30

I'm a software analyst with a relevant work history, which means that I (like others) have a large collection of bookmarks with useful links and resources that are useful during my work (along, of course, with numerous links of funny pictures of cats).

Now, let's assume I get to work for a new company, where I am responsible for the administration of my own computer: should I use my personal browser and stack overflow (sic) accounts during my working hours, or not?

Assuming that I actually talk with my employer and I get the explicit consent to do so (it would be for the mutual benefit, after all), is there something specific I should ask her (ownership of the personal data is one, but there could be other I didn't think about it)?

I would be eager to know how great is the potential for conflicting situations, and what's your take on this matter.

Thanks!

UPDATE: I haven't been specific enough so it's worth mentioning that I wouldn't use my browser's account in order to access personal links or do leisure browsing, instead the question is more aimed at the ownership of bookmark data.

R1ck77
  • 403
  • 5
  • 8
  • 12
    Related reading: Company policy violation due to browser history syncing (not a duplicate; this question is what-should-I-do, that question is what-do-I-do-now) – apsillers Jan 06 '17 at 16:11
  • 4
    Avoid the potential drama and just email yourself the bookmarks you want – Chris G Jan 06 '17 at 16:44
  • @ChrisG good suggestion (didn't thought about this...), thanks! – R1ck77 Jan 06 '17 at 17:51
  • 3
    Bookmarks are not intellectual property any more than a library index card is. – Wildcard Jan 06 '17 at 20:48
  • 1
    @Wildcard: interesting point of view, and I'd agree in principle. Not sure if it would hold when court tested, though... :( – R1ck77 Jan 06 '17 at 21:23
  • 1
    I'm thoroughly confused why you think "intellectual property" comes into this, or why Wildcard's comment would ever be "court tested". Can you explain exactly what kind of situation you're thinking you might find yourself in? – Anthony Grist Jan 06 '17 at 23:30
  • IANAL, but this is quite clear as there is no original element to the bookmarks and they may be protected outside the US under database rights though. However, if you don't want them to have access to the bookmarks, then I would recommend against using them. – Benjamin Jan 07 '17 at 01:09
  • @AnthonyGrist my bad: read "ownership", the right of reading them or consider any addition to the bookmarks list on my private account ad a form of thievery. As for "court tested", I mean whether Wildcard reasonable assumption would actually hold in a court, or if it ever was. IANAL anyway, so it might be an inappropriate concern. – R1ck77 Jan 07 '17 at 02:17
  • 1
    Whats preventing you from saving exporting the links and importing them on yor wrk PC? or, if thats not possible, what prevents you from exporting them as HTMl and publishing them somewhere you can access them from work? – Polygnome Jan 07 '17 at 13:11
  • @Polygnome Good point! This could be a generalization of the "mail your bookmarks to yourself". It would work, but it would be less practical, as I want also the new bookmarks I'll create to be exported to my profile: this is one of the ways my little "cache" came to be in first place...). Also the question as it's stated is a little more broad (and useful, IMO) as it applies implicitly to other assets (e.g. my Dropbox account), with all due limitations and caveats. – R1ck77 Jan 07 '17 at 13:17
  • @Polignome, don't mind the second part of the comment. I misread and it doesn't apply (sorry!) – R1ck77 Jan 07 '17 at 13:23
  • 1
    @Wildcard, AnthonyGrist, Benjamin : and to add to the confusion, I have a bookmark (in Firefox though) that instead of a plain URL, consists of Javascript code to generate a URL (in my case depending on the current date; the resulting web page has new content for each day). Now it could be argued that that program code in that bookmark is my own IP/original creation (even if it is fairly trivial and was constructed with the help of a number of code examples found on the web). – frIT Jan 07 '17 at 14:34

4 Answers4

41

I would recommend against using your personal browser account.

Most workplaces make you sign an IT agreement that allows them full access to anything you do on their machines, and the ability to monitor your activity and browsing history. I am going to assume that your browser is Chrome, since I don't know of another browser that uses accounts. Along with all of your bookmarks and stored settings, signing into Chrome also copies over all of your personal browsing history.

This means that your employer can see any and all websites you have visited on your home computer during your personal time. It is very likely that some of these websites are explicitly forbidden to be accessed on company machines, and it could cause some confusion if your employer found them in the browsing history on your work machine (see this question as an example). Aside from the policy aspect, I don't want my employer to know all of the websites I visit during my free time for things completely unrelated to work.

