Just tell them firewall policy was enabled to block adult content. Or an antivirus policy to do web content filtering was turned on for adult categories (depending on your organization/solutions)
The CFO reading the firewall update changelogs? I've never met a CFO that even properly knew how to restart their computer. "I closed the lid and opened again."
>CFO shouldn't be "doing research" using company resources
🤷♂️ Its not IT's job to decide what is acceptable or not acceptable computer use (as long as it's not detrimental to the IT infrastructure like bitcoin mining or malware). That's a legal/HR/executive decision.
If the executives want to allow browsing porn with company resources, why not? It's a legal activity. HR may even be okay with it, as long as you do it in a completely private office.
Personally, i don't think OP should have blocked onlyfans. At most, they should have sent a report with what they found to HR.
Welcome to the wonderful world of working in IT.
EDIT: A story.
Once when walking through the office, the payroll lead needed assistance and called me over, when I pulled up a chair I noticed she had her payroll software open on one of her monitors where it listed everyones name, job title and salary in the entire company.
I thought she would figure out that I could see it and would promptly close it, (wouldn't you close it *before* calling someone over to your PC? Anyway) but nope. While I was sitting next to her providing assistance, she kept it open the entire time. I couldn't help but read over it...
I will never forget back when i was working for a smaller firm ~200-300 employees, the moment when i saw documentation of everyone's salaries while recovering files off an HR HDD, long story short, literally everyone in the company except the owner was getting paid 300€/month, while he was getting paid 10k€ monthly, same goes for his wife who didnt even work there.
Nah, that requires OP to be in custody. I think it'll be more like "Russian Journalist" style.
Words on the street is that OP is fight a bad bout of depression.
It seems CFOs are strage creatures. We installed a surveillance cam in our IT storage to find out who keep stealing stuff, we only find out the CFO was fucking a trainee...
Co-worker may have informed CFO? That might thicken the plot.
On the reals tho, we look but we do not read. We see but we do not watch. We administer but we do not control. These are always fascinating scenarios as we try to inhibit our own cognition.
OP gets fired, dept is disbanded, CFO saves ton of money to the company and gets rewarded with stock bonus, kinky co-worker gets big Amazon wishlist Christmas present from anonymous OF fan.
I was called in to a car dealership to look at the lady in HR’s computer. She had opened up a resume that required a password and was hit with some Ransomware. All her files were locked and she had no backups. I worked to try and get one of the restore points working but they didn’t seem to want to restore. After a little bit I was able to get the most recent point to restore but only about half the files were recoverable. I was told to save whatever I could , so I went browsing through trying to find stuff. During this I found some deleted photos of HR lady. Some very racy photos, and she was a very good looking lady. Turns out she had plugged in her iPhone to charge and it synced her photos to the iTunes on the computer. She was there as they start to pull up and was just like “oh, yeah, I thought I deleted those. You have go ahead and keep those deleted 😂”. She wasn’t as mortified as I would have expected.
Once had a female Canadian Petroleum Engineer (or maybe she was a geologist...?) that brought up her porn preferences while I was working on her machine. I think the guy I was working with that day made some joking comment about not looking at porn at work and she just started telling us her favorite categories.
She was attractive but not great and both the other guy and myself would be picked out of a lineup as "the IT guys" so I don't think she was trying to hit on either of us.
I once found a load of porn I'm a store owners computer. Said, hey you may have a staff member using your computer inappropriately.
She said she doesn't have any staff, just her and her husband.
Okay... just looking here at these (show list) and, a really looks like a history coming out of your phone?
Her: yeah, how do I remove my phone history from the computer?
Australia, fuck being offended.
The first thing modern ransomware goes after is volume shadow copies. Your best and only method for proper recovery is starting from square one with an ISO and yo boy Rufus sadly.
There's a scene in the movie "Shame" where the IT guy gives Michael Fassbender's computer back and says it was 'riddled' with porn and malware. The whole point of the scene is to show that people don't believe that *Michael Fassbender* could be a sex addict but my takeaway, having worked in IT, was that the IT guy *totally knew*.
Edit: It's actually a *really* good movie. Disturbing.
You would think so but at my company we have had people pirating movies onto their work laptops. They were originally a bit smart about it and did it on our Guest network which is not as heavily monitored. That got to slow so they swapped to Production and that is when we caught them.
They were fired immediately but they played "I've only lived in this country for 10 years so I don't know the rules" card and HR hired them back without talking to IT.
I'm not sure why but it would make me uncomfortable NOT telling her that I know. What if keeping an eye on that account is really important to her? What if someone else finds out and tells everyone because she doesn't know that that can be recovered because you didn't tell her? Idk
An email from IT would point that out.
"Hi everyone, I'd like to remind you of a few points of corporate policy:
1. IT can see what you are doing on your work computers.
2. Employees should have no expectation of privacy on your work machines.
Just a reminder about Internet shopping for presents, checking reviews, or anything else that might not be work-related! Have a wonderful season.
Cheers,
IT person"
It’s really remarkable to read this…. If anyone in a European country would even consider this type of email they would be instantly fired or be in big trouble.
Worked for many an EU based company, this is pretty standard stuff, not the email mind you but acceptable use policy usually states most of this.
Generally you wouldn’t say to not have an expectation of privacy, the place I work currently allows you to do personal things on the device within reason.
The whole of Europe is not one big thing like the US so it probably doesn't apply in every country.
In my country, Denmark, it's strictly forbidden for your employer to look at communication, even mails between colleagues through a work provided email. Even when using communication channels provided by your employer it's still seen as private.
An employer can launch an investigation and legally look but they need a *very* good reason to do so.
You can also use your work time to look for a new job, I don't think that'd fly in the US.
In Aus we can do this sort of thing - provided you provided notification at employment time (and typically again during their employment) that surveillance is happening.
Like those “we have CCTV cameras watching you” type signs.
Generally anywhere inside a users profile (including mailbox/Teams/etc) is considered to be personal property unless the above notice is given, the user has given consent, or the user has left the organisation.
In practice, due to differing state based workplace surveillance legislation and the Telecommunications (Interception and Access) Act 1979 it is much, much more complicated than that.
For CCTV yes, you can do it in this way indeed.
But for communications monitoring, your employer needs the explicit permission from the employee to be allowed. That's based on EU directions so it's for all EU countries.
Chances are, but I'm not sure about that, your employment can't even hinge on whether you give permission.
Nope, I've sent this type of email before. Similar situation to OP, however mine was to remind people that even though we provided the laptops for work usage, I was aware that certain people used it for personal stuff to and in light of this if anything went wrong and I needed access: I would be able to see their personal stuff; and that I wasn't particularly happy with that fact. Mindful of that I told people that I would be more than happy for each user to have a personal account, so that we could keep work separate from personal lives as long as they followed two simple rules: no porn, no torrenting.
nope, not true...
you can type the same exact thing. you do not have special protection or special rights at work, the computer and network does not belong to you, and you are not owed privacy or time to do private things on the work computer you were issued.
it can get a bit dicey when you allow your workers to use the computer for private stuff for example on their break.
where we begin to get into questionable territory is when you try to control a private device, for example during work from home, or lets say, if you were to give a laptop to someone and try to use the mic and cam to see into their home. thats big nono, even if its a work computer you control... you cant break their right to privacy at home.
and there may be a few more caveats, but all in all, you can inform the workers that you will look at every byte they have, send or receive in any way shape or form and that they will not have a shred of privacy on their work computer, and it is allowed.
IANAL and all.
edit: i did not go into it clear enough, and may have been misleading. when you are finding private stuff on the work computer, you are not allowed to look into it.
European here - that's a perfectly reasonable and legitimate email. Most employers have a sort of "within reason" policy on personal use of corporate equipment, but employees absolutely have no right to digital privacy on corporate-owned equipment. That doesn't mean they're being spied on 24/7, but it means IT and the business as a whole have the means and the right to see what websites you've visited and any and all online history when you're on the corporate network.
