very microservicy and it's only the integration tests which require spinning up all the containers that makes me run out of ram.
I've since (as of a week ago) moved team to a monolith stack, so I thought I'd be free of that nonsense, but it's worse. Just having Rider open on the codebase uses like 40GB lol.
The new laptop's coming in 3 weeks? I'm not going to not work for that long.
If you have a doubt about the right thing to do insofar as the company is concerned, you should ask the company. The fact that you asked HN first suggests that you already know the answer.
It depends. In a country where meta can fire you for buying diapers with the company provided lunch money I would just use whatever the bossmaster hands me.
What do you mean by wrong? Would the company be against that if you asked them? Most likely. Is there a commandment against that? Not really. Do people do that? Some do.
I use a linux workstation, which right of the bat means it's not what most employers are going to provide.
However I would NEVER run a typical corporate configured windows installation on my LAN. They might as well ship a box labelled "please install this malware on your network"...
I would avoid using your personal laptop for work.
I'm not sure why you would want to put wear and tear on your own equipment and save the company money on not putting wear and tear on their computer.
You could just use the laptop, and close it when done with it.
Them having access to your personal life is not a good idea. How would you apply for another job without them knowing?
It's not uncommon for contractors to have their own equipment.. still if you feel you are going to use your computer, install and run a separate copy of windows inside a virtual machine (vmware, virtualbox, etc) so you can turn it off, and containerize it and keep it separate from your personal computer.
if something happens like malware from an npm install’s dependency of a dependency of a dependency, and whatever protections they mandated would have caught it you will be personally financially liable for damages.
So not only is it morally wrong, it’s also unnecessarily risky.
If it’s inconvenient to carry two laptops around consider partitioning your hard drive, but be aware that certain profile management software can brick the entire machine remotely if/when they want while others like a typical vanta install will tend to stay within a partition.
People can be very judgemental here but I've done it for the past 15 years. I only use the work laptop to access stuff I know IT is logging, so they see the correct device with the correct serial making the connection, otherwise personal laptop for everything.
I also use separate browsers (chrome for work, firefox for personal stuff) cause I'm not a psycho.
Also I see people are conflating the use of a work laptop for personal stuff with using your personal laptop for work, those are very different and people doing personal stuff on the work laptop full of corporate spyware are the real psychos.
I liked this comment because it said what I was basically thinking. In my last job I kept everything seperate, a lot of people didn't and when we all got made redundant, I just closed my work laptop and walked away, some of the others were scrambling to disentangle everything and had all sorts of problems.
But in my new job I'm doing work on my personal laptop. It started because, I travel by plane to work regularly. I was carrying three laptops, my personal one, my work one, and one provided by my current client. It was just so much easier to combine everything into one laptop and just carry that. It's working out really well. Before I was constantly moving from one laptop to another just to check messages.
I think doing work on your personal computer is less bad than having personal stuff on your work computer, I wouldn't do that.
Hot (and perhaps tangental) take here, but I can't understand why companies that attempt to enforce these policies for security reasons, do not just mitigate their largest attack vector and move to macOS for their endpoints where possible. Far more reliable in terms of stability and security, and dramatically less patch management required for macOS clients. I'd argue a more productive user experience also, instead of fighting the advertising, new AI integrations, Candy Crush and layout changes that Windows generously provides every 30 days. Hardware is also pretty easy to resell, AppleCare covers replacements and the fleet can be pretty uniform with stock available anywhere if needed. Keep incompatible apps that are required in a Citrix Workspace or equivalent for isolation. This doesn't address social engineering or file leaks due to malicious employees obviously.
Even with the Mac there are still security reasons to enforce certain controls on it.
eg. if you lose it and it's not encrypted, doesn't have strong login creds required, lock screens, etc then all the data on it is out in the world. That can include customer data, access to your production systems, your companies code and ability to check it in and introduce other bad behavior in the product, etc.
Some of the other controls will be able access to internal systems. eg. VPNs, or cert-base auth controls other make sure that only employees can access those systems to protect them. If you're on an uncontrolled machine you lose the ability to guard who and what is connecting.
Some of the controls protect employees themselves. MDM on your laptop allows IT to reset your password and/or fix your machine in other ways.
I'm all for switching to macOS, but they still need the same controls in place.
I was going to say "but DLP" but you covered it in your last sentence. So...yes. Use the corporate device, you do NOT want to be under investigation for being unable to account for if you've leaked data you had access to from outside the perimeter.
All that follows is from someone who mainlines linux (just mild ubuntu) and macos but wouldn't complain too much about a windows workstation.
> Hot (and perhaps tangental) take here,
Indeed.
