How can I be sure my work MacBook isn’t spying on me after work?

You can't. Have a separate work phone and don't install the PagerDuty app on to your personal phone. Put your work MacBook into your employer issued bag when you're done with it, which will hopefully muffle the built-in mic enough to be unusable.

Location information is intentionally used in at least one case - if configured by your administrator, Microsoft's authenticator app uses your location as an authentication factor.

Search on youtube for "hydraulic press channel". That will fix it.

Depending on the model, the camera might be physically disabled when the lid closes. [1]

In general, if you don't trust a device one hundred percent, you shouldn't use it anyway. You have no way of knowing whether or not your company enabled the root user and added some shady, untraceable-to-you software prior to giving you the device. Also, Apple MDM software is zero-configuration, so they wouldn't even have to open the box. [2]

Why not just ask your employer what kind of tracking they do, though? I would totally understand them tracking the location of the device for insurance reasons, as long as they are transparant about it. It's still company property. "Listening" to the microphone seems a major breach of privacy whether you're at work or at home, and I'm sure your local laws prevent you against that kind of corporate behavior. Also, who would want to work for a company that does that, anyway?

I'd just use my personal device for personal stuff.

[1]: https://support.apple.com/en-gb/guide/security/secbbd20b00b/... [2]: https://www.apple.com/business/docs/site/Mac_Deployment_Over...

>How can I be sure that the device actually shuts down and isn’t listening to collect information for my employer?

Just... turn it off? Others have mentioned that theoretically the mac is still "on", but do you have any reason to believe that your employer will go through the effort flashing your macbook with modified firmware (which probably involves bypassing a bunch of protections apple puts in) to spy on you? If you actually think the device is bugged then you probably want to put it in a faraday cage that's also soundproof (so it can't eavesdrop on you).

>Furthermore, how can I be sure that apps such as PagerDuty or other “on-call” apps aren’t relaying my location and other metadata to my employer?

Why are you granting location permissions to the app in the first place?

Why would one work for a company evil enough to commit such a crime?

Surely if it would be wiser to ponder the unethical acts you have helped such a company commit against the public, not which unethical acts it is capable of committing against you.

(Slight) nitpick: unless you destroy it, it wont shut down completely. Modern hardware never shuts down completely in normal operation. There always is at least some tiny CPU that listens for, say, wake on lan or activity from a Bluetooth keyboard.

Macs also can be configured to wake up to download updates.

As to company software: depending on the country you’re in, your employer may be required to tell you beforehand when they do. If they didn’t they still may be collecting data (either by accident or on purpose), but they won’t be allowed to use it.

If you’re concerned about your employer knowing where you are, leave the laptop at the office or at home.

You almost cannot. To find out what is relayed you would need to analyze the traffic your MacBook sends through your network adapter. This is pretty laborious since you need to filter a lot of noise to find respective apps sending data.

I would suggest to not use work devices for anything private. As for the MacBook not communicating you would need to look at your router or firewall. Or maybe Apple has specification about what constitutes it being off. MacBooks do use significant power while turned off but I don't know any details.

When a device is powered off it shouldn't be relaying info unless there is another device fitted that can do that. I'd check for any fittings on the device that is extraordinary.

For pagerduty normally you have to give location permissions. If you remove those they can't track you if it even asks for it in first place. Hope this helps.

Don't use it once you are done with work things. Make it forget your home wifi or block it from WiFi in your router once you are done for the day after you shut it down. If it can't talk to anything then it's of no concern.

Leave it at work.

Leave it outside in the car (assuming car theft is not high risk in your area).