Is it wrong to use my personal laptop for work?

If they provide you with a laptop and there are various profiles and security software on it, you should use it.

There might not be a specific rule to point to yet, but you don’t want to be the reason they make that official rule.

I know at my company, if I were to put company details on my personal laptop I’d be walked right out the door. How many company secrets are in the code and when you leave the company they don’t want to take your word for it that you’re not keeping all of that and doing who knows what with it. It’s a huge liability on both sides.

Something that wasn’t really touched in other comments is that you shouldn’t be in the business of doing charitable work for companies.

If the company provided you hardware that is subpar, you shouldn’t spend your own money (wrt to owning/depreciating your own hardware) for the company’s benefit.

Does that slow you down? You have to ask IT every time you need elevated privileges? Well, it is the company’s policy, you shouldn’t rob them the opportunity to feel the consequences of their own decisions.

A decent manager would understand how those internal processes are slowing you down, and a bad manager, well, they’ll find other ways to screw you if that’s what they want.

It is incredibly risky to use your personal computer for work. If you are pwned by malware that could put the company at risk. Vice versa if the company gets in some legal situation and you need to submit your work laptop as evidence, that could be extended to your personal laptop. These are both extreme examples, but they do happen.

Yes - it's a mistake to use your personal laptop for work.

The laptop you use for work, whether it be personally supplied or supplied by the business, is subject to legal discovery and may be confiscated by law enforcement. Your company has no control over this. If you attempt to delete evidence from your personal laptop then you've committed a felony.

The only way I'd use a personal device for work is if I were using it to access a work-provided and maintained VDI.

> In my contract, I’m not obligated to use the company laptop

It’s also not in my contract, but in the IT policy I need to acknowledge once a year.

> I believe these software tools are just to comply with some ISO standards.

“Some ISO standards” may be cumbersome or even pointless — but they help your company sell their products. Ignoring them is not a good idea.

Besides: if you use your private laptop, it may be subject to a legal hold in case of a lawsuit, giving someone else access to it.

If the company were to be sued, would you be happy turning over your laptop to your company’s lawyer indefinitely for them to search and find documents that might be relevant to the lawsuit?

> In my contract, I’m not obligated to use the company laptop, and I believe these software tools are just to comply with some ISO standards.

This is SOP for basically all enterprise IT. If I didn't follow it I'd get a rap on the knuckle at best, and maybe fired at worst. I bought a separate laptop for contract jobs simply to ensure it stayed separate from personal stuff.

Other thoughts:

malware risks -- often aggressive efforts targeted at organizations compared to individuals; way more likely they get hacked first, and then it spills over to you. or, now you risk bringing down the company cuz you lookin at Pronz and get hacked and that gets back to their Active Directory, etc.

legal risks -- what happens if something legal goes down and there are fights about IP and ownership. looks like your laptop is seized. in every job I've had, anything I developed in on or around company property was theirs, and this may run afoul of that.

what happens if something breaks? now you're on the hook to fix it, and it may impact your ability to work and get paid. meanwhile if your work laptop is fried you call IT and it's on them until you're back.

Probably there's a handbook rule or policy your employer has that you must use their hardware. For example, it could be a data/IP protection policy that doesn't allow any company data on any storage medium not owned by the company (and that includes your personal laptop).

Another matter is software licensing. You mention the IDE. Is your IDE properly licensed for commercial use on your own laptop? If not, the company may need to throw out all that you do when they find out, or they risk losing all their commercial licenses.

If you really want to use your own hardware, I would seek a letter from HR/legal with a statement to the effect that the company allows it. But given that the company gives you a laptop with a software image, it's likely they have to for a real legal reason.

Or you could become a consultant/outsourced supplier where it will be expected, in most cases, that you will use your own hardware. Though not always.

If you don't properly handle this, the likeliest scenario is that you will be fired when they find out. If you are lucky, they won't tell this to your future employers when they ask for references. I think it's common to be lucky in that regard to be honest, but not everyone is. And if the org loses licenses or has to throw out a chunk of their codebase, you may find yourself in a lawsuit (possibly between a client/supplier of your employer and your employer). Of course, if it's a small start-up, personal consequences are less likely. But don't act this way towards a small company.

