This is something that genuinely runs the gamut across different companies—plenty don't even know the serial numbers of company-owned machines, never mind which devices individuals have, while others do effectively have live feeds of every employee's screen available to managers at all times. In between you have many businesses that manage their devices but only insofar as to enforce some basic protection and reserve the right to investigate it in the case that something does go wrong. In having conversations about this kind of stuff with company leaders, many will strongly reject any of the most invasive tracking stuff, believe it or not.

I do agree, though, that for any type of surveillance, the rise of AI presents a really problematic opportunity to allow more targeted observation, since nobody has to spend their own time looking for what people are doing, they can ask an AI to keep tabs and look out for the things they care about.

On that note, I think one of the more realistic risks for an everyday person doing personal things on a work machine is probably insider threat from a rogue IT admin, whose access allows them insight into company devices without enough oversight.

I've always, throughout a 25+ year career, kept personal business on personal devices and work business on work devices, and never cross the streams.

Oddly, this is really controversial on HN, though! I've gotten so many weirdly angry responses when suggesting people try it, like it's a huge inconvenience to just bring a personal phone to work in order to do your banking and fuck around posting on HN. It's so much easier now than pre-smartphone to keep worlds separate.

There's no reason my employer needs to know what personal errands I need to attend to throughout the day, and they obviously are not going to approve of me doing confidential work business on my personal devices, so it's a win-win.

> We will soon have to brace ourselves for an absolute draconian level of tracking.

Somehow this reminds me of the old adage in finance :"The optimal amount of fraud is not 0"

Meaning that you could of course come up with a system in your accounting or banking or stocks or whatever that is totally 100% fraud proof.

But that system would be so onerous that none would use it. They'd go back to a more fraudulent system that is easier. Like, 15 retinal scans, a blood draw, and a bank approved minder just to buy a taco isn't workable, duh.

I'd say the same here too. You can of course use AIs and LLMs to figure out exactly how much work a person is doing and try to optimize them down to the second. Amazon is currently doing this in their warehouses. Any given month comes up with yet another instance of a worker dying on the floor and people having to continue working around the literal corpse.

And Amazon then has to run through communities, one after another, trying to hire people to work in that system. Their SEC filings note, incredibly, that population exhaustion is a real threat to the workforce.

Thus, the optimal amount of surveillance for an evil megacorp is not 100%.

Draconian, sure. But Amazon is already over the balance point and is trying to squeegee back towards the optimum. So far, it seems to be a lot further back than we thought.

> In the US, there's the expectation that when you use an employer-provided device that any and all activity on it can be fully monitored/recorded

I don't expect this. I know that some companies install spyware on their devices, but I don't expect it, I don't accept it, and if they did it without disclosing it I'd be furious. I understand they're allowed to do it. I'd never work anywhere that did.

Regarding what is available, imagine a system with reports and dashboards showing a timeline of which application was in focus and for how long, metrics on "activity" like keypresses and mouse clicks, periods of inactivity, lists of websites visited, whether you are joining scheduled zoom meetings, whether your camera was on, when you badged into and out of the office, periodic photos being taken from your webcam, geolocation on where you sign in from, and I could go on.

Most of these things are available bundled with most of the business Microsoft subscriptions while other telemetry comes from other tools or homegrown sources and is available to managers and IT staff on demand. Now, most of the time no one was really looking at most of this unless they had a reason to, and while I am no longer in this end of things since LLMs have reached this stage of maturity, I can imagine they are now being tasked with constantly watching for patterns in worker activity which deviate from the expected norm and are fully capable of notifying your manager automatically along with a detailed analysis of your activity.

The thing to understand is that the modern office is a veritable panopticon.

> It's always been hard to know the extent of how draconian tracking actually is (IT pros tend to not talk about it much).

Having worked at a FAANG and then downsizing back to IT (it's pretty great if you don't need the paycheck), I'll say a bit here. I was FAANG for 8.5 years, though in a more limited role for half of that. I've been doing the IT thing since 2018, first at a small private company and then at a gov state agency.

We were ~25 people and we had one person who was a nightmare. They created a toxic work environment. I asked for a meeting with the owner and brought a laundry list of documentation about their behavior, including spending most time not performing the job (browsing online shopping instead). He asked if I knew their device name so he could pull it up and see what she was doing right then. I didn't know. I'm sure he checked later.

Every computer had management software that allowed remote viewing and remote control because of course they did; we managed fleets of machines. I genuinely don't think the owner ever had the impulse to spy or check up on anyone until that moment, when he was receiving really troubling news. I worried more about the security camera installed after a break-in because it could expose my long breaks when I came in super early in the morning.

Where I work now, users have to approve a screen sharing session. I can't just spy on someone like at my former employer. But there's undoubtedly metrics being recorded in case anyone ever needed to profile a user's work time (say a labor lawsuit, for example). We all know we can be tracked on work devices.

My expectation is that while your company can, theoretically, track everything, they have no motivation to waste their time unless given a reason. Maybe AI will change that as the cost of tracking creeps closer to nil (probably). And at Meta, I think they're evil enough to consider the cost worthwhile anyway. But probably not a big deal most places so long as you aren't up to anything beyond slacking off. People have work to do.

Doesn't visiting hacker news count as personal growth? Or am I supposed to grow professionally outside the work?

