1

I am just wondering whether it is possible for an employer to monitor usage on personal device on my home network in circumstances where a work device is also connected to the home network at the same time but not in use. I work from home occasionally and when I want to browse non work related things will use one of my own devices but often leave my work computer connected to my home network in this time.

How about in circumstances where personal phone which has had to install an app to secure it in order to access work emails on the phone is used as the modem, e.g. the personal computer and work computer are both hotspotting from the phone. The app does say they cannot see web history by installing it.

Thanks

ComradeOtto
  • 11
  • 1
  • 3
  • There are multiple versions of this question here. Please look through the "Related" questions list to find what you need, – schroeder Mar 11 '19 at 12:02

1 Answers1

3

First of all, monitoring your personal usage, on your personal network seems highly illegal (IANAL). So there's that, your employer is unlikely to spy this way.

Then, monitoring your home network is possible in a variety of ways when having an other device on it, but not everything would show : only your DNS queries (say, you went to facebook.com or google.com), but then since most of the web is moving to HTTPS, what happens between your computer and the remote website can't be read, so no reading your queries to Google or your Facebook posts. Also, since the computer can't really know easily if it is on your home network, or say a government building wifi, the legal ramifications are big, and your employer would probably not risk it.

I can't say for sure when using your phone. If it is a VPN app, that routes all your traffic through your employers network, then it is possible to check what websites you went to, not necessarily what you did there (HTTPS again), and so on. Again, this seems highly unlikely, and potentially illegal.

In short, using an untrusted device is almost always "game-over", but you have to estimate your threat model. If your "adversary" has more to lose than to gain, he is unlikely to "attack" you. So I'd say you're fine, unless you signed some charter explicitely barring you from using your phone in such way.

Edit: typo

Romain Prévost
  • 141
  • 4