Need help breaking free of indentured servitude of...

mdmprisoner · 11-29-2022 09:05 PM

In May of 2021 I published an article on LinkedIn about my former employer and the discrimination and subsequent two years of retaliation I experienced. Four days later I was fired and despite that being over 18 months ago my former employer continues to control my personal accounts and devices. And not just google accounts I had on my BYOD cell phone while I was employed there but also any new devices or accounts that I create. I first noticed that they were controlling my personal accounts and devices a year ago next week when I caught them deleting files from my backups which they see as corporate data and I see as evidence of their crimes - and the week I caught them was the week I was due to submit evidence to the state for an investigation. In the year that has followed I have purchased six Windows laptops, two Raspberry Pi desktop computers, a Pixel 5a, a Pixel 6 Pro, and two OnePlus N200 phones and without fail they are able to provision each device even when I create an entirely new google account and do not sign into the device with any of my previous accounts. In addition to the pc's and android devices I have purchased four macbook airs and three iphone 13s and all but one of those devices have been purchased and exchanged in the last three weeks. And even with Apple products being a walled garden and creating a new appleID and apple email address for each device they are still able to use Google identity management to provision those devices. And before anyone asks - all of the phones and computers were brand new and purchased by me with my own money and not in any way connected to my former employers. The non-stop bombardment my firewall gets from googleapis, gstatic, clients.google, etc etc etc to maintain the connection to my accounts and devices is ridiculous and I believe likely represents multiple violations of the CCPA every single day. I have attempted to report them to the FBI but who knows if the FBI received it because they insert headers into web requests and completely change how websites behave. The number of scripts I had to delete on this page just to log in to post this question was insane. I have all but given up on my original google accounts even though I didn't start working for them until 2019 because they are constantly moving company branded files between my three original accounts in what I can only assume is an effort to make it appear like I am actively interacting with company documents so that they can continue to claim that they have some right to do so. It's worth mentioning I have had those three accounts since gmail was in beta so I've lost access to over a decade of personal and financial docs to say nothing of all the memories in the form of thousands of pictures that I can no longer access).

I just want this to stop and it needs to stop now because it is interfering with my ability to earn a living as the company I'm doing some contracting work for isn't too keen on a company which offers a competing product like my former employer does having access to their confidential information. Nor do they want them to be able to view my emails and other communications that might reveal product direction or overall strategy. This is beyond insanity that an employer does not have to provide some method validating that new accounts and devices actually belong to them or that the end user is an active employee who has recently authorized the provisioning. I would assume you know that all you need to do is require that workspace customers provide you API access to their payroll provider and voila instant accurate and update employment verification. And though it might now win me any points here - Google you should be ashamed that you allow this to happen. How one can buy a phone directly from you and you allow that new phone to be provisioned to a company a person no longer has a relationship with before the phone is even delivered and despite you possessing the records for the purchase is unfathomable and should be criminal. And that you make it impossible to speak with someone who can help is reprehensible. Despite being someone who works in tech and has signed multiple partnerships with Google and has contacts in the org I can't get access to someone who can help so I can only imagine how impossible it must seem for most people. Anyhow if there is anyone here who can help it would be much appreciated because I have reached the end of my rope.

mdmprisoner

I have all but given up on my original google accounts ~~even though I didn't start working for them until 2019~~ because they are constantly moving company branded files between my three original accounts in what I can only assume is an effort to make it appear like I am actively interacting with company documents so that they can continue to claim that they have some right to do so. It's worth mentioning I have had those three accounts since gmail was in beta. Even though I didn't start working for them until 2019, I lost access to over a decade of personal and financial docs to say nothing of all the memories in the form of thousands of pictures that I can no longer access).

Sorry for the word vomit that is these two sentences. Cut and paste error combined with the frustration of trying to get past their shenanigans. It took the better part of two hours to post this question because of all of their nonsense.

mdmprisoner

I just noticed that my other copy and paste error cut off the details of what they had done to obfuscate the buttons for submitting a question. In order to submit the question I had to pull up the console and tinker around with the code until I figured out what changes I needed to make in order for the Post button to be functional since they had disabled it. Then once I was able to get that button fixed so that it would trigger the update to the page and submit the questions, I still struggled to get the question submitted because every time I hit post something was configured to cause multiple simultaneous submissions resulting in an error about post flooding. I also had screen shots of the issues with the Post button but finally got so frustrated trying to fix the also disabled Upload button that I just gave up.

cryptochrome

When you installed one of your new devices, say, one of those 6 Windows laptops, and to which you said you never logged in with any of your previous company accounts, what did you see that made you believe the device was under the control of your former employer?

