Mixing
Company policy violation due to browser history syncing
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;
up vote
81
down vote
favorite
I recently learned (the hard way) that my company is accessing my browser history on my work computer. That's fine and all, and comes as no surprise, really. However, I recently got hit with a warning about some of the sites I've visited. I'm not perfect, and have probably been on some websites during work that haven't been the best, but none have been what they claim I visited.
I will admit that I did visit the sites they claimed - but not with my company-issued hardware and not at work. So this kind of threw me for a loop - how does my company know all of the websites I've visited, even from my personal devices?
So after some research and digging, I'm 99% certain they know this because at some point, I logged into Google Chrome at work, and it's syncing my data (including browsing history) between every device I'm logged in on. Then a process on my work computer periodically scans my browsing history and sees some restricted websites, so then I get the hammer.
To be honest, I wasn't aware I was logged in on Chrome or that it synced my browser history. Of course, I know now that had I not been logged in on Chrome, none of this would be a problem. If I had known what was happening I would have logged out of Chrome.
My question is - is this legal/ethical? I feel like I'm justified in challenging the warning from HR. But, I'm unsure about their process in the first place...can they scan my browsing history, even when it includes stuff from my personal devices? Or are they justified in the practice, on the grounds that I don't have to be logged in to Chrome, and don't have to sync my data?
Edit
Okay, it's legal from them to peruse my browsing history, no matter what. And it was unwise, albeit legitimate, to be logged in to Chrome. But, are they justified in giving me the formal warning when I, in fact, broke no company policies? And can I challenge it? This is something that is going in my personnel file that I would rather not be there at all.
On a side note, when they query for my browsing history, it is possible to tell what device a page was viewed on across synced devices. Whether they are using that or not, I don't know (I guess not).
Edit 2 for some more information
The company and I both are located in Texas, USA. All internet traffic goes through a firewall/proxy while on the internal network, and filtering rules are applied which would have blocked me from visiting those sites. So part of their accusation against me included the presumption that I had intentionally taken my laptop off the network to go to the sites in question.
ethics company-policy technology software
edited Sep 3 '16 at 15:28
Evorlor
319513
asked Sep 1 '16 at 19:53
Seth
520138
 |Â
show 19 more comments
up vote
81
down vote
favorite
I recently learned (the hard way) that my company is accessing my browser history on my work computer. That's fine and all, and comes as no surprise, really. However, I recently got hit with a warning about some of the sites I've visited. I'm not perfect, and have probably been on some websites during work that haven't been the best, but none have been what they claim I visited.
I will admit that I did visit the sites they claimed - but not with my company-issued hardware and not at work. So this kind of threw me for a loop - how does my company know all of the websites I've visited, even from my personal devices?
So after some research and digging, I'm 99% certain they know this because at some point, I logged into Google Chrome at work, and it's syncing my data (including browsing history) between every device I'm logged in on. Then a process on my work computer periodically scans my browsing history and sees some restricted websites, so then I get the hammer.
To be honest, I wasn't aware I was logged in on Chrome or that it synced my browser history. Of course, I know now that had I not been logged in on Chrome, none of this would be a problem. If I had known what was happening I would have logged out of Chrome.
My question is - is this legal/ethical? I feel like I'm justified in challenging the warning from HR. But, I'm unsure about their process in the first place...can they scan my browsing history, even when it includes stuff from my personal devices? Or are they justified in the practice, on the grounds that I don't have to be logged in to Chrome, and don't have to sync my data?
Edit
Okay, it's legal from them to peruse my browsing history, no matter what. And it was unwise, albeit legitimate, to be logged in to Chrome. But, are they justified in giving me the formal warning when I, in fact, broke no company policies? And can I challenge it? This is something that is going in my personnel file that I would rather not be there at all.
On a side note, when they query for my browsing history, it is possible to tell what device a page was viewed on across synced devices. Whether they are using that or not, I don't know (I guess not).
Edit 2 for some more information
The company and I both are located in Texas, USA. All internet traffic goes through a firewall/proxy while on the internal network, and filtering rules are applied which would have blocked me from visiting those sites. So part of their accusation against me included the presumption that I had intentionally taken my laptop off the network to go to the sites in question.
ethics company-policy technology software
edited Sep 3 '16 at 15:28
Evorlor
319513
asked Sep 1 '16 at 19:53
Seth
520138
5
@Seth I'd recommend editing your question to focus less on the "is this legal?" (it is) which doesn't really help you and results in answers with people just rehashing what you already know and instead asking how you can recover from this situation or argue your side of the story (i.e. damage control). Oh, and this is rather beside the point, but if you routinely work remotely through a VPN, that could be another way for less-than-professional traffic to get logged in their systems.
– Lilienthal♦
Sep 1 '16 at 20:41
24
In which country is this? Accessing things like browsing history and emails may actually be against the law, even on work accounts and computers, but this obviously depends on the local laws. For example in The Netherlands the right to privacy also extends to the workplace (source)
– Martin Tournoij
Sep 1 '16 at 21:20
6
The fact that you synced work data to personal devices, might be itself a violation of company policy. Pressing further on the matter might make someone aware. You might have even broken some non-disclosure agreement.
– Christian
Sep 2 '16 at 9:05
27
This is a fascinating situation, and a very useful warning to others about our increasingly connected, your-info-follows-you-through-the-cloud world.
– T.J. Crowder
Sep 2 '16 at 9:30
14
The mistake here was using the same Google account on your home and work machines. Keep them separate; use separate accounts. Particularly for services like Google, Microsoft and Facebook that are ubiquitous and do a lot of tracking.
– Simba
Sep 2 '16 at 13:51
 |Â
show 19 more comments
up vote
81
down vote
favorite
up vote
81
down vote
favorite
I recently learned (the hard way) that my company is accessing my browser history on my work computer. That's fine and all, and comes as no surprise, really. However, I recently got hit with a warning about some of the sites I've visited. I'm not perfect, and have probably been on some websites during work that haven't been the best, but none have been what they claim I visited.
I will admit that I did visit the sites they claimed - but not with my company-issued hardware and not at work. So this kind of threw me for a loop - how does my company know all of the websites I've visited, even from my personal devices?
So after some research and digging, I'm 99% certain they know this because at some point, I logged into Google Chrome at work, and it's syncing my data (including browsing history) between every device I'm logged in on. Then a process on my work computer periodically scans my browsing history and sees some restricted websites, so then I get the hammer.
To be honest, I wasn't aware I was logged in on Chrome or that it synced my browser history. Of course, I know now that had I not been logged in on Chrome, none of this would be a problem. If I had known what was happening I would have logged out of Chrome.
My question is - is this legal/ethical? I feel like I'm justified in challenging the warning from HR. But, I'm unsure about their process in the first place...can they scan my browsing history, even when it includes stuff from my personal devices? Or are they justified in the practice, on the grounds that I don't have to be logged in to Chrome, and don't have to sync my data?
Edit
Okay, it's legal from them to peruse my browsing history, no matter what. And it was unwise, albeit legitimate, to be logged in to Chrome. But, are they justified in giving me the formal warning when I, in fact, broke no company policies? And can I challenge it? This is something that is going in my personnel file that I would rather not be there at all.
On a side note, when they query for my browsing history, it is possible to tell what device a page was viewed on across synced devices. Whether they are using that or not, I don't know (I guess not).
Edit 2 for some more information
The company and I both are located in Texas, USA. All internet traffic goes through a firewall/proxy while on the internal network, and filtering rules are applied which would have blocked me from visiting those sites. So part of their accusation against me included the presumption that I had intentionally taken my laptop off the network to go to the sites in question.
ethics company-policy technology software
edited Sep 3 '16 at 15:28
Evorlor
319513
asked Sep 1 '16 at 19:53
Seth
520138
I recently learned (the hard way) that my company is accessing my browser history on my work computer. That's fine and all, and comes as no surprise, really. However, I recently got hit with a warning about some of the sites I've visited. I'm not perfect, and have probably been on some websites during work that haven't been the best, but none have been what they claim I visited.
I will admit that I did visit the sites they claimed - but not with my company-issued hardware and not at work. So this kind of threw me for a loop - how does my company know all of the websites I've visited, even from my personal devices?
So after some research and digging, I'm 99% certain they know this because at some point, I logged into Google Chrome at work, and it's syncing my data (including browsing history) between every device I'm logged in on. Then a process on my work computer periodically scans my browsing history and sees some restricted websites, so then I get the hammer.
To be honest, I wasn't aware I was logged in on Chrome or that it synced my browser history. Of course, I know now that had I not been logged in on Chrome, none of this would be a problem. If I had known what was happening I would have logged out of Chrome.
My question is - is this legal/ethical? I feel like I'm justified in challenging the warning from HR. But, I'm unsure about their process in the first place...can they scan my browsing history, even when it includes stuff from my personal devices? Or are they justified in the practice, on the grounds that I don't have to be logged in to Chrome, and don't have to sync my data?
