I work on Teams (I know, I know... please don't hit me, it's not my fault)
1. I don't speak authoritatively and
2. I don't have knowledge of the whole product - there's always a rogue team here and there doing stuff.
We've had that feature turned on at MSFT for some time now. It does not allow your manager to see that you're at Starbucks, at home, on the shitter or anything like that. There's a new toggle in the calendar settings called "Share location with my organization", and the settings are: "all details: building, desk, etc.", "general location: office or remote", "can't view any location information". What it does when turned on is just adding, at the top of your calendar, icons that tell you which of your colleagues are in office, and if they share and you click on someone's picture, what building they're in (when it works).
The whole "it will tell your manager what your wifi is" is just baseless extrapolation, and plainly false from what I can tell.
Thanks for showing up to provide some corrective information. I know it can feel like opening a box of yellowjackets, but one of the best things about the HN community is when someone with first-hand knowledge is willing to share what they know.
This is how I expected the feature to work once I read the real product brief, so that's a plus at least. You might want to tell your product people to ask whoever deals with this stuff at Microsoft anymore if they can, like, talk to the press about it? Various outlets have been running stories for almost a year now about how Teams is going to start sending your WiFi data to your boss.
The wording on the product page also makes it sound like tenant administrators will get to decide how opt-in works (ie - that they could select which options the end-user is allowed to pick, and at Microsoft they happened to give you the freedom of choice); this makes sense from my experience in enterprise software management but also makes the feature seem like it will be incredibly yucky/annoying. Is that just a case of poor wording?
This still seems like a super weird feature to push through in terms of "yuck" to "value," but I also know how that goes.
Out of curiosity is this related to the 'emergency location' that we admins have to provide for every calling plan user or is it a wholly separate system? Reading the other comments here they must not realize that teams is already tracking their address because it has to know which PSAP to connect them to.
The emergency location is for 911 dispatch. The theory goes that in the time of wired phones, a call from 212 555 1212 was definitely from the phone on the 11th floor of 60 Hudson Street, so the correct police/fire/ambulance would be obviously in South Manhattan -- but now that we have VOIP and softphones, the phone could be anywhere -- so which 911 point-of-presence should handle it?
The tenant admin configures that mapping. They can also configure whether the data can be exposed to users outside of the organization. There’s no magic here.
Given that not every device has built in GPS, it sounds like the Network Team is going to have to provide the locations of APs for that to work.
Curious how Teams will resolve that. If you're on your phone using a VPN back to your home network will it know or show you as at home? What happens if you have multiple APs at home?
There are public databases of APs. Google reportedly used their Android users to sniff APs (?), and used StreetView vehicles to wardrive. MS can surely pin many APs to user's PII and locations just on the data they already have?
Perhaps it can be derived indirectly, if you have all global positions in the area and can calculate back, with some uncertainty, who is where and when and how.
It's like in Minority Report. Though with not perfect accuracy yet.
So it only lets Microsoft know people's exact location -- how close is Microsoft to the Trump regime? Nadella has apparently gifted Trump millions?
Why in the f does Word need my location (access to location services) for me to write a document? Pops up every time.
Teams already has a location setting, if you wanted to automate that a more correct way would seem to be adding the feature and offering users the opportunity to turn it on. Microsoft hasn't really changed since the IE days it seems.
1. VeryGoodCorp builds a "harmless" feature that's super useful and maybe even opt-in. Only privacy-nuts object to it.
2. The feature is in fact useful, so most people enable it. It may even become company policy to have it enabled.
3. Companies who buy this feature ask for a way to force their employees to use it, as it's "confusing" if location data is only available for 90% of the employees. Not it's an opt-out feature, in the best case.
4. VeryGoodCorp is in a bit of trouble with its shareholders. Revenue growth hasn't been as great lately. They realize that they are sitting on a mountain of location data, aggregated from multiple harmless features, that would tell its customers if their employees are slacking off at work. Surprisingly, the customers are willing to pay good money for a "employee productivity score".
5. Profit..
Edit: formatting
Edit 2: Now you may say "well that wouldn't be legal", and depending on the jurisdiction I'm sure it isn't. But that hasn't kept VeryGoodCorp from collecting this data, they just forgot to turn off the toggle for EU you know, honest mistake. But they still have the data, and laws can change, or, you know, made to change.. (Prop 22 anyone?)
It seems like people go out of their way to find something Microsoft, Apple, etc do everyday to get outraged about. Always appreciate someone from the source correcting misinformation and putting it into perspective.
"When users connect to their organization's Wi-Fi, Teams will soon be able to automatically update their work location to reflect the building they're working from. This feature will be off by default. Tenant admins will decide whether to enable it and require end-users to opt-in."
Working on the systems/security/infrastructure side, we can already do this. Endpoint management systems already report wifi-ssid, internal-IP, whether you are using a vpn to try and hide info. SASE/ZTNA solutions provide location data, username, device used, connection details. Conditional access policies in the tenant already do checks against all of this anyway.
The roadmap just makes the whole thing user-facing so there's a status in Teams of where you currently are. But IT knew all along. And if IT didn't have tools deployed to get this info already count yourself lucky to work at an immature org security-wise.
Yeah, it's mostly just a weird feature in terms of ick-factor vs. utility.
I will say that "IT knows where I am" and "my manager / manager's manager / whatever sees where I am on Teams" would represent two very different personal annoyance levels at most companies I've worked at; at most places I've worked getting someone's location through IT required them to be doing something questionable or illegal (ie - working from an unapproved country) or breaking some obnoxious return-to-office policy, not just "hey is Bob out to lunch again or is he over in Building 6 so I can drive-by him with some questions real quick"
People should look up what features "carbon black" has, it's extremely frequently deployed (cb.exe in task manager) and can, (according to their own marketing) provide managers with live feeds of your desktop... So yeah...
mmhmm. Yea if someone really had the desire they could figure out my online presence and possibly even get a rough idea of what I'm actually doing with my time. Always something you could figure out from an IT network, its just about putting the history together.
But I'll agree that Teams is packaging this information into something more digest-able for middle managers, and that's the rub. There are always manager types who have the epiphany that not everyone is working 100% of the time and it bothers them enough to call it out to subordinates, or if they don't like someone enough they might do a deep dive with IT. Teams already has this indicator to show if you're online, on mobile, in a meeting, AFK, or offline entirely. Its not that the information wasn't there, its just much more front-and-center for managers to be annoying about it.
First security job I had, the CISO had already declared that enforcing "no Youtube, porn, whatever" at work was a managerial problem and not a security problem [0]. And when management needed data from computers about an employee, they had to go through security -- they couldn't just fish around on their own. HR was involved, there was a paper trail, and requests were scope limited.
There are companies that do incredibly invasive employee monitoring, but those dystopias don't use EDR or whatever. They use some other vendor's spyware to replace management with creeping.
For some reason I'm reminded of the chains or cables used to keep operator hands (Posson's pull-backs) from being crushed in a press brake.
[0] The malware, etc that can come from those sites was a security problem -- but checking if creepy Bob was looking at boobs on company equipment or even just wasting time had nothing to do with infosec.
In my experience the most common use of this data is to build case for firing someone for cause when upper management wants them out. It's rarely used for actual security purposes.
I was wondering if there was more Microsoft has said/used to say about this feature because it leaves a gap between "connect to your organizations Wi-Fi" and "will show you're connected to Starbucks/Home and what that SSID is".
I followed several articles and the tree I found seems to end with this Neowin article https://www.neowin.net/news/microsoft-delays-controversial-l... but it doesn't actully clear up the sourcing. I.e. the quote in the article is the same roadmap item, yet the article talks directly to that as if it's the home SSID which will be put into Teams - where is that information in the quote it's describing? I'm not sure if they just didn't source that bit or if it's plain confusion about whether it's really limited to "connecting to your organizations Wi-Fi" which is then being picked up as a hot story.
Yeah, I couldn't find any sources that weren't rage-bait either.
Honestly, to me the feature seems so incredibly low-functionality that I'm surprised they're pushing it forward after all of the controversy it's generated. Like, sure, it might be nice to see if someone was out to lunch or in Building 17 or whatever without needing to message them, but at the cost of the whole "teams is spying on you" narrative and yuck-factor it pushes, I'm surprised they haven't pushed harder on either clarifying the functionality or just pulling it.
I think I agree. Of all things MS does, this is relatively small potatoes. It a soft creep, but also a gentle reminder that I need to somehow get out of my position, do wfh where I control my environment better ( likely my own business ), or try to convince bosses that we should move away from Windows ( as impossible as sell now as it ever was ).
Hell, if you're using Teams PSTN calling, your location has to be pulled in by Teams for e911 compliance anyways down to the building. It updates automatically already, even!
Sure, and your corporate IT also have the roaming logs from their APs and the access logs from the VPN (and maybe your location from MDM anyway), but it doesn't get shown to your boss and coworkers in real time, probably, unless your company is structured really weirdly.
What happens if you deny location permissions? Why doesn't every other VOIP app require your live location, and instead are fine with a random address you manually entered?
I used to work in healthcare network/telecom and then as a healthcare network/telecom VAR before working at a networking manufacturer currently for the last ~year. The below may be slightly out of date, and I was just the person getting told by the lawyers instead of the one with the real understanding, but it was what I'd run into at the time for the US.
The understanding I always got from legal was "it's continually the company's legal liability under the RAY BAUM's Act whether the address is correct when the user dials 911 on/via the corporate systems, not the user's". Sometimes the conversation sounded like you could potentially have users sign something to transfer that liability, other times legal didn't seem to even want to entertain the idea as valid. Regardless, none of the companies ever ended up wanting to go that route for either concern of general friction/overhead or concern there would be employees pushing back that they don't want to sign it and instead would just want 911 to work (which is also a reasonable position for an employee to want to hold). I.e. implementing automatic VOIP location for some users but not others was either impossible on some systems or just seen as a nightmare to try to track/audit, even if they were willing to try to make every employee perfectly happy about it. A bit of a legally induced quagmire for a good intent (accurate 911 not being something a place could opt out of providing) which had trade offs in reality.
RAY BAUM's compliance requirements for for nomadic endpoints in went active in 2022 but most companies had already started trying to be compliant a little prior to that when fixed endpoints needed it anyways. Some companies of course don't bother, either knowingly or unknowingly assuming that compliance risk. Before that it wasn't really a topic.
Is the answer to buy a travel router and give it the same SSID as another network, either work or home? Or is this doing something more sophisticated than SSID snooping?
Nobody knows, as far as I can tell; I haven't found any actual sources and I don't think the code is present in a public release anywhere for anyone to look at. I'm assuming it must work off of MAC at a minimum, since most offices have the same SSID across buildings. It doesn't really seem "designed" as a spyware/audit feature, since it would be a terrible flimsy one, but it also just doesn't seem that useful compared to the "yuck" factor it generates and the potential for abuse by crappy employers/managers.
More on this here https://news.ycombinator.com/item?id=46827756 but the short of it is where is this talk of SSIDs even originating and, if it is really the approach, how does it work right at all?
That aside, if it is SSIDs it's dead simple to fake. If it's BSSIDs it's a little more difficult and not every AP may expose a way to spoof it (but it's not too difficult to find ones which will).
This feels like a much better feature than “they can track your realtime location from the mobile app” as implied in the article? Plus employees will have to opt in?
The tracking is still gross, but limited to opt-in on office WiFi seems a lot less dramatic of a headline, especially given the main concern people have is work from home
If a company policy says you have to opt in, not opting in means you're breaching the policy and might get fired. Entirely legal in at-will employment places, but potentially not in places with better worker protections.
Saying that, I just got announcement from my employer they will not be turning it on for now.
But I think its totally unrealistic and impractical to deal with this kind of thing by being so choosy that you won't work for an org that uses Microsoft. Actually acting that way probably just means choosing to be unemployed (for the vast majority, at least).
Honestly I don’t know.
Pretty comfortable where I’m now and we would never even consider using any M$ products ever.
I know US culture is more about job-hopping every other year but I’m at the same place for many years now
My large corp is moving to Google from MS, which doesn’t impact me
much (I’m contracted out to another large corp) but I really wonder at the expense (in time) of a migration. What a huge drain on resources in the short term.
I mean, that's not really how "opt-in" works for features that your company owns; you might have to "opt-in" technically but your company will probably make that a little more mandatory.
I do agree that the blog post, headline, and HN comments are as usual quite an overreaction, but this feature is pretty gross. It's also weird because the controversy/grossness-to-utility ratio seems awful, which either means that Microsoft product management has gotten as bad as everyone thinks it has or there's some future plan to make it more "robust."