Do not put company data on personal devices. Just by putting their data on a device outside their control, you may be in breach of whatever IP agreements, compliance requirements, or even company handbook. The fact that you have to fake IDE usage should be a huge red flag.

Don't risk it, just use their machine.

There are so much better, more important and meaningful things to fight.

Lately I've been recommending a strict policy: no work on personal devices, and no personal on work devices.

Reasons include your personal device is probably less secure, need to reinforce strict thinking about avoiding IP taint, need to to reinforce strict thinking about company IP being IP and secured, you really don't want your personal devices subpoenaed and gone through with forensics tools if the company is involved in a legal investigation, reassuring investor/buyer lawyers that the company really does own theIP, and whatever compliance rules apply.

There are typically a lot of controls that are about generally protecting you and the firm through enforcing things that I'm sure most people on here do anyway as best practice.

For example - full disk encryption, enforced password access, and screen locking - if you lose it and it's not encrypted, doesn't have strong login creds required, lock screens, etc then all the data on it is out in the world. That can include customer data, access to your production systems, your companies code and ability to check it in and introduce other bad behavior in the product, etc.

Some of the other controls will be able access to internal systems. eg. VPNs, or cert-base auth controls other make sure that only employees can access those systems to protect them. If you're on an uncontrolled machine you lose the ability to guard who and what is connecting. I would expect there's more to your job than just Github - eg. where is your documentation, monitoring, infrastructure, etc. It's also possible in Github to setup cert-based and IP based access restrictions so your MacBook might not just work.

Some of the controls protect employees themselves. MDM on your laptop allows IT to reset your machine password and/or fix your machine in other ways. Similarly, enforcing patching for vulns, etc.

Contrary to popular belief some IT teams actually manage their fleets of machines to make it easier for employees to work.

You don't actually specify what the problem is with your work machine that means you don't want to use it for work.

When I was responsible for an engineering team, developers could choose between a company laptop or a personal one.

An MDM profile was required which forced full disk encryption, password-based screen locking, company-provided AV, and strong passwords. These were required to maintain SOC2 compliance, and in general are good practices.

If a person did not want to do this on their personal laptop, they needed to use the company provided one.

I've never used company laptops or phones. I simply refused. Their alternative was to fire me. And I didn't care.

I was never fired. Fedora was my daily driver.

Yes.

Always use the work laptop, don't ever use your personal. If the work laptop is not powerful enough, it's the duty of the company to give you something that has enough memory, disk space etc. If not, run away from said company.

You don't want to be in a situation (like working at a financial institution and money is stolen) where there is a cyber security incident and it becomes difficult to tell if you intentionally hacked your company or your computer had just been compromised.

You use your laptop and you become civilly and possibly criminally liable if something goes wrong.

I would never use my personal equipment for work - even though my work has a policy stating it is acceptable provided certain conditions are met (AV software, lock screen, not a shared device etc).

If you are just a regular user using it to VPN in to check email, maybe . . . but if you are a dev, or admin, with elevated privileges or access to source code or secrets, you are just asking for trouble if anything goes wrong.(eg, malware that you may have acquired from some random software, or repo you tried)

If this is an open-source project that accepts contributions from people outside the company... go nuts. Otherwise, use the company laptop.

Think of it this way - if it's stated in your contract that you shouldn't and you do it, there may be companies that are more lax, but will use it as ammunition if they need to get rid of you for whatever reason. If there are specific things that limit your typical workflow, maybe worth taking it up with the relevant department first.

I can't comment on the morality of the situation, but it would certainly be foolish.

At a previous job, my team found ourselves in a similar situation. After being acquired into a very large company, where the official standard corporate development laptop did not support the tools we wanted to use and came bogged down with overhead from antivirus and other nonsense, it became difficult to get work done.

Instead of individually going rogue and potentially getting ourselves into trouble, our manager bought us all MacBooks we could use alongside our corporate machines. We were still doing all our work on company-owned hardware this way, operating over the company intranet, everything kosher and above-board: but we still got to work on machines which suited us.

Perhaps your manager can help you find a similar solution.

I would avoid using your personal laptop for work.

I'm not sure why you would want to put wear and tear on your own equipment and save the company money on not putting wear and tear on their computer.

You could just use the laptop, and close it when done with it.