Edit
Okay, it's legal from them to peruse my browsing history, no matter what. And it was unwise, albeit legitimate, to be logged in to Chrome. But, are they justified in giving me the formal warning when I, in fact, broke no company policies? And can I challenge it? This is something that is going in my personnel file that I would rather not be there at all.
On a side note, when they query for my browsing history, it is possible to tell what device a page was viewed on across synced devices. Whether they are using that or not, I don't know (I guess not).
Edit 2 for some more information
The company and I both are located in Texas, USA. All internet traffic goes through a firewall/proxy while on the internal network, and filtering rules are applied which would have blocked me from visiting those sites. So part of their accusation against me included the presumption that I had intentionally taken my laptop off the network to go to the sites in question.
ethics company-policy technology software
edited Sep 3 '16 at 15:28
Evorlor
319513
asked Sep 1 '16 at 19:53
Seth
520138
edited Sep 3 '16 at 15:28
Evorlor
319513
edited Sep 3 '16 at 15:28
Evorlor
319513
edited Sep 3 '16 at 15:28
Evorlor
319513
319513
asked Sep 1 '16 at 19:53
Seth
520138
asked Sep 1 '16 at 19:53
Seth
520138
asked Sep 1 '16 at 19:53
Seth
520138
520138
5
@Seth I'd recommend editing your question to focus less on the "is this legal?" (it is) which doesn't really help you and results in answers with people just rehashing what you already know and instead asking how you can recover from this situation or argue your side of the story (i.e. damage control). Oh, and this is rather beside the point, but if you routinely work remotely through a VPN, that could be another way for less-than-professional traffic to get logged in their systems.
– Lilienthal♦
Sep 1 '16 at 20:41
24
In which country is this? Accessing things like browsing history and emails may actually be against the law, even on work accounts and computers, but this obviously depends on the local laws. For example in The Netherlands the right to privacy also extends to the workplace (source)
– Martin Tournoij
Sep 1 '16 at 21:20
6
The fact that you synced work data to personal devices, might be itself a violation of company policy. Pressing further on the matter might make someone aware. You might have even broken some non-disclosure agreement.
– Christian
Sep 2 '16 at 9:05
27
This is a fascinating situation, and a very useful warning to others about our increasingly connected, your-info-follows-you-through-the-cloud world.
– T.J. Crowder
Sep 2 '16 at 9:30
14
The mistake here was using the same Google account on your home and work machines. Keep them separate; use separate accounts. Particularly for services like Google, Microsoft and Facebook that are ubiquitous and do a lot of tracking.
– Simba
Sep 2 '16 at 13:51
 |Â
show 19 more comments
5
@Seth I'd recommend editing your question to focus less on the "is this legal?" (it is) which doesn't really help you and results in answers with people just rehashing what you already know and instead asking how you can recover from this situation or argue your side of the story (i.e. damage control). Oh, and this is rather beside the point, but if you routinely work remotely through a VPN, that could be another way for less-than-professional traffic to get logged in their systems.
– Lilienthal♦
Sep 1 '16 at 20:41
24
In which country is this? Accessing things like browsing history and emails may actually be against the law, even on work accounts and computers, but this obviously depends on the local laws. For example in The Netherlands the right to privacy also extends to the workplace (source)
– Martin Tournoij
Sep 1 '16 at 21:20
6
The fact that you synced work data to personal devices, might be itself a violation of company policy. Pressing further on the matter might make someone aware. You might have even broken some non-disclosure agreement.
– Christian
Sep 2 '16 at 9:05
27
This is a fascinating situation, and a very useful warning to others about our increasingly connected, your-info-follows-you-through-the-cloud world.
– T.J. Crowder
Sep 2 '16 at 9:30
14
The mistake here was using the same Google account on your home and work machines. Keep them separate; use separate accounts. Particularly for services like Google, Microsoft and Facebook that are ubiquitous and do a lot of tracking.
– Simba
Sep 2 '16 at 13:51
5
5
@Seth I'd recommend editing your question to focus less on the "is this legal?" (it is) which doesn't really help you and results in answers with people just rehashing what you already know and instead asking how you can recover from this situation or argue your side of the story (i.e. damage control). Oh, and this is rather beside the point, but if you routinely work remotely through a VPN, that could be another way for less-than-professional traffic to get logged in their systems.
– Lilienthal♦
Sep 1 '16 at 20:41
@Seth I'd recommend editing your question to focus less on the "is this legal?" (it is) which doesn't really help you and results in answers with people just rehashing what you already know and instead asking how you can recover from this situation or argue your side of the story (i.e. damage control). Oh, and this is rather beside the point, but if you routinely work remotely through a VPN, that could be another way for less-than-professional traffic to get logged in their systems.
– Lilienthal♦
Sep 1 '16 at 20:41
24
24
In which country is this? Accessing things like browsing history and emails may actually be against the law, even on work accounts and computers, but this obviously depends on the local laws. For example in The Netherlands the right to privacy also extends to the workplace (source)
– Martin Tournoij
Sep 1 '16 at 21:20
In which country is this? Accessing things like browsing history and emails may actually be against the law, even on work accounts and computers, but this obviously depends on the local laws. For example in The Netherlands the right to privacy also extends to the workplace (source)
– Martin Tournoij
Sep 1 '16 at 21:20
6
6
The fact that you synced work data to personal devices, might be itself a violation of company policy. Pressing further on the matter might make someone aware. You might have even broken some non-disclosure agreement.
– Christian
Sep 2 '16 at 9:05
The fact that you synced work data to personal devices, might be itself a violation of company policy. Pressing further on the matter might make someone aware. You might have even broken some non-disclosure agreement.
– Christian
Sep 2 '16 at 9:05
27
27
This is a fascinating situation, and a very useful warning to others about our increasingly connected, your-info-follows-you-through-the-cloud world.
– T.J. Crowder
Sep 2 '16 at 9:30
This is a fascinating situation, and a very useful warning to others about our increasingly connected, your-info-follows-you-through-the-cloud world.
– T.J. Crowder
Sep 2 '16 at 9:30
14
14
The mistake here was using the same Google account on your home and work machines. Keep them separate; use separate accounts. Particularly for services like Google, Microsoft and Facebook that are ubiquitous and do a lot of tracking.
– Simba
Sep 2 '16 at 13:51
The mistake here was using the same Google account on your home and work machines. Keep them separate; use separate accounts. Particularly for services like Google, Microsoft and Facebook that are ubiquitous and do a lot of tracking.
– Simba
Sep 2 '16 at 13:51
 |Â
show 19 more comments
6 Answers
6
active
oldest
votes
up vote
171
down vote
accepted
I think the thing to do is to explain to them what you think happened, explain that you've disconnected from the browser history syncing done by chrome, so that they won't see this any more.
Explain how you were browsing on your own hardware and in your own time, unaware that chrome was syncing. Ask if they can view the time of the events, and so verify that. Tell them you've disconnected this process, so your browser history will now only show what you're doing at work. And, even though you haven't done anything wrong (unless the sites themselves are illegal!), you apologize to them for making them take this time chasing down a problem caused by technology instead of any unprofessional behavior.
Do this in an unemotional and calm manner, not trying to justify, but being apologetic that this situation ever occurred. You don't want to be seen as trying to push blame elsewhere, or protesting too much, just calmly explaining what happened, what you've done to fix it, and why it won't be a problem for them any more.
answered Sep 1 '16 at 20:32
thursdaysgeek
23.9k103998
5
Good answer. Plus, I mean, those sites should have been caught somewhere in the connection process and blocked, if you were at work. My suspicion is that they know this, they know they can tell the time and they know they can tell the device. And nothing will change because the security team isn't going to take any blame for not double-checking their report.
– Raystafarian
Sep 3 '16 at 9:48
6
"And, even though you haven't done anything wrong [...], you apologize to them for making them take this time chasing down a problem caused by technology instead of any unprofessional behavior." Excellent point.
– Ouroboros
Sep 3 '16 at 17:40
Thanks for this answer. As a point of clarification, the time the incidents occurred was less important than the suspicion that they had occurred at all on my company laptop - although the timestamps do lend some credence to my side of the story. They had supposed I had taken my laptop off the network, perhaps by bringing it home, and without connecting back through the VPN, used it to browse out to restricted websites.
– Seth
Sep 6 '16 at 12:24
@Seth - yeah, that's a bit harder to have solid proof. You could offer to bring your home equipment to them, to show that it has the same browser history. And then hope they come to their senses and accept your calm explanation and apology for all their trouble. Hopefully the offer is enough, and you wouldn't have to literally carry through and bring home equipment to work.
– thursdaysgeek
Sep 6 '16 at 17:52
suggest improvements |Â
up vote
27
down vote
I suspect any "this isn't ethical!" objection you raise will be countered by, "you synced your accounts" or "you were using a work computer to access your personal accounts." Very likely you signed some sort of electronic usage policy thing when you started your current job, too, which probably details how this works at your company.
Chrome syncs your browser history between all your accounts. This means your search history, navigation history, etc, are all being loaded and synced on your work computer.
