All right. All right, is that time of the week, it is time for the global Bob Show Globalbob Show we are the crossroads of technology and politics. Today's topic was submitted by a good friend of mine named John. Now, John's a very technical person, he is a developer and a programmer. So when he came to me asking about ball square, and how companies spy on their employees, I thought, wow, someone as smart as him is wanting to know more about this, then I'm sure there are other people that want to know about this, we are on episode number nine. And I've gotten some really good feedback on the series so far. So please keep those suggestions coming. You can send in your comments or questions to Globalbob show@gmail.com. We've also got a Facebook page. Now, you can search for Globalbob show, and of course on Twitter at global Bob Show. So I'd like to thank everybody that subscribes. I'd like to thank everybody that tells somebody else to subscribe and listen to the show. And I hope that you guys get a lot out of it and enjoy it as much as I enjoy producing it. So what is ball swear? Well, the one thing I want you to understand is, is that it's not the same as malware, or spyware. Even though you're going to hear throughout the podcast, it's kind of sounds like spyware, but think of malware. And actually spyware is a variant of malware, but think of malware and spyware as something that gets installed on your computer or on your phone from a bad actor that collects information and does things right. So ball software is legitimate programs that get installed on your laptop, or on your tablet, or phone by a corporation. Now we're going to break this down even farther, but I want you to understand that ball elsewhere is legal, legitimate software, that's not going to get picked up by the antivirus companies, because it is installed by your corporation or even by you. Now both software has been around for a very long time. And I know that when I left the government and I took my first job in the private sector, I received a laptop and a cell phone. And both of those had away for the company that I worked for, to monitor. And so ball square has been around for a while. But it really did not kind of come out and to the forefront and where people started talking about it until the pandemic, we all know where we were when COVID hit. And it seems like the country instantly shut down. And people that were used to go into their offices to work are no longer going in, and they went home and set up their home offices. Now, for people that are used to go into work, their managers were used to seeing them at work. And so you would have the people that would come to work and you knew which ones were coming in late, you know the ones that would leave a little early on Friday. And so the manager or the company kind of knew, right, they could see your badge ends and your badge outs, but now all their employees are home, and it kind of left them in the dark per se. Maybe they even saw productivity start to go way down. So therefore, they started to engage in companies to start doing more aggressive monitoring of their employees. And so now a lot of people are talking about boss square. And one question that comes up quite a bit is how much is my company tracking me. And we're going to dive deep into this. But one of the issues that companies are trying to solve with Boss wear is to measure productivity when they don't have a physical way to necessarily measure that productivity. Now, it is no secret that this ball software is installed on company assets like cell phones and laptops, and other devices. One article I was reading said about 60% of companies say that they now have remote monitoring capabilities of their employees. And then another article I found That said about 14% of employees do not know that they're being monitored. So if you look at those two percentages, you find out that, wow, most companies are monitoring their employees, and about 86% of employees know that they're being monitored. So with this kind of out in the open, we need to talk about the different levels of monitoring, I want to talk about kind of three levels of monitoring that I've defined. At the high level monitoring is where companies are just aggregating log data that's generated by programs that are on your devices. If you were to rewind back to Episode Six, where we talked about digital exhaust, this is kind of what I'm talking about. When you connect up to your company's VPN, there's log data, we talked about in previous episodes about an IP address. So the company can see what IP address you're coming from, when you access their VPN. And with that information, they can start to develop kind of a pattern, right? If you're always coming from, say, a Comcast connection, and then all of a sudden, you come from, say, Rogers, which Rogers is an ISP up in Canada, they're gonna know, wait a second, why is Brian coming from a Canadian IP address? Did he go on vacation up in Canada, or what's going on here. So that's the kind of like the high level, and you can do a lot with this high level monitoring. One, they can see how much time you've been on the VPN. So when you go to work you badge in. And then when you leave your badge out, well think of connecting to a VPN, as sort of badging in badging out. And then very quickly, they can say, give me everybody that is connected to the VPN with their time, so they've been connected. And let's see who's connected the least amount. So there's a couple different ways now that's this isn't really like boss where, because boss where, like I mentioned before, is installed on the phone, the iPad, the laptop, this is just using data that they already have. Another piece of data they already have is that they have antivirus installed on your laptop, then what they can do with that is see what programs are being ran from time to time, which scans. One thing they can do with the virus software is schedule, what they call a full