> but I can't understand why companies that attempt to enforce these policies for security reasons, do not just mitigate their largest attack vector and move to macOS for their endpoints where possible.
Citation needed that Macos is more secure than windows.
> Far more reliable in terms of stability and security,
In my experience, macos/windows are about par for security and the "stability" also seems par. If anything, windows is _more_ stable since it is backwards compatible to a fault.
> and dramatically less patch management required for macOS clients.
Fair, but I think this is mostly a boon to IT teams who want more control from windows.
> I'd argue a more productive user experience also, instead of fighting the advertising, new AI integrations, Candy Crush and layout changes that Windows generously provides every 30 days
These concerns are not generally applicable in an enterprise environment. I feel them on my gaming machines, but corporate is generally locked down pretty tightly. Also, I mean, Macos is famously getting new AI integrations in 18.2 so this seems like a false comparison.
> Hardware is also pretty easy to resell
Admittedly this is a boon to Macos, but I think there is an argument that the cheaper windows machines may have a better full cost-of-ownership metric than macs.
> AppleCare covers replacements
Everywhere I have worked, the company pays for replacements out-of-pocket or has _very_ generous enterprise agreements.
> and the fleet can be pretty uniform with stock available anywhere if needed.
Fair. I'm not sure that it matters for enterprises that already have a locked down hardware procurement process but its pretty hard to argue against the 2023MBP16GB is more uniform than {windows soup}.
> Keep incompatible apps that are required in a Citrix Workspace or equivalent for isolation. This doesn't address social engineering or file leaks due to malicious employees obviously.
I'm not sure what you're saying here, but I'm hard pressed to see how this applies to any specific OS and not others.
If they provide you with a laptop and there are various profiles and security software on it, you should use it.
There might not be a specific rule to point to yet, but you don’t want to be the reason they make that official rule.
I know at my company, if I were to put company details on my personal laptop I’d be walked right out the door. How many company secrets are in the code and when you leave the company they don’t want to take your word for it that you’re not keeping all of that and doing who knows what with it. It’s a huge liability on both sides.
Or if the company gets sued then your laptop could get seized for evidence.
Or using your laptop could get you embroiled in a lawsuit with that very employer regarding IP. You could cause yourself a lot of headache if someone gets upset that the code you work on leaves the building every day.
Agree. It's disingenuous to work around the company's security controls, it's also foolish as you're potentially exposing customers secrets to theft.
Something that wasn’t really touched in other comments is that you shouldn’t be in the business of doing charitable work for companies.
If the company provided you hardware that is subpar, you shouldn’t spend your own money (wrt to owning/depreciating your own hardware) for the company’s benefit.
Does that slow you down? You have to ask IT every time you need elevated privileges? Well, it is the company’s policy, you shouldn’t rob them the opportunity to feel the consequences of their own decisions.
A decent manager would understand how those internal processes are slowing you down, and a bad manager, well, they’ll find other ways to screw you if that’s what they want.
> A decent manager would understand how those internal processes are slowing you down, and a bad manager, well, they’ll find other ways to screw you if that’s what they want.
You're putting a lot of faith in them having a decent manager.
Your next job is contingent on being able to deliver at your current job.
The reality is that you need to do what you need to do to get work done.
> You're putting a lot of faith in them having a decent manager.
If you have a bad manager, using your own hardware to deliver things faster maybe will make them like you. If it doesn’t, then it wouldn’t matter in the first place if you used your own hardware or not. They’ll find a reason to sack you.
Remember that hardware is extremely cheap compared to western salaries, relatively speaking. A beefy machine costs 1-3 weeks of the employee’s salary, yet it holds current for 3-5 years, and even if you are rotating employees often, it’s perfectly fine to hand down used ones. It is mostly a choice.
> Your next job is contingent on being able to deliver at your current job
The sad reality is your next job is only dependent of being able to pass interview rounds, and increasingly less about your previous work.
> The sad reality is your next job is only dependent of being able to pass interview rounds, and increasingly less about your previous work.
Could you explain this? I don't think that's what I'm seeing.
"If the company provided you hardware that is subpar, you shouldn’t spend your own money".
Hard disagree. I've always supplemented or augmented my tools for work. I do this because my value for efficacy and comfort exceeds that of most of my collegues and employers. I went with SDDs, multiple large high qiality monitors, decent switches keyboards, 'gaming' mice, Safari subscription (back when books were still a thing) even better IDE's long before a lott of these became popular and prices commoditized.
If tools are holding you back, that might prompt you to look for a different employer, but why waste your own time just to 'retaliate' with holding back?
Holding back is retaliation against employers who don't want to invest into maximum employee efficiency.