Unfortunately, unless you live in a location where you have employment laws providing you some protection or have contractual protection, your employer almost certainly can take actions at work because of data found on your machine. This might not feel fair, and arguably isn't fair, but you likely signed something saying it's ok.
I suggest unsyncing your account on your work machine and/or understanding that information is not insulated from your employer access.
Each employer has different levels of risk associated with mixing personal/professional. It sounds like your risk is much higher than other companies might be.
answered Sep 1 '16 at 19:57
Elysian Fields♦
96.7k46292449
19
Use of personal accounts on work hardware is not against company policy, and of course, if I do use them, I have no guarantee of privacy whatsoever. My issue is with them at looking at and using my browsing history from my other devices, not on company time, to give me a formal warning. And don't worry, I've already logged off of Chrome, and won't make the same mistake again.
– Seth
Sep 1 '16 at 20:14
Sure. But when Chrome syncs data onto your work machine you probably have to recognize it could cause problems.
– Elysian Fields♦
Sep 1 '16 at 20:20
Also, keep in mind logging into your personal accounts (email, SE, whatever) on a work computer may be totally ok. Every company however will have different attitudes about this and what the levels of acceptableness are. Each company will be different.
– Elysian Fields♦
Sep 1 '16 at 20:24
3
"you likely signed something saying it's ok." -- he likely signed something saying it's OK for them to check his browsing history, or he likely signed something saying that it's OK for them to sanction him as if he used company equipment to actually visit all the URLs that appear in the synced browsing history? I'm curious to know just how smart a typical usage agreement is in predicting this scenario and allowing the company to proceed without them needing to establish what machine was used.
– Steve Jessop
Sep 2 '16 at 1:24
14
As a very loose analogy, it's one thing to sign something saying you won't steal office supplies from your employer, and that they can look at photos on your work machine. It's another thing entirely to sign something saying that if you leave a photo on your work computer, and the photo shows that you've got a stapler at home, then they can discipline you for stealing a stapler without even trying to establish where the stapler came from. The latter is supreme levels of HR self-protection, for all that you're an idiot for putting a photo of your home on a work computer ;-)
– Steve Jessop
Sep 2 '16 at 1:28
 |Â
show 1 more comment
up vote
5
down vote
You are assuming that the problem is that your employer is scanning your browser history. But you really do not have any evidence other than that is the only thing you can think of. But as @enderland pointed out you signed policy document that likely explained that anything that you do on there computer is subject to monitoring. That history was downloaded on into the cache of that computer.
Not only that but if you regularly visit those sites at home chrome may have gone out and cached some of that site in anticipation of your eventually visiting the site. So in other words your logging into chrome with your personal account may have caused chrome to violate the policy by actually visiting the site to cache the information from the site all on the company systems.
answered Sep 1 '16 at 20:33
IDrinkandIKnowThings
43.7k1397187
1
"chrome may have gone out and cached some of that site in anticipation of your eventually visiting the site" I wasn't aware that Chrome preemptively visits sites from synced history on new devices to prime the cache, and I can't find information about that feature. (Wouldn't it be simpler to just sync the cache too, assuming priming it is even worthwhile?) Could you provide a source please?
– user45638
Sep 2 '16 at 15:21
1
They do it for the preview for sure. Those items that show up on a new tab that are your frequently visited sites.
– IDrinkandIKnowThings
Sep 2 '16 at 15:23
1
I hadn't thought of that, but are you sure they don't just sync the thumbnail cache along with the history? That seems more efficient since the filesize of the thumbnail is probably smaller than the total size of each page.
– user45638
Sep 2 '16 at 15:43
1
@tubes - It might be but I have 3 computers and all 3 have different images for the same link. The one that inside the firewall shows the blocked site even though I have never visited that site on that computer.
– IDrinkandIKnowThings
Sep 2 '16 at 15:45
2
"I have 3 computers and all 3 have different images for the same link." What, and you think this supports your theory that the thumbnails are downloaded on demand? No, instead, it precisely supports what the @tubes brigade are saying: that Chrome cached the thumbnails from the last time you visited, not some speculative trip it made (and in the case of your blocked sites, physically couldn't make).
– underscore_d
Sep 4 '16 at 13:25
 |Â
show 1 more comment
up vote
0
down vote
I would try a different approach first. Are you on good terms with the IT department? If so, I would approach them, show them how this occurred and ask them to withdraw or amend the report to say it was in error. Most HR departments are dumb as rocks and probably won't grill IT. But, if they do grill IT, then IT can explain what happened and what policy changes need to occur to prevent future false positives.
answered Sep 7 '16 at 5:22
bobkuv
1
suggest improvements |Â
up vote
0
down vote
It is ethical, and it is legal. If they were hiring a PI to hack your devices at home, or otherwise pinged you it might be different story. Most importantly, did you violate company policies?
Some companies do not hire Facebook users, they are particular about it. If you work for a tech company in an admin role you may not be allowed to use GitHub, a smart phone, or non-virtualised Windows. You may be forbidden from owning stock in a competitor. All of these will come back to you if you are caught.
Otherwise it is none of their business and you should let them know. But your history could damage the company, once again do they have a policy that you are considered to have violated? Is your browser pinging these sites in the background to check for modified pages or dead links? It is fair to deem that you are the actor in this case. Anything dark and they will turn you over without blinking.
answered Sep 11 '17 at 5:32
mckenzm
29915
suggest improvements |Â
up vote
-1
down vote
This type of thing could be avoided by simply logging outgoing DNS requesty/HTTP get requests especially if the organization utilizes a firewall/proxy. Even if offending sites were flagged in the browser history, those could easily be compared against outgoing request logs to determine if it originated from within the company in the first place.
As has been said, though, easy solution is to make sure you're not signed into anything that syncs such things from other devices, but it would be prudent for HR or IT to notify employees to not sync such things, in order to prevent this type of thing from occuring.
answered Sep 1 '16 at 22:06
Andrew Bowers
312
6
This doesn't address the actual question, which is how to approach HR about the reprimand.
– Amy Blankenship
Sep 2 '16 at 15:30
True, and if I were able to just comment with it vs posting an answer, I would have.
– Andrew Bowers
Sep 21 '16 at 16:09
suggest improvements |Â
StackExchange.ready(function ()
$("#show-editor-button input, #show-editor-button button").click(function ()
var showEditor = function()
$("#show-editor-button").hide();
$("#post-form").removeClass("dno");
StackExchange.editor.finallyInit();
;
var useFancy = $(this).data('confirm-use-fancy');
if(useFancy == 'True')
var popupTitle = $(this).data('confirm-fancy-title');
var popupBody = $(this).data('confirm-fancy-body');
var popupAccept = $(this).data('confirm-fancy-accept-button');
$(this).loadPopup(
url: '/post/self-answer-popup',
loaded: function(popup)
var pTitle = $(popup).find('h2');
var pBody = $(popup).find('.popup-body');
var pSubmit = $(popup).find('.popup-submit');
pTitle.text(popupTitle);
pBody.html(popupBody);
pSubmit.val(popupAccept).click(showEditor);
)
else
var confirmText = $(this).data('confirm-text');
if (confirmText ? confirm(confirmText) : true)
showEditor();
);
);
6 Answers
6
active
oldest
votes
6 Answers
6
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
171
down vote
accepted
I think the thing to do is to explain to them what you think happened, explain that you've disconnected from the browser history syncing done by chrome, so that they won't see this any more.
Explain how you were browsing on your own hardware and in your own time, unaware that chrome was syncing. Ask if they can view the time of the events, and so verify that. Tell them you've disconnected this process, so your browser history will now only show what you're doing at work. And, even though you haven't done anything wrong (unless the sites themselves are illegal!), you apologize to them for making them take this time chasing down a problem caused by technology instead of any unprofessional behavior.
Do this in an unemotional and calm manner, not trying to justify, but being apologetic that this situation ever occurred. You don't want to be seen as trying to push blame elsewhere, or protesting too much, just calmly explaining what happened, what you've done to fix it, and why it won't be a problem for them any more.
answered Sep 1 '16 at 20:32
thursdaysgeek
23.9k103998
5
Good answer. Plus, I mean, those sites should have been caught somewhere in the connection process and blocked, if you were at work. My suspicion is that they know this, they know they can tell the time and they know they can tell the device. And nothing will change because the security team isn't going to take any blame for not double-checking their report.
– Raystafarian
Sep 3 '16 at 9:48
6
"And, even though you haven't done anything wrong [...], you apologize to them for making them take this time chasing down a problem caused by technology instead of any unprofessional behavior." Excellent point.
– Ouroboros
Sep 3 '16 at 17:40
Thanks for this answer. As a point of clarification, the time the incidents occurred was less important than the suspicion that they had occurred at all on my company laptop - although the timestamps do lend some credence to my side of the story. They had supposed I had taken my laptop off the network, perhaps by bringing it home, and without connecting back through the VPN, used it to browse out to restricted websites.