My concern is if the employee is aware, at least let me quit before I’m silently opted into my boss realizing I can get the same work done with less time at the desk from home
The roadmap description is not really specific enough to either back up what the article is saying or describe if this approach would/wouldn't do anything, so I'm wondering the same kinds of things.
If I were to try to implement the given task description, I'd start with assuming this would need to be "Enterprise gives an exports of BSSIDs and locations, Teams uses that table to set the location when you connect to your organization's AP". I'm not even sure how else to make this really work right.
If it really is SSID based, the feature would be relatively useless for most organizations even before discussion trying to spoof it. E.g. the last place I worked had ~3,500 physical addresses with APs (and many more individual buildings/"office" names), all with the same "Corp_Name_Employee" SSID because otherwise it's way more work to have unique SSIDs. So how would this feature even do what it's supposed to do based on SSID?
> If it really is SSID based, the feature would be relatively useless for most organizations even before discussion trying to spoof it. E.g. the last place I worked had ~3,500 physical addresses with APs (and many more individual buildings/"office" names), all with the same "Corp_Name_Employee" SSID because otherwise it's way more work to have unique SSIDs. So how would this feature even do what it's supposed to do based on SSID?
Maybe the enterprise exports a table of AP MAC addresses, mapped to locations. It could be the SSID stuff is just a way to spy on what non-office location you were at.
That's what I'm thinking. BSSID ~= "AP MAC Address" it's just each (SSID, frequency) tuple the AP advertises has a different BSSID/MAC rather than a single shared one per AP.
E.g. in the above deployment each Aruba AP could have up to 16 BSSIDs/MACs per radio, but we really had an average of ~5 in use per band at any given site. So a single 2.4 GHz + 5 GHz AP would have 10ish BSSIDs/MACs associated with it in the export (which would then roll up to be BSSIDs/MACs at that office).
Then any of the SSID stuff seems to be more pure speculation (at least from what I've been able to find sourced from Microsoft so far, they are very light on details). Maybe tEAMS does something with SSID, maybe it doesn't - but the roadmap item doesn't even mention that half of the behavior at all, the Neowin article at least looks to be just inserting stuff about SSIDs without any source (and this site doesn't seem to source much at all). It certainly could use SSID as a fallback when there is no location, but where are the articles finding the plan actually has anything about doing that and why would it help more than setting the status to "Remote".
At the end of the day BSSID isn't unspoofable either (companies that care that much probably just want mobile device management or to look at the wireless controller itself), but it at least enables the actual goal of saying which office to be achieved.
Travel router, use that to connect to the "host" wifi/network, and only ever connect your device through the travel router... always will show the same network, no?
Or ethernet? I keep the wifi on my work PCs disabled, connect via ethernet, and put them in a VLAN with only the network connectivity they need for me to work.
That’s ok, if my work cared enough about whether I was online or at my desk at any specific moment they’d have complained already. I have teams quit completely half the time. I get my work done, my performance reviews are good, I turn up to meetings on time, that’s all that should ever matter.
Also if they cared so much about where I was to punish me for it, I’d quit that company. The only companies I will work for are ones that treat me like an adult, it’s fairly simple.
Yeah it's used to list where your coworkers might be, it's a part of Microsoft Places, which is like a hotdesk thing. People have an insane response to this, and yet i assume they use their company provided laptop everyday.
I guess we need to use some VNC or so, to connect to the machine that runs MS Teams, which sits at the correct workplace. But also need to be able to accept and make calls. I am guessing, even if that data could also be sent via some protocol, the delay might be a lot?
It is sometimes required to know where the user is sitting due to cross border data transfer laws. It seems that Microsoft is making it more easier to implement such requirements.
> automatically update their work location to reflect the building they're working from.
So, either this minimal description is A: an attempt to mask the feature's true purpose of dystopian pocket spying under an innocent-sounding cover, or B: negligently deploying a technical capability with far-reaching consequences without proper diligence or care.
Even if the goal was to enable a pocket panopticon for middle manager spying on WFH staff, in less than 10 seconds I came up with a list of other negative impacts and threat vectors which should freak out any large org's corporate security, legal, compliance and HR teams.
* Like lower level employees not in the 'shielded compartment' seeing that {M&A exec} is currently on {potential acquisition target company's} guest wifi. This kind of accidental location knowledge leak has actually happened between MSFT and Google via a freak analog coincidence and it changed the course of a huge acquisition. This feature makes that accident 1000x more likely.
* Or an employee sues for being dismissed and their lawyer proves through discovery that a manager could have seen they were connected to the wifi of a competitor they might have been interviewing with or an abortion clinic or gay bar, etc.
* Or as part of a harassment claim an employee says the company's required app showed them the phrase "Big Titz Rule!!!" because it was the name of a wifi network another employee was connected to.
Just having an opt-out or hours limit is woefully inadequate. Even if those should prevent senior execs and M&A teams location being accidentally visible to employees not in a trust circle (or worse contractors, vendors or customers looped into a Teams group), it STILL creates huge new threat surfaces. At a minimum the 'feature' needs ways to limit it to only show wifi network names: A. On an approved list, B. Matching a regex pattern, C. limited within a list of IP sub-domains, etc. And at many companies, as part of compliance, all those wifi network names will need to be passed through the "problematic words" list maintained by the HR and security teams (and in many companies hits on those lists trigger auto-reports which will now create discoverable "evidence" in any future lawsuit keyword search).
The unintended-but-foreseable consequences stretch for miles. And this isn't the MSFT Office/Teams group's first self-inflicted trip to this rodeo. I just don't understand how they keep repeating the Same. Obvious. Mistakes.
Our building security system updates something somewhere which ties into email. When we have incidents such as "the lifts are broken" or "the south exit is closed" or whatever, these get emailed to all staff that have been in the the building in the last so many hours (16 I'd assume). It's a handy system.
Ultimately if you are at the type of company which practices presenteeism, then the technology used is immaterial
Fucking hell.
Living in Teams is bad enough without this. It’s only a tiny part of my job, but if it was a major part I’m not sure I could stomach that.
Seriously, this is not a thing. It doesn't even begin to make sense. It's made up.
If you work in a factory with time cards that need to be punched in, and you punch in a buddy's who is late, that's a thing -- a very risky thing if you get caught, since it's fraud.
But the idea that you'll give a coworker your password so they can boot up and log in and somehow make it look like you're online...? Not a thing. And doesn't even make sense today when you can just open your chat client on your phone anyways and be present there. We've been in an era of remote work for a long time now.
This was a thing. I worked in an office of 4 within a larger facility back when booting up took some time and we had staggered morning arrivals. The first arrival would power on everyone's computers so they were ready. If someone came in, they'd see a computer on without someone there. Where are they? I don't know, maybe in the bathroom, getting coffee, or running down an issue in another department.
Even in the pre-remote, desktops-only era it wouldn't have made any sense. Your boss, your co-workers, and everyone else was at the office. They could see you weren't at your desk. There was no need for tracking software and hence, no need to ask your buddy to log you in because you were late.
This doesn't make any sense. In any organization with a remotely capable IT, you'll still need to log in with your own account. If you give someone else your password to log in... there is a bigger problem.
It could make sense, although probably rarely these days. The question is, whether the benefit of pretending to be on time (no need to stay late to compensate, no need to explain to supervisor) outweighs the security and legal risk. It totally might.
Exactly this. If you worry about these things, find another job. So much about MS Teams. Nothing about these toxic managers.
If you think it’s normal to call in to have someone pretend you’re there because your manager can’t forgive you some bad traffic you’re pretty far away from a healthy working relationship.
I'm surprised this would be even legal in most European countries... Then again, MS might not care any more. Companies who are not looking for alternatives today won't ever be looking.
I still expect this feature to roll out worldwide with some legalese fine print that the customer is responsible for configuring and operating the product "in accordance with local laws". I'd be really surprised if MS handles this differently.
The implementation details are sketchy/weak in all sources I can find, but I don't think it's pure (coordinates based) location tracking, but rather a "feature" that will show which WiFi network you're connected to as your Teams status. It's pitched as "what building you're in at the office," which seems like a stretch.
It's also kind of unclear whether the blog post is correct that it would show the name of another network if you connect to it - I'd sort of assume it would just show "Out of Office" instead of "connected to YO_MAMAS_WIFI" or whatever, but who knows.
For meshed networks there is a secondary ID (with a name I do not know) that is used to distinguish between APs, since your device should only talk to at most one AP at a time.
It wouldn't be surprising if they used that for finding the location, but marketing sells it as SSID matching as the people they want to sell it to are most likely not experts in networking.
The ESSID (Extended Service Set Identifier) is the human-readable thing you see. There is an underlying BSSID (Basic Service Set Identifier) that includes the unique identifier for the AP (its MAC address) your mobile unit is associated with.
On Windows you can see this (from an elevated context and, in newer versions, with location services enabled) by running: "netsh wlan show interfaces"
If it's just the SSID it's pretty useless for making sure people are at work. I can totally connect to "Office_CA-SJC-03" from home, or any other SSID you care to name.
Maybe this will change one day but at the current moment this is an immediate turnoff. It's like someone trying to show you their project day 1 and it's a page filled with ads and a newsletter popup. You may have good reasons to do that but it doesn't instill a sense of trust and quality.
I don't know how much of it was hand-edited and how much was direct output, but this article has that unmistakable LLM voice. The rhythm, the rhetorical flourishes; it's all there even if it's diffused through some human revision.
The really weird thing is going to be when people start internalizing the LLM voice and writing that way. It's probably happening already.
I've seen many people do the latter, I get quite annoyed by it. Worst of all is wondering if I'm affected by it myself, I doubt most people who've gotten an 'LLM writing style' know so themselves.
Eventually no space where people can just 'publish' things will be safe from being completely filled with LLM writing/video/images. The only way to combat it is by forcing people to get punished for this behaviour and making it difficult to circumvent.
Some invite system where people get punished for the bad people they bring in, one that's linked to your identity/workplace/education. Even if these options were available, I doubt many people would care enough, they'd rather be in 'enshittified ' spaces.
I'm so embarrassed to say that I read it and didn't notice. But now that you pointed it out, I reread it and you are so right. It is clearly generated.
I have flagged this article on principle. Idk if it it's in the spirit of HN to do that or not, but the button's there, and I'm going to use it.
This actually seem quite flag-worthy to me. Look at the rest of the site, it's not at all trustworthy. The first post says it's by some random 16 year old (if we can actually believe that) and only has a few posts. One of them is a comparison of smart watches which says they tested them in the subheading on the article listing, but then doesn't show anything more than a surface level comparison from AI.
I truly believe our industry needs to elevate our own anti-awards, like others have (Razzies, Worst Game of the Year, etc.) to shame those responsible for building the regressive tech that corporations and governments push.
There's already the Big Brother Awards [0] and EFF's smattering of Worst Government and Worst Data Breach articles each year. [1]
But I think we need more.
Personally I would love to nominate:
- Mark Stefik and Brad Cox for their contributions to DRM
- Erick Lavoie for his work on Wildvine DRM
- Vern Paxson for his contributions to DPI (Deep Packet Inspection)
- Latanya Sweeney and Alexandre de Montjoye for their contributions to re-identification of anonymized data
- Steven J. Murdoch and George Danezis for their work on de-anonymization attacks
>- Latanya Sweeney and Alexandre de Montjoye for their contributions to re-identification of anonymized data
It seems like highlighting how anonymization is a lot harder than a lot of people assume is a really useful service. If researchers can do it, without any particular secret sauce, so can a lot of other people. (Unless I'm totally misunderstanding your comment.)
I haven't followed what she's been working on recently.
But, yeah, at some point in the 90s, Massachusetts decided to release some "anonymized" health records for research purposes (I think just state employees). One was governor William Weld who obviously had a lot of public information widely available. As I recall, Sweeney wrote the governor's office a bit later basically saying "I have your medical records."
I used this as a slide or two in some AI presentations in the mid-2000s or so pre-LLMs when I had some peripheral involvement with some of the privacy-preserving research going on (differential privacy, multiparty computation, fully homomorphic encryption). Haven't really followed most of this for a while.
Another thing that I think would help is to start introducing some ethics into our profession as programmers.
Most other professions have you take ethics classes, have ethics boards and even ethics legislation. We're severely lacking in this area as a community. It really shows when every year there's a new company building the Maximum Oppression Orb from the book Dont Build the Maximum Oppression Orb. Its like we're dealing with the moral equivalent of a mentally challenged person all the time
Calling out anonymity researchers for showing that "anonymization" schemes don't work well is a stupid and dumb idea.
If they hadn't done it, you can bet that bad guys would have done it instead (and maybe were already doing it). What the researchers did is publicly show that the existing schemes were broken, hence motivating the design of better schemes.
