The Tech that Big Tech Uses

Technology has a highly concerning present and future impact on privacy, personal autonomy, and free speech. I estimate that many of us are here, supporting—or at least interested in—Purism because we want to mitigate or even invert such negative impacts of technology in our personal lives, maybe in society too.

Many of us probably have a conception of the idea of Big Tech. That is, Google, Facebook, Amazon, Apple, Microsoft, and other giant technology corporations that exploitatively profit from locking people into restrictive ecosystems or harvesting and selling huge amounts of data about people against their will.

Over the years, I’ve built up an idea in my mind that the leadership of Big Tech have been, on average, more aware than the general public about the harmful effects of their technology. Famously, Steve Jobs wouldn’t let his children use iPads. The (highly recommended) documentary, The Social Dilemma, highlights more examples of tech leadership that shun the tech they develop for other people to use, following a model of, “don’t get high on your own supply.”

That lengthy preface, just to ask, do you all have any thoughts or information on what personal technology choices technological oligarchs (to the extent they exist) are making? For example, anyone an engineer at Facebook (or have a friend who is) and aware of known strategies for mitigating harmful effects on privacy, etc from using the app? Or perhaps you can provide links to anecdotes, resources, etc that have “leaked” from Big Tech about the personal tech choices that leadership is making?

For example, does Jeff Bezos use a Raspberry Pi for his “smart home,” instead of Alexa? Does Larry Paige use GrapheneOS, etc.

Looking forward to everyone’s thoughts!

Like parents don’t use children’s stuffs but their children use them. CEOs, executives, developers, whoever working for big tech companies are very aware on how bad their business practices are but they do not care, only very few do.

It’ll get worse when web3 comes out that would further centralize the internet by upgrading websites to depend on cryptocurrency. I wouldn’t be surprise in future most official websites would require you to have crypto wallet for paying to have an access, like banking, social security, news, education, medical, etc whatever you surf on, etc. Stephen Diehl has twitter account explaining many of her objections against web3, here

https://twitter.com/smdiehl

If you expect a frank answer in that scenario, this topic should be in Round Table. Not exactly private but better than on the open web.

My co-worker used to be a supervisor at linkedin. It was a running joke if you put illegal software on your computer alarms would go of and you worked at the loading dock until the IT tiger team sanitized it.

Speaking of loading dock, much of it was incoming new SSDs. There was a dedicaed shift that all it did was swap SSDs out before they exceeded the recommended number of re-writes.

Big brother was always watching, it was another running joke if you had something to say, to go out to the far end of the parking lot.

Now it seems that many corporations are requiring “admin apps” to be installed on the personal phones of employees. With such apps installed, leave your phone at your desk when you go to the far end of the parking lot to say something

Ostensibly, these apps are about protecting the company from liability and loss of intellectual property. If the company wants to wipe the phone, they can do so remotely at any time. Of course, admin control of employees’ personal devices could certainly be used for other purposes.

When employees choose to use their personal phones instead of using a company issued phone. Most people choose to let the company control their personal phone instead of carrying two phones, that is a choice.

Yes, the company will install the mdm software on the company issued phone, but it’s the companies phone so they can put whatever software they want on it.

Being as the intent of the software is to protect the company and most places have laws around when you can/cannot monitor people’s conversations without their consent (and consent to monitor the device is not consent to monitor the employee in the bathroom etc) most employers will not monitor the employees conversations this way as it would expose the company to more risk not less. Examples of rogue employees monitoring other employees is not the same as a company policy…

I would choose the company device and leave it off and away when appropriate but that’s my choice.

No, not every company provides cell phones. Moreover, some of the companies that do not provide phones nevertheless require employees to have one, for example, to access company systems that require 2-factor authentication.

That (EDIT: requiring an employee to have a phone and install an admin app on it) means that a company is requiring, as a condition of employment, admin access to a device that can monitor everything that an employee says or does during most hours of the day

This is true, but unfortunately it is not clear to what extent a company must communicate to an employee how the company uses the admin access to the employee’s device, so there is a lot of potential for abuse there.

No, it means that you have to use their 2FA app. I use one on mine. It doesn’t do any monitoring.

It was not my intent to imply all do, however most do, again this is about reducing their liability. For every company I’ve encountered that requires the employee bring their own device I’ve encountered 2 that require the employee use the issued phone. The more common situation is that it’s a choice.

These applications are not Mobile Device Management solutions and do not have the abilities you speak of. Conflating 2 different things doesn’t help the situation.

There is a misunderstanding—I did not at all intend to conflate employer admin apps and 2FA apps.

I was only referring to 2FA as an example of why a company might require an employee to have a phone and use it for work. Requiring the employee to use an admin app would be an additional requirement.

Made an edit above to clarify what I meant.

And you know that how?

If your company happens to use a standard 2FA mechanism and you can get away with not using the exact app as provided by the company but instead use an open source app that provides equivalent authentication then OK otherwise …

… home at the end of the day.

Laws vary from place to place but … not necessarily.

Some jurisdictions will enforce a basic standard of decency regardless of the fact that the company owns the phone - a point that you go on to acknowledge.

Whether the company who breaks the law will get caught is another question though. (Also, if it’s a third party app, the company can always attempt to plead ignorance about the full extent of the app’s functionality - and that might even be true.)

I can imagine that a company might enable latent monitoring functionality for a particular employee if it gets into a dispute with that employee over an unrelated matter.

What does the company do when you BYO Librem 5?

Right now it is unlikely that the mandated company app will be compatible with (able to be run on) the Librem 5.

I am very curious about this. Something akin to a remote desktop could be used, as is already used for “bring your own” laptops. However, it seems like this would be clunky for phones, receiving email notifications and phone calls, for example.

Probably some companies just wouldn’t allow the L5 to fulfill the requirement, unless law protects the right of a person to choose a Linux phone and not need to buy another one

Those apps can also brick your phone.

I translate to another situation in germany: Some companies want to install cameras in spaces where employees are working. But they are not allowed by privacy laws. What is the difference to companies phone with spy apps?

I’m very sure that at least in Europe it is illegal. But of course it doesn’t mean that companies wont do this. Often they break laws because they don’t know it better. I don’t speak for asshole companies like Amazon who know exactly where they break laws, but for common companies.

In your dreams.

Well anyway the original context of this sub-discussion was that it is a company phone. So if a company buys a fleet of Librem 5 phones then presumably the mandatory app is at least compatible with the phone.

Correct, while in a prior decade some companies embraced a “bring your own device” (BYOD) policy, company phones are easier to implement and control. However those that still allow BYOD will mandate their app be installed if your bring it on premises. One workaround is to lie to them that you don’t have a phone and turn it off at work. Then they will either issue you a 2nd phone (because they don’t know about the 1st) or reimburse you to buy one.

(Or not at all if your job doesn’t need a phone.)

Maybe the Librem Key could work for 2FA, but would it be difficult for the company to distribute and manage keys to be used on an employee’s Librem Key? I’ve never used a device like that, so I have no idea what a preferred strategy would look like. Maybe the company would own the USB keys and corporate IT would set them up before issuing to employees?

It is already happening with the home routers: https://fsfe.org/activities/routers/.

In respect of router freedom, it is also a waste minimisation issue.

For all the well-known reasons, you want customers to be able to abandon one ISP and change to a competitor ISP. If there is absolutely no router freedom, that would mean also abandoning a router each time the customer changes ISP. That would waste resources and add to the waste stream.

So, fair enough, your dreams are closer to reality in Europe.