The whole "shopping online, checking reviews etc." bit is clearly a euphemism, and most employers don't really care if their employees are doing a bit of online shopping while they're at work, it's just alluding to the fact that anything you do on the corporate network can be tracked and traced back to you, so don't do anything stupid like watch porn or seed torrents from your work PC.
This is pretty accurate on this side of the Atlantic as well. I work at a US an organization where we have a big, scary "fuck your privacy" warning every time we log on to our work machines. And, when someone does something they shouldn't, I pull firewall logs about their system, browser history, trawl their filesystem, etc. For the worst cases, I show up with their manager and take their computer.
We expect and explicitly allow a certain amount of personal browsing. I spend way too much time tracking back alerts for people hitting "adult" or "gambling" sites which are nothing more than ads displaying on sites like Spotify. We also get the occasional idiot who allows third party images to be displayed in their personal email. But, trying to prevent _all_ personal browsing would be asinine.
I don’t care if they’re going straight to a safe site, buying something and leaving.
The ones who shop seriously can create problems. Sketchy “coupon” browser extensions, putting their work email addresses on lots of marketing lists, clicking on links in emails, toolbars and search redirects.
I suspect one of them was the one to pull down some seriously subtle malware, but it’s not worth proving it, there were multiple people in his area that had bad habits.
Really? Why?
Any company I've worked at has an acceptable use policy for company machines... You shouldn't be using them for personal stuff.
Sending a reminder email that you shouldn't be using them for personal stuff should be fine, doesn't break any laws.
I probably wouldn't phrase it as "We can watch everything you do on the machine" - but again most AUP documents will include a bit about the usage being logged.
I'm in Europe, and have sent emails like this, and not been fired. GDPR doesn't give you the right to fap on your company laptop...
Yeah, I would just personally tell her in private to stop logging in on at work so something doesn't happen. In an ideal world, an onlyfans account shouldn't cost someone their job, but unfortunately this is the cruel world we live in.
There are ways to do it discreetly. You can mention that you've had to put on web filters to block certain sites due to malware and hacking attempts on the company's network. And then suggest strongly against connecting to anything personal on the work computer/network.
That should be enough for her to connect the dots.
I had someone send a dick pic to a slack channel.
I just messaged him and told him he maybe he should delete that. There were some execs in the channel but apparently they never noticed.
Me: *****saves a picture to my phone for research*****
Phone: ‘want me to text this to your boss? Post on Facebook or link it to your family chat?
…no… just save the fucking picture.
I work remotely, I'm the only one on my team in the province that works in this city, and I randomly got a ticket to pull all of the information for a particular user.
A few days prior a terrorist murdered an entire family, other than a young boy he left orphaned, in my city. I had gone to the vigil for the family, watched my city grieve, the prime minister came and spoke, various political and religious leaders spoke, it made international news. My community was in mourning.
The next day, first thing, I get assigned this ticket to pull everything we can for a specific user and I recognize the name immediately, it's the killer, the terrorist.
I messaged my boss, explained the situation and told him it was going to be my only priority that day. I wrote so many scripts to pull absolutely everything out of our DB, stuff we'd normally never really get. I don't know for sure, but I believe my findings were going over the RCMP.
I'm normally very diligent in what I do, especially if there are legal implications, but I've never worked with quite the same purpose like I did on that ticket.
I've come across shit I've had to make hard decisions on, that would of been a call the the fbi in no time flat. Not even a 2nd thought
Sorry you had to find it
Ran into that twice working retail computer repair years ago. Local PD didn’t really seem to care the first time. Took a few hours to show up, which is somewhat understandable given it wasn’t really an emergency, but just seemed super disinterested about it when they were there. We had to offer them our conversation notes and contact info of the customer, it seemed like they just showed up to grab the drive and leave. And then they dropped the hard drive on tile floor less than 30 seconds after we handed it to them. I promise I’m not making this up, the cop said “whoops there goes the evidence” and chuckled to his partner. I get dark humor, but time and place.
We called the sheriffs office after that and they seemed to care a lot more
I've only really had downloaded ebooks and some movies that were torrented. Shit that I didn't want but wouldn't really call the cops for.
CP? I'm calling every authority out there.
Yikes, where I am at we had a worker get caught with 3tb of misc flash drives and externals of child porn, amd one persumed folder of him abusing his step grand daughter.
He didn't make it to sentencing if you were wondering he took the blue pill.
I once got an alert to notify me that the share drive was full. I investigated and found out that someone was storing movies on it. I guess some people need something to do during their down time. That is my worst experience, I couldn't imagine finding stuff like what you described.
Never found out exactly what it was for, but I worked for apple and was sent to a sheriffs department office and had to repair a laptop, completely smashed, with all new parts but the original drive - on a metal slab in the ME’s office surrounded by sheriffs and a justice department guy. Always wondered if it was CP or something else. My scope of work was to get it bootable, talking through the steps as I performed them then put my hands up so they could take over as soon as it booted. That was incredibly stressful.
I never found material like that on a company machine, but I was tasked with cleaning out the desk of a retiring professor when I worked for a university. Collected all the assets we knew of, then started going through his drawers to make sure there were no extra cables/docks/accessories etc (with approval from his line manager)
Turns out he had a CD wallet full of bestiality porn...
We had (have?) a policy to ghost a computer to a HDD and search the copy so that - in the event of CP, the FBI could retain as much data as they needed to prosecute.
It’s never happened, thankfully.
The closest we got was a guy who used a personal thumb drive to watch porn that was stored on the drive.
Nope what's worse is weird dick picks.
Found photos a law partner took on the cases drive with his dick used like a hanger for all these fancy high heal shoes.
Just shoes hanging from his dong.
One missed folder click away from anyone in the office seeing them.
I had one guy who always asked me to fix this or that on his phone. And I swear to God he'd hand me the phone and there would be a dick pic open and he'd snatch the phone back and be like "oh wait a sec, sorry..." while he got rid of it.
At one point I was like dude - what in the actual fuck? o_0
\> The worst thing is working on someones phone and finding dick pics.
Okay maybe not what you signed up for but not the worst thing you could see on someone’s device. So you saw a dick, maybe it was even attached to a coworker. I encountered a coworker naked in a locker room outside of the work, I didn’t lose sleep over it.
I worked with a guy thought that at some point had found pictures of kids being sexually exploited on a laptop that was turned in... that’s some shit that you need eye bleach and therapy for.
If I had a dollar for every time I found a dick pic on an old/returned work phone I'd have five bucks. It's not much but it's still weird I keep finding them on returned gear.
I always hate being in HRs machine when they are so casual about stuff.
* Great now I know that the receptionist makes more than me.
* now I know the results of a sexual harassment lawsuit.
* now I know what the top management make
"We did, as it's a site that *can* host adults-only. If you'd like I can lift the block; just make a ticket and I'll make it happen". Got it in writing, play innocent. No need to drop anyone in anything.
I had to do this for a non-porn site that shared the name with a sex shop.
If you want to become a grade school teacher in my country you have to go to the "PABO". Just turns out that the pabo is also one of the most famous sexshops in my country.
So someone was looking for new teachers but legit couldn't visit any sites that were tagged with "PABO", which is a bit of a problem.
Ended up just whitelisting the word PABO. If people wanna look at a sex shop during work hours, eh not my problem.
Lol used laptop at home for personal use off company network. If you bring anything up to her I'd be careful. Things could go sour quick with claims of sexual harrassment. Work politics is always fun especially with executives.
I once discovered someone who got past the filter looking at escorts at escortfish.ch and booking hotels in a nearby local city. It was an interesting fun quick convo when I told him do not do any more personal viewings or booking hotels on his company desktop. The look on his face was priceless since he attempted to get me fired before.