But you make a good point about that also hurting yourself. Sub-par tools hurt.
I'd agree with you to invest in tools you use to work, but not to give the return of investment to the company. Instead one should work fewer hours if those hours are more productive.
I’d do that if that benefitted me. What do I get if I deliver the project earlier? The 2 weeks that I delivered it earlier because I already had root in my machine vs waiting for IT, do I get to take those as vacation, or I’ll just be assigned a new project?
If you are investing in increasing your output, only do so if you are going to reap some benefits too.
To me the driver is not increasing output. It is a mental satisfaction of spending my working time with tools I enjoy using rather than spending totally avoidable mental energy and frustration on coping with already solved limitations.
Alternative take, if i can do more work in less time, and company outputs are low due to shit infra, then i can Convert my assets into free time. I see that as a win.
That only holds true if you are able to use that free time. If you deliver things faster and just get assigned a new project sooner, you paid your employer to do work.
It is incredibly risky to use your personal computer for work. If you are pwned by malware that could put the company at risk. Vice versa if the company gets in some legal situation and you need to submit your work laptop as evidence, that could be extended to your personal laptop. These are both extreme examples, but they do happen.
This is the biggest risk. Even just a spurious lawsuit could result in a legal hold on your laptop, phone or any other device that touches the business.
The entire contents will be copied and everything will be reviewed by a human. By both the lawyers suing and your own company’s legal team.
In my ignorance of youth I used to use my company devices for personal use (within reason, nothing bad) but a long time ago I made a clean cut.
My work phone is boring as hell. Same with my laptop. Nothing but work related info.
That could happen even for a byod phone? Wow.
I would definitely not give that up. If I did have to turn it in I'd wipe it first.
But I thought this couldn't happen because our phone apps are all cloud stored anyway so they can get to everything there. On my byod phone I'm not even able to download anything locally.
Ps: I'm not in the US but in Europe and we have pretty strong privacy protections so I couldn't imagine this would be a thing.
But even for legal holds in the US (which is incredibly much more litigious anyway) our company just freezes cloud assets afaik.
I just looked it up for Germany, because I was pretty sure you had to hand over your phone, but it’s a bit more complex. If you wipe your phone before handing it over, and you do it to protect your employer, that would be „Strafvereitelung“ which is illegal. If you do it to also protect yourself because the data on the phone would incriminate you, too, that would be legal because you don’t have to help the state to prosecute you. Since you wiped it, it would be hard to prove why you wiped the phone. Apparently, the fact that you wiped the phone can be used as an indication of guilt against you though, because it means you have something you want to hide.
I’m not a lawyer though, so I’m happy to be corrected if my understanding is inaccurate.
I would not do it to protect my employer (I don't care about them) but to protect my privacy, not to protect myself from any illegal actions because I'm not really doing any :)
But I'm very principled on this and I will never willingly give it up.
This is the way
^ this is the biggest reason. Everything on a computer used for work can end up subject to court discovery. If there’s something you don’t want to discuss in court don’t say or do it on a computer used for work. They image the whole machine and both sides pour though it. Then there’s some back and forth as the lawyers decide what’s relevant to the case, but they review everything.
> gets in some legal situation and you need to submit your work laptop as evidence, that could be extended to your personal laptop. These are both extreme examples, but they do happen.
Can confirm this happens. And yeah, the "extra-curricular" images they find will make their rounds and everyone will know.
Dude, just hold your head high, give a wink and nod to the oldest & homeliest of the office ladies (it'll screw with the others), and wear the reputation with pride: you earned it King! :^)
To be clear, in case my wife reads this, I was on the other side of that investigation. I was not the investigatee. :-)
Rephrase that as “is it a good idea to fake app usage to create misleading metrics for IT, while bypassing their filters for ISO compliance” and hopefully you will get your answer.
Yes - it's a mistake to use your personal laptop for work.
The laptop you use for work, whether it be personally supplied or supplied by the business, is subject to legal discovery and may be confiscated by law enforcement. Your company has no control over this. If you attempt to delete evidence from your personal laptop then you've committed a felony.
The only way I'd use a personal device for work is if I were using it to access a work-provided and maintained VDI.
Fun question: my company security policy required that, when I installed Linux on the laptop, I enabled disk encryption at rest. If it's seized for legal discovery, am I obligated to unlock it for them? Who is in trouble if I refuse? (me, obviously, because the resulting interrogation will be unpleasant, but it's the principle of the thing)
I am not a lawyer, but I would presume you would be in legal trouble.
