I will NEVER add such a privacy breaking a**hole feature
github.comI didn’t quite understand the context so I looked into the Timedoctor software they mention. Timedoctor can be configured to periodically take a screenshot of your user’s (/employee’s) screen, so the boss can look back at what they were doing every e.g. 3 minutes over the course of the time they logged. They also offer continuous screen recording. https://support.timedoctor.com/knowledge/the-screencasts-scr...
I love how unapologetic the response is. Calling it what is, how it’s abused, and by whom.
I intentionally use screenshotting time-tracking software because it's nice to not have to worry about trusting my clients: screenshots add one more layer of legal proof that I'm actually working if they ever try to stiff me on payments.
Who controls the data? Are the screenshots sent automatically to the employer?
How do you handle the sensitive information (api keys, user personal data) that can be displayed in the screenshots?
I used to use the Upwork tracker a lot which sends the screenshots to a third party (Upwork) where both parties could view (or remove) the screenshots. Having some kind of trusted third party or paper trail (if sending by e.g. email) seems necessary to prove any potentially-produced-later screenshots were in fact created at the time of work.
It might be different for others, but for most sensitive data I'm privy to on a job (api keys, their users' personal data), my employer could or should already have access to all of that. I've removed the occasional screenshot that had a personal dev tool key or similar though. Typically all this should be covered by a contract with a client though; they shouldn't just be stealing API keys and whatnot from your screenshots...
> most sensitive data I'm privy to on a job (api keys, their users' personal data), my employer could or should already have access to all of that
It’s about storage though.
It’s one thing if your employer can access the data from an encrypted database with carefully managed access - and another to also keep it in a random screenshot in a third party time tracking tool.
There are also regulations and requirements, for example about deletion of personal data.
IMO, storage is an implementation detail that should be handled up the chain (by your tool or third-party service), rather than by you.
In the Upwork example, screenshots are already encrypted and only accessible behind authenticated flows in their site/app; can be deleted manually (e.g. after you've been paid and don't need them for liability reasons); and automatically delete after some period of time otherwise (6mo or 1 year IIRC).
There are probably plenty of other time-tracking tools that give you more fine-tuned control over the privacy of your screenshots if you want that, but I can't imagine it's something most freelancers want to spend much time on.
Ha I got started on the freelancer websites like Upwork where you have to install spyware that takes a screenshot every 10 minutes. Kind of depressing way to work but it did get me started with freelancing.
I'm sorry. hope you heal before start inflicting it on others.
I quickly moved to more trusting clients thankfully, and have never considered doing this to people working with or for me. :)
The most interesting part of this tool is that it has enterprise features and it’s still free. I mean why. You’re producing a product to handle large amounts of money and you don’t want a cut?
They offer a hosted version so they’re making money, even if they could earn more if they wanted.
Usually means they're getting paid in other ways.
Yeah really sounds like it ::eye roll:: https://www.kimai.org/en/about.html
Seems like it is just a one person project with donations and a paid SaaS tier if you don't want to role your own.
He should have added it but with a shutter sound and a screen flash for every shot taken.
And any station that can be monitored by boss station, can monitor boss station too.
Sure here you go, screen shots, live monitor, recording, audio too...but everyone gets it the same.
I’d prefer if every “screenshot” was generating an image with a terminal window with code from some random open source project. Bonus points for a matrix color scheme and some hexadecimal strings.
They have a great code of conduct as well: "Don't be an ass!"
He's not wrong and tracking your employees like that is actually illegal in Switzerland and probably other places as well.
In fact if you install security cameras in your work place they can not be used to track employees.
You are permitted to gather overall metrics over all employees but you can't track individuals. There are exceptions but only for very specific instances.
If you don't trust your employees to do the work then what guarantee do you have that they do their work well? This is how you end up with door hinges meant for the front ending up installed in the rear. Zero trust means their is zero incentive for the employee to give a shit about doing their job right.
Switzerland laws don't have an overall prohibition expressed that directly. Moreover the videosurveillance and system surveillance are treated separately even if some common laws apply.
The intent of the surveillance and the communication to employees is more relevant thant the technical means.
> In short, a surveillance system is prohibited if it is intended solely or primarily to monitor the actual behaviour of employees. However, the same system will not be prohibited if it is used for on legitimate reasons, such as ensuring safety or enabling the organisation or planning of work. However, the system chosen must be proportionate to the aim pursued and the employees must be informed in advance
https://www.edoeb.admin.ch/edoeb/en/home/datenschutz/arbeit_...
In Switzerland it is forbidden to have a dashcam or a video camera recording public spaces.
Last spring in Ireland we rented a cottage and then we discovered a video camera and could view some footage of us cluelessly strolling around the cottage. I had mixed feelings about that. Of course it's not a video camera inside, only the outside.
Maybe start corporate-friendly fork
So is this like a remote administration tool then? Since I'm assuming you'd want to trigger the screenshot remotely from a central server that manages kimai clients.
"Kimai is a free and open-source project time-tracker."
Yeah I noticed that, which is why I'm confused about this screenshot feature being invasive. Unless it's remotely managed, it would only be screenshots taken by you, and stored by you, in your time tracker.
Things don't need to be remotely managed for the user to lack control. The client software could take periodic screenshots during tracked time which are sent along when the user reports their tracked time.
That would make it centrally managed. Unless the user can override this configuration, we're talking about remote administration. Either through this tool, or through some other tool that deploys it and ensures the user cannot change it.
Kudos to the developer for standing their ground, but if we're talking about a remotely managed client computer then I don't think there's much the user can do to protect their privacy.
It sounds like adding this feature would turn the software into something you consider remotely administered.
I'm interpreting it more like this is a standalone locally managed program, the user would like a screenshot feature in it.
But if you add remote management around it then this screenshot feature can be invasive, but then again so is the management software that prevents the end user from changing the config.
So the way I see it, the developer is getting upset over something they'd be unable to control.
It is not a standalone program. It's a hosted service.