– Seth
Sep 6 '16 at 12:24
@Seth - yeah, that's a bit harder to have solid proof. You could offer to bring your home equipment to them, to show that it has the same browser history. And then hope they come to their senses and accept your calm explanation and apology for all their trouble. Hopefully the offer is enough, and you wouldn't have to literally carry through and bring home equipment to work.
– thursdaysgeek
Sep 6 '16 at 17:52
suggest improvements |Â
up vote
171
down vote
accepted
I think the thing to do is to explain to them what you think happened, explain that you've disconnected from the browser history syncing done by chrome, so that they won't see this any more.
Explain how you were browsing on your own hardware and in your own time, unaware that chrome was syncing. Ask if they can view the time of the events, and so verify that. Tell them you've disconnected this process, so your browser history will now only show what you're doing at work. And, even though you haven't done anything wrong (unless the sites themselves are illegal!), you apologize to them for making them take this time chasing down a problem caused by technology instead of any unprofessional behavior.
Do this in an unemotional and calm manner, not trying to justify, but being apologetic that this situation ever occurred. You don't want to be seen as trying to push blame elsewhere, or protesting too much, just calmly explaining what happened, what you've done to fix it, and why it won't be a problem for them any more.
answered Sep 1 '16 at 20:32
thursdaysgeek
23.9k103998
5
Good answer. Plus, I mean, those sites should have been caught somewhere in the connection process and blocked, if you were at work. My suspicion is that they know this, they know they can tell the time and they know they can tell the device. And nothing will change because the security team isn't going to take any blame for not double-checking their report.
– Raystafarian
Sep 3 '16 at 9:48
6
"And, even though you haven't done anything wrong [...], you apologize to them for making them take this time chasing down a problem caused by technology instead of any unprofessional behavior." Excellent point.
– Ouroboros
Sep 3 '16 at 17:40
Thanks for this answer. As a point of clarification, the time the incidents occurred was less important than the suspicion that they had occurred at all on my company laptop - although the timestamps do lend some credence to my side of the story. They had supposed I had taken my laptop off the network, perhaps by bringing it home, and without connecting back through the VPN, used it to browse out to restricted websites.
– Seth
Sep 6 '16 at 12:24
@Seth - yeah, that's a bit harder to have solid proof. You could offer to bring your home equipment to them, to show that it has the same browser history. And then hope they come to their senses and accept your calm explanation and apology for all their trouble. Hopefully the offer is enough, and you wouldn't have to literally carry through and bring home equipment to work.
– thursdaysgeek
Sep 6 '16 at 17:52
suggest improvements |Â
up vote
171
down vote
accepted
up vote
171
down vote
accepted
I think the thing to do is to explain to them what you think happened, explain that you've disconnected from the browser history syncing done by chrome, so that they won't see this any more.
Explain how you were browsing on your own hardware and in your own time, unaware that chrome was syncing. Ask if they can view the time of the events, and so verify that. Tell them you've disconnected this process, so your browser history will now only show what you're doing at work. And, even though you haven't done anything wrong (unless the sites themselves are illegal!), you apologize to them for making them take this time chasing down a problem caused by technology instead of any unprofessional behavior.
Do this in an unemotional and calm manner, not trying to justify, but being apologetic that this situation ever occurred. You don't want to be seen as trying to push blame elsewhere, or protesting too much, just calmly explaining what happened, what you've done to fix it, and why it won't be a problem for them any more.
answered Sep 1 '16 at 20:32
thursdaysgeek
23.9k103998
I think the thing to do is to explain to them what you think happened, explain that you've disconnected from the browser history syncing done by chrome, so that they won't see this any more.
Explain how you were browsing on your own hardware and in your own time, unaware that chrome was syncing. Ask if they can view the time of the events, and so verify that. Tell them you've disconnected this process, so your browser history will now only show what you're doing at work. And, even though you haven't done anything wrong (unless the sites themselves are illegal!), you apologize to them for making them take this time chasing down a problem caused by technology instead of any unprofessional behavior.
Do this in an unemotional and calm manner, not trying to justify, but being apologetic that this situation ever occurred. You don't want to be seen as trying to push blame elsewhere, or protesting too much, just calmly explaining what happened, what you've done to fix it, and why it won't be a problem for them any more.
answered Sep 1 '16 at 20:32
thursdaysgeek
23.9k103998
answered Sep 1 '16 at 20:32
thursdaysgeek
23.9k103998
answered Sep 1 '16 at 20:32
thursdaysgeek
23.9k103998
answered Sep 1 '16 at 20:32
thursdaysgeek
23.9k103998
23.9k103998
5
Good answer. Plus, I mean, those sites should have been caught somewhere in the connection process and blocked, if you were at work. My suspicion is that they know this, they know they can tell the time and they know they can tell the device. And nothing will change because the security team isn't going to take any blame for not double-checking their report.
– Raystafarian
Sep 3 '16 at 9:48
6
"And, even though you haven't done anything wrong [...], you apologize to them for making them take this time chasing down a problem caused by technology instead of any unprofessional behavior." Excellent point.
– Ouroboros
Sep 3 '16 at 17:40
Thanks for this answer. As a point of clarification, the time the incidents occurred was less important than the suspicion that they had occurred at all on my company laptop - although the timestamps do lend some credence to my side of the story. They had supposed I had taken my laptop off the network, perhaps by bringing it home, and without connecting back through the VPN, used it to browse out to restricted websites.
– Seth
Sep 6 '16 at 12:24
@Seth - yeah, that's a bit harder to have solid proof. You could offer to bring your home equipment to them, to show that it has the same browser history. And then hope they come to their senses and accept your calm explanation and apology for all their trouble. Hopefully the offer is enough, and you wouldn't have to literally carry through and bring home equipment to work.
– thursdaysgeek
Sep 6 '16 at 17:52
suggest improvements |Â
5
Good answer. Plus, I mean, those sites should have been caught somewhere in the connection process and blocked, if you were at work. My suspicion is that they know this, they know they can tell the time and they know they can tell the device. And nothing will change because the security team isn't going to take any blame for not double-checking their report.
– Raystafarian
Sep 3 '16 at 9:48
6
"And, even though you haven't done anything wrong [...], you apologize to them for making them take this time chasing down a problem caused by technology instead of any unprofessional behavior." Excellent point.
– Ouroboros
Sep 3 '16 at 17:40
Thanks for this answer. As a point of clarification, the time the incidents occurred was less important than the suspicion that they had occurred at all on my company laptop - although the timestamps do lend some credence to my side of the story. They had supposed I had taken my laptop off the network, perhaps by bringing it home, and without connecting back through the VPN, used it to browse out to restricted websites.
– Seth
Sep 6 '16 at 12:24
@Seth - yeah, that's a bit harder to have solid proof. You could offer to bring your home equipment to them, to show that it has the same browser history. And then hope they come to their senses and accept your calm explanation and apology for all their trouble. Hopefully the offer is enough, and you wouldn't have to literally carry through and bring home equipment to work.
– thursdaysgeek
Sep 6 '16 at 17:52
5
5
Good answer. Plus, I mean, those sites should have been caught somewhere in the connection process and blocked, if you were at work. My suspicion is that they know this, they know they can tell the time and they know they can tell the device. And nothing will change because the security team isn't going to take any blame for not double-checking their report.
– Raystafarian
Sep 3 '16 at 9:48
Good answer. Plus, I mean, those sites should have been caught somewhere in the connection process and blocked, if you were at work. My suspicion is that they know this, they know they can tell the time and they know they can tell the device. And nothing will change because the security team isn't going to take any blame for not double-checking their report.
– Raystafarian
Sep 3 '16 at 9:48
6
6
"And, even though you haven't done anything wrong [...], you apologize to them for making them take this time chasing down a problem caused by technology instead of any unprofessional behavior." Excellent point.
– Ouroboros
Sep 3 '16 at 17:40
"And, even though you haven't done anything wrong [...], you apologize to them for making them take this time chasing down a problem caused by technology instead of any unprofessional behavior." Excellent point.
– Ouroboros
Sep 3 '16 at 17:40
Thanks for this answer. As a point of clarification, the time the incidents occurred was less important than the suspicion that they had occurred at all on my company laptop - although the timestamps do lend some credence to my side of the story. They had supposed I had taken my laptop off the network, perhaps by bringing it home, and without connecting back through the VPN, used it to browse out to restricted websites.
– Seth
Sep 6 '16 at 12:24
Thanks for this answer. As a point of clarification, the time the incidents occurred was less important than the suspicion that they had occurred at all on my company laptop - although the timestamps do lend some credence to my side of the story. They had supposed I had taken my laptop off the network, perhaps by bringing it home, and without connecting back through the VPN, used it to browse out to restricted websites.
– Seth
Sep 6 '16 at 12:24
@Seth - yeah, that's a bit harder to have solid proof. You could offer to bring your home equipment to them, to show that it has the same browser history. And then hope they come to their senses and accept your calm explanation and apology for all their trouble. Hopefully the offer is enough, and you wouldn't have to literally carry through and bring home equipment to work.