Like, you fundamentally misunderstand computer security research if you think that shitting on people publishing attacks is a good thing.
You can argue about the timing of disclosing specific vulnerabilities vs. when fixes are available. But the idea that we should all be (shh) don't tell anyone that this broad practice is vulnerable to bad actors is idiotic.
You're assuming Hollywood studios would ever release their content without DRM of some kind. They were quite content to ignore computers entirely if they didn't bend.
The world where Widevine doesn't exist isn't a DRM free one; but a world where an iPad or Smart TV can stream and a PC can't. I would support giving them an award though for "most repeated invention that keeps failing."
Now.. that is not accurate at all. Some people simply respond differently do different stimuli. And those do change with age and experience. It is not a bad idea.
its hard to argue a point where your autonomy trumps, the very thing giving you a salary. We freedom are you really expecting from an employment such as this. You are working for a big tech that is in the midst of layoffs and scrutiny from all angles. One being there is massive competition that at the sightless mishaps will give an advantage to your competitor and that all starts at the bottom meaning hierarchy. Don't expect shame from these companies either. That is ship sailed along ago.
I'm sorry but there is no shame in our industry, where are people protesting at conferences calling out devs working on instruments of oppression? Why isn't anyone harassing the devs that take it as a badge of honor to work at companies that profit from human misery?
I sincerely mean this when I say thank you. Tech workers have pilfered the commons and ruined too many innocent lives to sit so high on their pedestal.
Devil's advocate here about the original post, about physical location: This would definitely have prevented the North Korean workers incident a few years back.
I also find it hard to get offended about because there is basically no job, outside of tech, which doesn't involve physical location. >95% of jobs require physical location. Do you think a concrete worker, a plumber, an electrician, or literally anyone who works with their hands, has a right to location privacy? What does that even mean? "I'm totally clocking in to work today and totally installing a light fixture for a client right now and I won't tell you which one"? "I'm totally making a cappuccino for an old lady right now at one of our 30,000 branches, but trust me, you don't need to know which one"? Whining about this is extremely hard for me to generate sympathies for.
This is a really crappy tool for dealing with the North Korean Workers problem; it doesn't sound particularly fraud-resistant and that issue should already be handled by any competent corporate IT department with 10000 better and higher resolution ways to figure out where their assets are located.
Overall it's just kind of a yucky and weird feature; when I worked in an office I really didn't really want my coworkers having a real-time automated feed about where I'm located and one of my chores as a manager was always picking a seating position where I could at least take the drive-by questions before my team got interrupted, which stuff like this bypasses. I could actually see it being useful for field-deployed employees but it's not part of the stated implementation and most people in that scenario already have a solution for that.
I agree that the typical HN-meltdown isn't warranted here; the HN Meltdown Factor on anything related to privacy, cryptography, and security lately has gotten really out of hand (the post you're replying to is a perfect example, actually). But I also don't think these counterpoints are very strong; they're justifying other useful features and products that almost everyone already has. It's weird to me that Microsoft haven't either clarified or backed down on this one given how much press it's gotten vs. the seemingly tiny advantage the feature presents.
Completely agree. My employer makes all employee badging data available. Any employee can view whether any other employee has badged into the office and when. This includes viewing whether your boss has come in.
However badging data is much more coarse-grained than WiFi. For one, because the building is large, you can’t tell which part of the office the employee is. For two, you can’t tell when the employee has left work because no badging is needed to exit the building.
Yeah, I remember seeing board with the list in the 90s in some company I can't remember. It included every employee including the owner along with the status like IN,OUT - WHERE - PHONE, OUT
Some of this could be related to laws that necessitate updated location data for emergency calling. Since a common component of Teams is Teams Phone, there can be a compliance gap. I’m sure this isn’t the whole story, but it is likely one facet: https://www.911.gov/issues/legislation-and-policy/kari-s-law...
After they killed Skype, I tried to install the mobile Teams app. It wouldn't sync properly with the desktop app, so deleted it and forgot it existed. So glad it wouldn't work!
I installed it on my iPhone but didn't allow Bluetooth access or location access. I imagine it can't really do much with how iOS is. I also don't take my work phone with me if I go outside, so Wi-Fi tracking would be fairly useless anyway.
Guess it's true unless you have a company issued phone that is managed. But then maybe it's less shocking as long as you are allowed to totally turn it off outside work hours.
> If you connect to a Wi-Fi network that isn't your company's, Teams will simply display the name of that network. So if you decide to take a "working lunch" and connect to "Starbucks_Guest_WiFi", your boss sees it instantly.
Looks like I need to rename my home wifi to "Corporate Network."
> Remember when you could text Dave from the office to turn your PC on because you were stuck in traffic?
I don't understand why this doesn't still work. If Dave from the office has access to your PC, presumably Dave and your PC are in the office, connected to your office's network, and thus it would appear that you are in the office?
Or is the assumption that you're carrying another device with you that would give you away? In which case, shouldn't the complaint be more about being forced to perform some kind of work task (like carrying/being accessible by your phone) when you're off the clock...which is hardly a new issue/complaint?
There was an article here not too long ago about someone decrying a fellow cow-worker for their rather liberal usage of AI and how their manager would see it and promote it, changing company process in the meantime. The writer found this revulsive. But what I found interesting is what was not discussed. This “Microsoft just did X” is another entry in that.
Folks, let’s not beat around the bush: if you’re not your own boss, you don’t have agency and ultimately you have no control over the situation. The frustration is rooted in the lack of control, or at the very least in the lack of perception of cooperation that is a temporary substitute for agency and control (until the rug gets pulled from underneath them). It’s not Microsoft, it’s not Teams, it’s not AI. It’s not the person being promoted for doing this. It’s you. If it was your company, you could have put an end to it and changed the processes immediately. But it isn’t. So for having the privilege of working at whatever company you’re at, and getting paid whatever money you’re paid, you have to eat shit. This is the price you pay.
If you don’t want to eat shit from your bosses, you have to be your own boss. I think that’s as succinct and straightforward of a solution to things like these that you can find.
Assuming your office has entry gated with a badge (which I assume most do in 2026), don't they already know when you're physically at the office?
Heck, my employer's entry system was already coupled to my phone's location (optional, but meant I didn't have to reserve a desk manually). So, I already looked like I was coming to the office on weekends because the grocery store is next door.
EDIT: not to mention Teams already shows your status as "Away" if you don't type for 5 minutes. Sitting there reading a document - yep, you're clearly smoking in the parking lot or wandering around gossiping.
I think the only outrageous people here are the paranoid and the slackers...
My manager has called me when I was doing a mid-day grocery and I just told him: "sorry for the noise, I am at the grocery store at the moment". This is absolutely no problem at all, he asked if I wanted to call back when I got home...
It's pretty much making a storm in a glass of water here.
That's karma farming by bitching the ebil Microsoft...
And now 365 tracking people. So the whole company seems to now just be about
sniffing after people. In the past it alleged at the least to enable folks,
say, Win95 perhaps up to WinXP. Now somehow the customer became the enemy.
It's really strange to see.
> If you connect to a Wi-Fi network that isn't your company's, Teams will simply display the name of that network. So if you decide to take a "working lunch" and connect to "Starbucks_Guest_WiFi", your boss sees it instantly
But what if I have a secondary wifi network in my home that says "BigCorpSuperSecureWifi", wouldn't that work? What if that's the name of my phone's hotspot?
Things like this blocking as extremely easy to detect and flag. Because they control the app they can always in-band the information to servers you need to connect to.
Unemployment benefits are so low, they're barely enough to pay for food. Not enough to also pay for utilities, and definitely not enough to pay rent/mortgage.
This is intended to force you back into the slave market.
They don't pay the benefits directly. They pay a tax rate based on how many people who file for unemployment benefits are determined to be eligible for them.
I guess you can use wireguard and install a vpn server on your work pc, that being said if your company has a semi competent IT team they will notice that, if you work from home just install wg easy https://github.com/wg-easy/wg-easy
this only works if you control the device and not managed by your company
Most middle managers will either not require this, or require it but find ways to themselves avoid being tagged as logging into their home wifi. The prevailing culture around middle-management is one of inefficiency and rule avoidance. Middle managers need to be replaced by AI already.
Some of my neighbors have some rather colorful Wifi SSIDs. I've seen some silly ones like "FBI SURVEILLANCE" as well as at least one crudely expressing their opinion of the current US President. Probably won't be long now before we see someone get fired because their boss saw the name of their home Wifi network.
My go-to SSID will always be "Robert'); DROP TABLE Students;--". For all others I just use a ship name from The Culture universe[0] like "Of Course I Still Love You" or "Just Read the Instructions".
For what it's worth, unless it can be conclusively argued that surveillance is necessary for the task to be done this sort of continuous surveillance is illegal in Quebec, Alberta and British Columbia. It violates the privacy of employees.
The roadmap feature is light on details too: "When users connect to their organization's Wi-Fi, Teams will soon be able to automatically update their work location to reflect the building they're working from. This feature will be off by default. Tenant admins will decide whether to enable it and require end-users to opt-in."
I found a lot of news stories about this dating back to where it showed up on the roadmap in early 2025, but none of them with any more implementation details (ie - is it using _only_ WiFi network name, or some other data too?)
> Microsoft confirmed that starting March 2026 (delayed from January), managers will be able to see your real-time location. And no, disconnecting from the office Wi-Fi won't save you.
Is there anything more than the Wifi SSID stuff below?
> If you connect to a Wi-Fi network that isn't your company's, Teams will simply display the name of that network. So if you decide to take a "working lunch" and connect to "Starbucks_Guest_WiFi", your boss sees it instantly. You can’t hide behind a generic "Remote" status anymore.
So how exactly does this work? It'd be pretty trivial setup my access point to provide a work SSID? How much access does Teams really have to get info to discern your location?
> SSID, signal strength, BSSID, private IP, public IP, ipv6, all trivially available to a binary running on a machine.
So it sounds like if you want to circumvent this: get a travel router that spoofs a work access point, and make sure any kind of identification requests that would reveal a public IP are either blocked or are going through your work VPN.
If it's only just the teams app that's doing it, but I'm not sure if that's a safe assumption. There's a crap ton of Microsoft stuff installed on my laptop by default, and the IT admins install stuff all the time.
When I started working at a time with no mobiles and no remote, calling or being called to the office for personal reasons was seen with disrespect from your coworkers. At work you were supposed to be working, and outside of work you were supposed not to be working. Pretty much as in the Severance series, but without the forgetting. With mobiles and connectivity, everything changed, I'm unsure if for better. Now you can work 24/7 or slack all day as if there were no tomorrow.
It seems like the worst practices from Trilogy/Crossover are leaking all over the industry. First the crunch at all times at FAANG, next tracking everyone in a few minute intervals, ending up with real-time video tracking at all times, all spawned by the desire of inept top management to run software development as a manual factory with predictable assembly lines and not an intellectual pursuit.
In my opinion, if I want to install any work-related software on my personal devices, it means I’m so excited about the job that I honestly don’t care whether a manager sees where and what I’m doing - just as a manager usually doesn’t care either. I mean, there’s no reason at all to install anything on personal devices unless you actually care about the business.
It's a good question. At work, we were given an option: install non-intrusive authenticators on your personal phone (you are free to disable their notifications fully, and you get some extra money as reimbursement) or you are given a company phone (that you have to carry to work and back, have to charge and update etc). Most non-oncall people decided to pick option 1. Oncall people picked option 2.
This is exactly the end state we'll end up in unless the technology sector starts saying no to implementing the tools of petty tyranny.
Hint: Bossware and most things the MBA's drool over.
Unfortunately, there's enough people out there that are fine with implementing said features if it means they get a paycheck; even if it ruins the world for everyone else.
If they really care every large company already knows what building you are in just by tracking your badge info. This was transparent: I could check my own badge history anytime.
What this does is track when you are not working in the office.
Agree, one could imagine a scenario where a worker went to the bathroom in a not too busy wing, had an anurism, stroke or seizure which left them debilitated right when a fire alarm rings and people need to evacuate. As it is today, the person might die if not found in time, this assumes someone else knew where to look without similar technology.
Disgusting, and a potential legal liability for employers if they turn it on. Not in the “invasion of privacy” sense, but the “there was a crime committed in area X and now the cops want our Teams logs from the employees who were there that Microsoft disclosed to them.”
The more data you collect, the bigger your legal liability when something inevitably goes pear-shaped.
Stop treating workers like grifters or prisoners and you won’t have nearly as many problems.
IF your 365 admins add a list of WiFi SSIDs to Teams, Teams will (optionally, opt-in by user) toggle your work location. It will not report not-known SSIDs to your manager or display it in Teams (but note your 365 admins have always been able to see this in the first place, in call/connectivity troubleshooting).