I recommend using your browser at work without signing in to your account. It will be a little hassle to set up all of your bookmarks and settings again, but that's a one-time cost to give you some privacy. By the way, you can still sign into Google websites without signing into the Chrome browser, but you may need to explicitly tell it not to.

@Andrew Berry and @AndreiROM pointed out that in Chrome you are able to define which settings are synced, so you could use your account and sync your bookmarks, but not your history, passwords, credit cards, etc.

Philip Eagles
  • 103
  • 2
David K
  • 30,066
  • 21
  • 108
  • 140
  • Thanks, that's a great answer, and raises some very interesting concerns. Let's say I don't have to sign the IT agreement that's the main topic of your answer (in which case I agree that the use of my personal data at work would be absolutely a no-go), what would your take be? Would you think that the hassles of protecting my own data would be worth the trouble? Also, again in a permissive-no-strict policy environment, would it be better to access such information from my smartphone instead? – R1ck77 Jan 06 '17 at 13:55
  • 7
    You can go into the Advanced Sync Settings in Chrome and choose what is synce'd to your work pc. See attached screengrab http://i.imgur.com/OqXJxGn.png I would also suggest that companies don't track internet usage based on histories stored on PC's as these can be cleared easily. – Andrew Berry Jan 06 '17 at 14:13
  • 2
    @r1ck77 - I use my personal chrome account on my work machine, and simply ensure that browsing history/passwords/CC-info, etc. do not sync. I don't see any issues with it, really. I mean, companies are not typically actively trying to spy on their employees and steal their information. Some people go as far as not to even sign into their personal email on their work machines, but it all just depends on how much you trust your employer. – AndreiROM Jan 06 '17 at 14:17
  • 2
    @R1ck77 Yes, I still think it would be worth the hassle, which is really not much hassle at all. All you have to do is export your bookmarks and then load them in again. I think it's perfectly fine to access personal accounts on a work computer, so long as you don't mind your employer knowing that you visited those sites. IANAL, but I believe (in the US at least) that you don't even need to sign away permission for your company to be allowed to look through your account on company owned computers. – David K Jan 06 '17 at 14:19
  • 1
    @AndrewBerry and Andrei, good point! I wasn't aware of that feature. Do you know if the sync settings apply to all instances of Chrome, or just to the current computer? – David K Jan 06 '17 at 14:20
  • Thanks you all for your insights! I'll probably mark this answer in a short while. – R1ck77 Jan 06 '17 at 14:20
  • 1
    @R1ck77 I always recommend waiting at least 24hrs before marking an answer as correct. You never know when someone will come along and post an answer that is comprehensively better than all the others! – David K Jan 06 '17 at 14:24
  • 1
    @DavidK I think it's an account setting rather than a browser setting. I don't use chrome too much though so can't be certain – Andrew Berry Jan 06 '17 at 14:25
  • @DavidK about waiting before awarding the correct answer mark, it's a good advice I'll follow (ehm... next time). I'm sort of used to Stack Overflow, where after about 20' a question tend not to get much attention (most of the time at least), it takes some adjustment :) – R1ck77 Jan 06 '17 at 15:51
  • Note that even if you disable password and history syncing, once you are signed in they can change the settings back. Or, in other words: if you type your Google password on their computer, theoretically they can access everything you have there. Mail, password, etcetera. – Federico Poloni Jan 06 '17 at 20:33
  • @FedericoPoloni Theoretically, if they are logging your keystrokes. Even if this is allowed by local laws, I can't imagine why an employer would bother doing that. – Brandin Jan 07 '17 at 00:50
  • 3
    "I am going to assume that your browser is Chrome, since I don't know of another browser that uses accounts." - Firefox does so, too. (And like Chrome, it allows you to choose which things to sync and which not to sync; sync options are Tabs, Bookmarks, Passwords, History, Add-ons, and Preferences. However, unlike Chrome I believe it encrypts all synced data (not just passwords) so Mozilla can't access your browser history and use it for e.g. personalized advertisements). – user2428118 Jan 07 '17 at 13:27
  • 2
    @Andrew "I use my personal chrome account on my work machine, and simply ensure that browsing history/passwords/CC-info, etc. do not sync". What value do you get from your account after you've disabled all of that? Seems like you'd be just as well off without signing into your account at that point. – Voo Jan 07 '17 at 13:44
14

It depends on the internet usage policy at your new workplace.

