If they want you to use WhatsApp they can provide you with a device to use it on, then at least it’s completely isolated from your own data and can’t do too much harm.
Ok, but this is reality, and in reality schools don’t give a fuck about these subjects, third world country schools at least.
They don’t give a fuck in first world schools as well
Such a waste of public resources, to not develop (or fund) free and open tools for everyone, instead of paying for temporary licenses for closed software.
Public money public code
Oh, wait until you get a job in most offices. Microsoft, Microsoft everywhere.
BYOD with Linux? “We can’t install the company’s spyware on it, get that security risk out of here.”
I mean they’re not wrong, BYOD is an absolutely ginormous attack vector.
For the user or the company? Assuming the user isn’t a moron with computers?
Edit: guess im out of the loop as a contractor who generally only does BYOD with my linux machine
If a user doesn’t understand that having complete control over every device in your network is essential, he’s being a complete moron with computers.
You should do your work, not worrying about patching all the 128 tools you think you need, that’s other peoples job.
If an organisations’ security relies on the end device configuration there is no security.
Who needs defense in depth, right?
You can bring your own devices, but you don’t get permission to access anything?
Or what are you even trying to say about what the end users device being able to do anything
I don’t think I said anything about what a device can and cannot do
When you’re supporting ten thousand machines on four continents and confirming to twenty different data protection doctrines the last thing you need is some neckbeard rocking up demanding to store data in their unauditable homebrew fork of Haiku or some shit.
What is achieved with GPOs and agents is compliance, not security.
In other words, company issued devices don’t protect the data, but they ensure conformity with relevant regulations and standards. Which is what most organisations actually care about.
Many good IT people really do care about actual information security, but not those in charge.
The result are devices that hinder some people’s work but provide questionable actual security.
What is digital sovereignty?
What’s easier from the teacher/teachers representative, use 1 widely distributed app, or download 100 different messaging programs/interfaces and make sure every student knows the proper channels to contact every other student?
There will always be someone unhappy, let’s try to keep that from being the person who has to do this dance day in and out for the rest of their underfunded lives?