If the company refused to tell you to unlock the laptop, they would be in trouble for refusing legal discovery, and if they were wanting to refuse legal discovery, they wouldn't have handed over the laptop in the first place.
If the company ordered you to unlock the laptop and you refused, you would be violating a lawful order of the court and would be held responsible.
That said, once again, I am not a lawyer, so I could be completely wrong
I doubt it. The companies that require whole disk encryption should have the keys. They generally implement multi-key setups or keep the key at the IT and block the user from changing it. If they didn't and you forgot your key -- ah well. My 2c.
The context of the question was the person installed Linux on their laptop and enabled FDE themselves without using the corporate setup, so presumably corporate wouldn't have the keys to unlock it.
As for forgetting your password, that's been attempted unsuccessfully before. https://www.digitaltrends.com/computing/contempt-of-court-de...
What if he forgot the password with all the stress from the lawsuit?
It's been attempted and they were charged with contempt of court
https://www.digitaltrends.com/computing/contempt-of-court-de...
Pretty sure it’s per-case per-judge basis, not a general rule. Generalizing over a half-confessed guy makes a good scary headline. In the article the guy unlocked his phone app (a hint he was initially talked into confession). Which gave extra evidence to what his sister claimed. And it was a csam case which rendered him way less sympathetic. Remove any of that and the balance may change. The judge has to find a reasonable cause for contempt first. Would they charge him with contempt if he just lawyered up and forgot everything from the start?
All that said it doesn’t mean you want to risk it for some company, even remotely. The guy probably weighted both deals after realizing where he’s in and chose a lighter one. You may want to not get either one.
You should be keeping all your passwords in a password vault, at a minimum. Even better would be to use a password manager. You should have too many passwords of too high of complexity to commit them all to memory.
How would you get into such a password vault without first decrypting your disk? On my Linux machine with full disk encryption, the system doesn't even boot until I type in the password.
You can be held in jail indefinitely for contempt of court. I believe there are currently people incarcerated for exactly this right now.
> In my contract, I’m not obligated to use the company laptop
It’s also not in my contract, but in the IT policy I need to acknowledge once a year.
> I believe these software tools are just to comply with some ISO standards.
“Some ISO standards” may be cumbersome or even pointless — but they help your company sell their products. Ignoring them is not a good idea.
Besides: if you use your private laptop, it may be subject to a legal hold in case of a lawsuit, giving someone else access to it.
Especially if it becomes the vector of an attack.
Each violation will be a security exception that the security and IT staff will have to account for. The penalties for violating the security protocols should be described in the policy. They probably start with a warning and proceed up to firing. How quickly they proceed depends on how much headache you cause people and how willfully you do so.
If the company were to be sued, would you be happy turning over your laptop to your company’s lawyer indefinitely for them to search and find documents that might be relevant to the lawsuit?
oh gods, this yes. Take this seriously.
> In my contract, I’m not obligated to use the company laptop, and I believe these software tools are just to comply with some ISO standards.
This is SOP for basically all enterprise IT. If I didn't follow it I'd get a rap on the knuckle at best, and maybe fired at worst. I bought a separate laptop for contract jobs simply to ensure it stayed separate from personal stuff.
Other thoughts:
malware risks -- often aggressive efforts targeted at organizations compared to individuals; way more likely they get hacked first, and then it spills over to you. or, now you risk bringing down the company cuz you lookin at Pronz and get hacked and that gets back to their Active Directory, etc.
legal risks -- what happens if something legal goes down and there are fights about IP and ownership. looks like your laptop is seized. in every job I've had, anything I developed in on or around company property was theirs, and this may run afoul of that.
what happens if something breaks? now you're on the hook to fix it, and it may impact your ability to work and get paid. meanwhile if your work laptop is fried you call IT and it's on them until you're back.
Probably there's a handbook rule or policy your employer has that you must use their hardware. For example, it could be a data/IP protection policy that doesn't allow any company data on any storage medium not owned by the company (and that includes your personal laptop).
Another matter is software licensing. You mention the IDE. Is your IDE properly licensed for commercial use on your own laptop? If not, the company may need to throw out all that you do when they find out, or they risk losing all their commercial licenses.
If you really want to use your own hardware, I would seek a letter from HR/legal with a statement to the effect that the company allows it. But given that the company gives you a laptop with a software image, it's likely they have to for a real legal reason.
Or you could become a consultant/outsourced supplier where it will be expected, in most cases, that you will use your own hardware. Though not always.
If you don't properly handle this, the likeliest scenario is that you will be fired when they find out. If you are lucky, they won't tell this to your future employers when they ask for references. I think it's common to be lucky in that regard to be honest, but not everyone is. And if the org loses licenses or has to throw out a chunk of their codebase, you may find yourself in a lawsuit (possibly between a client/supplier of your employer and your employer). Of course, if it's a small start-up, personal consequences are less likely. But don't act this way towards a small company.