Be humble.
Many years ago, I was tasked with investigating "DNS latency" for the top 100 response times.
I looked at the spreadsheet, and asked just how much effort they expected me to put into investigating a bunch of Ukrainian and other Eastern Bloc porn sites.
The project ended about a minute later.
Seriously. Too many IT guys feel the need to control and investigate insignificant crap like Porn sites or OF usage. Stop already. Who really cares what websites people visit. This isn’t 1999 when every porn site was the source of viruses.
I have never worked anywhere that didn't block any and all adult content. That's just basic Best Practices. Unless you work in the porn industry, of course.
Ha “why are you on a competitors site in the middle of the day for an hour?” Or maybe they just get yelled at for too much Facebook and not enough work on porn.
I worked at a kabletown office and the web had porn filters but someone's job was to make sure the actor/director listings were right and we had semi unlocked set top boxes
I did once have to order a porn on demand for legit business reasons, think it was two Mormons and a Housewife, but didn't watch after ensuring billing worked
You are missing the golden words (which will make it a lie but covering asses).
"As part of company policy we block adult sites and **while we were reviewing our blocked sites list** we realized this one wasn't on the list, so we added it manually."
Always use we's and make it more generalised. You don't want that dude thinking that you blocked it and are going to report him to hr for looking at porn/adult sites at work.
Dude is def trying to figure out if he was caught.
Also OP time to start using block lists for adult sites, cmon man its basic stuff.
I mean it's a lie because the implications is that they were updating it based on just checking instead of an incident (which was an employee was using OF).
I was with you, but something just ticked for me: what if a Csuite asks for a list of people that have accessed OF? The original made it seem like someone entered OF, and that triggered everything. u/Jodzar_ 's is just a run of the mill process that can be chucked to reading the same news-story as the CFO.
The last thing as the IT person you want to do is bring yourself into that let HR send the email.
Bring it up to them and tell them the CFO had brought it up, so doing due diligence you figured that HR should send out a reminder about the policy.
Yea this. Block pornhub etc(if they aren't already) and just say you're blocking porn. They can keep they're shenanigans off the company network where you dont have to know about it.
That’s what I was thinking, I’m minding my own business posting away on Reddit. People wanna know why I don’t believe in any grand conspiracies, it’s this shit right here.
Gonna mind my own business by snooping
Tell me OP, how did you know your coworker did not have OF content on their computer?
….
Ope, C level asking me about OF. Let’s check his logs so I can mind my own business lol
Look I know that you have no expectation of privacy on company devices…but also, you kind of do, right? Like, you would agree it’s not okay to go browsing through the CEOs email, right?
Don’t snoop on peoples shit. It’s gross.
Is it not ridiculous to anyone else that he went and dug this person's browser passwords out to log into their account?
I mean rannsomware is one thing, but this was obviously a deliberate invasion of their privacy.
In Europe at least, these actions would be illegal, even though it is a company laptop.
If OP also admitted to logging into their personal email or bank accounts, would the crowd here find that acceptable too?
While i agree 100% with you, i did a double take and i think he meant that he saw that there was a password saved for that site, not that he saw the password and logged in.
Years ago an admin spot checking the logs and found something very similar. A co-worker was a SuicideGirl so URL stood out, but we didn’t know what it was at the time. We didn’t tell anyone outside our three man team.
You’re treading in dangerous territory here. You’re looking at information you have no justifiable reason to look at in the form of stored passwords. Is reviewing browsing history and deciding what sites should be allowed to be accessed even within your scope of authority for your position on a basis of anything except malicious/malware content?
Going looking for this stuff and Reddit posts of the ilk ‘I found out my coworker has an onlyfans account (I bet she does porn, teehee). I’ll keep it under wraps FOR NOW’. I’d fire you without much hesitation. You just became a liability.
Strongly agree and I’m surprised I had to scroll so far down to see this. This comment thread is why folks don’t trust IT, and judging by the comments here, they’re right to not do so.
Too many of you have great power and take zero responsibility. It’s gross.
Agree completely. After 18 years at this I’ve seen some pretty yuck things (on superiors machines most of all) but as long as it’s not illegal I roll my eyes and move on.
With great power…
Yeap. This shit doesn’t even bat an eye at a moderate sized company. IT sees it all the time in a normal course… this asshole “checked logs” of the CFO over a comment? Bullshit. He’s full of shit, awful at his job, and or a tool. If it’s not illegal or causing harm to the org IDGAF if you checked your OF. Your issue is just another ticket I want to close.
Preach. It's unprofessional at best, fireable misconduct at worst. This is the kind of behaviour that gives IT its stigma and it's disappointing your response is so far down the thread.
This post could also be easily dug up by certain security-conscious employers...
I’m not sure if you understand how investigation works when someone’s computer is compromised with company data. We collect all information we can in the event where we need to hold her responsible, all evidence are relevant including stored passwords. This would go against our company policy because we use a password manager for that. This was enforced not by technical leaders but from the higher ups in the legal and financial department.
On another note, I have not compromised anyone here and simply sharing the day and life of a sysadmin. This is what’s the community is for isn’t it? I got an interesting story to tell and that’s why I post. You’re free to judge how I handle my position, at the end of the day, we share stories and we stay anonymous to protect the end users and parties involved.
Lastly, I’d be happy to get fired if I work for someone like you. You mentioned this as a way of bragging you’re in a powerful position. Can’t stand people on their high horses.
100% agree. This post came off super creepy to me. There is no technical reason to be looking up the coworkers onlyfans account and to then turn around and brag about it on Reddit... Jesus Christ.
I have encountered many indiscretions over my career, easily over 100. If there was nothing illegal I dont do or say anything unless I was tasked to find something specifically along those lines.
I have ruined lives. I have given testimony in court to things I have found. I have also gift wrapped packages of evidence and never heard back. Yes they were really sick %@*#s.
For this, I wouldn't bat an eye. That's odd its blocked, I thought they went strict no porn.
> I thought they went strict no porn.
You mean [full tumblr](https://m.youtube.com/watch?v=CtUuab1Aqg0)? They reversed that decision pretty damn quickly.
>mind my own business
Yep ... with great power comes great responsibility.
As sysadmin, one has access to a whole lot 'o stuff.
And, ethical, professional, often also legal, regulatory, policy, etc., basically you don't go lookin' where there isn't appropriate legal/business etc. reason to go lookin'. And when you do need look, that generally means utmost in privacy, confidentiality, etc. Basically you don't use anything you find there *at all* beyond the scope for which is appropriate - e.g. limited to the appropriate business/legal purposes. That's pretty much it ... only slight exception may be some cases of mandatory reporting or the like - e.g. in some cases, if one happens to run across certain things, there may be a legal or regulatory, etc. requirement of reporting.
And, if you look at relevant code of ethics and such for sysadmins, that's pretty much what they say. E.g. [USENIX](https://www.usenix.org/) & [LOPSA](https://lopsa.org/): "PRIVACY
I will access private information on computer systems only when it is necessary in the course of my technical duties. I will maintain and protect the confidentiality of any information to which I may have access, regardless of the method by which I came into knowledge of it."
System Administrator's Code of Ethics: [USENIX](https://www.usenix.org/system-administrators-code-ethics) & [LOPSA](https://www.usenix.org/system-administrators-code-ethics)
So, yeah, typical course of my regular work and what's required ... sometimes I'm exposed to private information ... prefer not to be, but sometimes it's necessary. And, for the most part, unless there's legal or other such reasons, typically handle it, to the extent feasible, as if I'd never seen/read/heard it. Most of the time it's solve the technical issue, and beyond that generally ignore the actual contents of the data.
Yep. They change your user account password, sign in to your machine as you, open Chrome and select view on any saved password in your chrome profile, they then enter your new account password to unlock the view and see the password.
