banner

Blog

Jul 11, 2023

There’s Not Much You Can Do About Bossware Spying on You

Published June 6, 2022

Thorin Klosowski

Share this post

Whether you’re working at home, in an office, or a little of both, chances are good that if you use a company-owned computer, your employer is monitoring what you do on it. Since we last covered what not to do on your work computer, in 2019, the use of "bossware" has become even more widespread. In one survey, as many as 60% of employers report using some kind of tracking software to monitor keystrokes, take screenshots, activate webcams or mics, or log how much time employees spend in various apps and websites. And in most companies, there still aren't many employee protections regarding this software's use.

Most people understand that their employer can access just about everything they do digitally on any services it runs—Slack, Gmail, Teams, or any other, similar tools—especially on a company-issued laptop. But since there are no federal laws concerning these monitoring tools, employees can know about their presence in only a few states. As of May 7, 2022, employers in New York now have to give new employees notice if the company monitors email, internet usage, or telephone conversations. New York joins just two other states, Connecticut and Delaware, with similar laws. Meanwhile, a proposed California law to address the issue, specifically through drawing boundaries around workplace monitoring and employee tracking, was withdrawn in April before it was voted on.

Take private chats to other platforms, don't log in to any social media accounts, and don't store any personal files on that computer.

Although more people now know not to conduct personal business on their work computers and not to expect privacy in corporate software like Slack or Google Docs, the prevalence of bossware is taking things a step further. Picture a world in which your manager can look over your shoulder all day, and you get a good idea of what this software can do. In 2020, the Electronic Frontier Foundation looked at a number of these tools, noting that several can be set as "invisible" so that most employees won't notice the software is even running. New York's new law doesn't explicitly mention bossware, but since most of this software includes tools that can capture email and internet usage, employers are likely to be required to notify their employees about its use in the state.

The same survey that found 60% of employers were using monitoring software also found that the main reason employers deploy this software is to "understand how employees are spending their time," followed by a desire to "confirm employees are working a full day." In either instance, employee productivity seems to be the end goal. Other commonly cited reasons tend to involve security and compliance concerns, especially in workplaces where employees have access to customers’ personally identifiable information, medical records, or credit card numbers.

But much of this software, including tools like Prodoscore, funnels data into "productivity scores" that could theoretically be tied to bonus metrics or punitive measures, which experts note are far scuzzier purposes. According to a report published by the University of California Berkeley Labor Center (PDF), these sorts of scores are dehumanizing, as they remove basic autonomy and dignity at the workplace. There's also the uncomfortable idea that the more data employers have about workers, the more potential for harm that data has following a breach, a data-sharing arrangement, or a sale.

If you’re not in a state that requires notice, your only option—if you’re comfortable with it—is to ask your boss about what sorts of monitoring your employer does, whether it's applied to computers used both on-site and remotely, and how that data is used. If you can figure out what the software is, you can consult reviews to get a better idea of what sorts of insights your employer may glean from it. Our older advice still holds true: Take private chats to other platforms, don't log in to any social media accounts, and don't store any personal files on your work computer. But if your employer is aggressively monitoring webcams or microphones, you may need to take additional precautions for the sake of your privacy.

Most modern TVs include technology called Automatic Content Recognition (ACR), which attempts to identify what you’re watching and then sends that information to the TV maker and its business partners, typically for marketing purposes.

You can dig through your TV's settings to find the option to disable this technology, but TV makers tend to use all sorts of names that hide what it does, such as "Viewing Information Services" or "Live Plus." The New York Times has a guide to disabling this tracking on models from most major television makers, and although that article is a few years old, we’ve found that many of the settings appear to be in the same locations. While you’re poking around for the ACR setting, if you come across the option to disable any "interest-based" or "personalized" ad tracking, we suggest turning that off, too. We also suggest turning off these sorts of ad-personalization settings on set-top boxes like Roku and Apple TV devices.

⌨️ Most people may assume that when they’re filling out forms online, what they type doesn't transmit to the company until they click the Submit button. But new research suggests that for an increasing number of websites, that's not always the case. "Leaky forms" might send to the website owner details such as an email address or other information you type in, even if you never finish filling out the form. Although there's not much you can do to stop this from happening, the researchers are working on a Firefox extension that will tell you if you’ve landed on a site that appears to be doing this.

💍 Wedding-planning site Zola confirmed to TechCrunch that its user accounts were hacked. (Wirecutter has recommended and covered Zola in the past.) If you have an account on the site, now is the time to change your password; in addition, if your bank accounts or credit cards are linked to a Zola account, be sure to check them for fraudulent activity. If you don't use a password manager already, set up a password manager and use a unique password on every site.

🔎 The privacy-focused search engine DuckDuckGo got some negative attention when a security researcher noticed that the company's mobile browsers weren't blocking advertising trackers from Microsoft. It turns out that the behavior is related to a contract that DuckDuckGo has with Microsoft, which the company (seemingly) had not disclosed previously. For the time being, the search engine itself is still a more private choice than its rivals, though we’ll be keeping an eye on any new disclosures for the apps.

This article was edited by Mark Smirniotis.

by Thorin Klosowski

Employee-monitoring software can track a remote employee's every click, but more common tools to work from home can also report info to your employer.

by Lesley Stockton

Expertly braising, searing, and roasting meat takes finesse, and the right gear will set you up for success.

by Thorin Klosowski

It's best to assume your work computer is monitored and act accordingly. Here are some less obvious tasks you should be mindful of.

by Brent Butterworth

The Philips Norelco MG7750 offers the ideal combination of power, ease of use, and versatility, making it the best tool for most at-home beard groomers.

SHARE