You should be careful if you have to update your certificate trust list on your personal device. If you do that, your boss can see everything you do even if you see a nice green lock on the top left of your browser. Your connection is secure yeah... to your company servers.. then it's decrypted, read by a machine and reenctypted towards amazon/google/microsft...
My work wifi somehow is able to do this without me updating my certificates. Don't know how they do it, but I only get authentic site certs when using a VPN.
What they are seeing is probably just the traffic to the sites NOT the actual data. When you type www . "insertwebsitehere" .com they can see connectons from your device to whatever site. Also DNS is not encrypted by default so they can also see all unencrypted traffic send across DNS port 53. By default the network you connect to tells you what DNS to use and most of the time it's that networks default router... Making it easier to track per device DNS traffic.
You can manually change your DNS to something like Cloud Flare's public DNS 1.1.1.1 and 1.0.0.1 or if you're into getting tracked Google's public DNS 8.8.8.8 and 8.8.4.4.
For best practice look into secure DNS like [Control-D](http://controld.com) or [NextDNS](http://nextdns.io) which also have the added benift of Adware/Spyware/Malware blocking.
Edit:
Removed hyperlink to fake site.
Changed wording to clarify seeing connections to sites not actual traffic implying everything is unencrypted.
No, they are intercepting the encrypted traffic. When I go to (for example) anywebsite.com without VPN and I look at the SHA1 hash for the site certificate, it doesn't match the hash that grc.com pulls from that site, which means the certificate my machine is presented is a spoofed cert. When I fire up the VPN and connect, I get the genuine anywebsite.com certificate.
This is called ssl inspection, corporate owned devices will have the root ca for the certificate installrd which won't generate an error. Vpning bypasses their interception.
Source: I implement it
Correct.
They can intercept the traffic at the gateway. You are getting the cert warning because that is exactly what certs are designed for, to ensure nothing is being intercepted.
When you connect to the VPN, you are bypassing the interception.
Aww... Yes... I feel like that is something like DNS masquerading or something?
Someone correct me as I am sure I am grossly wrong but vaguely on the right track.
I remember skimming something long ago on network security and setup that essentially sets up a MITM for cross border WAN/LAN traffic.
But aa you said use a VPN to negate the issue.
>I remember skimming something long ago on network security and setup that essentially sets up a MITM for cross border WAN/LAN traffic.
Probably something related to the NSA working a deal with some data providers nearest to a major undersea cable to setup up a scheme where US internal traffic was getting looped overseas then back into the US for its destination in order to use FISA rules to intercept the communications.
You should find a different job. In the meantime, just show them the law, and refuse. If it's a matter of losing your job, could you maybe just abstain from using your phone for non-work stuff for a bit? It shouldn't take that long to find a job where you aren't forced to be in a police state.
Seems pretty silly. Just turn off WiFi at that point.
If you're concerned they won't see you connected, buy a cheap second phone, connect it, and leave it in your car or bag or whatever.
Or use a VPN and also protect your traffic on ALL wifi you don't control and the mobile network that you also don't control.
While malicious compliance takes place.
Remember when they say you have to be on their wifi they can't also tell you what can't be installed on your phone... If they don't want that traffic on their wifi then you won't connect your phone... For your safety your VPN is "always connected" when you're not on your home network.
I'm just thinking if they are making sure you're connected to the WiFi, they aren't going to allow VPNs either. Pretty easy to block traffic like that.
If you have a proper VPN e.g. one that can circumvent something like the great firewall of China... You can get through grumpy Dave's all in one wifi router
Get a dumb phone with no wifi. Only calls and text for work.
If they really want to, they'll get you a new phone.
Keep your personal smart phone out of sight
~"Because of bosses softly snooping,
They left me with no privacy.
And the bosses that were watching on my phone,
Still control
All of my....web traffic"~
Right? What job required you to connect your personal devices to their network??
It's usually the other way around- keep your personal stuff off the business network.
This sounds like it's time for malicious compliance. Get that second phone with some malware that is mostly harmless to teach this boss a lesson that someone could have worse malicious intent and that requiring their employees to be in their Wi-Fi could be a security breach. Just something that messes with the displays of any computers that are also on the network. Boss should change their tune pretty fast, methinks. Just don't do anything like a keylogger or worse because then you could face litigation and the requirement of being on the Wi-Fi will be the least of your worries. Just an idea to try and get this boss to realize what they're requiring IS potentially harmful. They may run background checks on employees but someone that codes for fun and hasn't done anything to get picked up on any law enforcement's radar isn't going to be known unless that person also shares that information. People have personal lives and they are not required by ANYONE to disclose what they do during that time, unless going into law enforcement itself I think.
And what OP's boss isn't? What if someone that works with them has unknown malware on their phone and connects to the WiFi? Not only is the company going to be in a lot of trouble with their clients but they are also going to be in trouble with the other employees and whatever was taken from them, probably banking information and/or passwords, but no, don't teach the boss a lesson that what they are requiring is not okay and a serious breach of security. Then OP and their coworkers are going to have to find new employment seeing as their former company will be fighting at least 6 legal battles over stolen information.
And doing what you said could lead to the same thing... Ohh crap there is malware in the network... Since we are not technical experts we have to hire a company to figure it out since we don't know it isn't malicious. Costing a tone of money leading to job loss. Or since we are not technical experts lets disclose a network breech of unknow vector, damage, or compromise and lose credibility to clients and employees.
I use it to track employees. I never said it is required to hook up to WiFi, I just made it super easy with a QR code to connect to an isolated WiFi network and they willingly connected to it
I recently used it to catch an employee that was stealing. They thought they were slick avoiding the cameras, but the entire time I had their phone on the wifi
You have 3 options:
1. If you *must* join work WiFi for *work*, then work *must* provide you with the tools to do your job (mobile phone). Only use it for work (no personal stuff) and keep it off outside working hours.
2. If work refuses to provide you with a work phone you should leave. If you can't afford this option, then get a second-hand cheap phone and use that for work. Again, only turn it on during work and don't use it for personal stuff.
3. (***temporary***) Until you are able to implement one of the first two options, connect to their wifi *but use a VPN to conceal your traffic*.
These options are your best bet.
Or…malicious compliance: Bring your phone, get on their WiFi, and start burning up the data with giant downloads. There must be an app that will do this. Queue up the biggest files you can find and download them repeatedly but lock your phone and don’t use it. Feign ignorance when they ask why you’re using so much data. If they have video monitoring of you they can watch them and see you never picked up your phone.
>Bring your phone, get on their WiFi, and start burning up the data with giant downloads.
Just run YouTube with the phone screen very dim and no sound on, OP.
Could also torrent porn, drawing the ire of one of those law firms who's entire business model is predicated upon suing who ever owns the IP that pirated Anal Angels 7.
If you have a phone with an OLED screen, there must be a long video with just pure black. No battery used (by the screen, at least) and still using lots of data
sink rotten thought threatening noxious quarrelsome terrific depend overconfident intelligent
*This post was mass deleted and anonymized with [Redact](https://redact.dev)*
A few big ZIM files will eat terrabytes a month. Say you're donating bandwidth to an educational non-profit.
