Home of internet privacy

Bossware: How remote-work tools can be used to spy on you

The widespread adoption of remote work necessitated by Covid-19 has accelerated the rise of a new type of tracking technology: software that helps companies monitor worker behavior.

Such apps, collectively referred to as “bossware,” override data-access permissions for unfettered access to whatever a user does on the device. In some cases, employers change the settings of native antivirus software so that it doesn’t interfere with the monitoring activity.

[Know your privacy risks. Subscribe to the ExpressVPN Blog Newsletter.]

According to the EFF, the most common type of employee surveillance is activity monitoring. This software will tell employers what applications and websites their employees frequent, as well as metadata pertaining to emails, social-media updates, and keyboard usage. Managers can then extrapolate the information to make inferences about worker productivity and output.

Most bossware apps have the ability to take screenshots of user devices as well as relay live video feeds. The images can be time-stamped so that managers are able to determine what an employee was doing at a particular time of the day. In some cases, bossware apps allow administrators to control devices remotely.

Some bossware apps get millions of pageviews every day, a nod to their growing popularity in the remote-first work culture. And in 2019, a survey of 239 corporations revealed that more than half relied on software-assisted solutions to monitor employee productivity.

Common bossware apps

Here are some of the more popular bossware apps in use today. This isn’t an exhaustive list, as the total number is easily in the hundreds, if not more. And in many cases, employees might not be aware that they have a bossware app installed on their work device.

Teramind

Teramind doesn’t reveal how many customers it has but claims it serves a range of industries across healthcare, banking, and telecommunications. It says it’s a “real-time employee tracking app” with the ability to monitor emails, website activity, keystrokes, social media accounts, as well as “video recording of all user actions.”

Teramind can also record audio by capturing “all input and output devices such as microphones, speakers, line input, line output etc.”

Here’s a list of all the spying functions it’s able to muster.

Hubstaff

Don’t let the friendly branding distract you. Hubstaff fashions itself as a productivity tool, advertising features like project budgeting, invoicing, and productivity measurement, but it also gives employers the ability to take screenshots of their users’ devices, monitor desktops, record keystrokes, and track URL activity. It claims a plethora of big-name clients across multiple industries, including Ring, Groupon, and Instacart.

TimeDoctor

TimeDoctor doesn’t waste any time in getting to the point. “As soon as Time Doctor is installed,” its website says, “[your employees] log in on time and stay off Facebook—you don’t need to say a word.”

Other nifty features include automated pop-ups when employees “stray into time-wasting websites,” daily reports showing metrics for employees to “self-correct,” and dashboards that tell managers “who’s a superstar and who’s slacking off.”

Photo Credit: TimeDoctor

ActivTrak

ActivTrak says it’s used by over 8,500 organizations across the world to boost visibility, insights, and productivity. It claims it’s approach is “ethical” since it does not allow for things like keystroke logging or live video surveillance. Nonetheless, ActivTrak gives administrators the ability to build highly customizable dashboards for precise reporting on hours of productivity and time spent on specific tasks and applications, with “an accurate picture of each employee’s performance and intent.”

Your employer can also track Slack, Microsoft Teams, and Gmail

While bossware apps might be considered part of a niche market within the wider work-from-home industry, there are a few that have become synonymous with telecommuting. Hardly any virtual office environment is complete without Slack, Google Workspace, or Microsoft Teams. And yes, these apps can also be configured to keep tabs on employee activity.

Slack, for example, offers administrators on the Enterprise plan the use of the Discovery API. With this API, administrators can deploy third-party applications to export messages and files into a separate database. From there, all messages and files are archived and searchable.

Similarly, Google offers its Vault product for those who use enterprise-level Workspace plans. The company describes Vault as an “information governance and eDiscovery tool for Google Workspace.” It adds that Vault gives administrators the ability to “retain, hold, search, and export users’ Google Workspace data.” This includes messages sent over Gmail, files shared in Google Drive, Google Meet recordings, Hangout messages, Google Voice, and more.

Microsoft, too, doesn’t lag behind. Its eDiscovery app archives content shared on Microsoft Teams including private messages, meeting conversations, and private channel messages. It does not, however, record and store audio messages exchanged between users.

How can I stay protected?

There’s no easy answer to this question, but it’s best to operate under the assumption that everything you do on your work computer is monitored. That means you should keep your conversations strictly professional and try to avoid any kind of personal tasks on your work device. If you must send a personal email or log on to a social media site, do so on your own device. The apps mentioned above don’t distinguish between work and personal apps, so it’s in your own interests to operate with extreme caution.

Has your company installed new remote-work tools on your computer? Let us know in the comments!

Read more: Contact tracing at work: A growing reality