←back to thread

Stop Breaking TLS

(www.markround.com)
170 points todsacerdoti | 1 comments | 10 Dec 25 07:06 UTC | HN request time: 0s | source
Show context
samuel ◴[10 Dec 25 09:31 UTC] No.46215799[source]
I agree with the sentiment, but I think it's a pretty naive view of the issue. Companies will want all info they can in case some of their workers does something illegal-inappropiate to deflect the blame. That's a much more palpable risk than "local CA certificates being compromised or something like that.

And some of the arguments are just very easily dismissed. You don't want your employer to see you medical records? Why were you browsing them during work hours and using your employers' device in the first place?

replies(3): >>46215855 #>>46216169 #>>46216703 #
immibis ◴[10 Dec 25 09:42 UTC] No.46215855[source]
In Europe they prefer not to go to jail for privacy violations. It turns out most of these "communist" regulations are actually pretty great.
replies(1): >>46215994 #
johncolanduoni ◴[10 Dec 25 10:02 UTC] No.46215994[source]
Does GDPR (or similar) establish privacy rights to an employee’s use of a company-owned machine against snooping by their employer? Honest question, I hadn’t heard of that angle. Can employers not install EDR on company-owned machines for EU employees?
replies(5): >>46216082 #>>46216180 #>>46216380 #>>46216557 #>>46218221 #
1. samuel ◴[10 Dec 25 11:28 UTC] No.46216557[source]
(IANAL) I don't think there is a simple response to that, but I guess that given that the employer:

- has established a detailed policy about personal use of corporate devices

- makes a fair attempt to block work unrelated services (hotmail, gmail, netflix)

- ensures the security of the monitored data and deletes it after a reasonable period (such as 6–12 months)

- and uses it only to apply cybersecurity-related measures like virus detection, UNLESS there is a legitimate reason to target a particular employee (legal inquiry, misconduct, etc.)

I would say that it's very much doable.

Edit: More info from the Dutch regulator https://english.ncsc.nl/publications/factsheets/2019/juni/01...