the boss checked my computer history and saw AF

[dyresand]

Wow. Wtf, can't you file a report or something?  I'm so sorry for you.

Tis the south pool...tis.... the south.... or i should say regressive land

[Aractus]

I mean, it's not unfair at all really. AF isn't a site that is related to work, so accessing it from work will likely violate work policies. It astounds me that people think they have a right to access personal websites whilst at work. You're being paid to work, not browse forums.

That's not at all true. In every first world-country employees get a number of breaks per day. A lunch break for example, and usually other smaller breaks as well. Using the internet for personal reasons during your break-time should not violate any company policy, unless they can show that your using the internet places an undue burden or hardship on the company (which might be the case if they have really bad internet). Same basic principle with your mobile - yes they can fire you for using it while you're supposed to be working - but you're free to twiddle around with it during one of your breaks - but again, so long as it does not disrupt the running of the business.

My former employer had a policy that smoking during company time was a stackable offence. Of course, that policy is illegal - he was well within he's rights to fire anyone smoking on the company premises (and he did), however if you wanted to take a break, walk off the premises and have a cigarette then it was outside of his ability to enforce his policy. So that's what all the smokers did. There is a similar policy at a local school - teachers are not allowed to smoke anywhere on the school grounds, and the policy extends to public areas off the school-grounds visible from the school as well. I believe the policy is likely illegal, nevertheless what smokers at that school do is take their break, go to their car and smoke inside their cars.

[Foxaèr]

All I have to say is this:

Fuck you Kansas.

[Tiberius]

That's not at all true.

Erm, yes it is. I used to work for a company that clearly stated in their company policy that using work computers for personal browsing was against the policy.

In every first world-country employees get a number of breaks per day. A lunch break for example, and usually other smaller breaks as well.

Right, and I covered that in my post. You just decided to remove that part when you quoted me...

Using the internet for personal reasons during your break-time should not violate any company policy

...unless it states it in the company policy of course.

unless they can show that your using the internet places an undue burden or hardship on the company

How about this one: Employees might visit malware infested websites that install spyware or other viruses on our work computers, which then can infect our network.

Speaking as a security professional, that's a big reason why companies today would make it part of the company policy (and likely also the security policy) not to use the Internet for personal browsing.

There's nothing really stopping me from installing code in this website that would call back to my computer, at which point I could attempt any number of known browser exploits and potentially gain access to someone's machine.

[Foxaèr]

Erm, yes it is. I used to work for a company that clearly stated in their company policy that using work computers for personal browsing was against the policy.

The problem is that these companies tend to overlook certain aspects of broken rules. I guarantee there are individuals who frequent certain sites and will never get in trouble because the company does not have a bigoted view toward that website.

If one could show that to be true, then one would have a case. Unfortunately, this is reality and not some television show.

[Jackalope]

If you were to sue for discrimination, naturally you'd want to subpoena your boss' browsing history.

Though I agree, if there's a company policy forbidding it, it probably doesn't matter even if you didn't live in an at will employment state.

[Aractus]

...unless it states it in the company policy of course.

And as I mentioned, clearly, in my post, there are clear limitations to what company polices can specify. They could specify that you cannot use work computers for person reasons at any time - however they would need (at least in most jurisdictions) to have a valid reason to justify the policy.

How about this one: Employees might visit malware infested websites that install spyware or other viruses on our work computers, which then can infect our network.

Speaking as a security professional, that's a big reason why companies today would make it part of the company policy (and likely also the security policy) not to use the Internet for personal browsing.

That's not going to make a significant difference to the risk of Malware. Heck when you're googling your way through researching your clients and whatever else you need to do, you'll be far more likely to hit a website that you've never visited that has been compromised, compared to relatively safe sites that you frequent like this one. Many small business websites are far easier to hack than well set-up forums. And in fact I've seen them hacked many times before.

There's nothing really stopping me from installing code in this website that would call back to my computer, at which point I could attempt any number of known browser exploits and potentially gain access to someone's machine.

There's plenty stopping you from doing that. Number 1. the company does not install flash, and sets up a group policy blocking flash from being installed. Number 2. the company does not install adobe reader, and instead uses an alternative. Number 3. Keeps windows security up to date. Number 4. has anti-virus installed. Number 5. Improves the security of FireFox and Chrome by adding certain extensions - especially uBlockO.

As I mentioned though, forums are a less likely spot to find malware (except through advertising), the sites that get hacked the most are the small businesses sites that are poorly secured. And those are the ones that you're going to be visiting as a part of your job, therefore the greatest security risk is from company activity, not from visiting a few personal websites.

[Jackalope]

@Aractus

This is the US not Australia. For right or wrong, in most states you can be fired for any reason except being part of a protected class or no reason at all with little or no recourse.

[Tiberius]

And as I mentioned, clearly, in my post, there are clear limitations to what company polices can specify. They could specify that you cannot use work computers for person reasons at any time - however they would need (at least in most jurisdictions) to have a valid reason to justify the policy.

Right, and security is a perfectly valid reason to justify that policy.

That's not going to make a significant difference to the risk of Malware. Heck when you're googling your way through researching your clients and whatever else you need to do, you'll be far more likely to hit a website that you've never visited that has been compromised, compared to relatively safe sites that you frequent like this one. Many small business websites are far easier to hack than well set-up forums. And in fact I've seen them hacked many times before.

The point is, if you restrict employees to a subset of sites, trusted sites for instance, you limit the chance of an employee visiting a malware infested site. Whether it makes a significant difference really depends on what sites the employee is browsing. If they are visiting dodgy sites, the risk increases. Sure, atheistforums.org isn't a risky site for that, but company policies aren't designed with us in mind, they are designed for the worst case scenario.

There's plenty stopping you from doing that. Number 1. the company does not install flash, and sets up a group policy blocking flash from being installed. Number 2. the company does not install adobe reader, and instead uses an alternative. Number 3. Keeps windows security up to date. Number 4. has anti-virus installed. Number 5. Improves the security of FireFox and Chrome by adding certain extensions - especially uBlockO.

There are plenty of ways around all of those things you mentioned. Flash / Adobe Reader aren't required for browser exploits to work. Windows security is a joke. Anti-virus is largely a joke when it comes to targeted attacks. uBlock blocks adverts, not malware.

I do this sort of thing for a living. I know what I'm talking about.

[SteelCurtain]

I do this sort of thing for a living. I know what I'm talking about.

Yabut, I read a wikipedia article, so...