Microsoft really seems to be tripling and quadrupling down on total surveillance of the user's "own" system. If you haven't ditched MS yet, I'd consider it now.
Linux is becoming more and more viable for a gaming PC. For business uses a Linux desktop is usable but probably not ideal, but you also have macOS. I'd pick anything but Windows and MS stuff.
I don't get it. People complain when they have to go to the office. And then some are given the option to work from home. Then they complain their boss can find out where they are during work hours. What on Earth are you complaining about?
It's about hiring adults, respecting and trusting them to do the job and support the team, and be responsible for their methods. The details are not important to that goal.
If an employer instead treats people like toddlers needing supervision, spoon feeding, and metrics around methods, not work, they will get only that.
It's pretty amazing to see the bubble many people here seem to work in. A guess, but probably 90% of employees have to go to work. Either they physically cannot do their job remotely or the employer demands that they be present.
A lot of people are coming across as whiny children here, "Oh no I might have to go to the office for my 6-figure paycheck." Grow up and go to work, as George Carlin might say.
It's so pathetic that people actually put up with this. There are so many ways to stop that tracking from working and no, your boss doesn't have the right to track you.
Until there is a law, there is nothing to stop them. So you need the law. First person to reach out to would be Ron Wyden, he has been a reliable advocate in this space.
Nothing legal prevents them from trying but if you block the tracking then your not in the wrong, and if you prove they tracked you in your lunch break and after work, you might have a good chance at winning in court for invasion of privacy.
Most of this will be under 'tracking the corporate asset'. They aren't tracking you as a person, but instead a laptop or phone of which they own or control. That's going to be much harder to defeat in the US.
Very true, I support this, but the law is still needed imho unless we're fine normalizing the continuation of corporations tightening the screws on workers to keep their labor costs within their desired tolerances. It's about control, of course, as it always is. Protect the human from bad actors, broadly speaking.
I would be chuffed if I see someone present on breaking this at Defcon this year.
There are some questions, too. Can I track my boss if he can track me? Can I install a key-logger on the CFO's laptop? Why not? They just want to see where I am, and I just want to see what key they hit...
There are laws against LEO engaging in extrajudicial killings.
There are law's against wage theft.
Both happen quite often, recent ICE events aside.
Turns out words written in a book do not actually constrain physics.
What is this? The medieval ages? You seem to believe laws are mage armor.
Individuals need to grow a spine and not be so kowtowed. This battered wife shit where everyone has to kneel before some rando with an iPhone clipped to their belt is pathetic. Management isn't actually anymore useful to humanity than me, cause like me there's a huge backlog of people who can do managements job.
Laws are for them, not for us. It’s to keep us in their pockets. In line. Working. Till we die. Written by the wealthy and powerful to remain wealthy and powerful.
Without some sort of organized intervention this sort of tracking will only get worse. A law is the basic way to enforce collective behavior, but sure, if your government doesn't pass one then you should organize some other way. Probably a union in this case.
Does UPS have the right to know the location of its drivers?
Of course it does.
I don’t know that we can draw broad conclusions about worker rights on this issue.
My company probably DOES need to know that I’m not taking company information to certain locations like overseas if I work in certain industries like if I am in healthcare covered by HIPAA and I’m handling PHI.
Hyperbolic example, but if I’m taking a teams call or reading my email in North Korea, that is a gigantic problem.
Right to privacy doesn’t exist inside of employer apps and company devices, and there isn’t a strong argument that it should exist.
I would argue that UPS has the right to know the location of its packages and trucks, but not its drivers. If a driver has to leave for a few hours for a family emergency, UPS no longer has the right to track that driver, as long as they are not using company equipment for travel.
Of course it doesn't. (What can be asserted without evidence can be dismissed without evidence).
> "there isn’t a strong argument that it should exist."
Did you google for anything on this topic? Did you set a timer for 5 minutes and spend some time trying hard to think of one? Did you look at other countries and their regulations (e.g. Germany?[1]) and why they ended up that way?
Before computers and internet, a manager might have been allowed to take work files home to work on them. Or workers on the road, might have stacks of company files with them in their car.
How did companies enforce the worker not taking the files with them on their international trip? Just by punishment when it was discovered after the fact. Things worked fine. It was good enough.
There is no need for additional surveillance, just because computers and internet can be used to do it.
the people that sacrificed years of education and hardship to be employed by a company and have a boss in the end of the day your still back to the same predicament. A plumber, electrician, carpenter, has more autonomy than any profession in the US. A surgeon after years of schooling and experience still has to answer to a director or board, wrong doing will lose all of their credentials and revoked in due time.
Add this to the infinite list of reasons why I don't put company-issued spyware on my personal devices. If Slack/Teams/Outlook/whatever wants to "administer" my personal device in any way, it's a hard no for me.
This is why unions in the workplace are a good thing. It would prevent management from enabling these god awful policies by using collective bargaining.
Yet the contrarians here will always say "iTs bEtTeR wItHoUt uNiOn cuz I nEgoTiaTe beTtEr"
If this is for people physically working at some place they have access controls and will see if you left the building, when and for how long.
So this is only good to track when your company phone leaves to the toilet. I imagine if they want to get rid of you they just set up a WiFi access point in the toilet and track your poop time. Then tell you to "optimize" your diet so you are more productive or get fired.
I mean it’s Microsoft the king of shitty features.
If this is for catching people working from home, just clone the WiFi and Mac on an OpenWRT 5g mobile router and take it with you and enjoy laughing at your boss while brunching with the whole team on company time.
Sometimes I think people forget that you borrow the company your (life)time and skills for the agreed terms. You’re not some kind of pig that is tracked until you’re fat enough to get butchered.
If your company turns this on, just look for a better workplace immediately that is actually respecting you as a human being and not "human capital" and tell them to get fucked.
I work on Teams (I know, I know... please don't hit me, it's not my fault)
1. I don't speak authoritatively and
2. I don't have knowledge of the whole product - there's always a rogue team here and there doing stuff.
We've had that feature turned on at MSFT for some time now. It does not allow your manager to see that you're at Starbucks, at home, on the shitter or anything like that. There's a new toggle in the calendar settings called "Share location with my organization", and the settings are: "all details: building, desk, etc.", "general location: office or remote", "can't view any location information". What it does when turned on is just adding, at the top of your calendar, icons that tell you which of your colleagues are in office, and if they share and you click on someone's picture, what building they're in (when it works).
The whole "it will tell your manager what your wifi is" is just baseless extrapolation, and plainly false from what I can tell.
Thanks for showing up to provide some corrective information. I know it can feel like opening a box of yellowjackets, but one of the best things about the HN community is when someone with first-hand knowledge is willing to share what they know.
Edit: from https://news.ycombinator.com/item?id=46827312, it does sound like the feature isn't really opt-in for end users though?
> it does sound like the feature isn't really opt-in for end users though
End users should not have an expectation of empowerment when using Teams or its predecessors... the administrator can override basically anything.
If you work in a large enterprise they already control everything—or have the capability.
AI written with zero sources, links, anything, shouldn't be acceptable, especially to HNers. Makes me sad. :(
Apologies you both have to deal with this.
Thanks for chiming in!
This is how I expected the feature to work once I read the real product brief, so that's a plus at least. You might want to tell your product people to ask whoever deals with this stuff at Microsoft anymore if they can, like, talk to the press about it? Various outlets have been running stories for almost a year now about how Teams is going to start sending your WiFi data to your boss.
The wording on the product page also makes it sound like tenant administrators will get to decide how opt-in works (ie - that they could select which options the end-user is allowed to pick, and at Microsoft they happened to give you the freedom of choice); this makes sense from my experience in enterprise software management but also makes the feature seem like it will be incredibly yucky/annoying. Is that just a case of poor wording?
This still seems like a super weird feature to push through in terms of "yuck" to "value," but I also know how that goes.
Out of curiosity is this related to the 'emergency location' that we admins have to provide for every calling plan user or is it a wholly separate system? Reading the other comments here they must not realize that teams is already tracking their address because it has to know which PSAP to connect them to.
This location either uses the named locations I have set up in Entra (we use our public IP ranges for it) or it prompts users for their address if isn't sure. https://learn.microsoft.com/en-us/microsoftteams/emergency-c...
Honestly I don't know - building location is probably using the same data though.
The emergency location is for 911 dispatch. The theory goes that in the time of wired phones, a call from 212 555 1212 was definitely from the phone on the 11th floor of 60 Hudson Street, so the correct police/fire/ambulance would be obviously in South Manhattan -- but now that we have VOIP and softphones, the phone could be anywhere -- so which 911 point-of-presence should handle it?
Hence the explicit statement.
But the data exists such that anyone with enough leverage could see that?
Kind of like how Microsoft provides services to ICC judges until they won’t?
Great. Can you share how exactly someone's location is being derived?
The tenant admin configures that mapping. They can also configure whether the data can be exposed to users outside of the organization. There’s no magic here.
> ...what building they're in...
Given that not every device has built in GPS, it sounds like the Network Team is going to have to provide the locations of APs for that to work.
Curious how Teams will resolve that. If you're on your phone using a VPN back to your home network will it know or show you as at home? What happens if you have multiple APs at home?
There are public databases of APs. Google reportedly used their Android users to sniff APs (?), and used StreetView vehicles to wardrive. MS can surely pin many APs to user's PII and locations just on the data they already have?
> Google reportedly used their Android users to sniff APs
Pretty sure that's how it works across all phones. I know that's how Apple gets their location services database at least.
https://github.com/acheong08/apple-corelocation-experiments
Perhaps it can be derived indirectly, if you have all global positions in the area and can calculate back, with some uncertainty, who is where and when and how.
It's like in Minority Report. Though with not perfect accuracy yet.
Yeah, you need to add the BSSID of all APs. VPN does not matter the OS will have to provide access to this info.
What happens if I only use the Teams in Firefox browser? Can a browser also identify SSID?
I’m pretty sure that and uninstalling it in your phone should do the trick.
The scary part is that your boss can question why you are the only one without location info.
So it only lets Microsoft know people's exact location -- how close is Microsoft to the Trump regime? Nadella has apparently gifted Trump millions?
Why in the f does Word need my location (access to location services) for me to write a document? Pops up every time.
Teams already has a location setting, if you wanted to automate that a more correct way would seem to be adding the feature and offering users the opportunity to turn it on. Microsoft hasn't really changed since the IE days it seems.
1. VeryGoodCorp builds a "harmless" feature that's super useful and maybe even opt-in. Only privacy-nuts object to it.
2. The feature is in fact useful, so most people enable it. It may even become company policy to have it enabled.
3. Companies who buy this feature ask for a way to force their employees to use it, as it's "confusing" if location data is only available for 90% of the employees. Not it's an opt-out feature, in the best case.
4. VeryGoodCorp is in a bit of trouble with its shareholders. Revenue growth hasn't been as great lately. They realize that they are sitting on a mountain of location data, aggregated from multiple harmless features, that would tell its customers if their employees are slacking off at work. Surprisingly, the customers are willing to pay good money for a "employee productivity score".
5. Profit..
Edit: formatting
Edit 2: Now you may say "well that wouldn't be legal", and depending on the jurisdiction I'm sure it isn't. But that hasn't kept VeryGoodCorp from collecting this data, they just forgot to turn off the toggle for EU you know, honest mistake. But they still have the data, and laws can change, or, you know, made to change.. (Prop 22 anyone?)
It also shows them what wifi network you are connected to.
As an aside the zoom admin panel offers great information for troubleshooting but it also offers lots of information about users’ connections.
It seems like people go out of their way to find something Microsoft, Apple, etc do everyday to get outraged about. Always appreciate someone from the source correcting misinformation and putting it into perspective.
Can you please allow me to disable Ctrl plus Shift plus C shortcut? I've been begging for years at this point...
Here's the actual "roadmap" feature (scroll to the bottom where the filtered list is):
https://www.microsoft.com/en-us/microsoft-365/roadmap?search...
The actual feature brief is:
"When users connect to their organization's Wi-Fi, Teams will soon be able to automatically update their work location to reflect the building they're working from. This feature will be off by default. Tenant admins will decide whether to enable it and require end-users to opt-in."
Yuck.
Working on the systems/security/infrastructure side, we can already do this. Endpoint management systems already report wifi-ssid, internal-IP, whether you are using a vpn to try and hide info. SASE/ZTNA solutions provide location data, username, device used, connection details. Conditional access policies in the tenant already do checks against all of this anyway.
The roadmap just makes the whole thing user-facing so there's a status in Teams of where you currently are. But IT knew all along. And if IT didn't have tools deployed to get this info already count yourself lucky to work at an immature org security-wise.