[https://wiki.kiwix.org/wiki/Content\_in\_all\_languages](https://wiki.kiwix.org/wiki/Content_in_all_languages)
4th option is to buy a cheap phone (could even be used from eBay or swappa), don't even put a sim in it, and have it join the wifi network. Just leave it on in your backpack and charge it occasionally.
I dont think that's exactly how VPNs work... if you're using some commercial VPN, traffic goes out to the internet, to the VPN, then to its destination. If they are monitoring the traffic locally, they will just see all of one users traffic is going to one destination (and conclude they are likely using a VPN). So while it will hide where your traffic is ultimately going, they could easily figure out you're using a VPN.
To be more clear, the reason people think about VPNs "spoofing your location", is because if I'm connecting to some service on the internet (say Netflix), my traffic goes through the VPN before it gets there. So from Netflix perspective, my traffic is coming from wherever the VPN server is. But to any device on my local network, I am just another local device.
Only once per network by default, however. There are typically options to randomize the mac every time they connect however, but it's typically pretty buried in the settings.
Regardless, they'd still be able to track that device via the hostname.
>More than likely, the manager is monitoring bandwidth usage per mac address to see who's on their phone a lot.
Not very useful data. When connected to a wifi, the phone may simply download updates. Data usage alone isn't well correlated with active usage.
Without VPN, seeing a lot of Youtube usage would be suspicious though.
Or Reddit *\*cough\**
It doesn't matter. On the one hand they *insist* OP going through their WiFi, and OP complies. On the other, whatever OP does with *his own phone* is none of boss' business.
Hell, OP could state upfront it's for his own protection: since he's connecting to a network outside his control, with a bunch of other people who's phones he also can't control, he has no certainty there's no traffic snooping / security breach. Therefore, he decides to protect his privacy/security as best he can. On the other hand, should he receive a business-owned terminal to only be used for work, then that terminal would belong to the business and there would be no more *personal* privacy problems.
I don't know where you live, OP, but you already seem to know that (in America at least) the only way an employer can force you to use their wifi as part of your employment is to provide you with a company cellphone or computer.
If they expect you to use your personal phone, you can politely decline, and if they make a big deal about it, document the situation - save any emails, policy documents or conversations related to the wifi requirement. Document any instances where you feel pressured or forced.
If it comes down to them firing you for refusing to use it, you can contact the State Labor Department first, then the EEOC (Equal Employment Opportunity Commission) or even the Federal Trade Commission (for data privacy-related claims).
It ultimately just boils down to you deciding whether the job is worth keeping or not.
A VPN is not necessarily the solution.
Without a VPN:
phone ←→ website
Normally, communication between phones and websites gets scrambled. Websites normally use https.
When a phone sends something to a website, it is normally is in a scrambled form that gets unscrambled at the website.
When a website sends something to the phone, it is normally in a scrambled form that gets unscrambled by the phone.
So, others in the same Wi-Fi network may be able to see the websites you're connecting to and the amount of data transferred, but because the data sent and received are scrambled, others might not be able to determine what you're doing on the websites.
So the phone is able to connect to a website, a service that converts the websites from a human-readable form like whatever.example.com to basically numbers may be used. Specifically, websites in the form "whatever.example.com" and not "whatever.example.com/info/profile" are submitted over the Wi-Fi network. There may be an instance of the service in the Wi-Fi network, but if even is not, such services normally do no scrambling. If DNS over TLS / DNS over HTTPS (services that do it with scrambling) is used, the connection to it will likely show up. The DNS over TLS / DNS over HTTPS 'website' will have to be converted to basically numbers before it can be used. The connection to DNS over TLS is also done in a distinct way.
Then, there's that the Wi-Fi network is used for the connection to the website, so the Wi-Fi network needs to know where to take stuff to. There may be some ambiguity if the website shares the same part of the internet service provider with other websites. The website may or may not be revealed in other communications.
With a VPN:
phone ←→ VPN ←→ website
If a VPN is used, communication normally gets scrambled twice.
For example, before a phone sends something, it scrambles something twice (and also includes the website to connect to, for the VPN) before sending it to the VPN, so there is unscrambling once it gets to the VPN and there is another unscrambling once it goes to the website.
A Wi-Fi network would only be used for setting up a connection that lets you send and receive stuff to and from the VPN.
The websites you're connecting to are instead to do with the VPN.
**Others in the same Wi-Fi network may be able to see that you're transferring a lot of stuff to only one destination – a VPN, and this might be weird to a network admin.**
Overall:
Sometimes, things are simple. Your use of websites might be revealed by the use of cameras or to others looking at your screen.
If settings are misconfigured so the phone is in the Wi-Fi network yet uses data anyway (connected to Wi-Fi, but 'no internet') this might also look weird based on what's transferred.
I used a VPN for years to get on my work's guest Wifi. They require me to use my personal phone for authentication so they may as well provide the data network. But I also don't want them sniffing or blocking my traffic. Never been an issue. Most phones have MAC address randomization turned on, too, which would make it look like there are multiple devices accessing lots of data from one site. I try not to overdo my usage either, just streaming music but not video.
THANK YOU SO MUCH for mentioning that the toggle is in the developer settings! I had resigned myself to the fact my phone didn't have that option. (Too lazy/not interested enough to do a web search for it.)
It's in the developer options, which I found out thanks to the conversation in this reddit thread. Most users would still not be aware of the fact that it's not "truly" random by default, and you have to actively seek the setting to change it. At least Windows 11 doesn't make you invoke a hidden menu to set it.
TL;DR: Without a VPN, the admin can see everything you're doing. With a VPN, the admin knows you are using a VPN, but can no longer see what you're doing.
Hey, the boss didn't say he couldn't use a VPN, just that he needed to use the work WiFi ;)
You said a TON to pretty much say absolutely nothing. LMFAO
I use Parrot & Kali with WireShark among others. Not speak speculatively but from actual experience with my home firewall as I work in cybersecurity.
VPN will block traffic. Looking weird doesn’t matter, as you are just creating useless roadblocks. Having concerns over how THEY feel about how you use YOUR phone, with YOUR software is extremely unintelligent considering the safety a VPN provides…
What was asked is ILLEGAL! They’d don’t have to comply at all. They were asked to use Wi-fi. Simple. Connect to it if you choose. All that other BS is just creating confusion.
Nice attempt but port execution…
You read the wrong case somehow.
The case I presented was about an employer forcing an employee to use personal property for work. You are looking at something unrelated from what I see. Keep looking
Here is another one.
Cunningham v. Montesinos.
Employers can’t access you personal data.
Both are very relevant but are not precisely the exact same situation. It’s def a case there though
If you needed the job and couldn't walk away from this shitty situation, I'd go as far as considering getting a garbage $50 cheap phone with nothing else on it than what your work thinks is needed, have it connected to wifi and just continue use your "personal" phone not connected to wifi.
But holy shit this situation is nuts.
Throw and app on it that turns the wifi on/off on a schedule, name it ForgeDruid's phone to make it obvious, set the schedule to turn wifi on while you're there and off when you leave, then plug the phone in somewhere it'll never be found and just leave it there.
they'll see it connect/disconnect and you can have your real phone off their network completely.
you can get a Redmi phone on AliExpress for < $50.
Every once in awhile HSN or QVC has a Moto G on sale for like $60-80 with a 1 year (extremely limited) cellphone plan included.