I am asking, because from a technical perspective, there is no conceivable way for them to "hijack" your new computer, unless you login to it with any accounts under their control. So my suspicion is that you either use something on your computers (unknowingly) that allows them to gain access, or, alternatively, they do not have access to your computer at all.

Gaining access to your computer from a Google Workspace perspective would mean that you would have to actively install a Google Workspace component like a Chrome browser or the Google Drive client AND login to that component with a company account of your former employer.

mdmprisoner

Yes should definitely clarify that I meant having not signed in as one of the primary accounts for android on the device. And it took me a long time to narrow down the primary identity management provider because I worked for a very large enterprise company and we used Macs as our computers, Google Workspace as the primary software provider, but many, myself included also used Microsoft Office in addition to Google's products and then OneLogin for SSO. And until all of this happened I was a devoted android enthusiast having used every Google branded phone starting the Nexus S through the Pixel 6 - with the exception of the Pixel 2 and 3 when I took a brief detour with OnePlus. So I'm sure you can imagine how entangled everything in my life is with Google services. It's impossible to not at some point need to sign in to some account that is tied to a gmail account - from airlines to utilities as the login/username. Add in all of the other Google products in my home - nest cams, nests, nests homes or home hubs in every room, android auto in the car and until the last two weeks Google was my ISP when I finally drew a line in the sand with my husband and said that he could have either Google Fiber or me in the house but one of us was out the door. But even now he is just as entangled with Google services as I was so any device I have is likely to come in to direct contact with or be in close enough proximity to his which are signed into the joint google account we created for all of the devices in our home and which are tied to our personal gmail accounts as the backup accounts should the account tied to our home need to be recovered. Like I said - it's impossible to escape given how everything in my life is in one or another connected to a Google service. And over the course of the last year i have turned on each and every one of my old Google branded phones to see what would happen and each has been automatically provisioned. That is beyond insane that months after I left that company and was no longer associated with them, Google would allow a device that hasn't been used in a decade to be instantly provisioned the moment I turned it because it happens to have my personal gmail account on it which of course I had at some point signed into my work laptop with as anyone who travels extensively for work inevitably needs to do at some point. But this isn't rocket science and it's not brain surgery. All it takes is validating against a payroll file to determine whether or not a company should still be able to access personal accounts and devices. It's just incredibly frustrating and it makes you feel like you are being hunted with no hope to escape.

cryptochrome

Asking again, just to clarify: What did you see on your new devices like one of the 6 Windows laptops that made you believe the device was taken over by your former employer?

Because again, unless you use something and sign in to something that belongs that company, they would have no means to take over your device unless they actually hacked you. You must be using something, maybe unknowingly, that signs into a Google account that does not belong to you but to them. There is no other way.

They cannot control personal Gmail accounts (ending with @gmail.com). Technically impossible. So by the looks of it, you are signing into a company owned account, and when you do, the "device takeover" is pretty much an automated process.

Find that account, and you likely found the culprit.

mdmprisoner

LOL - yeah they definitely have done some hacking on the back end. But as to what to what I see on the devices, it's generally an immediate and consistent change to the permissions I have on the device and to the features/functions of the OS being used. And how they go about this is once that initial connection is made with a device they push a virtual machine out to the device and from that point on whenever I power on it boots to the virtual machine. It took me the better part of nine months to figure that out. More recently someone got lazy/sloppy and left a configurations file with an employee's name as part of the file name on my Pixel 5 and in another instance neglected to flush the logs of their activity on my network and I have over 700 pages of log files with IP addresses of everyone who was monitoring what I was doing that day as well as everything else they did I guess "multitasking" while monitoring - like logging into Facebook, Amazon, Github, and one per played on his/her Playstation for several hours. But to answer the question it is usually around restricted permission levels being pushed to the device along with the addition of programs/files associated with Active Directory and/or OpenDirectory depending on the OS being used at that moment.

Jason_Sarc

I have very similar issues as you with a previous employer, and I too have purchased several new devices only to have them provisioned within a week. I have not put past the idea that they are gaining physical access to the devices in order to install the initial account (at one time I was able to uncover an admin account associated with the email "phone_admin@oldcompany.com") but I have YET to receive any assistance nor been able to rid myself of the absolute disregard for personal privacy or respect for any person documents (pictures, tax forms, journals l, etc) have all been either removed or made unreadable by hex editing header or meta info which leaves "file cannot be opened, may be currupt" style errors regardless of operating system, media or file type.

I understand what you are going through and for what it's worth would be glad to share any information ℹ can with you as I distance myself from this.

Best regards, feel free to reach out to me in any way you can. My username is Sarcoise and personal is standard Gmail account. Add the two together along with an at and you got it.

Need help breaking free of indentured servitude of Workspace for Enterprise