Viewing a single comment thread. View all comments

gfaust_mudd t1_iy3q0xh wrote

Profiles are installed so the IT department can push install their crap onto your product. Only reason this would happen is if your device is school property, otherwise very unethical.

47

pacoii t1_iy3rhe7 wrote

Unless the school is requiring them to use their Wi-Fi, why is it unethical? Most employers will require a similar Profile when using a personal device on a corporate network, for security purposes.

16

gfaust_mudd t1_iy3sita wrote

Wi-Fi is password protected and you agree to terms if/when you log into it. Profiles can allow unrestricted access and are generally used in managed environments. I’m yet to see a company that uses this method vs VPN for personal device use. And note I’m not talking about a phone your company provides you, I’m talking about your phone on their networks

−10

CrypticMocha t1_iy40itn wrote

It is extremely common practice to have employees sign agreements and install profiles on BYOD (bring your own device) endpoints.

12

PADFTGW t1_iy45buw wrote

That it is common, won’t say it’s normal to do. They can get full access to your device by such profiles. You better can use your own mobile provider to access the internet instead of the company WiFi. Even without a installed profile they can track all your internet traffic.

5

jjeroennl t1_iy5g83p wrote

I’m pretty sure it’s illegal in the European Union, if your employer requires this they will need to provide the phone, laptop or tablet. Its also not allowed for employers to make you install an app on your personal phone for example.

Its even more not allowed to monitor network traffic, then you will be violating both employee rights and the GDPR.

Dutch source: https://www.everphone.com/nl/blog/scheiden-van-gegevens-bij-mobiele-telefoon-van-de-zaak/

1

pacoii t1_iy3sooo wrote

Many companies use Profiles. I’ve worked at them, lol!

4

cyberentomology t1_iy4a96y wrote

Certificate authentication to access enterprise Wi-Fi networks is extremely common. Products like ClearPass exist for this exact use case. The “password” for a WiFi network (pre shared key) is an encryption key, not an authentication or authorization method, and is only typically used on small-scale personal networks.

This is completely separate from VPN which allows remote secured access to internal company networks. Certificate authentication to the network provides authentication, authorization, and accounting, as well as robust encryption of the wireless link.

2

NutGoblin2 t1_iy5uux9 wrote

This isn’t a profile. It’s a certificate

4

[deleted] t1_iy3u7xc wrote

Wrong

−9

gfaust_mudd t1_iy3ufoi wrote

Explain

3

[deleted] t1_iy3vl62 wrote

This is right wing or uneducated propaganda. Profiles are to protect a companies information and do not give the company unrestricted access to the phone. Yes they are able to push software or wifi certificates to the phones but they are not able to see everything on your phone. Saying this is “unethical” is just flat out wrong.

−16

gfaust_mudd t1_iy3waze wrote

I don’t know what schools use for managing these things and I’m sure there are many..my experience with enterprise software using Casper is what I base my comments on. I don’t see what politics have to do with this.

6

gnulynnux t1_iy46tru wrote

This is definitely not right-wing propaganda, where are you getting that?

Seriously, I'm a "terminally online" leftist and I can't imagine an interpretation where "don't install self-signed root CAs to your personal device" is right-wing propaganda. I think you're wrong here, but I'm genuinely curious about how you arrive to this conclusion.

Installing a root CA to your personal device breaks a lot of security assumptions. I assume Apple has carved out an exception for their own updates and app installs, because a root CA would feasibly allow them to "see everything on your phone". As it stands, a root CA only allows them to intercept and modify everything in the network data.

That said, I don't speak German(?) well-enough (or use iPhones enough) to know if this is indeed a self-signed root CA.

5