For employees it depends if they are exempt or not. Any supervisory employee who can fire people is automatically considered exempt and many other employee classifications (such as programming) are considered exempt as well. (exemption is once more IRS and state taxing authority determination that the company has no say over)
If the employee is exempt from overtime then it's illegal for the company to require that they work a certain number of hours, or at certain times. If the company DOES tell the employee this (that they have to track their time) then the employee can hit them for mandatory overtime (if they exceed 40 hours) Exempt/non exempt classifications are more commonly referred to as salaried/hourly employees. Long and short of it is you cannot use an online form to consider "work to be valid" for a salaried AKA exempt employee. Salaried employees are paid BY THE JOB not by being logged into something for a certain time. Companies quite often forget that putting someone like a programmer on salary is a two way street. The benefit from the company's point of view is they don't have to pay overtime for one of those work-round-the-clock-push times. But in exchange for that, the employee also doesn't have to work 40 hours every week either. A decent salaried employee keeps an eye on time since it's an important metric for how much work is reasonable to expect a salaried employee to do but it is NOT the absolute metric. Companies who have tried to do it differently - that is, not pay OT and make you work late during crunch time - and still make you work 40 hours - regularly end up paying very large fines and back salary to people when they get sued. It's healthy for that to happen for owners of those companies to get slapped silly for trying to exploit workers from time to time. Once more as I keep saying this needs to be handled from an employee management standpoint via managers and HR not from the IT department trying to play God and the managers being wussies and afraid to talk to employees. Is it simply that a large number of IT people are on the autism spectrum and have social anxiety disorder that they will literally waste weeks of company time on elaborate technical solutions that can be handled in 5 minutes by a manager walking up to an employee and saying "hey dude you know that thing you are doing with the VPN, well knock it off" Or is it that their anxiety disorder and desire to Play God just drives them to believe that every other employee in the company is trying to screw IT??? Sheesh!!! Ted -----Original Message----- From: PLUG <[email protected]> On Behalf Of Daniel Ortiz Sent: Wednesday, April 19, 2023 1:39 PM To: Portland Linux/Unix Group <[email protected]> Subject: Re: [PLUG] 3rd party vpn Defense evasion Disclaimer: some of the following if not all could be wrong. Wouldn't it be easier to deal with the credentials side to avoid this problem in the first place? To illustrate what I mean, here's a theoretical idea that while it might be flawed (like potential security failures), could be useful in terms of guidance. When an employee logs in, it sends an email to their company Gmail account complete the login in procedure. They click the link to a Google form which requires them to be logged in to their company Google account for the submitted form to either work or be considered valid. Once, it's submitted, a program will allow them to finish the login process. Also, doing something with a company Google account could be helpful since Google records the devices you logged in with, which if a company can check that, they can see if there is any suspicious devices. On Wed, Apr 19, 2023 at 10:29 AM Ishak Micheil <[email protected]> wrote: > We're chasing this from data science side as well. As far as charting > the pattern of activity and flag anomalies. > This should trap the subs since he/she won't be checking email, > responding to chat messages etc, or hopefully time of activity could give us > clues. > > I do agree, there are many VPN commercial services and they will never > advertise servers properties, besides there's lots of other open-VPN > options. > > We shall conquer! > > On Tue, Apr 18, 2023, 3:21 PM Ted Mittelstaedt > <[email protected]> > wrote: > > > > > > > -----Original Message----- > > From: PLUG <[email protected]> On Behalf Of John Jason > > Jordan > > Sent: Tuesday, April 18, 2023 2:00 PM > > > > >It would be nice if VPN services advertised how effectively they > > >stop > > others from finding out who and where you really are. > > > > They are never going to do this because they are constantly tweaking > their > > proprietary protocols to get around firewalls, and they don't want > > the firewall vendors knowing when they made a change to get past firewalls. > > And given who some of the firewall vendors are, and what they do to > people > > they don't like, this is very understandable. > > > > This stuff is getting very advanced nowadays since many firewalls > > are doing deep packet inspection, and looking specifically for > > patterns in packet traffic that indicate it is VPN traffic > > encapsulated in regular > http > > or https traffic. So the proprietary vpn clients will modify the > encrypted > > traffic to make it look like regular https traffic. > > > > Never forget that for you, me, and probably all the readers of this > > list, that creating using blocking and messing around with VPNs is > > really > mainly > > an intellectual exercise, but that there are many people in the > > world in places like Russia and China where a secure VPN means not > > having people breaking their doors down in the middle of the night > > and hauling them off to prison - or worse. > > > > Ted > > > > >