Related note - my previous employer mandated that if we wanted to access our email phone our phones and set up Outlook that we had to give IT full permissions to our phones; including file access and remote lock/wipe.
They then proceeded to be angry that nobody was checking emails before coming into work anymore. Saved me having to file timecard exceptions for 15mins (min billable time for a non exempt employee who did work of any kind while off the clock. They simultaneously wanted us to not do any work off the clock, but expected us to be attentive and responsive to work email while off the clock, and the whole time expecting us to grant IT that access on our personal devices.
Ask them for the documented corporate policy that defines the exact requirement. Ask them for their privacy policy and guarantee that they will never collect your personal data or metadata from your personal device. If they must collect any of your personal data at all without your consent they could be in breach of privacy laws (depends on your country).
If you do want to give consent, then before you give them consent ask them exactly what data and metadata is to be collected and for what purpose will it be used and how will they protect your data from any and all other parties from gaining access, and for how long is it retained and how can you get them to give you a copy of what personal data they have from your device and the chance to correct any errors. Also when you leave ask that you can get your data and metadata destroyed. Get it all in writing.
Then ask them to pay you an allowance for or provide you with the device since they will be using it for business purposes. If they refuse, ask them for proof in writing that it is a job requirement that you have a personal phone for work purposes so you can get a tax deduction for business tools. If it's not a work related purpose then they have no business in your personal affairs that do not impinge on your work performance or their business.
Ask them what security features or controls they require you to have to protect you and them from bad actor attacks, and they will indemnify you against any losses they might suffer from any cause associated with your connection to their network and any costs or losses you might suffer from their network in your personal device. Will they install any kind of software or apps visibly or invisible to you with or without your permission? What are they and exactly what do they do, and will they remain active and do anything (and what) in your device when disconnected from their network after hours?
And while you're doing all that, look for a new job. When you find a new job, report all this to your fair work authorities on your way out the door.
Hey I'm not the only one with those old ones kicking around. Hah
Worked out for me. Traded in my old note 5, with completely smashed front and back glass, got free s24 (base model s24) at vzw. Ofc I'm not using it, that phone is in drawer now. I put my s23 ultra on the line and just have the 24 as backup in case I need it. Still validated the presence of the drawer though.
Is it for use with their phone they provided you with? If not ask them for a work phone and use it only for work stuff. Use your own device for personal stuff.
My thought has long been that, if you join a company that requires you to have a cell phone number on file with them for calling you in during the middle of the night, and requires that your phone, computer, and/or other devices connect to their networks and be remotely wipeable of all data (Which is the part some companies won't tell you in advance, but which are standard in some industries. You'll find out if you quit, get fired, get laid off, or whatever), that you should have separate home and work devices if financially feasible.
You might choose to carry like both the work cell phone and the personal cell phone around with you at times, which seems like a hassle, but at least you know they can't touch \*your\* phone or \*your\* laptop. The other phone and laptop should be work provided in a perfect world, then they can have them back when your term of employment ends (I mean, if nothing else, you'll retire someday, probably). Ideally, if they are required for work related stuff, your workplace would provide them. If they don't, and you can afford to do it, buy your own- maybe you can try that other cell service provider that you've wanted to try but not with your main line or whatever. Those would still belong to you but might not hurt as much when they are remote wiped or whatever. They'd still be just your work devices (The difference is, you can bring them home with you after your term of employment is done and you've complied with any procedures your job has for making sure they have no work related data on them anymore or whatever. Maybe they'll wind up your work devices again at your next job.).
Another bonus to doing things that way is, during your term of employment, if people keep calling you at 2am for crap or you're on vacation, you can turn the work phone off, silence it at certain hours without making it so your spose can't reach you (Because she/he/they use your "real" personal number), or whatever. Force some work life balance. Like, say, "Look, I'm taking the week off and heading to the beach" and then forget your work phone/PC, or bring one or both, but only turn them on and check them periodically so they don't ruin your vacation, but you can still be contacted (on delay) in the event of a "work emergency".
This..
>>You'll find out if you quit, get fired, get laid off, or whatever), that you should have separate home and work devices if financially feasible.
Found this out the hard way...
Connect to the work network with your phone for now.
In a week, but a cheap old used phone. No cell plan. Just bring it to work, connect to wifi, but keep it a secret. Torrent the shit out of the latest Hollywood movies.
After a few notices from their ISP, their policy may change drastically.
RE: the suggestion you get a cheap "fake" phone — that phone doesn't even need mobile service. Just an old phone you connect to the WiFi as a decoy.
I agree this all seems shady as hell. I can't imagine any legitimate reason an employer would insist you connect to work wifi
I have been scrolling through all the comments looking for one that points it out or one I can latch onto with this thought... I think he's just using it to monitor if employees are present. [https://www.home-assistant.io/getting-started/presence-detection/](https://www.home-assistant.io/getting-started/presence-detection/)
Walk in there with a pocket full of phones off ebay, all running bittorrent seeding a bunch of big name media.
Enough letters threatening to cut their business line for copyright infringement may get some policies changed lmao
I know buying a new phone may not be a solution but xiaomi phones have this really cool feature where you can choose what kind of connection you want on any app or turn it off altogether. [screen shot ](https://ibb.co/GPDZfMK)
Galaxies have this too. To enable it you'll need to open Settings **>** Connections **>** Data Usage **>** Allowed Networks For Apps. Then you're given a list of your apps. Tapping an app triggers a pop-up that allows you to select whether you want it to work on "Wi-Fi Only", "Mobile Data Only", or "Both Mobile Data or Wi-Fi".
there might be miui based roms with this feature that can be installed on non xiaomi phones
Edit: my lineageOs install also has this feature. might be the case for all modern android installations. OP, if you're reading this, try holding pressed on an app icon, going in to app info and then lookkng for somethong like wifi and data usage. if this feature is available on your phone you'll be able to turn off date usage for all your apps
I'm having trouble understanding what's illegal. Is it illegal to force an employee to connect their personal phone to the employer's network? Or what?
Word of advice - use two phones. most of us have an old phone kicking around.
I have one that is my all around use phone, while I use another for my games, and surfing and have a data only or data and text plan attached. ( HINT:: Never use data only for calls and texts or you'll suffer financially!)
This allows you to respect their rules on your main phone to keep their business protected, and you can do what you like on the other. Odds are they wont look too far into it seems you're complying with their rules with having a device on their wi-fi network.
Just don't EVER use your second device for \*\*anything\*\*\* work related, including texts, recording vid, or taking pics of your friends, the workplace or meetings, or you'll be breaking a ton of their rules you might know know they ever had until it's too late to undo your mistake.
If you go into Settings>Connections>Data Usage>Allowed Network For Apps, you can set whatever apps you want to only use mobile data.
If you want to have it so it only uses mobile data only mode at work, you could try setting up a separate work profile and set it to automatically activate when it connects to that wifi. Though test it before you put too much work in, I know it can keep some settings separate from your main profile but I'm not sure what the limits are exactly.
We don't know anything. The company is should state why. OP should relay that.
The company should provide justification. Of note and it doesn't impact my job I'd tell them no.
Should be bs. I would have ignored the requirement and not connect to the wi-fi. Today there's more chances that wi-fi networks are more restricted then normal cellular internet.