– thursdaysgeek
Sep 6 '16 at 17:52
@Seth - yeah, that's a bit harder to have solid proof. You could offer to bring your home equipment to them, to show that it has the same browser history. And then hope they come to their senses and accept your calm explanation and apology for all their trouble. Hopefully the offer is enough, and you wouldn't have to literally carry through and bring home equipment to work.
– thursdaysgeek
Sep 6 '16 at 17:52
suggest improvements |Â
up vote
27
down vote
I suspect any "this isn't ethical!" objection you raise will be countered by, "you synced your accounts" or "you were using a work computer to access your personal accounts." Very likely you signed some sort of electronic usage policy thing when you started your current job, too, which probably details how this works at your company.
Chrome syncs your browser history between all your accounts. This means your search history, navigation history, etc, are all being loaded and synced on your work computer.
Unfortunately, unless you live in a location where you have employment laws providing you some protection or have contractual protection, your employer almost certainly can take actions at work because of data found on your machine. This might not feel fair, and arguably isn't fair, but you likely signed something saying it's ok.
I suggest unsyncing your account on your work machine and/or understanding that information is not insulated from your employer access.
Each employer has different levels of risk associated with mixing personal/professional. It sounds like your risk is much higher than other companies might be.
answered Sep 1 '16 at 19:57
Elysian Fields♦
96.7k46292449
19
Use of personal accounts on work hardware is not against company policy, and of course, if I do use them, I have no guarantee of privacy whatsoever. My issue is with them at looking at and using my browsing history from my other devices, not on company time, to give me a formal warning. And don't worry, I've already logged off of Chrome, and won't make the same mistake again.
– Seth
Sep 1 '16 at 20:14
Sure. But when Chrome syncs data onto your work machine you probably have to recognize it could cause problems.
– Elysian Fields♦
Sep 1 '16 at 20:20
Also, keep in mind logging into your personal accounts (email, SE, whatever) on a work computer may be totally ok. Every company however will have different attitudes about this and what the levels of acceptableness are. Each company will be different.
– Elysian Fields♦
Sep 1 '16 at 20:24
3
"you likely signed something saying it's ok." -- he likely signed something saying it's OK for them to check his browsing history, or he likely signed something saying that it's OK for them to sanction him as if he used company equipment to actually visit all the URLs that appear in the synced browsing history? I'm curious to know just how smart a typical usage agreement is in predicting this scenario and allowing the company to proceed without them needing to establish what machine was used.
– Steve Jessop
Sep 2 '16 at 1:24
14
As a very loose analogy, it's one thing to sign something saying you won't steal office supplies from your employer, and that they can look at photos on your work machine. It's another thing entirely to sign something saying that if you leave a photo on your work computer, and the photo shows that you've got a stapler at home, then they can discipline you for stealing a stapler without even trying to establish where the stapler came from. The latter is supreme levels of HR self-protection, for all that you're an idiot for putting a photo of your home on a work computer ;-)
– Steve Jessop
Sep 2 '16 at 1:28
 |Â
show 1 more comment
up vote
27
down vote
I suspect any "this isn't ethical!" objection you raise will be countered by, "you synced your accounts" or "you were using a work computer to access your personal accounts." Very likely you signed some sort of electronic usage policy thing when you started your current job, too, which probably details how this works at your company.
Chrome syncs your browser history between all your accounts. This means your search history, navigation history, etc, are all being loaded and synced on your work computer.
Unfortunately, unless you live in a location where you have employment laws providing you some protection or have contractual protection, your employer almost certainly can take actions at work because of data found on your machine. This might not feel fair, and arguably isn't fair, but you likely signed something saying it's ok.
I suggest unsyncing your account on your work machine and/or understanding that information is not insulated from your employer access.
Each employer has different levels of risk associated with mixing personal/professional. It sounds like your risk is much higher than other companies might be.
answered Sep 1 '16 at 19:57
Elysian Fields♦
96.7k46292449
19
Use of personal accounts on work hardware is not against company policy, and of course, if I do use them, I have no guarantee of privacy whatsoever. My issue is with them at looking at and using my browsing history from my other devices, not on company time, to give me a formal warning. And don't worry, I've already logged off of Chrome, and won't make the same mistake again.
– Seth
Sep 1 '16 at 20:14
Sure. But when Chrome syncs data onto your work machine you probably have to recognize it could cause problems.
– Elysian Fields♦
Sep 1 '16 at 20:20
Also, keep in mind logging into your personal accounts (email, SE, whatever) on a work computer may be totally ok. Every company however will have different attitudes about this and what the levels of acceptableness are. Each company will be different.
– Elysian Fields♦
Sep 1 '16 at 20:24
3
"you likely signed something saying it's ok." -- he likely signed something saying it's OK for them to check his browsing history, or he likely signed something saying that it's OK for them to sanction him as if he used company equipment to actually visit all the URLs that appear in the synced browsing history? I'm curious to know just how smart a typical usage agreement is in predicting this scenario and allowing the company to proceed without them needing to establish what machine was used.
– Steve Jessop
Sep 2 '16 at 1:24
14
As a very loose analogy, it's one thing to sign something saying you won't steal office supplies from your employer, and that they can look at photos on your work machine. It's another thing entirely to sign something saying that if you leave a photo on your work computer, and the photo shows that you've got a stapler at home, then they can discipline you for stealing a stapler without even trying to establish where the stapler came from. The latter is supreme levels of HR self-protection, for all that you're an idiot for putting a photo of your home on a work computer ;-)
– Steve Jessop
Sep 2 '16 at 1:28
 |Â
show 1 more comment
up vote
27
down vote
up vote
27
down vote
I suspect any "this isn't ethical!" objection you raise will be countered by, "you synced your accounts" or "you were using a work computer to access your personal accounts." Very likely you signed some sort of electronic usage policy thing when you started your current job, too, which probably details how this works at your company.
Chrome syncs your browser history between all your accounts. This means your search history, navigation history, etc, are all being loaded and synced on your work computer.
Unfortunately, unless you live in a location where you have employment laws providing you some protection or have contractual protection, your employer almost certainly can take actions at work because of data found on your machine. This might not feel fair, and arguably isn't fair, but you likely signed something saying it's ok.
I suggest unsyncing your account on your work machine and/or understanding that information is not insulated from your employer access.
Each employer has different levels of risk associated with mixing personal/professional. It sounds like your risk is much higher than other companies might be.
answered Sep 1 '16 at 19:57
Elysian Fields♦
96.7k46292449
I suspect any "this isn't ethical!" objection you raise will be countered by, "you synced your accounts" or "you were using a work computer to access your personal accounts." Very likely you signed some sort of electronic usage policy thing when you started your current job, too, which probably details how this works at your company.
Chrome syncs your browser history between all your accounts. This means your search history, navigation history, etc, are all being loaded and synced on your work computer.
Unfortunately, unless you live in a location where you have employment laws providing you some protection or have contractual protection, your employer almost certainly can take actions at work because of data found on your machine. This might not feel fair, and arguably isn't fair, but you likely signed something saying it's ok.
I suggest unsyncing your account on your work machine and/or understanding that information is not insulated from your employer access.
Each employer has different levels of risk associated with mixing personal/professional. It sounds like your risk is much higher than other companies might be.
answered Sep 1 '16 at 19:57
Elysian Fields♦
96.7k46292449
edited Sep 1 '16 at 21:30
answered Sep 1 '16 at 19:57
Elysian Fields♦
96.7k46292449
answered Sep 1 '16 at 19:57
Elysian Fields♦
96.7k46292449
answered Sep 1 '16 at 19:57
Elysian Fields♦
96.7k46292449
96.7k46292449
19
Use of personal accounts on work hardware is not against company policy, and of course, if I do use them, I have no guarantee of privacy whatsoever. My issue is with them at looking at and using my browsing history from my other devices, not on company time, to give me a formal warning. And don't worry, I've already logged off of Chrome, and won't make the same mistake again.
– Seth
Sep 1 '16 at 20:14
Sure. But when Chrome syncs data onto your work machine you probably have to recognize it could cause problems.
– Elysian Fields♦
Sep 1 '16 at 20:20
Also, keep in mind logging into your personal accounts (email, SE, whatever) on a work computer may be totally ok. Every company however will have different attitudes about this and what the levels of acceptableness are. Each company will be different.
– Elysian Fields♦
Sep 1 '16 at 20:24
3
"you likely signed something saying it's ok." -- he likely signed something saying it's OK for them to check his browsing history, or he likely signed something saying that it's OK for them to sanction him as if he used company equipment to actually visit all the URLs that appear in the synced browsing history? I'm curious to know just how smart a typical usage agreement is in predicting this scenario and allowing the company to proceed without them needing to establish what machine was used.
