It occurred to me that the only employer provided equipment that I use for work is my laptop. The monitor and peripherals are all mine.<p>Can an employer use my webcam and microphone to monitor me or my activity? Can they log keystrokes typed on my keyboard? Can they do all of this through the internet service that I pay for? And should they be able to do all or any of this?
> And should they be able to do all or any of this?<p>Personally, I don't think they should which is why I wouldn't work for anyone who tried to enforce this. It would be a massive red flag if an employer brought this up. Also, the companies that manage remote well know this and none of them are implementing invasive monitoring. The ones that try it are a small number of short-sighted old-fashioned shops that feel like they're losing control if an employee is remote and are desperately tring to gain that control back.
It varies hugely, and is often more than is obvious.<p>Logging keystrokes and webcam monitoring is at the extreme ends of the covert/overt spectrum, and the trust/control spectrum. Perfectly possible, illegal in many countries, and betrays a lack of trust in employees (in most cases) that likely means the company has a rather toxic environment. There are some very unpleasant examples of this out there, not only for employees but also students using school-issued equipment.<p>In a much more subtle example, a company which provides their own DNS infrastructure can effectively monitor internet activity on company endpoints without relying on a proxy, and without the conscious awareness of most employees.
We ask employees to install a monitoring agent based on OSQuery for compliance reasons. It does very little. It queries (read-only) OS meta details about whether or not they're using antivirus (true/false), have a password manager (true/false), the HD is encrypted (true/false), whether or not location services is active (true/false) and a list of applications. I think this is pretty typical. Some companies might go deeper, but I think we're in the norm.
I worked as a partner to a tech giant who had some security requirements, where they'd only release code to us if all the people with the code met certain requirements. It was a day-long security audit and there were several pages of checklists.<p>What I commonly see is them monitoring all data going in and out, especially through USB drives. Rival services like Google Drive are often blocked. I wouldn't be surprised if some have a kind of analytics but it's unlikely. I doubt webcam and microphone are used to monitor activity unless you're working somewhere like Facebook.
They certainly CAN monitor all of this.. but a lot of them don’t. I don’t think it really matters if the mouse or something is yours, it’s really about the computer itself. The policies and practices vary between companies. Are you suggesting there might be an issue because they are ‘using your resources’ to do this?<p>Would be interesting to see the liability a company opens themselves up to by monitoring an unaware employee with a webcam while they work from home though!
Depends who your employer is, there are varying levels of remote monitoring & administrative tools. Smaller companies are likely to invest less in this due to limited resources, where larger companies may invest more heavily for compliance and security.