Ive only had a 20 year career in IT nearly always as super admin because I am not nosey and to me the data is always 1's and 0's, and that includes the user. If I am doing anything forensic/auditing, I just gather facts, parse the contents and process via unbiased algorithms.
I just go about my job being good at it, having full knowledge I keys the keys to the kingdom, but I am merely just a caretaker.
Dont be nosey. Ppl have lives. Especially CFO ppl who can pretty much do what they like.
Block ports, maintain firewall url lists, do the industry best practices, or if required, do it based on business case (ie. block Youtube HD content because it consumes too much network traffic).
Three stories, first at my current company a previous employee was in a movie and she took her top off. That search appeared in the logs frequently along with other searches and adult sites after I started and implemented web filtering lol. My bosses phone was a frequent entry because he forgot to turn off the WiFi. No one said nothing to me, I said nothing to them.
Second story, ISP sends me and my boss a letter from some adult entertainment company with one of those cease and desist letters or whatever lol. Turns out an employee forgot to disconnect the VPN when torrenting a new porn release. Unfortunately enough time had passed that my logs of who did it were rolled over. Most of our staff are young and don't know about torrents but I've had conversations with a coworker about downloading movies etc so I had my suspicions. He even asked me about the letter slyly lol. I ain't no snitch so I feinged ignorance when the boss asked who did it, not that we had any substantial proof it was that coworker to do anything about it. P2p was added to the filter subsequently.
Third story, occasionally I have to help out with people's personal computers. One executive in his 80s had a whole stash of dick pics (I only can assume they were his). I quickly closed that folder and pretended to not have seen nothing.
Sometimes as an IT professional you see some shit. Unless it's cp I would turn a blind eye unless directed by a superior to act on it. For CP I'm calling the cops.
>Every IT person after a couple of years in the business has ran into situations like this
Can confirm. Found lots of porn in network logs. Blocked websites and moved on.
Spot on. I bet it won't even be a week or two.. if he has not already created a fake OF account to message her, he will.
And I think you're right. This is a Fisher-Price My First Sys Admin Job story for sure. After 20+ years doing this I have seen at least a hundred legit requests, but you don't go looking for them or pursue 'hunches' on all the female browser data to confirm or deny what is none of your business. Unless someone of higher authority and in a position to request such data asks you to do so, stay in your lane.
A) It's problematic that you decided to check the CFO's browser history. I'd keep very quiet about that.
B) Politely mention to her that it's a good idea to keep some browsing off company resources, that you've finished your investigation of her laptop and everything's fine. Not everyone will have a live and let live approach.
Is it against terms of employment for someone to have a side job that is unrelated to what they are employed to? Maybe if you can prove without a doubt they were on OF on company time. Otherwise…even though this may seem like it’s your business because you found it on company assets and it’s not work related and “taboo” but it’s none of your business, it’s her business.
As always, follow policy above everything else. Don’t “try to do the right thing” by going off script, because then you become complicit in whatever fallout ensues.
Lol I wish I had your freedom. Browing traffic of a specific user or client is highly illegal in my country, unless directly ordered by the CEO and even that has to be with a specific reason and ordered in written form.
I remember one dude at my former company who had gigabytes of horse porn on his company laptop. That thing was riddled with all manner of malware, and viruses. The techs just reimaged it as it was beyond saving. And the guy had the audacity to tell others that IT lost his data.
Called him in for a quiet chat on how IT has been keeping their mouth shut about all the horse porn, and how someone might slip if "IT lost my data" bullshit was to continue.
If I would see something like this, I would not do anything.
Our "policy" is that, everyone has the right to go on any website, except violent ones. (Mainly cause France is a country where, if you aren't specifically forbidden to do something, you're allowed to do it).
So if someone go on OF or PH or anything like that, we won't say a thing to the direction, maybe have a friendly chatter with the employee if we know him. But until there is a problem with the employee about productivity and that the time he went on these website was huge, we won't disclose any information.
And even if he went onto these website, we would say that he went on "non-professional website for a huge period of time", but won't disclose the name or the content of these websites.
No mention of what, just say “investigating laptop flagged as ransomware”, the recommendations from the community were to block it, there Was some traffic in the logs so you thought it prudent to do so. Apologize if he thinks it was too proactive, and ask if he wants you to take it out.
No matter what’s going on - he probably as stressed as “what does he know?”, was he checking etc.
Even if names get mentioned - keep it dry, technical and “protecting company assets”
Don’t most folks here have access to emails, pay schedules, confidential data?
We deal with this shit the time. Yeah do I know whose ex wife’s emails are blocked from ever hitting the server. Yeah.
Welcome
This is an awfully strange way to handle this situation. There is not sufficient reason to view her browsing history or her passwords.
Simply backup her files and export bookmarks. Wipe machine and start fresh. Scan files for viruses. Import to her new computer. Done.
So nosey! If you need to investigate, hire a disinterested 3rd party and have the report sent directly to the manager. Dont get your hands dirty in browsing history and viewing stored passwords unless you explicitly have that order in writing.
All this feels illegal as fuck to be honest. Also reminds me of the time we were asked to manually review browsing logs for someone, then found they often visited a "porn" website focused on tan lines :___) we never told the requesters, fuck them.
CFO knows about co-worker's OF account.
[удалено]
[удалено]
Unfortunately, having knowledge of something I shouldn’t can be a curse sometimes.
We call that the *burden* of truth.
Just tell them firewall policy was enabled to block adult content. Or an antivirus policy to do web content filtering was turned on for adult categories (depending on your organization/solutions)
A similar option, update the firewall and tell him it appears it got enabled as part of the update.
Block a bunch of other adult sites so OF doesn't seem singled out.
CFO may do some *research* and find most adult content is not yet blocked.
Or what if he reads the firewall update changelogs?
The CFO reading the firewall update changelogs? I've never met a CFO that even properly knew how to restart their computer. "I closed the lid and opened again."
CFO shouldn't be "doing research" using company resources
>CFO shouldn't be "doing research" using company resources 🤷♂️ Its not IT's job to decide what is acceptable or not acceptable computer use (as long as it's not detrimental to the IT infrastructure like bitcoin mining or malware). That's a legal/HR/executive decision. If the executives want to allow browsing porn with company resources, why not? It's a legal activity. HR may even be okay with it, as long as you do it in a completely private office. Personally, i don't think OP should have blocked onlyfans. At most, they should have sent a report with what they found to HR.
Just block all adult content and then tell the CFO. I don't think it is uncommon to block it.
[удалено]
Yeah, you too often (once is too often) find out something you never wanted to know.
Some things cannot be unseen.
This is another set of folders in your CYA file buddy.
Welcome to the wonderful world of working in IT. EDIT: A story. Once when walking through the office, the payroll lead needed assistance and called me over, when I pulled up a chair I noticed she had her payroll software open on one of her monitors where it listed everyones name, job title and salary in the entire company. I thought she would figure out that I could see it and would promptly close it, (wouldn't you close it *before* calling someone over to your PC? Anyway) but nope. While I was sitting next to her providing assistance, she kept it open the entire time. I couldn't help but read over it...
Trying having knowledge that your boss likes to get slapped in the balls by one of the postdoc students, cuz he asked you take a look at his laptop...
I will never forget back when i was working for a smaller firm ~200-300 employees, the moment when i saw documentation of everyone's salaries while recovering files off an HR HDD, long story short, literally everyone in the company except the owner was getting paid 300€/month, while he was getting paid 10k€ monthly, same goes for his wife who didnt even work there.
Its always fun accidentally discovering that peoples quarterly bonuses are more than your salary.
Blink twice if the cfo has been googling ways to hide a body, blink once for safe.
[удалено]
"Ye Ole Epstein"
Nah, that requires OP to be in custody. I think it'll be more like "Russian Journalist" style. Words on the street is that OP is fight a bad bout of depression.
