FWIW, this isn’t to do with me personally at all, I’m not looking to do anything dodgy here, but this came up as a theoretical question about remote work and geographical security, and I realised I didn’t know enough about this (as an infosec noob)

Presuming:

  • an employer provides the employee with their laptop
  • with security software installed that enables snooping and wiping etc and,
  • said employer does not want their employee to work remotely from within some undesirable geographical locations

How hard would it be for the employee to fool their employer and work from an undesirable location?

I personally figured that it’s rather plausible. Use a personal VPN configured on a personal router and then manually switch off wifi, bluetooth and automatic time zone detection. I’d presume latency analysis could be used to some extent?? But also figure two VPNs, where the second one is that provided by/for the employer, would disrupt that enough depending on the geographies involved?

What else could be done on the laptop itself? Surreptitiously turn on wiki and scan? Can there be secret GPSs? Genuinely curious!

  • ericjmorey@programming.dev
    link
    fedilink
    English
    arrow-up
    10
    ·
    7 months ago

    I made devices to track wildlife via gps and an embedded simcard and GSM radio to report tracking data. It would be trivial to install a device to basically turn the laptop into one of those tracking devices. But this is beyond what a typical business would consider doing.

    • Tar_Alcaran@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      9
      ·
      7 months ago

      Depending on how accurate you want it, the simcard is plenty. If your goal is “don’t be in France”, you really don’t need more…

    • maegul (he/they)@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      5
      ·
      7 months ago

      yea, that’s what I’d figure. However easy a GPS setup would be, most businesses are, I’d guess, relying entirely on network snooping/logs. Which, if true, seemed pretty fallible once I started thinking about it.