Consent Matters: When Tech Takes Remote Control Without Your Permission
"The irony is that, decades ago, when your average person had minimal experience with computers, those inexperienced users had much more control and autonomy over them."
"The most common justification for these policies is convenience."
@kyle with all due respect I know you can do better than that. Parental control is about controlling *your* device from your kids (when they buy their own you lose that control). Corp policies are about controlling *corp* devices. When you go all byod you apply NAC and security posture control as you cannot change device you don't *own*.
@purism @kyle and then there's UEM/EMM/MDM - but you still have a choice - if you don't want the corp to control your device (with your consent - which is important) just don't access corp resources from your device. simple.
My point is - corp control of corp owned endpoints has nothing to do with the mess google and apple are throwing upon us. they may use similar tech, but that's about it.
@ruff @purism They share (and this is what I tried to highlight in the post) a patronizing mentality: that users are children that can't be trusted to have any control, and that IT/infosec/vendor needs to anchor all trust and take control away.
They believe the less control the user has, the more secure the system. It's also conveniently "easy mode" if you are in infosec/IT to just lock the user inside a prison. It's much harder to design security *with* end-user control.
@kyle @purism I would rather disagree here. I as a corp CISO just apply zero-trust model and ring-fence corp data at all perimeters, starting from user-end-point and ending internet/service perimeter. I, as a parent, want to protect my kid from dangers of the digital wilds. Now this is for convenience (I'm not a watch dog, i teach my kids but I know they are not ready yet. Kids develop themselves differently).