Yeah, it's mostly just a weird feature in terms of ick-factor vs. utility.
I will say that "IT knows where I am" and "my manager / manager's manager / whatever sees where I am on Teams" would represent two very different personal annoyance levels at most companies I've worked at; at most places I've worked getting someone's location through IT required them to be doing something questionable or illegal (ie - working from an unapproved country) or breaking some obnoxious return-to-office policy, not just "hey is Bob out to lunch again or is he over in Building 6 so I can drive-by him with some questions real quick"
People should look up what features "carbon black" has, it's extremely frequently deployed (cb.exe in task manager) and can, (according to their own marketing) provide managers with live feeds of your desktop... So yeah...
mmhmm. Yea if someone really had the desire they could figure out my online presence and possibly even get a rough idea of what I'm actually doing with my time. Always something you could figure out from an IT network, its just about putting the history together.
But I'll agree that Teams is packaging this information into something more digest-able for middle managers, and that's the rub. There are always manager types who have the epiphany that not everyone is working 100% of the time and it bothers them enough to call it out to subordinates, or if they don't like someone enough they might do a deep dive with IT. Teams already has this indicator to show if you're online, on mobile, in a meeting, AFK, or offline entirely. Its not that the information wasn't there, its just much more front-and-center for managers to be annoying about it.
Working on the systems/security/infrastructure side, we can already do this
IT having the information for security is one thing.
In the hands of power-hungry lower middle managers, it becomes a weapon.
I think that's the difference.
First security job I had, the CISO had already declared that enforcing "no Youtube, porn, whatever" at work was a managerial problem and not a security problem [0]. And when management needed data from computers about an employee, they had to go through security -- they couldn't just fish around on their own. HR was involved, there was a paper trail, and requests were scope limited.
There are companies that do incredibly invasive employee monitoring, but those dystopias don't use EDR or whatever. They use some other vendor's spyware to replace management with creeping.
For some reason I'm reminded of the chains or cables used to keep operator hands (Posson's pull-backs) from being crushed in a press brake.
[0] The malware, etc that can come from those sites was a security problem -- but checking if creepy Bob was looking at boobs on company equipment or even just wasting time had nothing to do with infosec.
In my experience the most common use of this data is to build case for firing someone for cause when upper management wants them out. It's rarely used for actual security purposes.
I was wondering if there was more Microsoft has said/used to say about this feature because it leaves a gap between "connect to your organizations Wi-Fi" and "will show you're connected to Starbucks/Home and what that SSID is".
I followed several articles and the tree I found seems to end with this Neowin article https://www.neowin.net/news/microsoft-delays-controversial-l... but it doesn't actully clear up the sourcing. I.e. the quote in the article is the same roadmap item, yet the article talks directly to that as if it's the home SSID which will be put into Teams - where is that information in the quote it's describing? I'm not sure if they just didn't source that bit or if it's plain confusion about whether it's really limited to "connecting to your organizations Wi-Fi" which is then being picked up as a hot story.
Yeah, I couldn't find any sources that weren't rage-bait either.
Honestly, to me the feature seems so incredibly low-functionality that I'm surprised they're pushing it forward after all of the controversy it's generated. Like, sure, it might be nice to see if someone was out to lunch or in Building 17 or whatever without needing to message them, but at the cost of the whole "teams is spying on you" narrative and yuck-factor it pushes, I'm surprised they haven't pushed harder on either clarifying the functionality or just pulling it.
I think I agree. Of all things MS does, this is relatively small potatoes. It a soft creep, but also a gentle reminder that I need to somehow get out of my position, do wfh where I control my environment better ( likely my own business ), or try to convince bosses that we should move away from Windows ( as impossible as sell now as it ever was ).
Hell, if you're using Teams PSTN calling, your location has to be pulled in by Teams for e911 compliance anyways down to the building. It updates automatically already, even!
Sure, and your corporate IT also have the roaming logs from their APs and the access logs from the VPN (and maybe your location from MDM anyway), but it doesn't get shown to your boss and coworkers in real time, probably, unless your company is structured really weirdly.
What happens if you deny location permissions? Why doesn't every other VOIP app require your live location, and instead are fine with a random address you manually entered?
I used to work in healthcare network/telecom and then as a healthcare network/telecom VAR before working at a networking manufacturer currently for the last ~year. The below may be slightly out of date, and I was just the person getting told by the lawyers instead of the one with the real understanding, but it was what I'd run into at the time for the US.
The understanding I always got from legal was "it's continually the company's legal liability under the RAY BAUM's Act whether the address is correct when the user dials 911 on/via the corporate systems, not the user's". Sometimes the conversation sounded like you could potentially have users sign something to transfer that liability, other times legal didn't seem to even want to entertain the idea as valid. Regardless, none of the companies ever ended up wanting to go that route for either concern of general friction/overhead or concern there would be employees pushing back that they don't want to sign it and instead would just want 911 to work (which is also a reasonable position for an employee to want to hold). I.e. implementing automatic VOIP location for some users but not others was either impossible on some systems or just seen as a nightmare to try to track/audit, even if they were willing to try to make every employee perfectly happy about it. A bit of a legally induced quagmire for a good intent (accurate 911 not being something a place could opt out of providing) which had trade offs in reality.
RAY BAUM's compliance requirements for for nomadic endpoints in went active in 2022 but most companies had already started trying to be compliant a little prior to that when fixed endpoints needed it anyways. Some companies of course don't bother, either knowingly or unknowingly assuming that compliance risk. Before that it wasn't really a topic.
Is the answer to buy a travel router and give it the same SSID as another network, either work or home? Or is this doing something more sophisticated than SSID snooping?
Nobody knows, as far as I can tell; I haven't found any actual sources and I don't think the code is present in a public release anywhere for anyone to look at. I'm assuming it must work off of MAC at a minimum, since most offices have the same SSID across buildings. It doesn't really seem "designed" as a spyware/audit feature, since it would be a terrible flimsy one, but it also just doesn't seem that useful compared to the "yuck" factor it generates and the potential for abuse by crappy employers/managers.
More on this here https://news.ycombinator.com/item?id=46827756 but the short of it is where is this talk of SSIDs even originating and, if it is really the approach, how does it work right at all?
That aside, if it is SSIDs it's dead simple to fake. If it's BSSIDs it's a little more difficult and not every AP may expose a way to spoof it (but it's not too difficult to find ones which will).
This feels like a much better feature than “they can track your realtime location from the mobile app” as implied in the article? Plus employees will have to opt in?
The tracking is still gross, but limited to opt-in on office WiFi seems a lot less dramatic of a headline, especially given the main concern people have is work from home
> Plus employees will have to opt in?
If a company policy says you have to opt in, not opting in means you're breaching the policy and might get fired. Entirely legal in at-will employment places, but potentially not in places with better worker protections.
Saying that, I just got announcement from my employer they will not be turning it on for now.
Employees need to join a union
Personally I wouldn’t even start working for an organisation that uses Microsoft …
So how many dozens of organizations can you work for?
More and more every day.
https://www.euronews.com/next/2026/01/27/france-to-ditch-us-...
> More and more every day.
That's not a bad thing.
But I think its totally unrealistic and impractical to deal with this kind of thing by being so choosy that you won't work for an org that uses Microsoft. Actually acting that way probably just means choosing to be unemployed (for the vast majority, at least).
Honestly I don’t know. Pretty comfortable where I’m now and we would never even consider using any M$ products ever. I know US culture is more about job-hopping every other year but I’m at the same place for many years now
We used to use GSuite then we got acquired and we're a microsoft shop. :(
God that is the one big fear I have xD
unfortunately, my org that used google got acquired by an org that forced MS on us...
My large corp is moving to Google from MS, which doesn’t impact me much (I’m contracted out to another large corp) but I really wonder at the expense (in time) of a migration. What a huge drain on resources in the short term.
They can already do… pretty much any organization uses a VPN or “ZTNA” to provide access to resources so they know where you are.
> Plus employees will have to opt in?
I mean, that's not really how "opt-in" works for features that your company owns; you might have to "opt-in" technically but your company will probably make that a little more mandatory.
I do agree that the blog post, headline, and HN comments are as usual quite an overreaction, but this feature is pretty gross. It's also weird because the controversy/grossness-to-utility ratio seems awful, which either means that Microsoft product management has gotten as bad as everyone thinks it has or there's some future plan to make it more "robust."
My concern is if the employee is aware, at least let me quit before I’m silently opted into my boss realizing I can get the same work done with less time at the desk from home
>If you decide to take a "working lunch" and connect to "Starbucks_Guest_WiFi", your boss sees it instantly
Can't you just rename your home wifi SSID to be whatever your Work wifi is called?
The roadmap description is not really specific enough to either back up what the article is saying or describe if this approach would/wouldn't do anything, so I'm wondering the same kinds of things.
If I were to try to implement the given task description, I'd start with assuming this would need to be "Enterprise gives an exports of BSSIDs and locations, Teams uses that table to set the location when you connect to your organization's AP". I'm not even sure how else to make this really work right.
If it really is SSID based, the feature would be relatively useless for most organizations even before discussion trying to spoof it. E.g. the last place I worked had ~3,500 physical addresses with APs (and many more individual buildings/"office" names), all with the same "Corp_Name_Employee" SSID because otherwise it's way more work to have unique SSIDs. So how would this feature even do what it's supposed to do based on SSID?
> If it really is SSID based, the feature would be relatively useless for most organizations even before discussion trying to spoof it. E.g. the last place I worked had ~3,500 physical addresses with APs (and many more individual buildings/"office" names), all with the same "Corp_Name_Employee" SSID because otherwise it's way more work to have unique SSIDs. So how would this feature even do what it's supposed to do based on SSID?
Maybe the enterprise exports a table of AP MAC addresses, mapped to locations. It could be the SSID stuff is just a way to spy on what non-office location you were at.
That's what I'm thinking. BSSID ~= "AP MAC Address" it's just each (SSID, frequency) tuple the AP advertises has a different BSSID/MAC rather than a single shared one per AP.
E.g. in the above deployment each Aruba AP could have up to 16 BSSIDs/MACs per radio, but we really had an average of ~5 in use per band at any given site. So a single 2.4 GHz + 5 GHz AP would have 10ish BSSIDs/MACs associated with it in the export (which would then roll up to be BSSIDs/MACs at that office).
Then any of the SSID stuff seems to be more pure speculation (at least from what I've been able to find sourced from Microsoft so far, they are very light on details). Maybe tEAMS does something with SSID, maybe it doesn't - but the roadmap item doesn't even mention that half of the behavior at all, the Neowin article at least looks to be just inserting stuff about SSIDs without any source (and this site doesn't seem to source much at all). It certainly could use SSID as a fallback when there is no location, but where are the articles finding the plan actually has anything about doing that and why would it help more than setting the status to "Remote".
At the end of the day BSSID isn't unspoofable either (companies that care that much probably just want mobile device management or to look at the wireless controller itself), but it at least enables the actual goal of saying which office to be achieved.
https://adam.harvey.studio/skylift/
https://github.com/adamhrv/skylift
I predict a lot of office wifi names with small typos used to share internet from smartphones.
Might need to change the MAC address and netblock to match the office one too, but entirely doable.
Travel router, use that to connect to the "host" wifi/network, and only ever connect your device through the travel router... always will show the same network, no?
(Or phone tether, if you have a good data plan)
Or ethernet? I keep the wifi on my work PCs disabled, connect via ethernet, and put them in a VLAN with only the network connectivity they need for me to work.
That’s ok, if my work cared enough about whether I was online or at my desk at any specific moment they’d have complained already. I have teams quit completely half the time. I get my work done, my performance reviews are good, I turn up to meetings on time, that’s all that should ever matter.
Also if they cared so much about where I was to punish me for it, I’d quit that company. The only companies I will work for are ones that treat me like an adult, it’s fairly simple.
And I am glad you can afford that choice. But there are a ton of people out there who can't.
Should be restricted to only "in office" vs "not in office", no showing the wifi name. Also, the lack of wired network support seems odd.
IMO that's probably how the feature will work, I haven't seen any actual non-speculation/rage bait evidence to the contrary.
Yeah it's used to list where your coworkers might be, it's a part of Microsoft Places, which is like a hotdesk thing. People have an insane response to this, and yet i assume they use their company provided laptop everyday.
I guess we need to use some VNC or so, to connect to the machine that runs MS Teams, which sits at the correct workplace. But also need to be able to accept and make calls. I am guessing, even if that data could also be sent via some protocol, the delay might be a lot?
I think its cool, so I can who is in the office for lunch.
Currently I manually check device IPs.