Them having access to your personal life is not a good idea. How would you apply for another job without them knowing?

It's not uncommon for contractors to have their own equipment.. still if you feel you are going to use your computer, install and run a separate copy of windows inside a virtual machine (vmware, virtualbox, etc) so you can turn it off, and containerize it and keep it separate from your personal computer.

I may use my personal computer (not a laptop) for work when working from home. I live in germany and signed an agreement that I follow certain security standards. All work data is on a fully encrypted drive, the computer is locked when not used, AV is up-to-date.

I would not want to use my work laptop because my own PC is so much faster and already connected to my screens so I don't have to use a KVM and can use all the tools and hotkeys I'm used to without having to synchronize settings.

Whenever I have to use my work laptop I want to cry because it's so slow. But I do acknowledge that it's a risk for the company and am actually surprised they allow it at all.

To make an analogy, it's a bit like pirating movies. You'll probably be fine. But every once in a while, someone isn't.

Here's an example: https://arstechnica.com/information-technology/2023/02/lastp...

As someone who works in a sensitive field, I would absolutely never run this risk. I'm grateful that my current employer invests in solid tooling to make the experience largely positive.

I did this at one of my first corporate jobs, because the computer they issued me was an abomination. In retrospect, I don't regret it at all, it was the only feasible way to get my work done. I later got fired for other reasons. If it was only a matter of having spyware installed, but the computer is otherwise on par or better than my personal one, I'd just suck it up and use theirs. Partly because theirs in my case is now better than my personal, and partly because I'd rather separate that work from my personal life, and I'm not inclined to use their's for my personal stuff... generally.

Perhaps it is not ideal, and you carry some expense and risk to yourself and the business by doing so, but in some organisations the constraints are so absurd that the competitive advantage you get by doing this and breaking the rules highly incentivises this. If the cyber security departments involved had any skin the game, or any sense of proportionality, then it would not be difficult to have a company issued laptop that also provides adequate security. But they don't, so developers like me end up having to make a tough decision. Break the rules, or work somewhere else.

if something happens like malware from an npm install’s dependency of a dependency of a dependency, and whatever protections they mandated would have caught it you will be personally financially liable for damages.

So not only is it morally wrong, it’s also unnecessarily risky.

If it’s inconvenient to carry two laptops around consider partitioning your hard drive, but be aware that certain profile management software can brick the entire machine remotely if/when they want while others like a typical vanta install will tend to stay within a partition.

I use Qubes OS, so any concerns I have of contaminating upstream are very low. My main worries would be legal risks, if suddenly they want access to your system because X Y Z. Probably best to split the middle and get a second personal laptop (I like Thinkpad P16-family), put Qubes OS on and use that as one's personal-work device (I am still king of my kingdom, nothing personal is present if turned over on demand).

Other than IT not having 100% leash on you, there's pretty much no technical risk doing it using Qubes OS.

IMO, you should always completely separate your work devices from your personal devices. Only do company work on the company device. Never use your personal device to do or store company stuff.

If you use your personal devices to do company stuff and there is some legal action (criminal or civil) then you may be forced to give your personal devices to law enforcement or some other 3rd party during the legal proceedings. You may or may not get the devices back.

It's just best to not mix business stuff with personal stuff.

Using a personal Mac or PC is fine in a startup - there are no strict rules at all. But if it's a big company, they would love to spy on everyone by any means - like installing root ca for mitm, blocking all plugins for chrome, even using AI to identify user activities... a way of making trade-offs is the policy called BYOD - usually IT team will set up the whole remote working infrastructure, and we can install a remote desktop client in our personal computer to connect into the company network.

Almost everybody here is going to say to not do it but I’ll go the other way.

You only live once and you want to do it, so why not?

Because there might be some malware that’ll screw things up? Unlikely on a Mac.

Because there might be a lawsuit where your personal computer ends up as evidence? Almost certainly not going to happen.

Be cause it’s good evidence for a vindictive boss to use to fire you? Yeah whatever if somebody wants to fire you they’re going to do it anyway.

If you can accept that this is a weird thing to do and might have some risk associated with it, go nuts.

You should ask your employer.

Personally, whenever my employer (or client, for contract roles) gave me hardware to use, I stuck to using it exclusively. If the employer or client didn't give me hardware, then (if possible) I set aside a separate device specifically for that role; less cross-contamination that way.