– Steve Jessop
Sep 2 '16 at 1:24
14
As a very loose analogy, it's one thing to sign something saying you won't steal office supplies from your employer, and that they can look at photos on your work machine. It's another thing entirely to sign something saying that if you leave a photo on your work computer, and the photo shows that you've got a stapler at home, then they can discipline you for stealing a stapler without even trying to establish where the stapler came from. The latter is supreme levels of HR self-protection, for all that you're an idiot for putting a photo of your home on a work computer ;-)
– Steve Jessop
Sep 2 '16 at 1:28
 |Â
show 1 more comment
19
Use of personal accounts on work hardware is not against company policy, and of course, if I do use them, I have no guarantee of privacy whatsoever. My issue is with them at looking at and using my browsing history from my other devices, not on company time, to give me a formal warning. And don't worry, I've already logged off of Chrome, and won't make the same mistake again.
– Seth
Sep 1 '16 at 20:14
Sure. But when Chrome syncs data onto your work machine you probably have to recognize it could cause problems.
– Elysian Fields♦
Sep 1 '16 at 20:20
Also, keep in mind logging into your personal accounts (email, SE, whatever) on a work computer may be totally ok. Every company however will have different attitudes about this and what the levels of acceptableness are. Each company will be different.
– Elysian Fields♦
Sep 1 '16 at 20:24
3
"you likely signed something saying it's ok." -- he likely signed something saying it's OK for them to check his browsing history, or he likely signed something saying that it's OK for them to sanction him as if he used company equipment to actually visit all the URLs that appear in the synced browsing history? I'm curious to know just how smart a typical usage agreement is in predicting this scenario and allowing the company to proceed without them needing to establish what machine was used.
– Steve Jessop
Sep 2 '16 at 1:24
14
As a very loose analogy, it's one thing to sign something saying you won't steal office supplies from your employer, and that they can look at photos on your work machine. It's another thing entirely to sign something saying that if you leave a photo on your work computer, and the photo shows that you've got a stapler at home, then they can discipline you for stealing a stapler without even trying to establish where the stapler came from. The latter is supreme levels of HR self-protection, for all that you're an idiot for putting a photo of your home on a work computer ;-)
– Steve Jessop
Sep 2 '16 at 1:28
19
19
Use of personal accounts on work hardware is not against company policy, and of course, if I do use them, I have no guarantee of privacy whatsoever. My issue is with them at looking at and using my browsing history from my other devices, not on company time, to give me a formal warning. And don't worry, I've already logged off of Chrome, and won't make the same mistake again.
– Seth
Sep 1 '16 at 20:14
Use of personal accounts on work hardware is not against company policy, and of course, if I do use them, I have no guarantee of privacy whatsoever. My issue is with them at looking at and using my browsing history from my other devices, not on company time, to give me a formal warning. And don't worry, I've already logged off of Chrome, and won't make the same mistake again.
– Seth
Sep 1 '16 at 20:14
Sure. But when Chrome syncs data onto your work machine you probably have to recognize it could cause problems.
– Elysian Fields♦
Sep 1 '16 at 20:20
Sure. But when Chrome syncs data onto your work machine you probably have to recognize it could cause problems.
– Elysian Fields♦
Sep 1 '16 at 20:20
Also, keep in mind logging into your personal accounts (email, SE, whatever) on a work computer may be totally ok. Every company however will have different attitudes about this and what the levels of acceptableness are. Each company will be different.
– Elysian Fields♦
Sep 1 '16 at 20:24
Also, keep in mind logging into your personal accounts (email, SE, whatever) on a work computer may be totally ok. Every company however will have different attitudes about this and what the levels of acceptableness are. Each company will be different.
– Elysian Fields♦
Sep 1 '16 at 20:24
3
3
"you likely signed something saying it's ok." -- he likely signed something saying it's OK for them to check his browsing history, or he likely signed something saying that it's OK for them to sanction him as if he used company equipment to actually visit all the URLs that appear in the synced browsing history? I'm curious to know just how smart a typical usage agreement is in predicting this scenario and allowing the company to proceed without them needing to establish what machine was used.
– Steve Jessop
Sep 2 '16 at 1:24
"you likely signed something saying it's ok." -- he likely signed something saying it's OK for them to check his browsing history, or he likely signed something saying that it's OK for them to sanction him as if he used company equipment to actually visit all the URLs that appear in the synced browsing history? I'm curious to know just how smart a typical usage agreement is in predicting this scenario and allowing the company to proceed without them needing to establish what machine was used.
– Steve Jessop
Sep 2 '16 at 1:24
14
14
As a very loose analogy, it's one thing to sign something saying you won't steal office supplies from your employer, and that they can look at photos on your work machine. It's another thing entirely to sign something saying that if you leave a photo on your work computer, and the photo shows that you've got a stapler at home, then they can discipline you for stealing a stapler without even trying to establish where the stapler came from. The latter is supreme levels of HR self-protection, for all that you're an idiot for putting a photo of your home on a work computer ;-)
– Steve Jessop
Sep 2 '16 at 1:28
As a very loose analogy, it's one thing to sign something saying you won't steal office supplies from your employer, and that they can look at photos on your work machine. It's another thing entirely to sign something saying that if you leave a photo on your work computer, and the photo shows that you've got a stapler at home, then they can discipline you for stealing a stapler without even trying to establish where the stapler came from. The latter is supreme levels of HR self-protection, for all that you're an idiot for putting a photo of your home on a work computer ;-)
– Steve Jessop
Sep 2 '16 at 1:28
 |Â
show 1 more comment
up vote
5
down vote
You are assuming that the problem is that your employer is scanning your browser history. But you really do not have any evidence other than that is the only thing you can think of. But as @enderland pointed out you signed policy document that likely explained that anything that you do on there computer is subject to monitoring. That history was downloaded on into the cache of that computer.
Not only that but if you regularly visit those sites at home chrome may have gone out and cached some of that site in anticipation of your eventually visiting the site. So in other words your logging into chrome with your personal account may have caused chrome to violate the policy by actually visiting the site to cache the information from the site all on the company systems.
answered Sep 1 '16 at 20:33
IDrinkandIKnowThings
43.7k1397187
1
"chrome may have gone out and cached some of that site in anticipation of your eventually visiting the site" I wasn't aware that Chrome preemptively visits sites from synced history on new devices to prime the cache, and I can't find information about that feature. (Wouldn't it be simpler to just sync the cache too, assuming priming it is even worthwhile?) Could you provide a source please?
– user45638
Sep 2 '16 at 15:21
1
They do it for the preview for sure. Those items that show up on a new tab that are your frequently visited sites.
– IDrinkandIKnowThings
Sep 2 '16 at 15:23
1
I hadn't thought of that, but are you sure they don't just sync the thumbnail cache along with the history? That seems more efficient since the filesize of the thumbnail is probably smaller than the total size of each page.
– user45638
Sep 2 '16 at 15:43
1
@tubes - It might be but I have 3 computers and all 3 have different images for the same link. The one that inside the firewall shows the blocked site even though I have never visited that site on that computer.
– IDrinkandIKnowThings
Sep 2 '16 at 15:45
2
"I have 3 computers and all 3 have different images for the same link." What, and you think this supports your theory that the thumbnails are downloaded on demand? No, instead, it precisely supports what the @tubes brigade are saying: that Chrome cached the thumbnails from the last time you visited, not some speculative trip it made (and in the case of your blocked sites, physically couldn't make).
– underscore_d
Sep 4 '16 at 13:25
 |Â
show 1 more comment
up vote
5
down vote
You are assuming that the problem is that your employer is scanning your browser history. But you really do not have any evidence other than that is the only thing you can think of. But as @enderland pointed out you signed policy document that likely explained that anything that you do on there computer is subject to monitoring. That history was downloaded on into the cache of that computer.
Not only that but if you regularly visit those sites at home chrome may have gone out and cached some of that site in anticipation of your eventually visiting the site. So in other words your logging into chrome with your personal account may have caused chrome to violate the policy by actually visiting the site to cache the information from the site all on the company systems.
answered Sep 1 '16 at 20:33
IDrinkandIKnowThings
43.7k1397187
1
"chrome may have gone out and cached some of that site in anticipation of your eventually visiting the site" I wasn't aware that Chrome preemptively visits sites from synced history on new devices to prime the cache, and I can't find information about that feature. (Wouldn't it be simpler to just sync the cache too, assuming priming it is even worthwhile?) Could you provide a source please?
– user45638
Sep 2 '16 at 15:21
1
They do it for the preview for sure. Those items that show up on a new tab that are your frequently visited sites.
– IDrinkandIKnowThings
Sep 2 '16 at 15:23
1
I hadn't thought of that, but are you sure they don't just sync the thumbnail cache along with the history? That seems more efficient since the filesize of the thumbnail is probably smaller than the total size of each page.
– user45638
Sep 2 '16 at 15:43
1
@tubes - It might be but I have 3 computers and all 3 have different images for the same link. The one that inside the firewall shows the blocked site even though I have never visited that site on that computer.