And there's me asking people :/
It is sometimes required to know where the user is sitting due to cross border data transfer laws. It seems that Microsoft is making it more easier to implement such requirements.
> automatically update their work location to reflect the building they're working from.
So, either this minimal description is A: an attempt to mask the feature's true purpose of dystopian pocket spying under an innocent-sounding cover, or B: negligently deploying a technical capability with far-reaching consequences without proper diligence or care.
Even if the goal was to enable a pocket panopticon for middle manager spying on WFH staff, in less than 10 seconds I came up with a list of other negative impacts and threat vectors which should freak out any large org's corporate security, legal, compliance and HR teams.
* Like lower level employees not in the 'shielded compartment' seeing that {M&A exec} is currently on {potential acquisition target company's} guest wifi. This kind of accidental location knowledge leak has actually happened between MSFT and Google via a freak analog coincidence and it changed the course of a huge acquisition. This feature makes that accident 1000x more likely.
* Or an employee sues for being dismissed and their lawyer proves through discovery that a manager could have seen they were connected to the wifi of a competitor they might have been interviewing with or an abortion clinic or gay bar, etc.
* Or as part of a harassment claim an employee says the company's required app showed them the phrase "Big Titz Rule!!!" because it was the name of a wifi network another employee was connected to.
Just having an opt-out or hours limit is woefully inadequate. Even if those should prevent senior execs and M&A teams location being accidentally visible to employees not in a trust circle (or worse contractors, vendors or customers looped into a Teams group), it STILL creates huge new threat surfaces. At a minimum the 'feature' needs ways to limit it to only show wifi network names: A. On an approved list, B. Matching a regex pattern, C. limited within a list of IP sub-domains, etc. And at many companies, as part of compliance, all those wifi network names will need to be passed through the "problematic words" list maintained by the HR and security teams (and in many companies hits on those lists trigger auto-reports which will now create discoverable "evidence" in any future lawsuit keyword search).
The unintended-but-foreseable consequences stretch for miles. And this isn't the MSFT Office/Teams group's first self-inflicted trip to this rodeo. I just don't understand how they keep repeating the Same. Obvious. Mistakes.
Our building security system updates something somewhere which ties into email. When we have incidents such as "the lifts are broken" or "the south exit is closed" or whatever, these get emailed to all staff that have been in the the building in the last so many hours (16 I'd assume). It's a handy system.
Ultimately if you are at the type of company which practices presenteeism, then the technology used is immaterial
Fucking hell. Living in Teams is bad enough without this. It’s only a tiny part of my job, but if it was a major part I’m not sure I could stomach that.
FTA
> Remember when you could text Dave from the office to turn your PC on because you were stuck in traffic?
I honestly don't. This was a thing? Why?
> So if you decide to take a "working lunch" and connect to "Starbucks_Guest_WiFi", your boss sees it instantly.
I would have a lot of fun with "creative" names for my Wi-fi network.
Seriously, this is not a thing. It doesn't even begin to make sense. It's made up.
If you work in a factory with time cards that need to be punched in, and you punch in a buddy's who is late, that's a thing -- a very risky thing if you get caught, since it's fraud.
But the idea that you'll give a coworker your password so they can boot up and log in and somehow make it look like you're online...? Not a thing. And doesn't even make sense today when you can just open your chat client on your phone anyways and be present there. We've been in an era of remote work for a long time now.
This was a thing. I worked in an office of 4 within a larger facility back when booting up took some time and we had staggered morning arrivals. The first arrival would power on everyone's computers so they were ready. If someone came in, they'd see a computer on without someone there. Where are they? I don't know, maybe in the bathroom, getting coffee, or running down an issue in another department.
Even in the pre-remote, desktops-only era it wouldn't have made any sense. Your boss, your co-workers, and everyone else was at the office. They could see you weren't at your desk. There was no need for tracking software and hence, no need to ask your buddy to log you in because you were late.
This doesn't make any sense. In any organization with a remotely capable IT, you'll still need to log in with your own account. If you give someone else your password to log in... there is a bigger problem.
It could make sense, although probably rarely these days. The question is, whether the benefit of pretending to be on time (no need to stay late to compensate, no need to explain to supervisor) outweighs the security and legal risk. It totally might.
I think they would have thought of that and are likely using MAC addresses and a lookup table tied up Active Server, etc.
Yes, MAC addresses can be spoofed, but that isn't going to be what most employees will do.
No I just meant prank names for the network.
"Huh, looks like Ted's working from 'Kiss My Ass, Stalker' again."
Exactly this. If you worry about these things, find another job. So much about MS Teams. Nothing about these toxic managers.
If you think it’s normal to call in to have someone pretend you’re there because your manager can’t forgive you some bad traffic you’re pretty far away from a healthy working relationship.
I'm surprised this would be even legal in most European countries... Then again, MS might not care any more. Companies who are not looking for alternatives today won't ever be looking.
It is not. Best guess is that this is reserved for the land of the free.
I still expect this feature to roll out worldwide with some legalese fine print that the customer is responsible for configuring and operating the product "in accordance with local laws". I'd be really surprised if MS handles this differently.
The implementation details are sketchy/weak in all sources I can find, but I don't think it's pure (coordinates based) location tracking, but rather a "feature" that will show which WiFi network you're connected to as your Teams status. It's pitched as "what building you're in at the office," which seems like a stretch.
It's also kind of unclear whether the blog post is correct that it would show the name of another network if you connect to it - I'd sort of assume it would just show "Out of Office" instead of "connected to YO_MAMAS_WIFI" or whatever, but who knows.
For meshed networks there is a secondary ID (with a name I do not know) that is used to distinguish between APs, since your device should only talk to at most one AP at a time. It wouldn't be surprising if they used that for finding the location, but marketing sells it as SSID matching as the people they want to sell it to are most likely not experts in networking.
The ESSID (Extended Service Set Identifier) is the human-readable thing you see. There is an underlying BSSID (Basic Service Set Identifier) that includes the unique identifier for the AP (its MAC address) your mobile unit is associated with.
On Windows you can see this (from an elevated context and, in newer versions, with location services enabled) by running: "netsh wlan show interfaces"
They could use the BSSID, which is unique per physical access point.
Yeah, the whole feature brief seems like either a really flimsy cover story or truly awful product management since it's a completely useless feature.
If it's just the SSID it's pretty useless for making sure people are at work. I can totally connect to "Office_CA-SJC-03" from home, or any other SSID you care to name.
Why not get a portable hotspot and call it "[your work's wifi name]"
Would that not cause problems when your laptop tried to connect to two networks that needed different credentials?
If you deleted teams off your phone then hot-spotted from phone?
This article is like 300 words. Would it have killed them to not generate it using AI?
Maybe this will change one day but at the current moment this is an immediate turnoff. It's like someone trying to show you their project day 1 and it's a page filled with ads and a newsletter popup. You may have good reasons to do that but it doesn't instill a sense of trust and quality.
I don't know how much of it was hand-edited and how much was direct output, but this article has that unmistakable LLM voice. The rhythm, the rhetorical flourishes; it's all there even if it's diffused through some human revision.
The really weird thing is going to be when people start internalizing the LLM voice and writing that way. It's probably happening already.
I've seen many people do the latter, I get quite annoyed by it. Worst of all is wondering if I'm affected by it myself, I doubt most people who've gotten an 'LLM writing style' know so themselves.
Eventually no space where people can just 'publish' things will be safe from being completely filled with LLM writing/video/images. The only way to combat it is by forcing people to get punished for this behaviour and making it difficult to circumvent.
Some invite system where people get punished for the bad people they bring in, one that's linked to your identity/workplace/education. Even if these options were available, I doubt many people would care enough, they'd rather be in 'enshittified ' spaces.
I'm so embarrassed to say that I read it and didn't notice. But now that you pointed it out, I reread it and you are so right. It is clearly generated.
I have flagged this article on principle. Idk if it it's in the spirit of HN to do that or not, but the button's there, and I'm going to use it.
This actually seem quite flag-worthy to me. Look at the rest of the site, it's not at all trustworthy. The first post says it's by some random 16 year old (if we can actually believe that) and only has a few posts. One of them is a comparison of smart watches which says they tested them in the subheading on the article listing, but then doesn't show anything more than a surface level comparison from AI.
I truly believe our industry needs to elevate our own anti-awards, like others have (Razzies, Worst Game of the Year, etc.) to shame those responsible for building the regressive tech that corporations and governments push.
There's already the Big Brother Awards [0] and EFF's smattering of Worst Government and Worst Data Breach articles each year. [1]
But I think we need more.
Personally I would love to nominate:
- Mark Stefik and Brad Cox for their contributions to DRM
- Erick Lavoie for his work on Wildvine DRM
- Vern Paxson for his contributions to DPI (Deep Packet Inspection)
- Latanya Sweeney and Alexandre de Montjoye for their contributions to re-identification of anonymized data
- Steven J. Murdoch and George Danezis for their work on de-anonymization attacks
[0]http://www.bigbrotherawards.org/
[1]https://www.eff.org/deeplinks/2025/12/breachies-2025-worst-w...
>- Latanya Sweeney and Alexandre de Montjoye for their contributions to re-identification of anonymized data
It seems like highlighting how anonymization is a lot harder than a lot of people assume is a really useful service. If researchers can do it, without any particular secret sauce, so can a lot of other people. (Unless I'm totally misunderstanding your comment.)
Agreed. I truly don't understand including these researchers on this list.
Some of Sweeney's most well-known work in this area is from the LATE 1990s. She was sounding the alarm about problems with anonymized data in medical datasets: https://en.wikipedia.org/wiki/Latanya_Sweeney#Medical_datase...
Her work almost certainly contributed highly to awareness of these risks.
More recently she has apparently worked on things like protecting voting rights in the US by notifying voters if their registration records change.
I haven't followed what she's been working on recently.
But, yeah, at some point in the 90s, Massachusetts decided to release some "anonymized" health records for research purposes (I think just state employees). One was governor William Weld who obviously had a lot of public information widely available. As I recall, Sweeney wrote the governor's office a bit later basically saying "I have your medical records."
I used this as a slide or two in some AI presentations in the mid-2000s or so pre-LLMs when I had some peripheral involvement with some of the privacy-preserving research going on (differential privacy, multiparty computation, fully homomorphic encryption). Haven't really followed most of this for a while.
See also: AOL's search data release
https://en.wikipedia.org/wiki/AOL_search_log_release
As I somewhat recall there also an issue with correlating IMDB with Netflix ratings at one point.
Publicly reproducible attacks are great, because now we know where there the problem is and how to fix it.
You can be pretty sure some three-letter agency trash had been already using it around the world along with shady spyware startups.
Another thing that I think would help is to start introducing some ethics into our profession as programmers.
Most other professions have you take ethics classes, have ethics boards and even ethics legislation. We're severely lacking in this area as a community. It really shows when every year there's a new company building the Maximum Oppression Orb from the book Dont Build the Maximum Oppression Orb. Its like we're dealing with the moral equivalent of a mentally challenged person all the time
Programmers are not really decision makers there.
The requirements for this sort of stuff come from top down. Do you expect C-Level and and the top layers of sycophants beneath them to be ethical?
Calling out anonymity researchers for showing that "anonymization" schemes don't work well is a stupid and dumb idea.
If they hadn't done it, you can bet that bad guys would have done it instead (and maybe were already doing it). What the researchers did is publicly show that the existing schemes were broken, hence motivating the design of better schemes.
Like, you fundamentally misunderstand computer security research if you think that shitting on people publishing attacks is a good thing.
You can argue about the timing of disclosing specific vulnerabilities vs. when fixes are available. But the idea that we should all be (shh) don't tell anyone that this broad practice is vulnerable to bad actors is idiotic.
https://scheisstool.de/site/
Should issue the award!
The original is dreckstool.de
> for their contributions to DRM
You're assuming Hollywood studios would ever release their content without DRM of some kind. They were quite content to ignore computers entirely if they didn't bend.
The world where Widevine doesn't exist isn't a DRM free one; but a world where an iPad or Smart TV can stream and a PC can't. I would support giving them an award though for "most repeated invention that keeps failing."
We are way past shame being an effective tool to regulate behavior.
It just has to come from people they care about. These days random people will try to shame you for so many things it's just overload.
Now.. that is not accurate at all. Some people simply respond differently do different stimuli. And those do change with age and experience. It is not a bad idea.
Shame from the in-group still remains effective. Shame from the out-group wanes as an effective tool as polarization increases.
its hard to argue a point where your autonomy trumps, the very thing giving you a salary. We freedom are you really expecting from an employment such as this. You are working for a big tech that is in the midst of layoffs and scrutiny from all angles. One being there is massive competition that at the sightless mishaps will give an advantage to your competitor and that all starts at the bottom meaning hierarchy. Don't expect shame from these companies either. That is ship sailed along ago.