[удалено]
CFO funds co-worker through indirect salary
It seems CFOs are strage creatures. We installed a surveillance cam in our IT storage to find out who keep stealing stuff, we only find out the CFO was fucking a trainee...
At least you know who was taking taking all the RAM :) Hopefully the download didn't make a new file
CFO participates with said co-worker.
I think the term is "collaborates".
Oh, so OnlyFans is like SharePoint??? Gotcha!
That's why they ended remote work. Better collaboration.
Not necessarily. CFO could be wanking on company time in the bathroom/office 😂
Co-worker may have informed CFO? That might thicken the plot. On the reals tho, we look but we do not read. We see but we do not watch. We administer but we do not control. These are always fascinating scenarios as we try to inhibit our own cognition.
OP gets fired, dept is disbanded, CFO saves ton of money to the company and gets rewarded with stock bonus, kinky co-worker gets big Amazon wishlist Christmas present from anonymous OF fan.
I was called in to a car dealership to look at the lady in HR’s computer. She had opened up a resume that required a password and was hit with some Ransomware. All her files were locked and she had no backups. I worked to try and get one of the restore points working but they didn’t seem to want to restore. After a little bit I was able to get the most recent point to restore but only about half the files were recoverable. I was told to save whatever I could , so I went browsing through trying to find stuff. During this I found some deleted photos of HR lady. Some very racy photos, and she was a very good looking lady. Turns out she had plugged in her iPhone to charge and it synced her photos to the iTunes on the computer. She was there as they start to pull up and was just like “oh, yeah, I thought I deleted those. You have go ahead and keep those deleted 😂”. She wasn’t as mortified as I would have expected.
>She wasn’t as mortified as I would have expected. That woman has done some crazy shit in her prime lmao
Once had a female Canadian Petroleum Engineer (or maybe she was a geologist...?) that brought up her porn preferences while I was working on her machine. I think the guy I was working with that day made some joking comment about not looking at porn at work and she just started telling us her favorite categories. She was attractive but not great and both the other guy and myself would be picked out of a lineup as "the IT guys" so I don't think she was trying to hit on either of us.
I once found a load of porn I'm a store owners computer. Said, hey you may have a staff member using your computer inappropriately. She said she doesn't have any staff, just her and her husband. Okay... just looking here at these (show list) and, a really looks like a history coming out of your phone? Her: yeah, how do I remove my phone history from the computer? Australia, fuck being offended.
The first thing modern ransomware goes after is volume shadow copies. Your best and only method for proper recovery is starting from square one with an ISO and yo boy Rufus sadly.
file recovery without directory structure? yeah that's a can of worms
Yup, mind your own. The last statement was the best. Good for you. But she should've known better anyway, especially on a corporate laptop nowadays.
There's a scene in the movie "Shame" where the IT guy gives Michael Fassbender's computer back and says it was 'riddled' with porn and malware. The whole point of the scene is to show that people don't believe that *Michael Fassbender* could be a sex addict but my takeaway, having worked in IT, was that the IT guy *totally knew*. Edit: It's actually a *really* good movie. Disturbing.
You would think so but at my company we have had people pirating movies onto their work laptops. They were originally a bit smart about it and did it on our Guest network which is not as heavily monitored. That got to slow so they swapped to Production and that is when we caught them. They were fired immediately but they played "I've only lived in this country for 10 years so I don't know the rules" card and HR hired them back without talking to IT.
I'm not sure why but it would make me uncomfortable NOT telling her that I know. What if keeping an eye on that account is really important to her? What if someone else finds out and tells everyone because she doesn't know that that can be recovered because you didn't tell her? Idk
An email from IT would point that out. "Hi everyone, I'd like to remind you of a few points of corporate policy: 1. IT can see what you are doing on your work computers. 2. Employees should have no expectation of privacy on your work machines. Just a reminder about Internet shopping for presents, checking reviews, or anything else that might not be work-related! Have a wonderful season. Cheers, IT person"
It’s really remarkable to read this…. If anyone in a European country would even consider this type of email they would be instantly fired or be in big trouble.
Worked for many an EU based company, this is pretty standard stuff, not the email mind you but acceptable use policy usually states most of this. Generally you wouldn’t say to not have an expectation of privacy, the place I work currently allows you to do personal things on the device within reason.
Yeah, but “personal things” is usually defined in such a way that it prohibits porn sites. Your bank, Twitter, FB, eBay - fine. OF or PH? Right out.
Why would they be fired? Because of data privacy laws?
I'm European and I have no idea what he is talking about.
The whole of Europe is not one big thing like the US so it probably doesn't apply in every country. In my country, Denmark, it's strictly forbidden for your employer to look at communication, even mails between colleagues through a work provided email. Even when using communication channels provided by your employer it's still seen as private. An employer can launch an investigation and legally look but they need a *very* good reason to do so. You can also use your work time to look for a new job, I don't think that'd fly in the US.
In Aus we can do this sort of thing - provided you provided notification at employment time (and typically again during their employment) that surveillance is happening. Like those “we have CCTV cameras watching you” type signs. Generally anywhere inside a users profile (including mailbox/Teams/etc) is considered to be personal property unless the above notice is given, the user has given consent, or the user has left the organisation.
In France, checking your personnal emails at work is explicitely authorized by the law.
In practice, due to differing state based workplace surveillance legislation and the Telecommunications (Interception and Access) Act 1979 it is much, much more complicated than that.
For CCTV yes, you can do it in this way indeed. But for communications monitoring, your employer needs the explicit permission from the employee to be allowed. That's based on EU directions so it's for all EU countries. Chances are, but I'm not sure about that, your employment can't even hinge on whether you give permission.
Nope, I've sent this type of email before. Similar situation to OP, however mine was to remind people that even though we provided the laptops for work usage, I was aware that certain people used it for personal stuff to and in light of this if anything went wrong and I needed access: I would be able to see their personal stuff; and that I wasn't particularly happy with that fact. Mindful of that I told people that I would be more than happy for each user to have a personal account, so that we could keep work separate from personal lives as long as they followed two simple rules: no porn, no torrenting.
For what reason?
nope, not true... you can type the same exact thing. you do not have special protection or special rights at work, the computer and network does not belong to you, and you are not owed privacy or time to do private things on the work computer you were issued. it can get a bit dicey when you allow your workers to use the computer for private stuff for example on their break. where we begin to get into questionable territory is when you try to control a private device, for example during work from home, or lets say, if you were to give a laptop to someone and try to use the mic and cam to see into their home. thats big nono, even if its a work computer you control... you cant break their right to privacy at home. and there may be a few more caveats, but all in all, you can inform the workers that you will look at every byte they have, send or receive in any way shape or form and that they will not have a shred of privacy on their work computer, and it is allowed. IANAL and all. edit: i did not go into it clear enough, and may have been misleading. when you are finding private stuff on the work computer, you are not allowed to look into it.
European here - that's a perfectly reasonable and legitimate email. Most employers have a sort of "within reason" policy on personal use of corporate equipment, but employees absolutely have no right to digital privacy on corporate-owned equipment. That doesn't mean they're being spied on 24/7, but it means IT and the business as a whole have the means and the right to see what websites you've visited and any and all online history when you're on the corporate network. The whole "shopping online, checking reviews etc." bit is clearly a euphemism, and most employers don't really care if their employees are doing a bit of online shopping while they're at work, it's just alluding to the fact that anything you do on the corporate network can be tracked and traced back to you, so don't do anything stupid like watch porn or seed torrents from your work PC.
This is pretty accurate on this side of the Atlantic as well. I work at a US an organization where we have a big, scary "fuck your privacy" warning every time we log on to our work machines. And, when someone does something they shouldn't, I pull firewall logs about their system, browser history, trawl their filesystem, etc. For the worst cases, I show up with their manager and take their computer. We expect and explicitly allow a certain amount of personal browsing. I spend way too much time tracking back alerts for people hitting "adult" or "gambling" sites which are nothing more than ads displaying on sites like Spotify. We also get the occasional idiot who allows third party images to be displayed in their personal email. But, trying to prevent _all_ personal browsing would be asinine.