Most places are fairly relaxed when it comes to people's internet usage (within limits), and some place more controls in place and block certain types of websites (or block the internet as a whole).

You don't really have to be upfront and ask, the information of acceptable internet use should be available to you when you start.

If you ask, it might be taken as your personal internet browsing to be an important part of your working day...

Community
  • 1
  • Thanks you for your contribution! I have good reason to think that in my industry internet usage is bound to be liberal (as you suggested), bar explicitly inappropriate illegal content. – R1ck77 Jan 06 '17 at 13:22
  • I have updated the question, however, as I think I was sort of misleading. – R1ck77 Jan 06 '17 at 13:28
3

As long as you are not violating company specific IT policies on Internet Use (i.e. Using the internet for personal use on company time), then it shouldn't be an issue using these accounts.

If you are posting code related queries on SO though, be sure to anonymise data and not to post too much code (the bare minimum required) as the intellectual property of the code does belong to the company.

Edit: For your bookmarks etc, and accounts like SO etc, that information would still belong to yourself. The company don't have a valid claim to this information presuming these accounts have been created using a personal email/social media account.

Andrew Berry
  • 6,781
  • 2
  • 19
  • 27
  • Thank you for your contribution! Yes, I wouldn't do that, but it's always good to be reminded. – R1ck77 Jan 06 '17 at 13:23
  • As noted in another comment, I have updated the question, as I think I was sort of misleading – R1ck77 Jan 06 '17 at 13:29
2

No, absolutely not. Do not use your personal equipment or accounts for company work.

  • From the company perspective, it creates a security vulnerability.
  • From your perspective, in the case of an investigation, the company may legally be able to seize your personal equipment, and obtain passwords for your accounts.
  • From an employment perspective, you can be held accountable for damage to the company.

If you need your bookmarks, then send them to your work computer, and use them from there. Company policy may block certain sites, but that's their policy; they're paying you, and part of your job is to toe the line with their policies.

Especially in today's day and age, where all the big companies (including the U.S. Government) are getting hacked, everyone is hyper-sensitive about security, and using personal stuff for work is a blood-red flag.

kmiklas
  • 667
  • 4
  • 6
  • 2
    Thank you for your contribution, although my situation would be a little different, as I work in Italy, so less strict regulations. Also I would red flag companies with hard IT policies anyway: I would hardly work for a company that doesn't allow me to completely manage my own computer (or at least install programs at user level), as I think this kind of freedom is beneficial for my job. I completely agree with your arguments where they apply, though (and good idea that of emailing the relevant bookmarks). – R1ck77 Jan 06 '17 at 20:18
  • 1
    Managing your own computer is a mixed blessing. Yes, you have the freedom to install whatever you want, but you're also responsible if you pick up malware. Be sure to have an antivirus program installed, keep it updated, and run scans regularly. Viruses don't care if you're in Italy! Also good practice is to set up a standard "user" account--with limited rights--for everyday use, and only log in as "Admin" if you have a good reason. Of course, be sure to back up your data, even if only to a USB key. Call me cautious, but I've had to reinstall far too many computers because of a stupid virus. – kmiklas Jan 06 '17 at 22:24
  • ...I must add that backing up to a USB key raises further security concerns; most obviously: losing it! Perhaps better to recommend backing up important stuff to the company servers. – kmiklas Jan 06 '17 at 22:32
  • virus do care if you use Linux, though (well... mostly. Linux does have viruses too) ;-) Even though they apply mostly for a windows environment (where it's probably most common to use admin accounts regularly, as I do from home) thank you for the tips! I agree also on the "mixed blessing", though for different reasons (no matter the Os you are using, if you mess it up, you still need to fix, possibly in your own private time...). – R1ck77 Jan 06 '17 at 22:35
  • 3
    Also I would advise against backing up on a USB device, especially if you are in a very security-aware company, as that would be probably seen as an attempt to either steal company material, or introduce malware ;-) (and I would expect such a company to provide some kind of backed-up space, anyway). – R1ck77 Jan 06 '17 at 22:36