It would still help with public awareness.
I'm sorry but there is no shame in our industry, where are people protesting at conferences calling out devs working on instruments of oppression? Why isn't anyone harassing the devs that take it as a badge of honor to work at companies that profit from human misery?
I don't see it anywhere.
I do it all the time. It gets censored, hidden, downmodded on almost every site.
I sincerely mean this when I say thank you. Tech workers have pilfered the commons and ruined too many innocent lives to sit so high on their pedestal.
Devil's advocate here about the original post, about physical location: This would definitely have prevented the North Korean workers incident a few years back.
I also find it hard to get offended about because there is basically no job, outside of tech, which doesn't involve physical location. >95% of jobs require physical location. Do you think a concrete worker, a plumber, an electrician, or literally anyone who works with their hands, has a right to location privacy? What does that even mean? "I'm totally clocking in to work today and totally installing a light fixture for a client right now and I won't tell you which one"? "I'm totally making a cappuccino for an old lady right now at one of our 30,000 branches, but trust me, you don't need to know which one"? Whining about this is extremely hard for me to generate sympathies for.
This is a really crappy tool for dealing with the North Korean Workers problem; it doesn't sound particularly fraud-resistant and that issue should already be handled by any competent corporate IT department with 10000 better and higher resolution ways to figure out where their assets are located.
Overall it's just kind of a yucky and weird feature; when I worked in an office I really didn't really want my coworkers having a real-time automated feed about where I'm located and one of my chores as a manager was always picking a seating position where I could at least take the drive-by questions before my team got interrupted, which stuff like this bypasses. I could actually see it being useful for field-deployed employees but it's not part of the stated implementation and most people in that scenario already have a solution for that.
I agree that the typical HN-meltdown isn't warranted here; the HN Meltdown Factor on anything related to privacy, cryptography, and security lately has gotten really out of hand (the post you're replying to is a perfect example, actually). But I also don't think these counterpoints are very strong; they're justifying other useful features and products that almost everyone already has. It's weird to me that Microsoft haven't either clarified or backed down on this one given how much press it's gotten vs. the seemingly tiny advantage the feature presents.
Some people are doing their best to get on that list: https://news.ycombinator.com/item?id=46784572
Does it works both ways? Does it also tracks where the boss is? To be fair to the employee, he should be able to see where the boss is at any time.
Completely agree. My employer makes all employee badging data available. Any employee can view whether any other employee has badged into the office and when. This includes viewing whether your boss has come in.
However badging data is much more coarse-grained than WiFi. For one, because the building is large, you can’t tell which part of the office the employee is. For two, you can’t tell when the employee has left work because no badging is needed to exit the building.
Yeah, I remember seeing board with the list in the 90s in some company I can't remember. It included every employee including the owner along with the status like IN,OUT - WHERE - PHONE, OUT
Some of this could be related to laws that necessitate updated location data for emergency calling. Since a common component of Teams is Teams Phone, there can be a compliance gap. I’m sure this isn’t the whole story, but it is likely one facet: https://www.911.gov/issues/legislation-and-policy/kari-s-law...
Surely that means soon everyone will have to wear ankle monitor?
Think of the children!
It looks like MS Teams will never be getting installed on my phone.
I don’t even allow location sharing with my own family on and ongoing basis.
Some people don't have a choice. Of course they could choose to lose their job over it, but for some that is not an option.
I also totally don't get why you would want to share your location, even with family. I don't want to know where they are either.
After they killed Skype, I tried to install the mobile Teams app. It wouldn't sync properly with the desktop app, so deleted it and forgot it existed. So glad it wouldn't work!
I installed it on my iPhone but didn't allow Bluetooth access or location access. I imagine it can't really do much with how iOS is. I also don't take my work phone with me if I go outside, so Wi-Fi tracking would be fairly useless anyway.
Guess it's true unless you have a company issued phone that is managed. But then maybe it's less shocking as long as you are allowed to totally turn it off outside work hours.
> If you connect to a Wi-Fi network that isn't your company's, Teams will simply display the name of that network. So if you decide to take a "working lunch" and connect to "Starbucks_Guest_WiFi", your boss sees it instantly.
Looks like I need to rename my home wifi to "Corporate Network."
> Remember when you could text Dave from the office to turn your PC on because you were stuck in traffic?
I don't understand why this doesn't still work. If Dave from the office has access to your PC, presumably Dave and your PC are in the office, connected to your office's network, and thus it would appear that you are in the office?
Or is the assumption that you're carrying another device with you that would give you away? In which case, shouldn't the complaint be more about being forced to perform some kind of work task (like carrying/being accessible by your phone) when you're off the clock...which is hardly a new issue/complaint?
There was an article here not too long ago about someone decrying a fellow cow-worker for their rather liberal usage of AI and how their manager would see it and promote it, changing company process in the meantime. The writer found this revulsive. But what I found interesting is what was not discussed. This “Microsoft just did X” is another entry in that.
Folks, let’s not beat around the bush: if you’re not your own boss, you don’t have agency and ultimately you have no control over the situation. The frustration is rooted in the lack of control, or at the very least in the lack of perception of cooperation that is a temporary substitute for agency and control (until the rug gets pulled from underneath them). It’s not Microsoft, it’s not Teams, it’s not AI. It’s not the person being promoted for doing this. It’s you. If it was your company, you could have put an end to it and changed the processes immediately. But it isn’t. So for having the privilege of working at whatever company you’re at, and getting paid whatever money you’re paid, you have to eat shit. This is the price you pay.
If you don’t want to eat shit from your bosses, you have to be your own boss. I think that’s as succinct and straightforward of a solution to things like these that you can find.
Assuming your office has entry gated with a badge (which I assume most do in 2026), don't they already know when you're physically at the office?
Heck, my employer's entry system was already coupled to my phone's location (optional, but meant I didn't have to reserve a desk manually). So, I already looked like I was coming to the office on weekends because the grocery store is next door.
EDIT: not to mention Teams already shows your status as "Away" if you don't type for 5 minutes. Sitting there reading a document - yep, you're clearly smoking in the parking lot or wandering around gossiping.
Yep there are so many ways an employer can know if you're coming to the office or not, if they really care.
And cameras inside the office
I think the only outrageous people here are the paranoid and the slackers...
My manager has called me when I was doing a mid-day grocery and I just told him: "sorry for the noise, I am at the grocery store at the moment". This is absolutely no problem at all, he asked if I wanted to call back when I got home...
It's pretty much making a storm in a glass of water here.
That's karma farming by bitching the ebil Microsoft...
Sounds like you work in a nice place. Most organisations are not nice places.
Microsoft is really dropping everything lately. First the Win11 disaster; this one is even making it in the heads of german news sites such as here:
https://www.derstandard.at/story/3000000306516/windows-11-is...
"Windows ist kaputt" = "Windows is broken"
And now 365 tracking people. So the whole company seems to now just be about sniffing after people. In the past it alleged at the least to enable folks, say, Win95 perhaps up to WinXP. Now somehow the customer became the enemy. It's really strange to see.
While you are not wrong on Microsoft, this Teams feature is not a problem - clowns who only read headlines are.
> If you connect to a Wi-Fi network that isn't your company's, Teams will simply display the name of that network. So if you decide to take a "working lunch" and connect to "Starbucks_Guest_WiFi", your boss sees it instantly
But what if I have a secondary wifi network in my home that says "BigCorpSuperSecureWifi", wouldn't that work? What if that's the name of my phone's hotspot?
Can I kill this via pihole somehow? My wife uses teams. This is a sick “tool” that will be wielded asymmetrically by middle management to fire people
Things like this blocking as extremely easy to detect and flag. Because they control the app they can always in-band the information to servers you need to connect to.
Modded Teams APK?
On a company-managed device?
It's more likely than you think.
I'm sure it depends on the make/model and how locked down it is or if they even care
I have started to use Teams in Firefox browser since last two weeks. Uninstalled app in laptop and phone.
And phone dns always goes through pihole. Could this work in your case?
VPN? Fake GPS? I know some routers have an option not to broadcast the name of the network but I'm not sure how that works.
Any middle management thinking of enabling this technology will make it mandatory. If you blackhole the traffic, that's also reason to fire you.
Do they need a reason anymore? Most US is at-will to work.
They don't need a reason to fire you. They need a reason to fire you and not pay unemployment benefits.
unemployment benefits are so low do they really care that much?
Unemployment benefits for me would be 3% annually of my annual salary.
Unemployment benefits are so low, they're barely enough to pay for food. Not enough to also pay for utilities, and definitely not enough to pay rent/mortgage.
This is intended to force you back into the slave market.
They don't pay the benefits directly. They pay a tax rate based on how many people who file for unemployment benefits are determined to be eligible for them.
All of the US is at-will except Montana.
Why would they want to fire you? And if they do, they will find a reason.
I guess you can use wireguard and install a vpn server on your work pc, that being said if your company has a semi competent IT team they will notice that, if you work from home just install wg easy https://github.com/wg-easy/wg-easy
this only works if you control the device and not managed by your company
Most middle managers will either not require this, or require it but find ways to themselves avoid being tagged as logging into their home wifi. The prevailing culture around middle-management is one of inefficiency and rule avoidance. Middle managers need to be replaced by AI already.
Some of my neighbors have some rather colorful Wifi SSIDs. I've seen some silly ones like "FBI SURVEILLANCE" as well as at least one crudely expressing their opinion of the current US President. Probably won't be long now before we see someone get fired because their boss saw the name of their home Wifi network.
My go-to SSID will always be "Robert'); DROP TABLE Students;--". For all others I just use a ship name from The Culture universe[0] like "Of Course I Still Love You" or "Just Read the Instructions".
0. https://theculture.fandom.com/wiki/List_of_spacecraft
For what it's worth, unless it can be conclusively argued that surveillance is necessary for the task to be done this sort of continuous surveillance is illegal in Quebec, Alberta and British Columbia. It violates the privacy of employees.
> Teams on Mac
> And obviously, the mobile app (your pocket spy).
Don't these ask for location permissions? This story is light on details.
The roadmap feature is light on details too: "When users connect to their organization's Wi-Fi, Teams will soon be able to automatically update their work location to reflect the building they're working from. This feature will be off by default. Tenant admins will decide whether to enable it and require end-users to opt-in."
I found a lot of news stories about this dating back to where it showed up on the roadmap in early 2025, but none of them with any more implementation details (ie - is it using _only_ WiFi network name, or some other data too?)
The Teams Android app just asked for location permission today for me for the first time. And got denied.
> Microsoft confirmed that starting March 2026 (delayed from January), managers will be able to see your real-time location. And no, disconnecting from the office Wi-Fi won't save you.
Is there anything more than the Wifi SSID stuff below?
> If you connect to a Wi-Fi network that isn't your company's, Teams will simply display the name of that network. So if you decide to take a "working lunch" and connect to "Starbucks_Guest_WiFi", your boss sees it instantly. You can’t hide behind a generic "Remote" status anymore.
So how exactly does this work? It'd be pretty trivial setup my access point to provide a work SSID? How much access does Teams really have to get info to discern your location?
SSID, signal strength, BSSID, private IP, public IP, ipv6, all trivially available to a binary running on a machine.
It sounds far less than the diagnostics data I get from a small go binary.
If corporate policy is you can't connect to starbucks wifi, then enforce that at the MDM mangement layer - I assume things like SCCM can do it.
> SSID, signal strength, BSSID, private IP, public IP, ipv6, all trivially available to a binary running on a machine.
So it sounds like if you want to circumvent this: get a travel router that spoofs a work access point, and make sure any kind of identification requests that would reveal a public IP are either blocked or are going through your work VPN.
running it in a browser would be enough, no ?
If it's only just the teams app that's doing it, but I'm not sure if that's a safe assumption. There's a crap ton of Microsoft stuff installed on my laptop by default, and the IT admins install stuff all the time.
When I started working at a time with no mobiles and no remote, calling or being called to the office for personal reasons was seen with disrespect from your coworkers. At work you were supposed to be working, and outside of work you were supposed not to be working. Pretty much as in the Severance series, but without the forgetting. With mobiles and connectivity, everything changed, I'm unsure if for better. Now you can work 24/7 or slack all day as if there were no tomorrow.
It seems like the worst practices from Trilogy/Crossover are leaking all over the industry. First the crunch at all times at FAANG, next tracking everyone in a few minute intervals, ending up with real-time video tracking at all times, all spawned by the desire of inept top management to run software development as a manual factory with predictable assembly lines and not an intellectual pursuit.