harddrive scan. And if that scan doesn't happen, they can probably say that laptops been off for quite some time. So there's a few different ways they can do ancillary monitoring. And we've been doing this for a while now, right? It's just using the data for a different means. One of the other ones that's being used now is your messaging, because we all went home. And instead of calling everybody we use things like Slack and Microsoft Teams, well, they can read the log data from that and simply see when you're online and offline. I've known of some people that watch other folks have status, and they say, Oh, look, they haven't been green in a while. Well, that means that they're probably not in front of their computer. And the last high level monitoring, I'll mention is signature blocks. When you're in front of your computer, chances are you have a real nice fancy signature block. Mine may say Brian Varner, podcaster extraordinaire, but on my iPhone, it could say, sent from iPhone or on iPad sent from iPad. So something that managers can do is just simply look at the emails that you respond to that they're on and see which signature blocks. If your main job requires you to be in front of a computer and say working in Microsoft Excel, then if you're getting a lot of emails from an employee that says sent from my phone, it's like wait a second, why do they not in front of their computer? All of this is what I call high level monitoring. And what I want you to take away from high level monitoring is that lots of times this is just your digital exhaust that the company has already been collecting. And really even if you don't have a company device, it's your personal laptop and your personal phone, but you're accessing corporate resources. They can still monitor to some degree. Now, the next level of monitoring, and this is where I hope most corporations are, I call it middle of the road monitoring, right kind of the middle area. And this is where you have actual software installed on your laptop and or your your phone. And with middle of the road monitoring, this is where companies can start reading your messages that come across those devices. And they can also look for keywords and websites and what applications are open and for how long. So let's say that you're an accountant, and your job is to be in QuickBooks. And so maybe the company will say, this person, we feel like should have QuickBooks open for a certain amount of time. Well, they can monitor that, and then start to rank you against other employees. Now one of the major themes that seemed to be with this whole ball software is looking at the websites that people go to, to try to determine if they're goofing off or not. And one of the big ones is Facebook, and Twitter and other websites like that. So this middle of the road monitoring, they're not necessarily looking at the content, but they're just collecting the data from the websites that you go to, and how long you're spending on those websites. So just know that if this is on your computer, and you're wanting to check Facebook, well, it's okay good, go check Facebook. But don't leave the tab open, because you could be inadvertently giving yourself a bad score, because your employee thinks you've had Facebook opened up for the last 40 hours. So the third type of monitoring, and what I like to call low level monitoring, this should almost be considered creep, where in my opinion, because it is kind of creepy. Now, when employees go to work, they sign a consent to monitoring or it's right in your face when you log in, I don't want you to know that a consent to monitoring is very much a consent to monitoring. Now, at the lowest level, the low level monitoring, this is ones where they start uploading all the data off your laptop, almost nightly, there's one particular company that I know that has software installed. Because they developed a very high end, they're a publicly traded company, very high end software. And so all of their developers computers are constantly uploading the complete hard drive of that computer every night. And once they have the copy of that they can start really diving in to your computer. But this low level monitoring, it does things of say geolocation of your phone. And that way they can see if you're supposed to be working from home remotely or wherever you work at remotely, they can start collecting that pattern or live to see if you're even in the office. Another thing they do is install what they call a root certificate. And a root certificate allows them to decrypt most of your online data when you're on that device. So if you go to say, name, your social media site, then they can actually read the content of everything that comes down all your messages, and everything. So it does start to get a little bit creepy if it's used for the for the wrong reasons. One of the most creepiest things that I know that exist is that when we all went home, some of us needed to take our company phone home. Now when you have a phone at home that's provided by your company this is a lot of people call them a VoIP phone or it's made by Cisco or Polycom, and it's sitting on your desk. Well one of the BAS where that's low level monitoring can actually do what they call VSA or voice stress analysis. And that voice stress analysis gets uploaded to AI and ML artificial intelligence machine learning algorithms to try to figure out the demeanor of the employee that's being monitored. So, you know, there's little things in your voice. We see it sometimes when you watch, say American Idol, and the voice cracks or someone's on the news and their voice cracked from stress. It's kind of the same thing, but they can really do a lot on with this voice stress analysis, however, one of the main devices that are being monitored by the corporations is around the laptop, or if you have a desktop at home, what you have to understand is, is that when that device is powered on, and accompany has this ball software