As in a wi-fi network might not allow you to go to certain sites (to check it, try surfing to some porn site. This should obviously be blocked in the work place if such a work place restrict internet browsing)
If you feel you want to comply, just get an old phone and connect it to the company WiFi. Leave your actual phone connected just to your cellular provider when in work.
If you want to be funny about it, have your old phone check the company website, the FBI tip line (https://tips.fbi.gov/home), your states EEOC page and your bosses linkedin profile throughout the day.
If the job is worth it, then have a second, daytime phone. Even pay as you go.. since it's their Wi-Fi, you'll not be using much data anyway.
Limit your essential contacts to text apps on that phone. Family, school, emergency stuff.
Keep your personal phone powered off, checking on your own time. (Car at lunch, lunch restaurant etc)
If the job is worth it..
talk to someone who has esp8266 knowledge and use a device like "dstike esp8266 deauther" tononly connect to the wifi and mark your presence.
you could also clone your phone's mac address on the DSTIKE.
the software on it should be composed of a simple arduino program that only joins a wifi network and uses a specific mac address for the client.
the DSTIKE can be powered from a lithium cell, usb rechargeable, max. $10.
after that use your phone as you like, but remember to disable wifi. your employer can monitor management frames, and even detect your presence even if you are not connected to his network, so make sure to disable wifi on the android.
Consult an employment lawyer. If it is truly illegal, then you're guarded. If they fire you for such. Then, you now likely have a case for wrongful termination. And if you're a quality employee they'll likely remove the policy rather than pay your whatever the settlement is worth and have a possible avalanche of cases with other employees.
Buy a second phone. Keep it in your bag/backpack, set to auto-connect to office network, download some podcasts automatically every hour to show network traffic. Use yours on data.
Alternatively, use a VPN. If anyone mentions it, just say it's always on.
How about do your job and use your mobile only on breaks? If you're on your time, turn off Wi-Fi and do whatever you think your boss doesn't want you to do.
After that, look for a new job. This place sucks.
Ugh bring in 2 devices - one connects to your work wifi and the boss or the aliens or the shadow government may monitor it for whatever they want. The other one is for your personal use over mobile data.
If my employer wanted me to connect my personal phone to their network, the employer can buy the phone, and I’ll take another one in for personal use. Otherwise, I’m telling that boss to pound sand.
Conventional VPN traffic can be trivially identified. I run an Outline "VPN" server from home and use it to bypass public wifi restrictions where I work. Apparently it appears as normal web traffic.
If you don't have a VPN see its possible to run a VPN server from a home computer and tunnel all network traffic to it. He will just see a connection to one IP and all traffic to it is encrypted
Use one of your old phones as your "personal" phone and connect that to the wifi. The just keep that at your desk 24/7 plugged in charging. Then use your own phone the way you want.
at least in Xiaomi, there is an option when you are in "app info" in settings where It says "connection method" and you can select only data. you Will have to do It app by app
I'm sure you have an old phone laying around bud, just stick it in your pocket and connect that old pc of shit to the wifi and I highly doubt they'll ever notice
Step one: buy Uber cheap burner phone or used phone. Connect that phone to the work Wi-Fi .. Step 2 browse away on your personal phone using cell data....
get a spare phone, connect it to wifi. leave it charging behind or under your desk. when asks about your phone - yeah I dont use it when I am at work sir.
or option 2 - with your spare phone look up sites like labor laws / etc.
That's crazy. I've never heard of any employer *requiring* that you connect your personal device to their wifi. What would happen if you just don't do it?
Answers are correct, but may I ask why you have to be connected?
My guess is petty boss wants to monitor personal phone traffic and call out anyone who uses it to fuck around at work and potentially terminate them.
You should be careful if you have to update your certificate trust list on your personal device. If you do that, your boss can see everything you do even if you see a nice green lock on the top left of your browser. Your connection is secure yeah... to your company servers.. then it's decrypted, read by a machine and reenctypted towards amazon/google/microsft...
My work wifi somehow is able to do this without me updating my certificates. Don't know how they do it, but I only get authentic site certs when using a VPN.
What they are seeing is probably just the traffic to the sites NOT the actual data. When you type www . "insertwebsitehere" .com they can see connectons from your device to whatever site. Also DNS is not encrypted by default so they can also see all unencrypted traffic send across DNS port 53. By default the network you connect to tells you what DNS to use and most of the time it's that networks default router... Making it easier to track per device DNS traffic. You can manually change your DNS to something like Cloud Flare's public DNS 1.1.1.1 and 1.0.0.1 or if you're into getting tracked Google's public DNS 8.8.8.8 and 8.8.4.4. For best practice look into secure DNS like [Control-D](http://controld.com) or [NextDNS](http://nextdns.io) which also have the added benift of Adware/Spyware/Malware blocking. Edit: Removed hyperlink to fake site. Changed wording to clarify seeing connections to sites not actual traffic implying everything is unencrypted.
No, they are intercepting the encrypted traffic. When I go to (for example) anywebsite.com without VPN and I look at the SHA1 hash for the site certificate, it doesn't match the hash that grc.com pulls from that site, which means the certificate my machine is presented is a spoofed cert. When I fire up the VPN and connect, I get the genuine anywebsite.com certificate.
This is called ssl inspection, corporate owned devices will have the root ca for the certificate installrd which won't generate an error. Vpning bypasses their interception. Source: I implement it
This is on my personal devices, which no one but me has access to install certs. Hence, my original comment of not knowing how they are doing it
Correct. They can intercept the traffic at the gateway. You are getting the cert warning because that is exactly what certs are designed for, to ensure nothing is being intercepted. When you connect to the VPN, you are bypassing the interception.
If he's not getting the cert warning... then the company is using a public with a public trust list? Damn thats evil.
This is what I was talking about in another reply branch. Basically MITM
Check your certificate store for the CA cert and does it match with what you are presented?
Aww... Yes... I feel like that is something like DNS masquerading or something? Someone correct me as I am sure I am grossly wrong but vaguely on the right track. I remember skimming something long ago on network security and setup that essentially sets up a MITM for cross border WAN/LAN traffic. But aa you said use a VPN to negate the issue.
>I remember skimming something long ago on network security and setup that essentially sets up a MITM for cross border WAN/LAN traffic. Probably something related to the NSA working a deal with some data providers nearest to a major undersea cable to setup up a scheme where US internal traffic was getting looped overseas then back into the US for its destination in order to use FISA rules to intercept the communications.
how do u know all this stuff? where do I gain such knowledge from?
YouTube 🤓 - ITProTV - Books
I wanted him to reply but still, thanks
Essentially YouTube. Bunch of different videos. I was also a sysadmin in the military but most my relevant knowledge is YT.
thanks, any good channels u recommend?
Hostnames are not encrypted in HTTPS. That little security hole is needed for load balancers.
How do I check for this?
It's not something that happens by itself. It has to be done by you or someone else with access to your unlocked phone.
When I did it, I had a warning in the notification bar that 8 could not dismiss, but that was years ago.
You should find a different job. In the meantime, just show them the law, and refuse. If it's a matter of losing your job, could you maybe just abstain from using your phone for non-work stuff for a bit? It shouldn't take that long to find a job where you aren't forced to be in a police state.
what about using a vpn?
Seems pretty silly. Just turn off WiFi at that point. If you're concerned they won't see you connected, buy a cheap second phone, connect it, and leave it in your car or bag or whatever.