In my opinion, if I want to install any work-related software on my personal devices, it means I’m so excited about the job that I honestly don’t care whether a manager sees where and what I’m doing - just as a manager usually doesn’t care either. I mean, there’s no reason at all to install anything on personal devices unless you actually care about the business.
What is your opinion about installing M$ Authenticator or any other mfa software?
It's a good question. At work, we were given an option: install non-intrusive authenticators on your personal phone (you are free to disable their notifications fully, and you get some extra money as reimbursement) or you are given a company phone (that you have to carry to work and back, have to charge and update etc). Most non-oncall people decided to pick option 1. Oncall people picked option 2.
Society feels like a prison and the warden is watching.
This is exactly the end state we'll end up in unless the technology sector starts saying no to implementing the tools of petty tyranny.
Hint: Bossware and most things the MBA's drool over.
Unfortunately, there's enough people out there that are fine with implementing said features if it means they get a paycheck; even if it ruins the world for everyone else.
All defectors
So looks like feature is not working in the web client? One more reason to to use that instead. Also, I will uninstall Teams from my phone for sure.
How could you hack this? Like spoofing a company hotspot to your phone, that just mysteriously blocks you?
Mr. Doctorow calls this “Bossware.” ;-)
If they really care every large company already knows what building you are in just by tracking your badge info. This was transparent: I could check my own badge history anytime.
What this does is track when you are not working in the office.
Still easy to do if you have a badge system at work. No badge swipes today yet you've done work (emails, PRs, etc)? You're not working at the office.
I wondered why the Teams Android app suddenly decided to ask for location permissions today.
Denied.
Same and same. Like, what the hell is that for now?!
I used to use Dingtalk, it had a similar feature iirc. I couldn’t find a source, I can’t read mandarin
This screams E911 compliance than stalker-ware but I could definitely be wrong.
I know E911 was a big deal in the telephony world and since Teams is a phone service, this makes sense.
I don't like it but it makes sense.
I am doubtful that Teams is going to fire off an e911 address change request to a vendor such as Intrado/West or Sinch every time you change WiFi.
Agree, one could imagine a scenario where a worker went to the bathroom in a not too busy wing, had an anurism, stroke or seizure which left them debilitated right when a fire alarm rings and people need to evacuate. As it is today, the person might die if not found in time, this assumes someone else knew where to look without similar technology.
Disgusting, and a potential legal liability for employers if they turn it on. Not in the “invasion of privacy” sense, but the “there was a crime committed in area X and now the cops want our Teams logs from the employees who were there that Microsoft disclosed to them.”
The more data you collect, the bigger your legal liability when something inevitably goes pear-shaped.
Stop treating workers like grifters or prisoners and you won’t have nearly as many problems.
I feel like if they want to track my phone using an app then they owe me a phone. Their laptop is in theory theirs but not my phone
AI slop.
> If you connect to a Wi-Fi network that isn't your company's, Teams will simply display the name of that network.
This is hallucinated. The actual change: https://www.microsoft.com/en-us/microsoft-365/roadmap?id=488...
IF your 365 admins add a list of WiFi SSIDs to Teams, Teams will (optionally, opt-in by user) toggle your work location. It will not report not-known SSIDs to your manager or display it in Teams (but note your 365 admins have always been able to see this in the first place, in call/connectivity troubleshooting).
Buy a burner phone. Plug it in at your office for charge. Put teams app on it. Bam you're in the office 24/7.
After 3 days of such, an automated system detects this trivial anomaly and emails your boss + HR.
Make it connect to the wifi according to your work schedule.
I'd have two phones (and two laptops). One for work only, the other for everything else.
OK, I’m renaming my home WiFi to “Riverside_Strip_Club” :-)
Elsewhere in the news (including HN): "Microsoft is working to rebuild trust in Windows".
Most MDM software would already have access to your location. This might make it available to a lower level of management.
Run it from a VM, use a hotspot named the same as your home connection. Lots of options!
Microsoft really seems to be tripling and quadrupling down on total surveillance of the user's "own" system. If you haven't ditched MS yet, I'd consider it now.
Linux is becoming more and more viable for a gaming PC. For business uses a Linux desktop is usable but probably not ideal, but you also have macOS. I'd pick anything but Windows and MS stuff.
I don't get it. People complain when they have to go to the office. And then some are given the option to work from home. Then they complain their boss can find out where they are during work hours. What on Earth are you complaining about?
Just go to the damn office already!!!
It's about trust and empowerment.
It's about hiring adults, respecting and trusting them to do the job and support the team, and be responsible for their methods. The details are not important to that goal.
If an employer instead treats people like toddlers needing supervision, spoon feeding, and metrics around methods, not work, they will get only that.
It's pretty amazing to see the bubble many people here seem to work in. A guess, but probably 90% of employees have to go to work. Either they physically cannot do their job remotely or the employer demands that they be present.
A lot of people are coming across as whiny children here, "Oh no I might have to go to the office for my 6-figure paycheck." Grow up and go to work, as George Carlin might say.
Microslop doing Microslop things
It's so pathetic that people actually put up with this. There are so many ways to stop that tracking from working and no, your boss doesn't have the right to track you.
Until there is a law, there is nothing to stop them. So you need the law. First person to reach out to would be Ron Wyden, he has been a reliable advocate in this space.
https://www.wyden.senate.gov/
Nothing legal prevents them from trying but if you block the tracking then your not in the wrong, and if you prove they tracked you in your lunch break and after work, you might have a good chance at winning in court for invasion of privacy.
Most of this will be under 'tracking the corporate asset'. They aren't tracking you as a person, but instead a laptop or phone of which they own or control. That's going to be much harder to defeat in the US.
Invasion of privacy is legal in the US.
Very true, I support this, but the law is still needed imho unless we're fine normalizing the continuation of corporations tightening the screws on workers to keep their labor costs within their desired tolerances. It's about control, of course, as it always is. Protect the human from bad actors, broadly speaking.
I would be chuffed if I see someone present on breaking this at Defcon this year.
There are some questions, too. Can I track my boss if he can track me? Can I install a key-logger on the CFO's laptop? Why not? They just want to see where I am, and I just want to see what key they hit...
You could potentially purchase profiles on them from a data broker, and make them public if not illegal in your jurisdiction.
There are laws against LEO engaging in extrajudicial killings.
There are law's against wage theft.
Both happen quite often, recent ICE events aside.
Turns out words written in a book do not actually constrain physics.
What is this? The medieval ages? You seem to believe laws are mage armor.
Individuals need to grow a spine and not be so kowtowed. This battered wife shit where everyone has to kneel before some rando with an iPhone clipped to their belt is pathetic. Management isn't actually anymore useful to humanity than me, cause like me there's a huge backlog of people who can do managements job.
Laws are for them, not for us. It’s to keep us in their pockets. In line. Working. Till we die. Written by the wealthy and powerful to remain wealthy and powerful.
That they are wealthy and powerful is illusion.
All I see is frail old, codependent losers who need blue pills to simulate virility.
Other things can stop things.
Without some sort of organized intervention this sort of tracking will only get worse. A law is the basic way to enforce collective behavior, but sure, if your government doesn't pass one then you should organize some other way. Probably a union in this case.
You could also spam it full of fake data
No, he can't track you but yes, he can track his devices.
If you install corporate teams on your personal device, you are part of the problem.
You must request a device for that and never mix personal and professional stuff.
Why pathetic? People were breaking the rules, not working, going for walks and making dinners during WORK TIME.
Lazy and fraudulent people destroyed WFH. Should be banned forever. 20% people working, 80% slacking
> going for walks and making dinners during WORK TIME
Yet, when in the office, drinking coffee, watercooler smalltalk and smoking at the entrance is somehow considered work time.
Leave us alone. The output is all that matters.
Does UPS have the right to know the location of its drivers?
Of course it does.
I don’t know that we can draw broad conclusions about worker rights on this issue.
My company probably DOES need to know that I’m not taking company information to certain locations like overseas if I work in certain industries like if I am in healthcare covered by HIPAA and I’m handling PHI.
Hyperbolic example, but if I’m taking a teams call or reading my email in North Korea, that is a gigantic problem.
Right to privacy doesn’t exist inside of employer apps and company devices, and there isn’t a strong argument that it should exist.
I would argue that UPS has the right to know the location of its packages and trucks, but not its drivers. If a driver has to leave for a few hours for a family emergency, UPS no longer has the right to track that driver, as long as they are not using company equipment for travel.
> "Of course it does."
Of course it doesn't. (What can be asserted without evidence can be dismissed without evidence).
> "there isn’t a strong argument that it should exist."
Did you google for anything on this topic? Did you set a timer for 5 minutes and spend some time trying hard to think of one? Did you look at other countries and their regulations (e.g. Germany?[1]) and why they ended up that way?
[1] https://www.jdsupra.com/legalnews/employee-monitoring-in-ger...
Before computers and internet, a manager might have been allowed to take work files home to work on them. Or workers on the road, might have stacks of company files with them in their car.
How did companies enforce the worker not taking the files with them on their international trip? Just by punishment when it was discovered after the fact. Things worked fine. It was good enough.
There is no need for additional surveillance, just because computers and internet can be used to do it.
UPS has a right to know the location of their trucks.
> Right to privacy doesn’t exist inside of employer apps and company devices
Indeed, but the right of an employer to have you carry their device outside of their building also doesn't exist.
the people that sacrificed years of education and hardship to be employed by a company and have a boss in the end of the day your still back to the same predicament. A plumber, electrician, carpenter, has more autonomy than any profession in the US. A surgeon after years of schooling and experience still has to answer to a director or board, wrong doing will lose all of their credentials and revoked in due time.
Hmm, what if you're using the browser app?
My question as well. When I'm remote, I use Teams in the browser and I proxy the connection over SSH to my desktop machine at work.
I'll consider the practice. How does it even work for hard/ethernet/non-wifi connections?
Installed Linux on my work computer, completely uninstalled microsoft software from my phone. I'm deliberately excluding Microsoft wherever possible.
Switch to Linux, it's better to ask forgiveness than permission. Say it's a security measure against spyware by malicious and hostile entities online.
Classic prisoner's dilemma
Can’t even write their own articles, farming it out to llm
https://ztechtalk.com/microsoft-teams#:~:text=obviously%2C%2...
Add this to the infinite list of reasons why I don't put company-issued spyware on my personal devices. If Slack/Teams/Outlook/whatever wants to "administer" my personal device in any way, it's a hard no for me.
Another reason to avoid ever working for a company that uses Teams.
This is why unions in the workplace are a good thing. It would prevent management from enabling these god awful policies by using collective bargaining.
Yet the contrarians here will always say "iTs bEtTeR wItHoUt uNiOn cuz I nEgoTiaTe beTtEr"
This can't be legal in the EU, right?
Sure it can, other groups are already tracked in detail on the job.
They already know - my inbound VPN coming from an ISP rather than office router.
The simple solution on Apple platforms is to deny Location Services to Teams in macOS and iOS.¹ Done.
¹ https://developer.apple.com/documentation/NetworkExtension/N...
One more reason it sucks to be American? I know of several counties where that violates more than a couple labour and constitutional laws.
> managers will be able to see your real-time location. And no, disconnecting from the office Wi-Fi won't save you.
Huh? If you're in the office already then your real time location is... the office. Makes 0 sense to me.
Hmmm.
Looks like I need to remove Teams from my phone.
Microsoft is building better chains for corporate slaves.
I use Little Snitch and block every phone home feature. Works great.
So get a separate work phone and turn it off.
Wow, what a dystopian feature. One more reason to stay away from Microsoft products as far as possible.
"Here is the scary part"
"The Bottom Line"
It reads like AI generated content, is it just me?
It 100% is ai generated
One more reason not to use WiFi but to use ethernet.
The Brahmin wants to track the commoners. The market isn't very happy with MSFT's AI bubble and dumped the stock yesterday. 50% more to go down!
I don’t get it. What is this good for?
If this is for people physically working at some place they have access controls and will see if you left the building, when and for how long.
So this is only good to track when your company phone leaves to the toilet. I imagine if they want to get rid of you they just set up a WiFi access point in the toilet and track your poop time. Then tell you to "optimize" your diet so you are more productive or get fired.
I mean it’s Microsoft the king of shitty features.
If this is for catching people working from home, just clone the WiFi and Mac on an OpenWRT 5g mobile router and take it with you and enjoy laughing at your boss while brunching with the whole team on company time.
Sometimes I think people forget that you borrow the company your (life)time and skills for the agreed terms. You’re not some kind of pig that is tracked until you’re fat enough to get butchered.
If your company turns this on, just look for a better workplace immediately that is actually respecting you as a human being and not "human capital" and tell them to get fucked.
Heh. A lot of panic over this one.