– IDrinkandIKnowThings
Sep 2 '16 at 15:45
2
"I have 3 computers and all 3 have different images for the same link." What, and you think this supports your theory that the thumbnails are downloaded on demand? No, instead, it precisely supports what the @tubes brigade are saying: that Chrome cached the thumbnails from the last time you visited, not some speculative trip it made (and in the case of your blocked sites, physically couldn't make).
– underscore_d
Sep 4 '16 at 13:25
 |Â
show 1 more comment
up vote
5
down vote
up vote
5
down vote
You are assuming that the problem is that your employer is scanning your browser history. But you really do not have any evidence other than that is the only thing you can think of. But as @enderland pointed out you signed policy document that likely explained that anything that you do on there computer is subject to monitoring. That history was downloaded on into the cache of that computer.
Not only that but if you regularly visit those sites at home chrome may have gone out and cached some of that site in anticipation of your eventually visiting the site. So in other words your logging into chrome with your personal account may have caused chrome to violate the policy by actually visiting the site to cache the information from the site all on the company systems.
answered Sep 1 '16 at 20:33
IDrinkandIKnowThings
43.7k1397187
You are assuming that the problem is that your employer is scanning your browser history. But you really do not have any evidence other than that is the only thing you can think of. But as @enderland pointed out you signed policy document that likely explained that anything that you do on there computer is subject to monitoring. That history was downloaded on into the cache of that computer.
Not only that but if you regularly visit those sites at home chrome may have gone out and cached some of that site in anticipation of your eventually visiting the site. So in other words your logging into chrome with your personal account may have caused chrome to violate the policy by actually visiting the site to cache the information from the site all on the company systems.
answered Sep 1 '16 at 20:33
IDrinkandIKnowThings
43.7k1397187
answered Sep 1 '16 at 20:33
IDrinkandIKnowThings
43.7k1397187
answered Sep 1 '16 at 20:33
IDrinkandIKnowThings
43.7k1397187
answered Sep 1 '16 at 20:33
IDrinkandIKnowThings
43.7k1397187
43.7k1397187
1
"chrome may have gone out and cached some of that site in anticipation of your eventually visiting the site" I wasn't aware that Chrome preemptively visits sites from synced history on new devices to prime the cache, and I can't find information about that feature. (Wouldn't it be simpler to just sync the cache too, assuming priming it is even worthwhile?) Could you provide a source please?
– user45638
Sep 2 '16 at 15:21
1
They do it for the preview for sure. Those items that show up on a new tab that are your frequently visited sites.
– IDrinkandIKnowThings
Sep 2 '16 at 15:23
1
I hadn't thought of that, but are you sure they don't just sync the thumbnail cache along with the history? That seems more efficient since the filesize of the thumbnail is probably smaller than the total size of each page.
– user45638
Sep 2 '16 at 15:43
1
@tubes - It might be but I have 3 computers and all 3 have different images for the same link. The one that inside the firewall shows the blocked site even though I have never visited that site on that computer.
– IDrinkandIKnowThings
Sep 2 '16 at 15:45
2
"I have 3 computers and all 3 have different images for the same link." What, and you think this supports your theory that the thumbnails are downloaded on demand? No, instead, it precisely supports what the @tubes brigade are saying: that Chrome cached the thumbnails from the last time you visited, not some speculative trip it made (and in the case of your blocked sites, physically couldn't make).
– underscore_d
Sep 4 '16 at 13:25
 |Â
show 1 more comment
1
"chrome may have gone out and cached some of that site in anticipation of your eventually visiting the site" I wasn't aware that Chrome preemptively visits sites from synced history on new devices to prime the cache, and I can't find information about that feature. (Wouldn't it be simpler to just sync the cache too, assuming priming it is even worthwhile?) Could you provide a source please?
– user45638
Sep 2 '16 at 15:21
1
They do it for the preview for sure. Those items that show up on a new tab that are your frequently visited sites.
– IDrinkandIKnowThings
Sep 2 '16 at 15:23
1
I hadn't thought of that, but are you sure they don't just sync the thumbnail cache along with the history? That seems more efficient since the filesize of the thumbnail is probably smaller than the total size of each page.
– user45638
Sep 2 '16 at 15:43
1
@tubes - It might be but I have 3 computers and all 3 have different images for the same link. The one that inside the firewall shows the blocked site even though I have never visited that site on that computer.
– IDrinkandIKnowThings
Sep 2 '16 at 15:45
2
"I have 3 computers and all 3 have different images for the same link." What, and you think this supports your theory that the thumbnails are downloaded on demand? No, instead, it precisely supports what the @tubes brigade are saying: that Chrome cached the thumbnails from the last time you visited, not some speculative trip it made (and in the case of your blocked sites, physically couldn't make).
– underscore_d
Sep 4 '16 at 13:25
1
1
"chrome may have gone out and cached some of that site in anticipation of your eventually visiting the site" I wasn't aware that Chrome preemptively visits sites from synced history on new devices to prime the cache, and I can't find information about that feature. (Wouldn't it be simpler to just sync the cache too, assuming priming it is even worthwhile?) Could you provide a source please?
– user45638
Sep 2 '16 at 15:21
"chrome may have gone out and cached some of that site in anticipation of your eventually visiting the site" I wasn't aware that Chrome preemptively visits sites from synced history on new devices to prime the cache, and I can't find information about that feature. (Wouldn't it be simpler to just sync the cache too, assuming priming it is even worthwhile?) Could you provide a source please?
– user45638
Sep 2 '16 at 15:21
1
1
They do it for the preview for sure. Those items that show up on a new tab that are your frequently visited sites.
– IDrinkandIKnowThings
Sep 2 '16 at 15:23
They do it for the preview for sure. Those items that show up on a new tab that are your frequently visited sites.
– IDrinkandIKnowThings
Sep 2 '16 at 15:23
1
1
I hadn't thought of that, but are you sure they don't just sync the thumbnail cache along with the history? That seems more efficient since the filesize of the thumbnail is probably smaller than the total size of each page.
– user45638
Sep 2 '16 at 15:43
I hadn't thought of that, but are you sure they don't just sync the thumbnail cache along with the history? That seems more efficient since the filesize of the thumbnail is probably smaller than the total size of each page.
– user45638
Sep 2 '16 at 15:43
1
1
@tubes - It might be but I have 3 computers and all 3 have different images for the same link. The one that inside the firewall shows the blocked site even though I have never visited that site on that computer.
– IDrinkandIKnowThings
Sep 2 '16 at 15:45
@tubes - It might be but I have 3 computers and all 3 have different images for the same link. The one that inside the firewall shows the blocked site even though I have never visited that site on that computer.
– IDrinkandIKnowThings
Sep 2 '16 at 15:45
2
2
"I have 3 computers and all 3 have different images for the same link." What, and you think this supports your theory that the thumbnails are downloaded on demand? No, instead, it precisely supports what the @tubes brigade are saying: that Chrome cached the thumbnails from the last time you visited, not some speculative trip it made (and in the case of your blocked sites, physically couldn't make).
– underscore_d
Sep 4 '16 at 13:25
"I have 3 computers and all 3 have different images for the same link." What, and you think this supports your theory that the thumbnails are downloaded on demand? No, instead, it precisely supports what the @tubes brigade are saying: that Chrome cached the thumbnails from the last time you visited, not some speculative trip it made (and in the case of your blocked sites, physically couldn't make).
– underscore_d
Sep 4 '16 at 13:25
 |Â
show 1 more comment
up vote
0
down vote
I would try a different approach first. Are you on good terms with the IT department? If so, I would approach them, show them how this occurred and ask them to withdraw or amend the report to say it was in error. Most HR departments are dumb as rocks and probably won't grill IT. But, if they do grill IT, then IT can explain what happened and what policy changes need to occur to prevent future false positives.
answered Sep 7 '16 at 5:22
bobkuv
1
suggest improvements |Â
up vote
0
down vote
I would try a different approach first. Are you on good terms with the IT department? If so, I would approach them, show them how this occurred and ask them to withdraw or amend the report to say it was in error. Most HR departments are dumb as rocks and probably won't grill IT. But, if they do grill IT, then IT can explain what happened and what policy changes need to occur to prevent future false positives.
answered Sep 7 '16 at 5:22
bobkuv
1
suggest improvements |Â
up vote
0
down vote
up vote
0
down vote
I would try a different approach first. Are you on good terms with the IT department? If so, I would approach them, show them how this occurred and ask them to withdraw or amend the report to say it was in error. Most HR departments are dumb as rocks and probably won't grill IT. But, if they do grill IT, then IT can explain what happened and what policy changes need to occur to prevent future false positives.
answered Sep 7 '16 at 5:22
bobkuv
1
I would try a different approach first. Are you on good terms with the IT department? If so, I would approach them, show them how this occurred and ask them to withdraw or amend the report to say it was in error. Most HR departments are dumb as rocks and probably won't grill IT. But, if they do grill IT, then IT can explain what happened and what policy changes need to occur to prevent future false positives.
answered Sep 7 '16 at 5:22
bobkuv
1
answered Sep 7 '16 at 5:22
bobkuv
1
answered Sep 7 '16 at 5:22
bobkuv
1
answered Sep 7 '16 at 5:22
bobkuv
1
1
suggest improvements |Â
suggest improvements |Â
up vote
0
down vote
It is ethical, and it is legal. If they were hiring a PI to hack your devices at home, or otherwise pinged you it might be different story. Most importantly, did you violate company policies?