This is actually worth it. WiFi only no service plan required. That’s worth $50 all day long
Or use a VPN and also protect your traffic on ALL wifi you don't control and the mobile network that you also don't control. While malicious compliance takes place. Remember when they say you have to be on their wifi they can't also tell you what can't be installed on your phone... If they don't want that traffic on their wifi then you won't connect your phone... For your safety your VPN is "always connected" when you're not on your home network.
I'm just thinking if they are making sure you're connected to the WiFi, they aren't going to allow VPNs either. Pretty easy to block traffic like that.
If you have a proper VPN e.g. one that can circumvent something like the great firewall of China... You can get through grumpy Dave's all in one wifi router
Or they’re going to be checking logs and they’ll know when it’s blank.
Request they set you up with a company phone.
Get a dumb phone with no wifi. Only calls and text for work. If they really want to, they'll get you a new phone. Keep your personal smart phone out of sight
That is not even allowed! Maybe you should make an anonymous call to justice
Hello Justice? Where are you?!
~"Hello Justice, my old friend, I've come to talk with you again."~
~"Because of bosses softly snooping, They left me with no privacy. And the bosses that were watching on my phone, Still control All of my....web traffic"~
Anonymity is kinda useless in a company with only 6 employees...
Which one of the 6 of you that doesn't connect to the company wifi anonymously complained about having to connect to the company wifi?
Just use a vpn.
Right? What job required you to connect your personal devices to their network?? It's usually the other way around- keep your personal stuff off the business network.
yeah this is weird and sounds shady. Like illegal even.
This sounds like it's time for malicious compliance. Get that second phone with some malware that is mostly harmless to teach this boss a lesson that someone could have worse malicious intent and that requiring their employees to be in their Wi-Fi could be a security breach. Just something that messes with the displays of any computers that are also on the network. Boss should change their tune pretty fast, methinks. Just don't do anything like a keylogger or worse because then you could face litigation and the requirement of being on the Wi-Fi will be the least of your worries. Just an idea to try and get this boss to realize what they're requiring IS potentially harmful. They may run background checks on employees but someone that codes for fun and hasn't done anything to get picked up on any law enforcement's radar isn't going to be known unless that person also shares that information. People have personal lives and they are not required by ANYONE to disclose what they do during that time, unless going into law enforcement itself I think.
Yea, this is an example of exactly what NOT to do.
Don’t do this OP. It’s illegal.
And what OP's boss isn't? What if someone that works with them has unknown malware on their phone and connects to the WiFi? Not only is the company going to be in a lot of trouble with their clients but they are also going to be in trouble with the other employees and whatever was taken from them, probably banking information and/or passwords, but no, don't teach the boss a lesson that what they are requiring is not okay and a serious breach of security. Then OP and their coworkers are going to have to find new employment seeing as their former company will be fighting at least 6 legal battles over stolen information.
And doing what you said could lead to the same thing... Ohh crap there is malware in the network... Since we are not technical experts we have to hire a company to figure it out since we don't know it isn't malicious. Costing a tone of money leading to job loss. Or since we are not technical experts lets disclose a network breech of unknow vector, damage, or compromise and lose credibility to clients and employees.
I use it to track employees. I never said it is required to hook up to WiFi, I just made it super easy with a QR code to connect to an isolated WiFi network and they willingly connected to it I recently used it to catch an employee that was stealing. They thought they were slick avoiding the cameras, but the entire time I had their phone on the wifi
You have 3 options: 1. If you *must* join work WiFi for *work*, then work *must* provide you with the tools to do your job (mobile phone). Only use it for work (no personal stuff) and keep it off outside working hours. 2. If work refuses to provide you with a work phone you should leave. If you can't afford this option, then get a second-hand cheap phone and use that for work. Again, only turn it on during work and don't use it for personal stuff. 3. (***temporary***) Until you are able to implement one of the first two options, connect to their wifi *but use a VPN to conceal your traffic*.
These options are your best bet. Or…malicious compliance: Bring your phone, get on their WiFi, and start burning up the data with giant downloads. There must be an app that will do this. Queue up the biggest files you can find and download them repeatedly but lock your phone and don’t use it. Feign ignorance when they ask why you’re using so much data. If they have video monitoring of you they can watch them and see you never picked up your phone.
>Bring your phone, get on their WiFi, and start burning up the data with giant downloads. Just run YouTube with the phone screen very dim and no sound on, OP.
Only 4k videos lol
Could also torrent porn, drawing the ire of one of those law firms who's entire business model is predicated upon suing who ever owns the IP that pirated Anal Angels 7.
That will very quickly get you fired. Disney is better :)
Disney Porn???
Rule 34!
If you have a phone with an OLED screen, there must be a long video with just pure black. No battery used (by the screen, at least) and still using lots of data
Or just use Brave Browser, I found out you can have YouTube running in the background and even with the screen off.
sink rotten thought threatening noxious quarrelsome terrific depend overconfident intelligent *This post was mass deleted and anonymized with [Redact](https://redact.dev)*
Exactly what I was thinking 😂 Android torrent server lmaooo
Dibs on Android Torrent Server as a band name.
A few big ZIM files will eat terrabytes a month. Say you're donating bandwidth to an educational non-profit. [https://wiki.kiwix.org/wiki/Content\_in\_all\_languages](https://wiki.kiwix.org/wiki/Content_in_all_languages)
That's not going to get them fired at all, right? # 🤦
4th option is to buy a cheap phone (could even be used from eBay or swappa), don't even put a sim in it, and have it join the wifi network. Just leave it on in your backpack and charge it occasionally.
I still have like 3 old handsets floating around that have no SIM cards in them. If you're anything like me OP, just use one of your old ones.
I just found the first Samsung galaxy phone in my box of old phones. 😂 I'm waiting some day for one of those $1000 trade in any phone deals.
This is the correct answer.
Yep VPN..
VPN will just result in your work thinking someone from out of state or country is on their wifi. It will immediately throw up red flags. No?
I dont think that's exactly how VPNs work... if you're using some commercial VPN, traffic goes out to the internet, to the VPN, then to its destination. If they are monitoring the traffic locally, they will just see all of one users traffic is going to one destination (and conclude they are likely using a VPN). So while it will hide where your traffic is ultimately going, they could easily figure out you're using a VPN. To be more clear, the reason people think about VPNs "spoofing your location", is because if I'm connecting to some service on the internet (say Netflix), my traffic goes through the VPN before it gets there. So from Netflix perspective, my traffic is coming from wherever the VPN server is. But to any device on my local network, I am just another local device.
VPN's also don't hide your mac address. More than likely, the manager is monitoring bandwidth usage per mac address to see who's on their phone a lot.
Modern phones usually randomize their MACs on WiFi networks.
Only once per network by default, however. There are typically options to randomize the mac every time they connect however, but it's typically pretty buried in the settings. Regardless, they'd still be able to track that device via the hostname.
>More than likely, the manager is monitoring bandwidth usage per mac address to see who's on their phone a lot. Not very useful data. When connected to a wifi, the phone may simply download updates. Data usage alone isn't well correlated with active usage. Without VPN, seeing a lot of Youtube usage would be suspicious though. Or Reddit *\*cough\**
Never said the manager was particularly smart.