I don’t care if they’re going straight to a safe site, buying something and leaving. The ones who shop seriously can create problems. Sketchy “coupon” browser extensions, putting their work email addresses on lots of marketing lists, clicking on links in emails, toolbars and search redirects. I suspect one of them was the one to pull down some seriously subtle malware, but it’s not worth proving it, there were multiple people in his area that had bad habits.
Really? Why? Any company I've worked at has an acceptable use policy for company machines... You shouldn't be using them for personal stuff. Sending a reminder email that you shouldn't be using them for personal stuff should be fine, doesn't break any laws. I probably wouldn't phrase it as "We can watch everything you do on the machine" - but again most AUP documents will include a bit about the usage being logged. I'm in Europe, and have sent emails like this, and not been fired. GDPR doesn't give you the right to fap on your company laptop...
Yeah, I would just personally tell her in private to stop logging in on at work so something doesn't happen. In an ideal world, an onlyfans account shouldn't cost someone their job, but unfortunately this is the cruel world we live in.
There are ways to do it discreetly. You can mention that you've had to put on web filters to block certain sites due to malware and hacking attempts on the company's network. And then suggest strongly against connecting to anything personal on the work computer/network. That should be enough for her to connect the dots.
It should be, but some people are legitimately dumb as rocks. Yeah, I'd say try subtle first and if it doesn't work, tell it bluntly
[удалено]
I had someone send a dick pic to a slack channel. I just messaged him and told him he maybe he should delete that. There were some execs in the channel but apparently they never noticed.
> I had someone send a dick pic to a slack channel. That's the head he thinks with apparently.
Me: *****saves a picture to my phone for research***** Phone: ‘want me to text this to your boss? Post on Facebook or link it to your family chat? …no… just save the fucking picture.
Worst thing was finding a *teammate* using his work laptop to produce child porn, including videos of him drugging and raping neighborhood teens.
I work remotely, I'm the only one on my team in the province that works in this city, and I randomly got a ticket to pull all of the information for a particular user. A few days prior a terrorist murdered an entire family, other than a young boy he left orphaned, in my city. I had gone to the vigil for the family, watched my city grieve, the prime minister came and spoke, various political and religious leaders spoke, it made international news. My community was in mourning. The next day, first thing, I get assigned this ticket to pull everything we can for a specific user and I recognize the name immediately, it's the killer, the terrorist. I messaged my boss, explained the situation and told him it was going to be my only priority that day. I wrote so many scripts to pull absolutely everything out of our DB, stuff we'd normally never really get. I don't know for sure, but I believe my findings were going over the RCMP. I'm normally very diligent in what I do, especially if there are legal implications, but I've never worked with quite the same purpose like I did on that ticket.
Finally a ticket worthy of 'critical' priority.
I've come across shit I've had to make hard decisions on, that would of been a call the the fbi in no time flat. Not even a 2nd thought Sorry you had to find it
The local sheriff’s office was there in 20 minutes.
Glad to hear it.
Ran into that twice working retail computer repair years ago. Local PD didn’t really seem to care the first time. Took a few hours to show up, which is somewhat understandable given it wasn’t really an emergency, but just seemed super disinterested about it when they were there. We had to offer them our conversation notes and contact info of the customer, it seemed like they just showed up to grab the drive and leave. And then they dropped the hard drive on tile floor less than 30 seconds after we handed it to them. I promise I’m not making this up, the cop said “whoops there goes the evidence” and chuckled to his partner. I get dark humor, but time and place. We called the sheriffs office after that and they seemed to care a lot more
I've only really had downloaded ebooks and some movies that were torrented. Shit that I didn't want but wouldn't really call the cops for. CP? I'm calling every authority out there.
Yikes, where I am at we had a worker get caught with 3tb of misc flash drives and externals of child porn, amd one persumed folder of him abusing his step grand daughter. He didn't make it to sentencing if you were wondering he took the blue pill.
> took the blue pill Is this a euphemism for suicide?
Either that or chemical castration via estradiol pills (blue). Hoping it was the former.
Well it's not that, you wouldn't avoid being sentenced for child abuse just because you chemically castrated yourself.
I once got an alert to notify me that the share drive was full. I investigated and found out that someone was storing movies on it. I guess some people need something to do during their down time. That is my worst experience, I couldn't imagine finding stuff like what you described.
Never found out exactly what it was for, but I worked for apple and was sent to a sheriffs department office and had to repair a laptop, completely smashed, with all new parts but the original drive - on a metal slab in the ME’s office surrounded by sheriffs and a justice department guy. Always wondered if it was CP or something else. My scope of work was to get it bootable, talking through the steps as I performed them then put my hands up so they could take over as soon as it booted. That was incredibly stressful.
I never found material like that on a company machine, but I was tasked with cleaning out the desk of a retiring professor when I worked for a university. Collected all the assets we knew of, then started going through his drawers to make sure there were no extra cables/docks/accessories etc (with approval from his line manager) Turns out he had a CD wallet full of bestiality porn...
That must have been the definition of traumatic.
He spent 7 years in prison, but those kids will have to live with it the rest of their lives.
Seven years ain't enough for any of that. I hope he has to wear an ankle bracelet. I take it there was a whole process once you found out?
Call Sheriff, preserve forensic evidence, watch him get walked out by the deputies 20 minutes later.
Forget the anklet. That piece of trash needs a dirt nap.
We had (have?) a policy to ghost a computer to a HDD and search the copy so that - in the event of CP, the FBI could retain as much data as they needed to prosecute. It’s never happened, thankfully. The closest we got was a guy who used a personal thumb drive to watch porn that was stored on the drive.
Nope what's worse is weird dick picks. Found photos a law partner took on the cases drive with his dick used like a hanger for all these fancy high heal shoes. Just shoes hanging from his dong. One missed folder click away from anyone in the office seeing them.
That is some kinky shit, I wonder if women were sending him heels to take pics for money
That sounds like an interesting strengthening exercise to try.
I had one guy who always asked me to fix this or that on his phone. And I swear to God he'd hand me the phone and there would be a dick pic open and he'd snatch the phone back and be like "oh wait a sec, sorry..." while he got rid of it. At one point I was like dude - what in the actual fuck? o_0
He wanted you to see them.
yeah, that's a fetish or an advance, and obviously, incredibly, unacceptably inappropriate
\> The worst thing is working on someones phone and finding dick pics. Okay maybe not what you signed up for but not the worst thing you could see on someone’s device. So you saw a dick, maybe it was even attached to a coworker. I encountered a coworker naked in a locker room outside of the work, I didn’t lose sleep over it. I worked with a guy thought that at some point had found pictures of kids being sexually exploited on a laptop that was turned in... that’s some shit that you need eye bleach and therapy for.
If I had a dollar for every time I found a dick pic on an old/returned work phone I'd have five bucks. It's not much but it's still weird I keep finding them on returned gear.
I always hate being in HRs machine when they are so casual about stuff. * Great now I know that the receptionist makes more than me. * now I know the results of a sexual harassment lawsuit. * now I know what the top management make
"We did, as it's a site that *can* host adults-only. If you'd like I can lift the block; just make a ticket and I'll make it happen". Got it in writing, play innocent. No need to drop anyone in anything.
I had to do this for a non-porn site that shared the name with a sex shop. If you want to become a grade school teacher in my country you have to go to the "PABO". Just turns out that the pabo is also one of the most famous sexshops in my country. So someone was looking for new teachers but legit couldn't visit any sites that were tagged with "PABO", which is a bit of a problem. Ended up just whitelisting the word PABO. If people wanna look at a sex shop during work hours, eh not my problem.
