How do you separate your personal things on a company machine?

Question

Even if it isn't strictly prohibited to use it for other purposes, I try to stick to that rule that company machine is for company work. But it's also nice to have access to my personal mailbox, password manager, rss reader, personal machines, etc. on my company laptop.For now, I have an encrypted disk volume (so everything is in one place and it's easy to remove from the machine) and a separate browser profile with an SSH tunnel as SOCKS proxy, but maybe using one of my personal machines via some remote desktop solution would be the cleanest solution to this.I guess it could also depend on how severely restricted and monitored said company machine is.

gostsamo · Accepted Answer

The simple rule is: don't do it. Of course, it depends on the size of the company, the bigger the better not to break the illusion that you are a drone among many. Anything that you put on a corp machine will be used against you in or out of a court. Also, your personal stuff might compromise the corp security and you will be the scapegoat if it happens. So, unless you must, don't do it.

andix · Answer

There is none of my private stuff on a company machine. If I need to do private stuff, i use my phone or bring my laptop. If I use them in the company WiFi, I use a VPN, to bypass the mandatory proxy.When I do private stuff (happens sometimes), I only do it in private browser windows. And only if the HTTPS session is not cracked by the company proxy (I check the certificate chain).

simplecto · Answer

If that machine is under MDM (mobile device management) then you should consider even your encrypted disk at risk of prying eyes.That said, portable apps running off the encrypted disk might also help. Browser, email, etc.