Do not put company data on personal devices. Just by putting their data on a device outside their control, you may be in breach of whatever IP agreements, compliance requirements, or even company handbook. The fact that you have to fake IDE usage should be a huge red flag.
Don't risk it, just use their machine.
There are so much better, more important and meaningful things to fight.
There are typically a lot of controls that are about generally protecting you and the firm through enforcing things that I'm sure most people on here do anyway as best practice.
For example - full disk encryption, enforced password access, and screen locking - if you lose it and it's not encrypted, doesn't have strong login creds required, lock screens, etc then all the data on it is out in the world. That can include customer data, access to your production systems, your companies code and ability to check it in and introduce other bad behavior in the product, etc.
Some of the other controls will be able access to internal systems. eg. VPNs, or cert-base auth controls other make sure that only employees can access those systems to protect them. If you're on an uncontrolled machine you lose the ability to guard who and what is connecting. I would expect there's more to your job than just Github - eg. where is your documentation, monitoring, infrastructure, etc. It's also possible in Github to setup cert-based and IP based access restrictions so your MacBook might not just work.
Some of the controls protect employees themselves. MDM on your laptop allows IT to reset your machine password and/or fix your machine in other ways. Similarly, enforcing patching for vulns, etc.
Contrary to popular belief some IT teams actually manage their fleets of machines to make it easier for employees to work.
You don't actually specify what the problem is with your work machine that means you don't want to use it for work.
> You don't actually specify what the problem is with your work machine that means you don't want to use it for work.
Besides antivirus and constant monitoring?
It’s not stated that AV is a problem or what issues it’s causing.
The monitoring is speculative.
When I was responsible for an engineering team, developers could choose between a company laptop or a personal one.
An MDM profile was required which forced full disk encryption, password-based screen locking, company-provided AV, and strong passwords. These were required to maintain SOC2 compliance, and in general are good practices.
If a person did not want to do this on their personal laptop, they needed to use the company provided one.
You don't want to be in a situation (like working at a financial institution and money is stolen) where there is a cyber security incident and it becomes difficult to tell if you intentionally hacked your company or your computer had just been compromised.
You use your laptop and you become civilly and possibly criminally liable if something goes wrong.
I've never used company laptops or phones. I simply refused. Their alternative was to fire me. And I didn't care.
I was never fired. Fedora was my daily driver.
I am surprised; why is this your policy? I am sure you have a good reason, but I can't guess what it might be.
My approach is exactly the opposite: I never do anything work-related on personal hardware, nor do I ever use work machines for personal projects.
Same. I never had it in writing, but spoken contract. I'd wait til after negotiations and 'one more thing' them.
Two companies didn't care at all. One did - the worst it ever got was asking me to boot up their supplied Windows laptop once a month for updates, so they could pass security audits.
Same, but Redhat was oddly okay with me using fedora.
Lately I've been recommending a strict policy: no work on personal devices, and no personal on work devices.
Reasons include your personal device is probably less secure, need to reinforce strict thinking about avoiding IP taint, need to to reinforce strict thinking about company IP being IP and secured, you really don't want your personal devices subpoenaed and gone through with forensics tools if the company is involved in a legal investigation, reassuring investor/buyer lawyers that the company really does own theIP, and whatever compliance rules apply.
Yes.
Always use the work laptop, don't ever use your personal. If the work laptop is not powerful enough, it's the duty of the company to give you something that has enough memory, disk space etc. If not, run away from said company.
I would never use my personal equipment for work - even though my work has a policy stating it is acceptable provided certain conditions are met (AV software, lock screen, not a shared device etc).
If you are just a regular user using it to VPN in to check email, maybe . . . but if you are a dev, or admin, with elevated privileges or access to source code or secrets, you are just asking for trouble if anything goes wrong.(eg, malware that you may have acquired from some random software, or repo you tried)
If this is an open-source project that accepts contributions from people outside the company... go nuts. Otherwise, use the company laptop.
You should ask your employer.
Personally, whenever my employer (or client, for contract roles) gave me hardware to use, I stuck to using it exclusively. If the employer or client didn't give me hardware, then (if possible) I set aside a separate device specifically for that role; less cross-contamination that way.
Think of it this way - if it's stated in your contract that you shouldn't and you do it, there may be companies that are more lax, but will use it as ammunition if they need to get rid of you for whatever reason. If there are specific things that limit your typical workflow, maybe worth taking it up with the relevant department first.