Some companies do not hire Facebook users, they are particular about it. If you work for a tech company in an admin role you may not be allowed to use GitHub, a smart phone, or non-virtualised Windows. You may be forbidden from owning stock in a competitor. All of these will come back to you if you are caught.
Otherwise it is none of their business and you should let them know. But your history could damage the company, once again do they have a policy that you are considered to have violated? Is your browser pinging these sites in the background to check for modified pages or dead links? It is fair to deem that you are the actor in this case. Anything dark and they will turn you over without blinking.
answered Sep 11 '17 at 5:32
mckenzm
29915
suggest improvements |Â
up vote
0
down vote
It is ethical, and it is legal. If they were hiring a PI to hack your devices at home, or otherwise pinged you it might be different story. Most importantly, did you violate company policies?
Some companies do not hire Facebook users, they are particular about it. If you work for a tech company in an admin role you may not be allowed to use GitHub, a smart phone, or non-virtualised Windows. You may be forbidden from owning stock in a competitor. All of these will come back to you if you are caught.
Otherwise it is none of their business and you should let them know. But your history could damage the company, once again do they have a policy that you are considered to have violated? Is your browser pinging these sites in the background to check for modified pages or dead links? It is fair to deem that you are the actor in this case. Anything dark and they will turn you over without blinking.
answered Sep 11 '17 at 5:32
mckenzm
29915
suggest improvements |Â
up vote
0
down vote
up vote
0
down vote
It is ethical, and it is legal. If they were hiring a PI to hack your devices at home, or otherwise pinged you it might be different story. Most importantly, did you violate company policies?
Some companies do not hire Facebook users, they are particular about it. If you work for a tech company in an admin role you may not be allowed to use GitHub, a smart phone, or non-virtualised Windows. You may be forbidden from owning stock in a competitor. All of these will come back to you if you are caught.
Otherwise it is none of their business and you should let them know. But your history could damage the company, once again do they have a policy that you are considered to have violated? Is your browser pinging these sites in the background to check for modified pages or dead links? It is fair to deem that you are the actor in this case. Anything dark and they will turn you over without blinking.
answered Sep 11 '17 at 5:32
mckenzm
29915
It is ethical, and it is legal. If they were hiring a PI to hack your devices at home, or otherwise pinged you it might be different story. Most importantly, did you violate company policies?
Some companies do not hire Facebook users, they are particular about it. If you work for a tech company in an admin role you may not be allowed to use GitHub, a smart phone, or non-virtualised Windows. You may be forbidden from owning stock in a competitor. All of these will come back to you if you are caught.
Otherwise it is none of their business and you should let them know. But your history could damage the company, once again do they have a policy that you are considered to have violated? Is your browser pinging these sites in the background to check for modified pages or dead links? It is fair to deem that you are the actor in this case. Anything dark and they will turn you over without blinking.
answered Sep 11 '17 at 5:32
mckenzm
29915
answered Sep 11 '17 at 5:32
mckenzm
29915
answered Sep 11 '17 at 5:32
mckenzm
29915
answered Sep 11 '17 at 5:32
mckenzm
29915
29915
suggest improvements |Â
suggest improvements |Â
up vote
-1
down vote
This type of thing could be avoided by simply logging outgoing DNS requesty/HTTP get requests especially if the organization utilizes a firewall/proxy. Even if offending sites were flagged in the browser history, those could easily be compared against outgoing request logs to determine if it originated from within the company in the first place.
As has been said, though, easy solution is to make sure you're not signed into anything that syncs such things from other devices, but it would be prudent for HR or IT to notify employees to not sync such things, in order to prevent this type of thing from occuring.
answered Sep 1 '16 at 22:06
Andrew Bowers
312
6
This doesn't address the actual question, which is how to approach HR about the reprimand.
– Amy Blankenship
Sep 2 '16 at 15:30
True, and if I were able to just comment with it vs posting an answer, I would have.
– Andrew Bowers
Sep 21 '16 at 16:09
suggest improvements |Â
up vote
-1
down vote
This type of thing could be avoided by simply logging outgoing DNS requesty/HTTP get requests especially if the organization utilizes a firewall/proxy. Even if offending sites were flagged in the browser history, those could easily be compared against outgoing request logs to determine if it originated from within the company in the first place.
As has been said, though, easy solution is to make sure you're not signed into anything that syncs such things from other devices, but it would be prudent for HR or IT to notify employees to not sync such things, in order to prevent this type of thing from occuring.
answered Sep 1 '16 at 22:06
Andrew Bowers
312
6
This doesn't address the actual question, which is how to approach HR about the reprimand.
– Amy Blankenship
Sep 2 '16 at 15:30
True, and if I were able to just comment with it vs posting an answer, I would have.
– Andrew Bowers
Sep 21 '16 at 16:09
suggest improvements |Â
up vote
-1
down vote
up vote
-1
down vote
This type of thing could be avoided by simply logging outgoing DNS requesty/HTTP get requests especially if the organization utilizes a firewall/proxy. Even if offending sites were flagged in the browser history, those could easily be compared against outgoing request logs to determine if it originated from within the company in the first place.
As has been said, though, easy solution is to make sure you're not signed into anything that syncs such things from other devices, but it would be prudent for HR or IT to notify employees to not sync such things, in order to prevent this type of thing from occuring.
answered Sep 1 '16 at 22:06
Andrew Bowers
312
This type of thing could be avoided by simply logging outgoing DNS requesty/HTTP get requests especially if the organization utilizes a firewall/proxy. Even if offending sites were flagged in the browser history, those could easily be compared against outgoing request logs to determine if it originated from within the company in the first place.
As has been said, though, easy solution is to make sure you're not signed into anything that syncs such things from other devices, but it would be prudent for HR or IT to notify employees to not sync such things, in order to prevent this type of thing from occuring.
answered Sep 1 '16 at 22:06
Andrew Bowers
312
answered Sep 1 '16 at 22:06
Andrew Bowers
312
answered Sep 1 '16 at 22:06
Andrew Bowers
312
answered Sep 1 '16 at 22:06
Andrew Bowers
312
312
6
This doesn't address the actual question, which is how to approach HR about the reprimand.
– Amy Blankenship
Sep 2 '16 at 15:30
True, and if I were able to just comment with it vs posting an answer, I would have.
– Andrew Bowers
Sep 21 '16 at 16:09
suggest improvements |Â
6
This doesn't address the actual question, which is how to approach HR about the reprimand.
– Amy Blankenship
Sep 2 '16 at 15:30
True, and if I were able to just comment with it vs posting an answer, I would have.
– Andrew Bowers
Sep 21 '16 at 16:09
6
6
This doesn't address the actual question, which is how to approach HR about the reprimand.
– Amy Blankenship
Sep 2 '16 at 15:30
This doesn't address the actual question, which is how to approach HR about the reprimand.
– Amy Blankenship
Sep 2 '16 at 15:30
True, and if I were able to just comment with it vs posting an answer, I would have.
– Andrew Bowers
Sep 21 '16 at 16:09
True, and if I were able to just comment with it vs posting an answer, I would have.
– Andrew Bowers
Sep 21 '16 at 16:09
suggest improvements |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fworkplace.stackexchange.com%2fquestions%2f75267%2fcompany-policy-violation-due-to-browser-history-syncing%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
5
@Seth I'd recommend editing your question to focus less on the "is this legal?" (it is) which doesn't really help you and results in answers with people just rehashing what you already know and instead asking how you can recover from this situation or argue your side of the story (i.e. damage control). Oh, and this is rather beside the point, but if you routinely work remotely through a VPN, that could be another way for less-than-professional traffic to get logged in their systems.
– Lilienthal♦
Sep 1 '16 at 20:41
24
In which country is this? Accessing things like browsing history and emails may actually be against the law, even on work accounts and computers, but this obviously depends on the local laws. For example in The Netherlands the right to privacy also extends to the workplace (source)
– Martin Tournoij
Sep 1 '16 at 21:20
6
The fact that you synced work data to personal devices, might be itself a violation of company policy. Pressing further on the matter might make someone aware. You might have even broken some non-disclosure agreement.
– Christian
Sep 2 '16 at 9:05
27
This is a fascinating situation, and a very useful warning to others about our increasingly connected, your-info-follows-you-through-the-cloud world.
– T.J. Crowder
Sep 2 '16 at 9:30
14
The mistake here was using the same Google account on your home and work machines. Keep them separate; use separate accounts. Particularly for services like Google, Microsoft and Facebook that are ubiquitous and do a lot of tracking.
– Simba
Sep 2 '16 at 13:51