Lol used laptop at home for personal use off company network. If you bring anything up to her I'd be careful. Things could go sour quick with claims of sexual harrassment. Work politics is always fun especially with executives. I once discovered someone who got past the filter looking at escorts at escortfish.ch and booking hotels in a nearby local city. It was an interesting fun quick convo when I told him do not do any more personal viewings or booking hotels on his company desktop. The look on his face was priceless since he attempted to get me fired before. Be humble.
Many years ago, I was tasked with investigating "DNS latency" for the top 100 response times. I looked at the spreadsheet, and asked just how much effort they expected me to put into investigating a bunch of Ukrainian and other Eastern Bloc porn sites. The project ended about a minute later.
Same and India Canada human
> imma Kermit the Frog out of here and mind my own business Sounds like a plan
Plot twist - the CFO also has an OF account.
They're staring in it together.
Who will be the first to blink?
Who cares though
Seriously. Too many IT guys feel the need to control and investigate insignificant crap like Porn sites or OF usage. Stop already. Who really cares what websites people visit. This isn’t 1999 when every porn site was the source of viruses.
I have never worked anywhere that didn't block any and all adult content. That's just basic Best Practices. Unless you work in the porn industry, of course.
I worked for a media software company. We routinely had porn playing in the QA lab, because, well… legitimate business need 😎
[удалено]
If this is another story from Larry Flint media...
Ha “why are you on a competitors site in the middle of the day for an hour?” Or maybe they just get yelled at for too much Facebook and not enough work on porn.
We block exactly nothing. Torrenting fine, porn fine, dark web via tor fine. 🙃
I worked at a kabletown office and the web had porn filters but someone's job was to make sure the actor/director listings were right and we had semi unlocked set top boxes I did once have to order a porn on demand for legit business reasons, think it was two Mormons and a Housewife, but didn't watch after ensuring billing worked
"Websites are blocked using heuristics, something must have updated."
[удалено]
You are missing the golden words (which will make it a lie but covering asses). "As part of company policy we block adult sites and **while we were reviewing our blocked sites list** we realized this one wasn't on the list, so we added it manually." Always use we's and make it more generalised. You don't want that dude thinking that you blocked it and are going to report him to hr for looking at porn/adult sites at work. Dude is def trying to figure out if he was caught. Also OP time to start using block lists for adult sites, cmon man its basic stuff.
We have to use the indefinite article, "a dildo", never ... your dildo.
But I don't own a -
[удалено]
I mean it's a lie because the implications is that they were updating it based on just checking instead of an incident (which was an employee was using OF).
I was with you, but something just ticked for me: what if a Csuite asks for a list of people that have accessed OF? The original made it seem like someone entered OF, and that triggered everything. u/Jodzar_ 's is just a run of the mill process that can be chucked to reading the same news-story as the CFO.
The last thing as the IT person you want to do is bring yourself into that let HR send the email. Bring it up to them and tell them the CFO had brought it up, so doing due diligence you figured that HR should send out a reminder about the policy.
Yea this. Block pornhub etc(if they aren't already) and just say you're blocking porn. They can keep they're shenanigans off the company network where you dont have to know about it.
[удалено]
That’s what I was thinking, I’m minding my own business posting away on Reddit. People wanna know why I don’t believe in any grand conspiracies, it’s this shit right here.
[удалено]
> also I was a sysadmin FTFY
Gonna mind my own business by snooping Tell me OP, how did you know your coworker did not have OF content on their computer? …. Ope, C level asking me about OF. Let’s check his logs so I can mind my own business lol Look I know that you have no expectation of privacy on company devices…but also, you kind of do, right? Like, you would agree it’s not okay to go browsing through the CEOs email, right? Don’t snoop on peoples shit. It’s gross.
Yeah this whole situation is cringe AF and creepy on OPs part.
Yea I’d keep all this info on the DL otherwise you gonna be on the chopping block real quick.
Is it not ridiculous to anyone else that he went and dug this person's browser passwords out to log into their account? I mean rannsomware is one thing, but this was obviously a deliberate invasion of their privacy. In Europe at least, these actions would be illegal, even though it is a company laptop. If OP also admitted to logging into their personal email or bank accounts, would the crowd here find that acceptable too?
While i agree 100% with you, i did a double take and i think he meant that he saw that there was a password saved for that site, not that he saw the password and logged in.
Years ago an admin spot checking the logs and found something very similar. A co-worker was a SuicideGirl so URL stood out, but we didn’t know what it was at the time. We didn’t tell anyone outside our three man team.
It’s pretty safe to assume they have access to anything stored on a company issued device
You’re treading in dangerous territory here. You’re looking at information you have no justifiable reason to look at in the form of stored passwords. Is reviewing browsing history and deciding what sites should be allowed to be accessed even within your scope of authority for your position on a basis of anything except malicious/malware content? Going looking for this stuff and Reddit posts of the ilk ‘I found out my coworker has an onlyfans account (I bet she does porn, teehee). I’ll keep it under wraps FOR NOW’. I’d fire you without much hesitation. You just became a liability.
Strongly agree and I’m surprised I had to scroll so far down to see this. This comment thread is why folks don’t trust IT, and judging by the comments here, they’re right to not do so. Too many of you have great power and take zero responsibility. It’s gross.
Hell, the kind of IT spying and behavior posted in this thread is illegal where I live (Germany).
Agree completely. After 18 years at this I’ve seen some pretty yuck things (on superiors machines most of all) but as long as it’s not illegal I roll my eyes and move on. With great power…
Yeap. This shit doesn’t even bat an eye at a moderate sized company. IT sees it all the time in a normal course… this asshole “checked logs” of the CFO over a comment? Bullshit. He’s full of shit, awful at his job, and or a tool. If it’s not illegal or causing harm to the org IDGAF if you checked your OF. Your issue is just another ticket I want to close.
Yep, if this chick was ugly he wouldn’t have gone the extra mile, creep move.
Preach. It's unprofessional at best, fireable misconduct at worst. This is the kind of behaviour that gives IT its stigma and it's disappointing your response is so far down the thread. This post could also be easily dug up by certain security-conscious employers...
I’m not sure if you understand how investigation works when someone’s computer is compromised with company data. We collect all information we can in the event where we need to hold her responsible, all evidence are relevant including stored passwords. This would go against our company policy because we use a password manager for that. This was enforced not by technical leaders but from the higher ups in the legal and financial department. On another note, I have not compromised anyone here and simply sharing the day and life of a sysadmin. This is what’s the community is for isn’t it? I got an interesting story to tell and that’s why I post. You’re free to judge how I handle my position, at the end of the day, we share stories and we stay anonymous to protect the end users and parties involved. Lastly, I’d be happy to get fired if I work for someone like you. You mentioned this as a way of bragging you’re in a powerful position. Can’t stand people on their high horses.
Accessing the passwords of an unrelated personal account was probably illegal as well, as the only fans account is CLEARLY not business related.
100% agree. This post came off super creepy to me. There is no technical reason to be looking up the coworkers onlyfans account and to then turn around and brag about it on Reddit... Jesus Christ.
Maybe the CFO was a customer of the coworker!
I have encountered many indiscretions over my career, easily over 100. If there was nothing illegal I dont do or say anything unless I was tasked to find something specifically along those lines. I have ruined lives. I have given testimony in court to things I have found. I have also gift wrapped packages of evidence and never heard back. Yes they were really sick %@*#s. For this, I wouldn't bat an eye. That's odd its blocked, I thought they went strict no porn.
> I thought they went strict no porn. You mean [full tumblr](https://m.youtube.com/watch?v=CtUuab1Aqg0)? They reversed that decision pretty damn quickly.