To make an analogy, it's a bit like pirating movies. You'll probably be fine. But every once in a while, someone isn't.
Here's an example: https://arstechnica.com/information-technology/2023/02/lastp...
As someone who works in a sensitive field, I would absolutely never run this risk. I'm grateful that my current employer invests in solid tooling to make the experience largely positive.
I may use my personal computer (not a laptop) for work when working from home. I live in germany and signed an agreement that I follow certain security standards. All work data is on a fully encrypted drive, the computer is locked when not used, AV is up-to-date.
I would not want to use my work laptop because my own PC is so much faster and already connected to my screens so I don't have to use a KVM and can use all the tools and hotkeys I'm used to without having to synchronize settings.
Whenever I have to use my work laptop I want to cry because it's so slow. But I do acknowledge that it's a risk for the company and am actually surprised they allow it at all.
I can't comment on the morality of the situation, but it would certainly be foolish.
At a previous job, my team found ourselves in a similar situation. After being acquired into a very large company, where the official standard corporate development laptop did not support the tools we wanted to use and came bogged down with overhead from antivirus and other nonsense, it became difficult to get work done.
Instead of individually going rogue and potentially getting ourselves into trouble, our manager bought us all MacBooks we could use alongside our corporate machines. We were still doing all our work on company-owned hardware this way, operating over the company intranet, everything kosher and above-board: but we still got to work on machines which suited us.
Perhaps your manager can help you find a similar solution.
Perhaps it is not ideal, and you carry some expense and risk to yourself and the business by doing so, but in some organisations the constraints are so absurd that the competitive advantage you get by doing this and breaking the rules highly incentivises this. If the cyber security departments involved had any skin the game, or any sense of proportionality, then it would not be difficult to have a company issued laptop that also provides adequate security. But they don't, so developers like me end up having to make a tough decision. Break the rules, or work somewhere else.
I did this at one of my first corporate jobs, because the computer they issued me was an abomination. In retrospect, I don't regret it at all, it was the only feasible way to get my work done. I later got fired for other reasons. If it was only a matter of having spyware installed, but the computer is otherwise on par or better than my personal one, I'd just suck it up and use theirs. Partly because theirs in my case is now better than my personal, and partly because I'd rather separate that work from my personal life, and I'm not inclined to use their's for my personal stuff... generally.
IMO, you should always completely separate your work devices from your personal devices. Only do company work on the company device. Never use your personal device to do or store company stuff.
If you use your personal devices to do company stuff and there is some legal action (criminal or civil) then you may be forced to give your personal devices to law enforcement or some other 3rd party during the legal proceedings. You may or may not get the devices back.
It's just best to not mix business stuff with personal stuff.
I use Qubes OS, so any concerns I have of contaminating upstream are very low. My main worries would be legal risks, if suddenly they want access to your system because X Y Z. Probably best to split the middle and get a second personal laptop (I like Thinkpad P16-family), put Qubes OS on and use that as one's personal-work device (I am still king of my kingdom, nothing personal is present if turned over on demand).
Other than IT not having 100% leash on you, there's pretty much no technical risk doing it using Qubes OS.
In the event you get social engineered, it's still better to have been social engineered on corporate hardware than your own IMHO - if nothing else, it makes it easier to review and investigate that it was indeed social engineering and not insider threat.
Using a personal Mac or PC is fine in a startup - there are no strict rules at all. But if it's a big company, they would love to spy on everyone by any means - like installing root ca for mitm, blocking all plugins for chrome, even using AI to identify user activities... a way of making trade-offs is the policy called BYOD - usually IT team will set up the whole remote working infrastructure, and we can install a remote desktop client in our personal computer to connect into the company network.
This is a hot topic. I always refused to use company devices for so many reasons, it's a device not managed by me exposing my home network to risks I wouldn't otherwise have.
I use Linux and will always use Linux. It's a gaming laptop(office laptop are overpriced and weak) with high performance memory, 8/16 CPU, 2x NVMe. Any task performed on it takes a blink of eye to complete. No special tools required other than AWS VPN.
I was given a Windows laptop to use recently that I'm yet to finish setting it up. It's slow asf, it's Windows so there are 3 or so business security software to "protect it", the boot will take 1min vs 10s, to install Windows Subsystem for Linux on it was a pain in the arse. It just feels wrong and retrocession.
The likelihood of me getting a virus or anything related on my personal Linux PC is minimal close to irrelevant. The likelihood of me getting a virus or anything related on that Windows laptop w all those security software in place plus exposing my home network is 99.99%.
Yes you're very special but most of the time I promise you it is the other way around and many many enterprise breaches have been because an employee got a keylogger on their personal device that they synced credentials to or used for work.