installed on it, they can do things very simply to turn on your microphone, they can do things like turn on your webcam. And the what you would hope is that they're not doing this for nefarious purposes, but it is available, and you don't know the level of which you're being monitored, because a lot of the boss where that's installed, has options to hide that from employees. And then we'll do different ways to obfuscate it. But moreover, since this is legitimate software, it's not being picked up by your antivirus companies. And so if they turn on the microphone, then it could just stream the audio or turn on the camera, it can just stream the video. Also, there's a lot of online web conferencing applications out there. Some of these online web conferencing applications. I don't want to name any names. But now we're finding out that they have the capability to create what they call a sidetrack for people that are inside the conference. And that sidetrack is when you're say you're on a big team call, not teams, I'm saying a team call. And everyone is muted, and you're watching, it may be your supervisor, and you're sitting there and you're talking. As they're talking saying things like Man, this person doesn't know what they're talking about, oh, they only knew Oh, this is just, you know, all that stuff that you're saying out loud. Or if you're having a conversation with somebody that's in, say, your house, then that audio can be picked up, even if you have your mic muted through the application. So one thing I want to tell you all is, is that if you have company assets, and you feel like you're being monitored, why not reach out to them and ask what their monitoring policy is. That way, you'll know and I can tell you, the great majority of companies don't want nor do they have the time to listen to everything. But it is a legitimate question to ask, talking to a few business owners that I know have this boss were installed. I asked them I said, Well, what's your main purpose of monitoring your employees when they're remote? And what I heard from both of them were they want to know the risk that employee poses to their company. Now one person was worried about if some employees go to leave to find other jobs, they want to know is that employee looking for another job. So they're monitoring for things like LinkedIn, zoom, zip recruiter, I think is what they said. And other websites like that, because they want to know ahead of time, so they can start making plans to find replacement. The other person, they were most concerned with productivity. And they claim that they're physical workers that went remote, that their productivity and their mind before they had the balls were installed, went way down. Like I mentioned earlier, this is not just a problem for the remote worker, it's also a problem for the remote boss. So in that case, this person installed the ball software on their employees applications. I think they had a few 100 employees. And they said that well, we thought productivity was down. But actually it seems like it's about the same. And whenever I kind of looked into that a little bit more with them and said, well think of it this way. Maybe your perception that the productivity went down, because you are not seeing your employees every single day. You're not talking to him by the water cooler. But why would productivity stay about the same when the perception of productivity was down? Well, before people had to be at work at say seven in the morning, they take an hour lunch and they leave at four or five or what have you? Well, when you're a remote employee, you're not rushing through traffic to get to work, you just kind of take care of stuff as it comes up. And so maybe that employee starts their day now at six, and then takes a couple hour break in the middle of the day to go pick up the kids and then come back, and then does some more work. And what I thought was really cool with talking to them about it was is that they thought they had an issue, they installed this monitoring, and I would say their level, our monitoring was kind of that middle of the road, it wasn't that deep down creepy monitoring. And it came out, well, hey, I think we're sitting pretty good. So the one thing that I think we need to unpack is, where does the corporation's monitoring in and the employees privacy begin? Now let's talk about the phone for a little bit, there's a couple of companies out there that will install a mobile manager for that phone, couple different ones out there. And with that installed, the company in their mind is a now I can see all the phone numbers, they call, I want to make sure they're not calling my competitors, I want to see text messages to make sure they're not doing insider trading. Or maybe I can find out if there's a problem with our software before the software goes to production. So they have all those legitimate means in their mind of why they're tracking all this information. But you also can get the geo cords, or the geographic coordinates off that phone in real time and watch that person walk around. So what level of monitoring is acceptable? If the employee is a 40 hour a week employee? Should you be monitoring them more than 40 hours a week? I don't know, something to think about. Or if that employee works Monday through Friday, should you be monitoring those devices outside of Monday through Friday? I don't know. That's all things to think about. And the phone monitoring is the one that kind of worries me the most, because you always have your phone on you for all intents and purposes. And also with the smartphone monitoring technology, the boss where for smartphones, they can see what applications you have installed on those phones. Now I understand that they need to have a level of monitoring. But I feel like they don't need to know the applications that are actually installed on the phone. Because they could inadvertently get what I feel like would be personal information based