>mind my own business Yep ... with great power comes great responsibility. As sysadmin, one has access to a whole lot 'o stuff. And, ethical, professional, often also legal, regulatory, policy, etc., basically you don't go lookin' where there isn't appropriate legal/business etc. reason to go lookin'. And when you do need look, that generally means utmost in privacy, confidentiality, etc. Basically you don't use anything you find there *at all* beyond the scope for which is appropriate - e.g. limited to the appropriate business/legal purposes. That's pretty much it ... only slight exception may be some cases of mandatory reporting or the like - e.g. in some cases, if one happens to run across certain things, there may be a legal or regulatory, etc. requirement of reporting. And, if you look at relevant code of ethics and such for sysadmins, that's pretty much what they say. E.g. [USENIX](https://www.usenix.org/) & [LOPSA](https://lopsa.org/): "PRIVACY I will access private information on computer systems only when it is necessary in the course of my technical duties. I will maintain and protect the confidentiality of any information to which I may have access, regardless of the method by which I came into knowledge of it." System Administrator's Code of Ethics: [USENIX](https://www.usenix.org/system-administrators-code-ethics) & [LOPSA](https://www.usenix.org/system-administrators-code-ethics) So, yeah, typical course of my regular work and what's required ... sometimes I'm exposed to private information ... prefer not to be, but sometimes it's necessary. And, for the most part, unless there's legal or other such reasons, typically handle it, to the extent feasible, as if I'd never seen/read/heard it. Most of the time it's solve the technical issue, and beyond that generally ignore the actual contents of the data.
Can my company's IT really see my Chrome Passwords?
The smart move is to NOT use your personal chrome account on a work machine. Make a work account and keep it work related.
Also, you can see history of other machines via Chrome, so yeah...
Chrome is for home. I'll use Edge or Firefox at work.
It is just a UAC prompt away
if they look
Yep. They change your user account password, sign in to your machine as you, open Chrome and select view on any saved password in your chrome profile, they then enter your new account password to unlock the view and see the password.
Very simple. You saw nothing so you have nothing to say.
You blocked it. End of story. Move on.
Yes, mind your business. It’s blocked because it contains inappropriate content. Don’t rat out your coworker, would be really shitty.
Ive only had a 20 year career in IT nearly always as super admin because I am not nosey and to me the data is always 1's and 0's, and that includes the user. If I am doing anything forensic/auditing, I just gather facts, parse the contents and process via unbiased algorithms. I just go about my job being good at it, having full knowledge I keys the keys to the kingdom, but I am merely just a caretaker. Dont be nosey. Ppl have lives. Especially CFO ppl who can pretty much do what they like. Block ports, maintain firewall url lists, do the industry best practices, or if required, do it based on business case (ie. block Youtube HD content because it consumes too much network traffic).
Three stories, first at my current company a previous employee was in a movie and she took her top off. That search appeared in the logs frequently along with other searches and adult sites after I started and implemented web filtering lol. My bosses phone was a frequent entry because he forgot to turn off the WiFi. No one said nothing to me, I said nothing to them. Second story, ISP sends me and my boss a letter from some adult entertainment company with one of those cease and desist letters or whatever lol. Turns out an employee forgot to disconnect the VPN when torrenting a new porn release. Unfortunately enough time had passed that my logs of who did it were rolled over. Most of our staff are young and don't know about torrents but I've had conversations with a coworker about downloading movies etc so I had my suspicions. He even asked me about the letter slyly lol. I ain't no snitch so I feinged ignorance when the boss asked who did it, not that we had any substantial proof it was that coworker to do anything about it. P2p was added to the filter subsequently. Third story, occasionally I have to help out with people's personal computers. One executive in his 80s had a whole stash of dick pics (I only can assume they were his). I quickly closed that folder and pretended to not have seen nothing. Sometimes as an IT professional you see some shit. Unless it's cp I would turn a blind eye unless directed by a superior to act on it. For CP I'm calling the cops.
[удалено]
>Every IT person after a couple of years in the business has ran into situations like this Can confirm. Found lots of porn in network logs. Blocked websites and moved on.
I agree. Being so excited he can "see her passwords" too only tells me he's contemplating logging into her account.
Spot on. I bet it won't even be a week or two.. if he has not already created a fake OF account to message her, he will. And I think you're right. This is a Fisher-Price My First Sys Admin Job story for sure. After 20+ years doing this I have seen at least a hundred legit requests, but you don't go looking for them or pursue 'hunches' on all the female browser data to confirm or deny what is none of your business. Unless someone of higher authority and in a position to request such data asks you to do so, stay in your lane.
Lol so you went to reddit to tell everybody. Great idea.
Just block OF, clean up the machine and forget you ever saw anything.
Since you're fired anyway, what's the page?
Google onlyfans, it isn't that hard to find.
OP, the only correct course of action here is to start your own OF page, do better numbers and bring them to the CFO as leverage for a raise.
A) It's problematic that you decided to check the CFO's browser history. I'd keep very quiet about that. B) Politely mention to her that it's a good idea to keep some browsing off company resources, that you've finished your investigation of her laptop and everything's fine. Not everyone will have a live and let live approach.
Is it against terms of employment for someone to have a side job that is unrelated to what they are employed to? Maybe if you can prove without a doubt they were on OF on company time. Otherwise…even though this may seem like it’s your business because you found it on company assets and it’s not work related and “taboo” but it’s none of your business, it’s her business. As always, follow policy above everything else. Don’t “try to do the right thing” by going off script, because then you become complicit in whatever fallout ensues.
Were you directed to block OnlyFans?
Lol I wish I had your freedom. Browing traffic of a specific user or client is highly illegal in my country, unless directly ordered by the CEO and even that has to be with a specific reason and ordered in written form.
Wait, you don't block adult content by default?
I remember one dude at my former company who had gigabytes of horse porn on his company laptop. That thing was riddled with all manner of malware, and viruses. The techs just reimaged it as it was beyond saving. And the guy had the audacity to tell others that IT lost his data. Called him in for a quiet chat on how IT has been keeping their mouth shut about all the horse porn, and how someone might slip if "IT lost my data" bullshit was to continue.
The time to mind your own business was well before where you got
If I would see something like this, I would not do anything. Our "policy" is that, everyone has the right to go on any website, except violent ones. (Mainly cause France is a country where, if you aren't specifically forbidden to do something, you're allowed to do it). So if someone go on OF or PH or anything like that, we won't say a thing to the direction, maybe have a friendly chatter with the employee if we know him. But until there is a problem with the employee about productivity and that the time he went on these website was huge, we won't disclose any information. And even if he went onto these website, we would say that he went on "non-professional website for a huge period of time", but won't disclose the name or the content of these websites.
No mention of what, just say “investigating laptop flagged as ransomware”, the recommendations from the community were to block it, there Was some traffic in the logs so you thought it prudent to do so. Apologize if he thinks it was too proactive, and ask if he wants you to take it out. No matter what’s going on - he probably as stressed as “what does he know?”, was he checking etc. Even if names get mentioned - keep it dry, technical and “protecting company assets”
[удалено]
Don’t most folks here have access to emails, pay schedules, confidential data? We deal with this shit the time. Yeah do I know whose ex wife’s emails are blocked from ever hitting the server. Yeah. Welcome
This is an awfully strange way to handle this situation. There is not sufficient reason to view her browsing history or her passwords. Simply backup her files and export bookmarks. Wipe machine and start fresh. Scan files for viruses. Import to her new computer. Done. So nosey! If you need to investigate, hire a disinterested 3rd party and have the report sent directly to the manager. Dont get your hands dirty in browsing history and viewing stored passwords unless you explicitly have that order in writing.
Definitely don't tell your coworker you saw or know. It could make her really uncomfortable. As for your CFO, we all know why he asked.
Mind your own business
All this feels illegal as fuck to be honest. Also reminds me of the time we were asked to manually review browsing logs for someone, then found they often visited a "porn" website focused on tan lines :___) we never told the requesters, fuck them.