Put the work laptop on its own segregated SSID and VLAN?
I recently was provided a company laptop but it came with Rippling or something. No thank you. I'm not doing any spyware or remote device management under any circumstances. It sat in storage.
My personal laptop and my work laptop are identical, down to the amount of memory and the color :-)
“Wrong” depends on an ethical or legal framework. Your employer gave you a computer set up for work. Presumably they expect you to use it for work.
You can always ask your employer, they will probably have a more definitive answer than you will get here.
Your contract won't say anything about this directly, but it will undoubtedly contain an obligation for you to follow the company's policies and its lawful directions. There will likely be a policy that says not to do this.
If the company needs to provide all of their employees info for an investigation, you might be left without your personal computer until it is done. Not to mention that you are e security risk now.
I need to. The integration tests won't fit in the RAM of my work laptop.
Then you need to raise it up to your manager to provide it for you. Never use your personal laptop.
???
That's an excellent reason _not to do work_ until your work provides you with a better laptop.
Or at the very least only run these tests from CI, which will slow you down. But it's not your fault or your responsibility.
It is wildly unnaceptable for your work to require you to use a personal device because of this. Unless this is what you agreed on when signing the contract, I guess - but I gather this is not the case since your work provided you with a work laptop in the first place.
Oh that's how it's been the past 18 months, and it hasn't been a complete showstopper. We're very microservicy and it's only the integration tests which require spinning up all the containers that makes me run out of ram.
I've since (as of a week ago) moved team to a monolith stack, so I thought I'd be free of that nonsense, but it's worse. Just having Rider open on the codebase uses like 40GB lol.
The new laptop's coming in 3 weeks? I'm not going to not work for that long.
Oh, glad you got this sorted out then!
If you have a doubt about the right thing to do insofar as the company is concerned, you should ask the company. The fact that you asked HN first suggests that you already know the answer.
It depends. In a country where meta can fire you for buying diapers with the company provided lunch money I would just use whatever the bossmaster hands me.
> use GitHub, which means I can work on my personal MacBook.
GH does not imply that you can access repo without vpn
Wrong? Probably not too egregious, unless your contract or IT policy states otherwise.
Unethical? Definitely. Just use your work-supplied hardware for work-related purposes. Leave anything personal off it.
I don't think it's wrong in an ethical sense as long as you aren't violating an agreement by doing so. I think it's very unwise, though, regardless.
What do you mean by wrong? Would the company be against that if you asked them? Most likely. Is there a commandment against that? Not really. Do people do that? Some do.
If you worked for UPS and didn't like the truck they gave you for deliveries, would you buy your own and use that?
Of course not.
Same applies for laptops.
This is a question for your IT team, not HN.
Legally, yes. Practically, no. But we go to work with a contract, and that contract usually includes something about security.
Do the next best thing: ask your boss if you could use his personal computer.
Jokes aside, no.
Yes, if they do provide one no matter of quality.
No if they dont.
If your company gets pulled into a lawsuit, lawyers on both sides might demand your personal machine for evidence.
I wouldn't work any other way.
I use a linux workstation, which right of the bat means it's not what most employers are going to provide.
However I would NEVER run a typical corporate configured windows installation on my LAN. They might as well ship a box labelled "please install this malware on your network"...
I would avoid using your personal laptop for work.
I'm not sure why you would want to put wear and tear on your own equipment and save the company money on not putting wear and tear on their computer.
You could just use the laptop, and close it when done with it.
Them having access to your personal life is not a good idea. How would you apply for another job without them knowing?
It's not uncommon for contractors to have their own equipment.. still if you feel you are going to use your computer, install and run a separate copy of windows inside a virtual machine (vmware, virtualbox, etc) so you can turn it off, and containerize it and keep it separate from your personal computer.
if something happens like malware from an npm install’s dependency of a dependency of a dependency, and whatever protections they mandated would have caught it you will be personally financially liable for damages.
So not only is it morally wrong, it’s also unnecessarily risky.
If it’s inconvenient to carry two laptops around consider partitioning your hard drive, but be aware that certain profile management software can brick the entire machine remotely if/when they want while others like a typical vanta install will tend to stay within a partition.
Almost everybody here is going to say to not do it but I’ll go the other way.
You only live once and you want to do it, so why not?
Because there might be some malware that’ll screw things up? Unlikely on a Mac.
Because there might be a lawsuit where your personal computer ends up as evidence? Almost certainly not going to happen.
Be cause it’s good evidence for a vindictive boss to use to fire you? Yeah whatever if somebody wants to fire you they’re going to do it anyway.