It's like a law of technology. As technology increases the ability to surveil increases. Then we learn why we weren't surveiled in the first place. It was just a lack of ability - not laws, benevolence of government, etc. I cannot imagine a world 100 years from now without much more surveillance.

Literal thought police is not a crazy idea. That might only require more usage of something like nueralink and progress in processing signals from your brain.

Ridiculous tracking happened before AI too. Go read the book about Bridgewater, describing, among other things, how internal security worked when it was led by James Comey (yes, the one you know from the news, and was later FBI director)

I don't think AI introduces anything new. In theory, manager could pull the reports of their 4-12 people to see which programs are active and what websites they are using for how long once a month, targeting individuals that they are looking for a reason to bump. No AI needed.

I wonder if the AI's that replace us will be periodically web surfing and checking HN as part of their daily work flow?

What you’re concerned about doesn’t stop at the employer.

Anyone with access to data being processed about you may have incentives that align similarly with your employer’s use case.

Advertisers, Internet service providers, phone manufacturers, social networks, tech platform providers, schools, families, spouses, nosy neighbours, nosy governments.

The scale at which you can build a summary about someone is astonishing.

How they breach policies, how they break laws, how they mishandle sensitive data, how they materially negatively impact customers.

This whole thing is now a litigation nightmare, and frankly I can’t believe Meta is doing this so publicly. They’ve created an incredibly dangerous and lucrative lever in which vexatious and otherwise incentivised individuals and organisations can subpoena and demand evidence which, provided the ample data available, will surely produce enough evidence given the expanse of their employer base. They simply need to have a thread to pull on, so a judge doesn’t deem it a fishing expedition.

Similarly, I worry for democracies with no checks or balances to prevent ruling parties from exploiting or abusing this power. For example, in India, there’s accusations of their equivalent of the NSA being used to spy on the opposition —- under the guise of “keep them honest”. https://www.idsa.in/system/files/book/book_IntellegenceRefor...

In other Western countries whenever this type of work is conducted, it’s usually at Director or Minister-level approval. There’s lawyers involved, it’s heavily documented. What happens when systems, or products, are given the implicit approval of this same function by their very nature?

We’re in weird times.

Why would you do that on the employer-provided device? I just use another laptop and my smartphone. I am even using headphones if I want to listen to something for privacy, no idea if my company would go as far as recording from my microphone but I am not willing to take the risk.

> Oh, here I am on hacker-news when I should be working.

What else am I supposed to be doing while Cursor does its thing?

> With AI, this changes significantly since the man can now employ a robot to categorize and finely scrutinize every little thing

Corporate endpoint monitoring software has been able to track time spent in apps and websites for a very long time. They could produce breakdowns of time spent in apps and even categorize popular websites based on a database.

This is unrelated to the topic, but worth mentioning in case someone assumes that AI tools were needed for time tracking and breakdowns.

Regardless of your stance on AI, we shouldn’t normalise tracking of this magnitude at all. Some safety guardrails for security and IP protection - fine, most tools have that builtin. Anything beyond that is abuse, plain and simple.

In so far as bracing for draconian tracking, I already would have never worked for Meta and especially wouldn’t now. I think we can vote with our feet and not work for companies that do this.

When AI takes all the jobs, it will also need to take care of supplying all the demand/customers, as humans will no longer have the resources for that.

Is it really that different with the current iteration of AI compared to what was possible 10 years ago? There may be some new awareness at the executive level of what is possible, but I feel like a "slacker detector" or whatever would have been possible with xgboost or lstms.

And employees will employ robots to do hyper realistic work like activities to game the system. Here's an idea...... find good leaders who understand team building and culture and let the score take care of itself.

With companies enrolling AI to help look over the shoulder of their employees, I wonder how hard it would be to do some prompt injection just changing what is displayed in the surveiled screen for it to see. Potential for a new vulnerability vector?

Reading hacker-news is work; and never tell my Boss otherwise.

Or, the tracking won't change much, it'll be the big-brothering that will dramatically accelerate

> (IT pros tend to not talk about it much) > In the US, there's the expectation that when you use an employer-provided device that any and all activity on it can be fully monitored/recorded

Uh, kind of, you have to explicitly be fully aware of it, if they don't tell you in a meaningful capacity, you still have a reasonable expectation to privacy and it could turn into a lawsuit in your favor. ESPECIALLY if you access anything personal, medial, or even financial it could land your employer in hot hot water.

In fact, they probably added the 30 minute escape hatch because of those things I mentioned, because yes, those are valid scenarios to have total privacy.

> however, few people worry about reasonable amounts web-surfing, being on hacker-news or doing life-activities on their work machines

I'd suggest doing it on your phone, not work PC.

If you have urgent personal errands e.g. an email to respond to here and there and you'd rather have a keyboard, bring a personal laptop, connect it to 5G and do it from your car.

Other than adding buzzwords to a features list, I don't see AI really moving the needle here. As you've said, it's always been the expectation that employers are watching over their networks.

There's already loads of monitoring software available that can scrutinize, categorize, and track everything going through corporate networks. A company I worked at ~20 years ago had an internal website showing a live display of URLs accessed through their whole network, a "top 100" list, a break down into categories (news, email, games, etc.) and other stuff along those lines. They were absolutely categorizing and scrutinizing everything way back then, no AI needed.

> employer-provided device that any and all activity on it can be fully monitored/recorded

And the location, yes, your physical location as well

If you can afford it, set up a proper trust fund for them.

[dead]