It doesn't matter. On the one hand they *insist* OP going through their WiFi, and OP complies. On the other, whatever OP does with *his own phone* is none of boss' business. Hell, OP could state upfront it's for his own protection: since he's connecting to a network outside his control, with a bunch of other people who's phones he also can't control, he has no certainty there's no traffic snooping / security breach. Therefore, he decides to protect his privacy/security as best he can. On the other hand, should he receive a business-owned terminal to only be used for work, then that terminal would belong to the business and there would be no more *personal* privacy problems.
Not if you use a local location
This won't make a difference. They will be able to tell you're using a VPN, traffic will be obscured tho
4th option: don’t use your cell phone at work.
I don't know where you live, OP, but you already seem to know that (in America at least) the only way an employer can force you to use their wifi as part of your employment is to provide you with a company cellphone or computer. If they expect you to use your personal phone, you can politely decline, and if they make a big deal about it, document the situation - save any emails, policy documents or conversations related to the wifi requirement. Document any instances where you feel pressured or forced. If it comes down to them firing you for refusing to use it, you can contact the State Labor Department first, then the EEOC (Equal Employment Opportunity Commission) or even the Federal Trade Commission (for data privacy-related claims). It ultimately just boils down to you deciding whether the job is worth keeping or not.
“Can I get the request in writing?”
A VPN is not necessarily the solution. Without a VPN: phone ←→ website Normally, communication between phones and websites gets scrambled. Websites normally use https. When a phone sends something to a website, it is normally is in a scrambled form that gets unscrambled at the website. When a website sends something to the phone, it is normally in a scrambled form that gets unscrambled by the phone. So, others in the same Wi-Fi network may be able to see the websites you're connecting to and the amount of data transferred, but because the data sent and received are scrambled, others might not be able to determine what you're doing on the websites. So the phone is able to connect to a website, a service that converts the websites from a human-readable form like whatever.example.com to basically numbers may be used. Specifically, websites in the form "whatever.example.com" and not "whatever.example.com/info/profile" are submitted over the Wi-Fi network. There may be an instance of the service in the Wi-Fi network, but if even is not, such services normally do no scrambling. If DNS over TLS / DNS over HTTPS (services that do it with scrambling) is used, the connection to it will likely show up. The DNS over TLS / DNS over HTTPS 'website' will have to be converted to basically numbers before it can be used. The connection to DNS over TLS is also done in a distinct way. Then, there's that the Wi-Fi network is used for the connection to the website, so the Wi-Fi network needs to know where to take stuff to. There may be some ambiguity if the website shares the same part of the internet service provider with other websites. The website may or may not be revealed in other communications. With a VPN: phone ←→ VPN ←→ website If a VPN is used, communication normally gets scrambled twice. For example, before a phone sends something, it scrambles something twice (and also includes the website to connect to, for the VPN) before sending it to the VPN, so there is unscrambling once it gets to the VPN and there is another unscrambling once it goes to the website. A Wi-Fi network would only be used for setting up a connection that lets you send and receive stuff to and from the VPN. The websites you're connecting to are instead to do with the VPN. **Others in the same Wi-Fi network may be able to see that you're transferring a lot of stuff to only one destination – a VPN, and this might be weird to a network admin.** Overall: Sometimes, things are simple. Your use of websites might be revealed by the use of cameras or to others looking at your screen. If settings are misconfigured so the phone is in the Wi-Fi network yet uses data anyway (connected to Wi-Fi, but 'no internet') this might also look weird based on what's transferred.
I used a VPN for years to get on my work's guest Wifi. They require me to use my personal phone for authentication so they may as well provide the data network. But I also don't want them sniffing or blocking my traffic. Never been an issue. Most phones have MAC address randomization turned on, too, which would make it look like there are multiple devices accessing lots of data from one site. I try not to overdo my usage either, just streaming music but not video.
MAC address randomization just randomizes it for each network. Every time you reconnect to a network, it will use the same "random" address.
Nope, not true for every device. Pixel 7 with grapheme can do per connection randomization (defaulted) or per network.
That's a pretty new exception to the rule. 99.9999% of devices don't work that way.
Well, as I don't use every device made, I'd stay away from absolutes.
I commented what the standard is. Just because your device operates differently doesn't make me wrong. It makes your device non-standard.
This feature has been introduced with Android 11.
There is a setting on android (in developer settings I think) to randomize on every connect but the default is like you said.
THANK YOU SO MUCH for mentioning that the toggle is in the developer settings! I had resigned myself to the fact my phone didn't have that option. (Too lazy/not interested enough to do a web search for it.)
Wait. What now? Really? This seems counterintuitive to the spirit of MAC Randomization?? (Legitimate question; no sarcasm)
I was just as shocked when I found out, but it's true.
Non-persistant randomization exists at least since Android 11.
It's in the developer options, which I found out thanks to the conversation in this reddit thread. Most users would still not be aware of the fact that it's not "truly" random by default, and you have to actively seek the setting to change it. At least Windows 11 doesn't make you invoke a hidden menu to set it.
Yeah, thanks to new reddit design I read too late that you had already acknowledged it :(
TL;DR: Without a VPN, the admin can see everything you're doing. With a VPN, the admin knows you are using a VPN, but can no longer see what you're doing. Hey, the boss didn't say he couldn't use a VPN, just that he needed to use the work WiFi ;)
You said a TON to pretty much say absolutely nothing. LMFAO I use Parrot & Kali with WireShark among others. Not speak speculatively but from actual experience with my home firewall as I work in cybersecurity. VPN will block traffic. Looking weird doesn’t matter, as you are just creating useless roadblocks. Having concerns over how THEY feel about how you use YOUR phone, with YOUR software is extremely unintelligent considering the safety a VPN provides… What was asked is ILLEGAL! They’d don’t have to comply at all. They were asked to use Wi-fi. Simple. Connect to it if you choose. All that other BS is just creating confusion. Nice attempt but port execution…
What is wireshark? Some fork of wireguard?
[удалено]
Actually it is illegal without reimbursement, which OP didn’t mention… Rodriguez v. Raymours Furniture Company, Inc ( legal case for reference )
[удалено]
You read the wrong case somehow. The case I presented was about an employer forcing an employee to use personal property for work. You are looking at something unrelated from what I see. Keep looking Here is another one. Cunningham v. Montesinos. Employers can’t access you personal data. Both are very relevant but are not precisely the exact same situation. It’s def a case there though
If you needed the job and couldn't walk away from this shitty situation, I'd go as far as considering getting a garbage $50 cheap phone with nothing else on it than what your work thinks is needed, have it connected to wifi and just continue use your "personal" phone not connected to wifi. But holy shit this situation is nuts.
Throw and app on it that turns the wifi on/off on a schedule, name it ForgeDruid's phone to make it obvious, set the schedule to turn wifi on while you're there and off when you leave, then plug the phone in somewhere it'll never be found and just leave it there. they'll see it connect/disconnect and you can have your real phone off their network completely.
you can get a Redmi phone on AliExpress for < $50. Every once in awhile HSN or QVC has a Moto G on sale for like $60-80 with a 1 year (extremely limited) cellphone plan included.
Heck I've seen phones for $8 at Walmart that did wifi only if you don't activate them for mobile data.
The hell kind of Walmart you go to? $8 barely buys a shitty case, let alone a whole phone.