If you can accept that this is a weird thing to do and might have some risk associated with it, go nuts.
People can be very judgemental here but I've done it for the past 15 years. I only use the work laptop to access stuff I know IT is logging, so they see the correct device with the correct serial making the connection, otherwise personal laptop for everything.
I also use separate browsers (chrome for work, firefox for personal stuff) cause I'm not a psycho.
Also I see people are conflating the use of a work laptop for personal stuff with using your personal laptop for work, those are very different and people doing personal stuff on the work laptop full of corporate spyware are the real psychos.
I liked this comment because it said what I was basically thinking. In my last job I kept everything seperate, a lot of people didn't and when we all got made redundant, I just closed my work laptop and walked away, some of the others were scrambling to disentangle everything and had all sorts of problems.
But in my new job I'm doing work on my personal laptop. It started because, I travel by plane to work regularly. I was carrying three laptops, my personal one, my work one, and one provided by my current client. It was just so much easier to combine everything into one laptop and just carry that. It's working out really well. Before I was constantly moving from one laptop to another just to check messages.
I think doing work on your personal computer is less bad than having personal stuff on your work computer, I wouldn't do that.
Not wrong, but dumb. Your company now probably legally owns everything on your laptop.
Hot (and perhaps tangental) take here, but I can't understand why companies that attempt to enforce these policies for security reasons, do not just mitigate their largest attack vector and move to macOS for their endpoints where possible. Far more reliable in terms of stability and security, and dramatically less patch management required for macOS clients. I'd argue a more productive user experience also, instead of fighting the advertising, new AI integrations, Candy Crush and layout changes that Windows generously provides every 30 days. Hardware is also pretty easy to resell, AppleCare covers replacements and the fleet can be pretty uniform with stock available anywhere if needed. Keep incompatible apps that are required in a Citrix Workspace or equivalent for isolation. This doesn't address social engineering or file leaks due to malicious employees obviously.
Even with the Mac there are still security reasons to enforce certain controls on it.
eg. if you lose it and it's not encrypted, doesn't have strong login creds required, lock screens, etc then all the data on it is out in the world. That can include customer data, access to your production systems, your companies code and ability to check it in and introduce other bad behavior in the product, etc.
Some of the other controls will be able access to internal systems. eg. VPNs, or cert-base auth controls other make sure that only employees can access those systems to protect them. If you're on an uncontrolled machine you lose the ability to guard who and what is connecting.
Some of the controls protect employees themselves. MDM on your laptop allows IT to reset your password and/or fix your machine in other ways.
I'm all for switching to macOS, but they still need the same controls in place.
I was going to say "but DLP" but you covered it in your last sentence. So...yes. Use the corporate device, you do NOT want to be under investigation for being unable to account for if you've leaked data you had access to from outside the perimeter.
All that follows is from someone who mainlines linux (just mild ubuntu) and macos but wouldn't complain too much about a windows workstation.
> Hot (and perhaps tangental) take here,
Indeed.
> but I can't understand why companies that attempt to enforce these policies for security reasons, do not just mitigate their largest attack vector and move to macOS for their endpoints where possible.
Citation needed that Macos is more secure than windows.
> Far more reliable in terms of stability and security,
In my experience, macos/windows are about par for security and the "stability" also seems par. If anything, windows is _more_ stable since it is backwards compatible to a fault.
> and dramatically less patch management required for macOS clients.
Fair, but I think this is mostly a boon to IT teams who want more control from windows.
> I'd argue a more productive user experience also, instead of fighting the advertising, new AI integrations, Candy Crush and layout changes that Windows generously provides every 30 days
These concerns are not generally applicable in an enterprise environment. I feel them on my gaming machines, but corporate is generally locked down pretty tightly. Also, I mean, Macos is famously getting new AI integrations in 18.2 so this seems like a false comparison.
> Hardware is also pretty easy to resell
Admittedly this is a boon to Macos, but I think there is an argument that the cheaper windows machines may have a better full cost-of-ownership metric than macs.
> AppleCare covers replacements
Everywhere I have worked, the company pays for replacements out-of-pocket or has _very_ generous enterprise agreements.
> and the fleet can be pretty uniform with stock available anywhere if needed.
Fair. I'm not sure that it matters for enterprises that already have a locked down hardware procurement process but its pretty hard to argue against the 2023MBP16GB is more uniform than {windows soup}.
> Keep incompatible apps that are required in a Citrix Workspace or equivalent for isolation. This doesn't address social engineering or file leaks due to malicious employees obviously.
I'm not sure what you're saying here, but I'm hard pressed to see how this applies to any specific OS and not others.