off of applications, say someone like myself if I was the head developer for a publicly traded company. And my job requires me to have lots and lots of tribal knowledge. And also I sit in a very important position. Well, if the company is monitoring the applications on my phone, and they see I have an application for one will, yes, one will, that seems kind of benign, then they go and do research. Now I do have a one will and I love it and I write it. But I can tell you right now the one wheel is one of the most dangerous things, you could strap to your feet, you don't actually strap it to your feet, you stand on it. But it is very dangerous. Maybe that company would say wait a second global bog here, Man, this guy is way too valuable to us. But we know one little slip on his one wheel and he could be in the hospital or he could hurt itself. And we need to start mitigating against that because his lifestyle outside of work is what they perceive is a threat or a risk to them. Because there's a high likelihood I could get hurt. And it's the same thing with skydiving apps or whatever applications. Now that's just one example. That's why I feel like that there's a certain level of monitoring that needs to happen. But when you start monitoring a cell phone, the cell phone is kind of a window into that person's world. Not even from the messages and the phone calls. But just the applications. You can learn a lot about somebody I was very, very heavily involved in a project that was able to monitor the applications installed on a person's phone and some of it we were able to do it what we call passively but that's for a different pod. cast. Alrighty, we are coming to the bottom of the half hour. And I really appreciate everybody that's been riding along through cyberspace with me. And I want to leave you with a few tips and suggestions on how to protect yourself, right, you kind of got two options. Either you go to your company and tell them, you want to know what their policy is for monitoring, or you just quit your job and go find a new one. However, ball software is here to stay. So how do you protect yourself, one, you cannot use company assets for non company transactions or use. I mean, if you want your privacy back, you can't do that. So if you have a company cell phone, only have the applications installed on that phone, that are required to do your job on your laptop, make sure that you don't log into your social media sites, and make sure that you're using that laptop for strict company use only. If you have only a company phone and accompany laptop, well, you should go and get your own personal phone, and personal laptop. And just keep business and personal separated. When we were all inside the office, it was pretty simple, right? You go to work, you're in the work frame of mind. And maybe every now and again, you would, you know, step outside and make a phone call or look at a site real fast. But it's kind of like you could separate work and personal use at home, it all kind of blends together. And I know it's a pain in the butt to carry two devices off carry multiple devices for multiple years. And I'm happy now I'm just down to one device. And the other thing you have to do is when you're not on company time, then turn off your corporate devices, I understand that some people's jobs, you may have to be on call on the weekends or at nights and things like that. So one of the things I suggest is is that if it is a phone call, if someone's going to call you because you're on on call, then forward your company phone to your personal cell phone and turn off the company phone, if you have a laptop from the company. And then when you're not working, don't leave it up to check emails or you know, I know it's a pain to have to, you know, open the lid, close the lid, but actually close it down, power it off and put it on your desk somewhere. That's way you can ensure that someone from your company or the mothership is not using your laptop is a gateway into your private life. Now, you're going to have to test out some of this, like I said, 14 your company phone to your personal phone. Now you're not going to be able to get your text messages. But there are ways where you can still get your text messages. And you can download applications. That is kind of like a soft phone application and make that your company phone number and your texting. So therefore you can text off of the app no matter what device you're on. Moreover, just know when you're on line in these conferencing apps, and you're having all these video conferences going on just because your microphone is muted by you clicking the button on your computer to mute your microphone and that app, the microphone could still be on what I recommend is getting yourself a podcast microphone, like what I use you can get some of them are very, very cheap, say for $30. And you plug that into the side of your corporate laptop. And you use that as your audio source. The reason why is is that most microphones that are set up for podcasting, and for, say YouTube and things like that, there's a physical button on there that you can switch the microphone on and off. And that's the best way because unless the company is really aggressively trying to monitor you, then for all intents and purposes, you will not be generating that sidetrack that we've talked about. Thank you so much for everyone sticking around. If you have any Questions, comments or concerns, you can email me Globalbob show@gmail.com or hit me up on Facebook with any of your questions that you have or any topics you'd like for me to discuss. Also, if you're enjoying the show, please recommend it to a friend, you can send them to the site called Globalbob show.com. All the content is uploaded there is also artificial intelligence generated transcript that you can actually read everything that I'm talking about. So until next time, everyone, do what you can to protect your privacy and I will see you here next week.