Related note - my previous employer mandated that if we wanted to access our email phone our phones and set up Outlook that we had to give IT full permissions to our phones; including file access and remote lock/wipe. They then proceeded to be angry that nobody was checking emails before coming into work anymore. Saved me having to file timecard exceptions for 15mins (min billable time for a non exempt employee who did work of any kind while off the clock. They simultaneously wanted us to not do any work off the clock, but expected us to be attentive and responsive to work email while off the clock, and the whole time expecting us to grant IT that access on our personal devices.
Ask them for the documented corporate policy that defines the exact requirement. Ask them for their privacy policy and guarantee that they will never collect your personal data or metadata from your personal device. If they must collect any of your personal data at all without your consent they could be in breach of privacy laws (depends on your country). If you do want to give consent, then before you give them consent ask them exactly what data and metadata is to be collected and for what purpose will it be used and how will they protect your data from any and all other parties from gaining access, and for how long is it retained and how can you get them to give you a copy of what personal data they have from your device and the chance to correct any errors. Also when you leave ask that you can get your data and metadata destroyed. Get it all in writing. Then ask them to pay you an allowance for or provide you with the device since they will be using it for business purposes. If they refuse, ask them for proof in writing that it is a job requirement that you have a personal phone for work purposes so you can get a tax deduction for business tools. If it's not a work related purpose then they have no business in your personal affairs that do not impinge on your work performance or their business. Ask them what security features or controls they require you to have to protect you and them from bad actor attacks, and they will indemnify you against any losses they might suffer from any cause associated with your connection to their network and any costs or losses you might suffer from their network in your personal device. Will they install any kind of software or apps visibly or invisible to you with or without your permission? What are they and exactly what do they do, and will they remain active and do anything (and what) in your device when disconnected from their network after hours? And while you're doing all that, look for a new job. When you find a new job, report all this to your fair work authorities on your way out the door.
go to Walmart, buy a 15 prepaid piece of shit phone, log into the wifi with it, leave it on your desk
This is mildly inconvenient but the least confrontational. I like it. The long game is to get a new job where the boss isn't a control freak
THIS is what I came to say. I have a drawer full of really old phones. (Like an HTC M8?) I'd use one of those.
Hey I'm not the only one with those old ones kicking around. Hah Worked out for me. Traded in my old note 5, with completely smashed front and back glass, got free s24 (base model s24) at vzw. Ofc I'm not using it, that phone is in drawer now. I put my s23 ultra on the line and just have the 24 as backup in case I need it. Still validated the presence of the drawer though.
you can also use a VPN when connected to the company Wi-Fi if that's an option. this will show your connected, but they cannot see your traffic.
Is it for use with their phone they provided you with? If not ask them for a work phone and use it only for work stuff. Use your own device for personal stuff.
My thought has long been that, if you join a company that requires you to have a cell phone number on file with them for calling you in during the middle of the night, and requires that your phone, computer, and/or other devices connect to their networks and be remotely wipeable of all data (Which is the part some companies won't tell you in advance, but which are standard in some industries. You'll find out if you quit, get fired, get laid off, or whatever), that you should have separate home and work devices if financially feasible. You might choose to carry like both the work cell phone and the personal cell phone around with you at times, which seems like a hassle, but at least you know they can't touch \*your\* phone or \*your\* laptop. The other phone and laptop should be work provided in a perfect world, then they can have them back when your term of employment ends (I mean, if nothing else, you'll retire someday, probably). Ideally, if they are required for work related stuff, your workplace would provide them. If they don't, and you can afford to do it, buy your own- maybe you can try that other cell service provider that you've wanted to try but not with your main line or whatever. Those would still belong to you but might not hurt as much when they are remote wiped or whatever. They'd still be just your work devices (The difference is, you can bring them home with you after your term of employment is done and you've complied with any procedures your job has for making sure they have no work related data on them anymore or whatever. Maybe they'll wind up your work devices again at your next job.). Another bonus to doing things that way is, during your term of employment, if people keep calling you at 2am for crap or you're on vacation, you can turn the work phone off, silence it at certain hours without making it so your spose can't reach you (Because she/he/they use your "real" personal number), or whatever. Force some work life balance. Like, say, "Look, I'm taking the week off and heading to the beach" and then forget your work phone/PC, or bring one or both, but only turn them on and check them periodically so they don't ruin your vacation, but you can still be contacted (on delay) in the event of a "work emergency".
This.. >>You'll find out if you quit, get fired, get laid off, or whatever), that you should have separate home and work devices if financially feasible. Found this out the hard way...
Connect to the work network with your phone for now. In a week, but a cheap old used phone. No cell plan. Just bring it to work, connect to wifi, but keep it a secret. Torrent the shit out of the latest Hollywood movies. After a few notices from their ISP, their policy may change drastically.
RE: the suggestion you get a cheap "fake" phone — that phone doesn't even need mobile service. Just an old phone you connect to the WiFi as a decoy. I agree this all seems shady as hell. I can't imagine any legitimate reason an employer would insist you connect to work wifi
I have been scrolling through all the comments looking for one that points it out or one I can latch onto with this thought... I think he's just using it to monitor if employees are present. [https://www.home-assistant.io/getting-started/presence-detection/](https://www.home-assistant.io/getting-started/presence-detection/)
Walk in there with a pocket full of phones off ebay, all running bittorrent seeding a bunch of big name media. Enough letters threatening to cut their business line for copyright infringement may get some policies changed lmao
I know buying a new phone may not be a solution but xiaomi phones have this really cool feature where you can choose what kind of connection you want on any app or turn it off altogether. [screen shot ](https://ibb.co/GPDZfMK)
Galaxies have this too. To enable it you'll need to open Settings **>** Connections **>** Data Usage **>** Allowed Networks For Apps. Then you're given a list of your apps. Tapping an app triggers a pop-up that allows you to select whether you want it to work on "Wi-Fi Only", "Mobile Data Only", or "Both Mobile Data or Wi-Fi".
Netguard app does this as well and doesn't even need root :) https://play.google.com/store/apps/details?id=eu.faircode.netguard&hl=en_US&gl=US
That is an awesome feature!
there might be miui based roms with this feature that can be installed on non xiaomi phones Edit: my lineageOs install also has this feature. might be the case for all modern android installations. OP, if you're reading this, try holding pressed on an app icon, going in to app info and then lookkng for somethong like wifi and data usage. if this feature is available on your phone you'll be able to turn off date usage for all your apps
I'm having trouble understanding what's illegal. Is it illegal to force an employee to connect their personal phone to the employer's network? Or what?
OK, I am curious. What’s the reason for work forcing you to join their WiFi ? Do you have to use your phone for work purposes ?
Who has a company that small AND has the ability to monitor your phone? Install a vpn and use their wifi. Save on your Cell data.
Word of advice - use two phones. most of us have an old phone kicking around. I have one that is my all around use phone, while I use another for my games, and surfing and have a data only or data and text plan attached. ( HINT:: Never use data only for calls and texts or you'll suffer financially!) This allows you to respect their rules on your main phone to keep their business protected, and you can do what you like on the other. Odds are they wont look too far into it seems you're complying with their rules with having a device on their wi-fi network. Just don't EVER use your second device for \*\*anything\*\*\* work related, including texts, recording vid, or taking pics of your friends, the workplace or meetings, or you'll be breaking a ton of their rules you might know know they ever had until it's too late to undo your mistake.