I wouldn't work any other way.

I use a linux workstation, which right of the bat means it's not what most employers are going to provide.

However I would NEVER run a typical corporate configured windows installation on my LAN. They might as well ship a box labelled "please install this malware on your network"...

If your company gets pulled into a lawsuit, lawyers on both sides might demand your personal machine for evidence.

This is a hot topic. I always refused to use company devices for so many reasons, it's a device not managed by me exposing my home network to risks I wouldn't otherwise have.

I use Linux and will always use Linux. It's a gaming laptop(office laptop are overpriced and weak) with high performance memory, 8/16 CPU, 2x NVMe. Any task performed on it takes a blink of eye to complete. No special tools required other than AWS VPN.

I was given a Windows laptop to use recently that I'm yet to finish setting it up. It's slow asf, it's Windows so there are 3 or so business security software to "protect it", the boot will take 1min vs 10s, to install Windows Subsystem for Linux on it was a pain in the arse. It just feels wrong and retrocession.

The likelihood of me getting a virus or anything related on my personal Linux PC is minimal close to irrelevant. The likelihood of me getting a virus or anything related on that Windows laptop w all those security software in place plus exposing my home network is 99.99%.

My personal laptop and my work laptop are identical, down to the amount of memory and the color :-)

“Wrong” depends on an ethical or legal framework. Your employer gave you a computer set up for work. Presumably they expect you to use it for work.

You can always ask your employer, they will probably have a more definitive answer than you will get here.

Your contract won't say anything about this directly, but it will undoubtedly contain an obligation for you to follow the company's policies and its lawful directions. There will likely be a policy that says not to do this.

Rephrase that as “is it a good idea to fake app usage to create misleading metrics for IT, while bypassing their filters for ISO compliance” and hopefully you will get your answer.

I need to. The integration tests won't fit in the RAM of my work laptop.

I recently was provided a company laptop but it came with Rippling or something. No thank you. I'm not doing any spyware or remote device management under any circumstances. It sat in storage.

If the company needs to provide all of their employees info for an investigation, you might be left without your personal computer until it is done. Not to mention that you are e security risk now.

If you have a doubt about the right thing to do insofar as the company is concerned, you should ask the company. The fact that you asked HN first suggests that you already know the answer.

Wrong? Probably not too egregious, unless your contract or IT policy states otherwise.

Unethical? Definitely. Just use your work-supplied hardware for work-related purposes. Leave anything personal off it.

I don't think it's wrong in an ethical sense as long as you aren't violating an agreement by doing so. I think it's very unwise, though, regardless.

What do you mean by wrong? Would the company be against that if you asked them? Most likely. Is there a commandment against that? Not really. Do people do that? Some do.

It depends. In a country where meta can fire you for buying diapers with the company provided lunch money I would just use whatever the bossmaster hands me.

If you worked for UPS and didn't like the truck they gave you for deliveries, would you buy your own and use that?

Of course not.

Same applies for laptops.

Legally, yes. Practically, no. But we go to work with a contract, and that contract usually includes something about security.

This is a question for your IT team, not HN.

Use their hardware, not their software.

My life is better since I replaced their windows with Debian :)

> use GitHub, which means I can work on my personal MacBook.

GH does not imply that you can access repo without vpn

Do the next best thing: ask your boss if you could use his personal computer.

Jokes aside, no.

Yes, if they do provide one no matter of quality.

No if they dont.

Not wrong, but dumb. Your company now probably legally owns everything on your laptop.

Hot (and perhaps tangental) take here, but I can't understand why companies that attempt to enforce these policies for security reasons, do not just mitigate their largest attack vector and move to macOS for their endpoints where possible. Far more reliable in terms of stability and security, and dramatically less patch management required for macOS clients. I'd argue a more productive user experience also, instead of fighting the advertising, new AI integrations, Candy Crush and layout changes that Windows generously provides every 30 days. Hardware is also pretty easy to resell, AppleCare covers replacements and the fleet can be pretty uniform with stock available anywhere if needed. Keep incompatible apps that are required in a Citrix Workspace or equivalent for isolation. This doesn't address social engineering or file leaks due to malicious employees obviously.