And if we're really lucky this kind of incident will help John Q Sixpack start thinking about securing his wireless...aw, who am I kidding, we'll have unicorns, flying pigs, and world peace before that happens.
I'd advise having an exit strategy in the works. Start interviewing because there is no better time to negotiate a new job than when you currently have one. You don't want to work for a company that is willing to "knowingly" take advantage of you. If you're comfortable with your management chain, bring this issue up to them.
Under no circumstances "threaten" to leave, or tell them that you've got a new job and want them to match salaries, etc. Get yourself an offer you like, and then start negotiating with your current employer. If you tell them you're looking at leaving or that you've got a new job offer, their motivation will only be to placate you until they can replace you. If you "work with them" on aligning your salary with your tasks you've got a better job at keeping a long-term relationship with them.
Otherwise, find a better job opportunity and take it.
"Between yourself and a few friends, you most likely have nearly all the equipment you would need to run your own business. What is a company providing for you that you can't provide for yourself? Certainly not security since they will downsize you or outsource your job at the drop of a hat. If you are providing your work environment, communications technology and transport then the company is providing sales, accounting and not much else. Include a salesman/accountant in that group of friends and you're good to go."
The company I work for started just that way less than 10 years ago. Many of my coworkers had their own companies and feel this one is a better choice. We have a good tight ship with professionals who are all focused on the same goal--we haven't gotten big enough for a life-sapping bureaucracy yet.
There are a few things that myself and some of my friends don't have that make me just as happy to work for an employer right now:
1. Business savvy--I am a techie geek. Getting a real business mind into the fold would be necessary, and to be honest I don't always get along with those sorts, so I don't count many as friends.
2. Health care. Until I can afford something more than major medical on my own, I will always work for somebody else. There's just no two ways about it.
3. Short-term pay security. I know that I will have a steady income from this employer until/unless some catastrophic event occurs (firing/bankruptcy/etc). I don't have the faith that I could match that on my own at this point.
I'm not arguing that your are wrong, I'm merely stating why I don't feel I'm in a position to actually do that.
I wish you luck with that. The president is really already there: salespeople often use their own cars for travel, many of us use our own cell-phones and home Internet connections for work, etc. Perhaps the company provides some sort of stipend for you to buy your own computer, maintain it, and replace it every X years. Or maybe not.
But you're right, the company won't be able to search it, won't be as interested in web filtering while you're at work, etc.
Here's a URL with a link to a December article about a few companies "dipping their toes in":
I don't want to comment on companies that I have personal knowledge of, NDA's and all that. There are two that I currently know of personally that are in process. (Sorry, I have to leave it there)
It is really just another evolutionary step from companies that have started going to thin-clients (Sun Ray, WYSE, etc.) just going the next step to a software only client.
I will say that I haven't seen all the kinks worked out yet.
I've started seeing companies go the route of getting rid of workstation computers. You, dear employee, get to bring in your own computer and connect up to our virtual workspace environment. No data ever ends up on your computer, and only a couple of key ports are open to our virtual space. The virtual space can't get to the Internet, you don't have admin access, etc. You can do whatever you want on your own computer, but when you get a virus, crash the OS, bust a hard drive, it's your problem to contact your computer vendor and get it fixed. You get a day to get that resolved, or we start making you take your vacation days or get docked pay until you're back up and running.
May sound like crap, but there are potentially some real benefits to getting workstations off of IT's plate.
Sure, Apple is strong-arming everyone. But what are they doing that is illegal? The best way to fight this is to put the iPad/Pod/Phone/whatever down and back away slowly. Then go buy a Blackberry, Android Phone, IRiver PMP, Dell Mini 5, etc. Vote with your dollars, and don't develop apps for Apple.
Agreed. And, to be blunt, I'm sick and tired of flash all over my Internet. Flash cookies are a HORRIBLE idea. Menus on websites that are flash driven are ridiculous. And to be blunt, the vast majority of flash on the sites I frequent are the ads anyway. Especially when I'm on a low-bandwidth connection, why the hell do I want flash anyway?
I know, I know, without flash I can't watch a movie on the Internet anymore. So let's adopt HTML 5 standards and get on with it.
One of the beauties of finding a vulnerability and doing the reverse engineering is that, once it's been done once, you can create tools to take advantage of it. (Exhibit A: Metasploit) So the skill required to determine the vulnerabilities is quite high, while the skill to use them later is quite low.
Beyond ease of exploitation, let's think about the possible uses. The goal of smart meters is two fold: providing both you and the utility real-time info about your electrical use. The second goal is to be able to control and adjust your use based on this info. This will incorporate the ability to shut down your AC for periods of time, as well as appliances like your refrigerator, washer, and dryer. (Seriously, this is the "end goal" of these things)
Having that data available is a problem. As a person with malicious intent, don't you think I can rather easily determine when you're home and when you're away based on your electrical usage? How about making assumptions about the juicy items you have in your home to rip off based on your electrical usage? (more engery used probably means more cool stuff to take, right?)
Having the ability to now affect your electrical usage is a problem too, right? If I can shut down your power remotely, can't I at least piss you off? Worst case, couldn't I possibly harm someone in your household? If I can manipulate the meter to claim that you're using more energy than you really are, could I cause you financial hardship?
So I think the ramifications here are pretty significant.
We each choose our own risk tolerances. I do tend to assume that what I don't have control over could potentially be harmful to me. That works for me. It doesn't necessarily work for you, and that is fine. My "bigger picture" comment refers to the correlation of data that is now so simple to do with the modern tools we have. Yes, in the past people could find out things about you, but the cost of doing so was prohibitively high unless there was significant motivation. The ease (and drop in cost) in doing these things have made it much easier to do. There are companies that specialize in this as it is, and I don't believe that they've yet started being able to mine the databases of places like Facebook and Google. It is this same ease which begins to take the argument of "nobody is interested in me" to zero as the cost of looking at you diminishes.
I would prefer to assume that data gathered about me could be used in future in a way that is detrimental. I don't want to have to explain to a future employer why I visited those hacking sites, or why I was researching depression treatments, or that my religion is wicca, etc. That should be my personal information and though there are privacy laws in place to prevent an employer (in the US) from considering these sorts of things in the employment process, but how am I to know or prove that in order to get recompense? Heaven forbid I ran for public office in 20 years--imagine that vetting process. Never-mind the entertaining pictures waiting to be mined on My Space or Facebook.
I want to be able to control who has access to my data. I have not shared my data with Google, or Apple, or Danger, but I can bet you money that people I know have put my contact info into these platforms, which has been uploaded into a database that I have no control over, and no agreement with the owners of. That, to me, indicates that I have become a product. I have not explicitly consented to this, and I have little choice in the matter. This is a slippery slope to me, and yes, I am very concerned about where it goes.
Again, we each get to make our personal choices. I have made, and advocated, mine and you have made and advocated yours. And anybody reading this gets to form their own opinion.
"or had any clear reason to believe that my privacy has been violated."
Absence of evidence is not evidence of absence. Your statement seems to be almost the corollary to statements like "If you don't have anything to hide what are you worried about?" I would also suggest that you're not looking at the bigger picture.
"I also happen to believe that anything I do online, by nature of the internet, is public, and accordingly I choose not to put most of the details of my life onto it."
What is preventing your friends from doing that for you? If I have an Android phone, and I have your contact info, along with perhaps your birth date, address, email, an ID picture of you, and some other interesting details in your contact, now I've given that data to Google, haven't I? What contract or understanding do you have with Google to govern how that data is being used and protected?
"So are these man in middle exploits fixed in the latest Ubuntu release ?"
No, they've just changed the name to "koala in the middle" exploits.