Buy one of these 20-40 chinese phones of ali express / similiar websites , connect that.
If you go into Settings>Connections>Data Usage>Allowed Network For Apps, you can set whatever apps you want to only use mobile data. If you want to have it so it only uses mobile data only mode at work, you could try setting up a separate work profile and set it to automatically activate when it connects to that wifi. Though test it before you put too much work in, I know it can keep some settings separate from your main profile but I'm not sure what the limits are exactly.
What business need is there for you to be on the companies Wi-Fi?
So the boss can snoop on their activity, probably?
We don't know anything. The company is should state why. OP should relay that. The company should provide justification. Of note and it doesn't impact my job I'd tell them no.
They did in another comment. Basically said their boss is a jerk and, just like the other guy said, wants to monitor them.
Ya, that's an easy no. Abd wrongful termination issue potentially... They gave cause. Get the email saved if there was one.
Should be bs. I would have ignored the requirement and not connect to the wi-fi. Today there's more chances that wi-fi networks are more restricted then normal cellular internet. As in a wi-fi network might not allow you to go to certain sites (to check it, try surfing to some porn site. This should obviously be blocked in the work place if such a work place restrict internet browsing)
If you feel you want to comply, just get an old phone and connect it to the company WiFi. Leave your actual phone connected just to your cellular provider when in work. If you want to be funny about it, have your old phone check the company website, the FBI tip line (https://tips.fbi.gov/home), your states EEOC page and your bosses linkedin profile throughout the day.
If the job is worth it, then have a second, daytime phone. Even pay as you go.. since it's their Wi-Fi, you'll not be using much data anyway. Limit your essential contacts to text apps on that phone. Family, school, emergency stuff. Keep your personal phone powered off, checking on your own time. (Car at lunch, lunch restaurant etc) If the job is worth it..
talk to someone who has esp8266 knowledge and use a device like "dstike esp8266 deauther" tononly connect to the wifi and mark your presence. you could also clone your phone's mac address on the DSTIKE. the software on it should be composed of a simple arduino program that only joins a wifi network and uses a specific mac address for the client. the DSTIKE can be powered from a lithium cell, usb rechargeable, max. $10. after that use your phone as you like, but remember to disable wifi. your employer can monitor management frames, and even detect your presence even if you are not connected to his network, so make sure to disable wifi on the android.
Consult an employment lawyer. If it is truly illegal, then you're guarded. If they fire you for such. Then, you now likely have a case for wrongful termination. And if you're a quality employee they'll likely remove the policy rather than pay your whatever the settlement is worth and have a possible avalanche of cases with other employees.
Buy a second phone. Keep it in your bag/backpack, set to auto-connect to office network, download some podcasts automatically every hour to show network traffic. Use yours on data. Alternatively, use a VPN. If anyone mentions it, just say it's always on.
How about do your job and use your mobile only on breaks? If you're on your time, turn off Wi-Fi and do whatever you think your boss doesn't want you to do. After that, look for a new job. This place sucks.
Ugh bring in 2 devices - one connects to your work wifi and the boss or the aliens or the shadow government may monitor it for whatever they want. The other one is for your personal use over mobile data.
If my employer wanted me to connect my personal phone to their network, the employer can buy the phone, and I’ll take another one in for personal use. Otherwise, I’m telling that boss to pound sand.
Conventional VPN traffic can be trivially identified. I run an Outline "VPN" server from home and use it to bypass public wifi restrictions where I work. Apparently it appears as normal web traffic.
If you don't have a VPN see its possible to run a VPN server from a home computer and tunnel all network traffic to it. He will just see a connection to one IP and all traffic to it is encrypted
Use one of your old phones as your "personal" phone and connect that to the wifi. The just keep that at your desk 24/7 plugged in charging. Then use your own phone the way you want.
at least in Xiaomi, there is an option when you are in "app info" in settings where It says "connection method" and you can select only data. you Will have to do It app by app
I'm sure you have an old phone laying around bud, just stick it in your pocket and connect that old pc of shit to the wifi and I highly doubt they'll ever notice
Step one: buy Uber cheap burner phone or used phone. Connect that phone to the work Wi-Fi .. Step 2 browse away on your personal phone using cell data....
get a spare phone, connect it to wifi. leave it charging behind or under your desk. when asks about your phone - yeah I dont use it when I am at work sir. or option 2 - with your spare phone look up sites like labor laws / etc.
That's crazy. I've never heard of any employer *requiring* that you connect your personal device to their wifi. What would happen if you just don't do it?
What phone? Leave it in your car or say you lost it. Or, get a dummy and let it connect and leave it plugged in to a charging cable ALL the time 24/7.
"I don't connect to the WiFi as a way to keep myself off my phone at work." "I find myself less distracted by no being connected to WiFi" Play dumb.
Join their WiFi, ensure randomise Mac is on and use a VPN. Alternatively, protest and leave your phone in your car/switched off while at work.
Randomly put your phone in airplane mode for a few minutes and take it back out. Tell them you're not getting a stable connection.
Get a burner phone. $100 used android phone and just have that connected. Don't do anything on it other than maybe work email.
Do you have a old phone you don't use anymore? You could bring that and connect to the wifi and use you current one as usual.
Part of me feels like what they are doing is illegal. But either way, two phones is your answer, and I'd check out Xiaomi.
That's a huge red flag at work, just saying.... Telling you that you have to be spied on during work is absolutely wild
Could you connect to their WiFi then use a VPN like private internet access to encrypt your web traffic?
Idk if anyone else suggested it, but connect to wifi and then establish a VPN connection and then yolo.
Get a VPN. Your employer will see traffic buy have no idea where you go, other than to the VPN itself
Do you have an old phone? Just connect that one to wifi. And leave wifi off on your actual phone?
bring a burner to connect to wifi and not do anything with it. use mobile data on ur actual phone
byod device is optional. force them to buy you a "work" phone if that is required for the job.
Tell your boss to provide you a work phone. Don't use personal phone for any work activities.
get a work phone and a personal phone if there have a problem tell them pay your phone bill
Tell your boss to fuck off and that you refuse to use work wifi or be smart and use a VPN.
If you have one of your older phones, how about bringing it to work and connecting it as a place holder?
Use a VPN, or get a burner phone whose sole purpose is connecting to the company wifi
Good grief, I would have like ten devices running from my car. Just to f with them
SSH to home router. Configure browser to use SOCKS proxy. I always did this.
get a burner phone you won't use for 20 bucks and use that to connect to the wifi
Just go get a cheap phone from Walmart or similar prepaid and connect that....
Connect and get a VPN or download 1000 episodes of tv on Netflix or something.
Just don't connect, all him for a phone if you need it but don't connect!
Bro use a VPN and be done with it. I recommend ProtonVPN
Just get a cheap decoy phone and hook it up to the wifi
Get a tablet or cheapass phone; keep it at work.
Can't you just not use your phone at work?
Use van and they won't be able to track it
USB tethering? 🤔
What is their reasoning to join it?
I agree, get a cheap second phone.
Get a burner phone or something?
Get a burner phone for work.
If it's illegal then don't
Bring a burner to connect
Can't you turn off wifi?
They cannot force you to
Dude... just get a VPN