I don’t even allow location sharing with my own family on and ongoing basis.
I also totally don't get why you would want to share your location, even with family. I don't want to know where they are either.
Unemployment benefits for me would be 3% annually of my annual salary.
This is intended to force you back into the slave market.
this only works if you control the device and not managed by your company
https://www.microsoft.com/en-us/microsoft-365/roadmap?search...
The actual feature brief is:
"When users connect to their organization's Wi-Fi, Teams will soon be able to automatically update their work location to reflect the building they're working from. This feature will be off by default. Tenant admins will decide whether to enable it and require end-users to opt-in."
Yuck.
The tracking is still gross, but limited to opt-in on office WiFi seems a lot less dramatic of a headline, especially given the main concern people have is work from home
I mean, that's not really how "opt-in" works for features that your company owns; you might have to "opt-in" technically but your company will probably make that a little more mandatory.
I do agree that the blog post, headline, and HN comments are as usual quite an overreaction, but this feature is pretty gross. It's also weird because the controversy/grossness-to-utility ratio seems awful, which either means that Microsoft product management has gotten as bad as everyone thinks it has or there's some future plan to make it more "robust."
If a company policy says you have to opt in, not opting in means you're breaching the policy and might get fired. Entirely legal in at-will employment places, but potentially not in places with better worker protections.
Saying that, I just got announcement from my employer they will not be turning it on for now.
https://www.euronews.com/next/2026/01/27/france-to-ditch-us-...
That's not a bad thing.
But I think its totally unrealistic and impractical to deal with this kind of thing by being so choosy that you won't work for an org that uses Microsoft. Actually acting that way probably just means choosing to be unemployed (for the vast majority, at least).
Can't you just rename your home wifi SSID to be whatever your Work wifi is called?
If I were to try to implement the given task description, I'd start with assuming this would need to be "Enterprise gives an exports of BSSIDs and locations, Teams uses that table to set the location when you connect to your organization's AP". I'm not even sure how else to make this really work right.
If it really is SSID based, the feature would be relatively useless for most organizations even before discussion trying to spoof it. E.g. the last place I worked had ~3,500 physical addresses with APs (and many more individual buildings/"office" names), all with the same "Corp_Name_Employee" SSID because otherwise it's way more work to have unique SSIDs. So how would this feature even do what it's supposed to do based on SSID?
Maybe the enterprise exports a table of AP MAC addresses, mapped to locations. It could be the SSID stuff is just a way to spy on what non-office location you were at.
E.g. in the above deployment each Aruba AP could have up to 16 BSSIDs/MACs per radio, but we really had an average of ~5 in use per band at any given site. So a single 2.4 GHz + 5 GHz AP would have 10ish BSSIDs/MACs associated with it in the export (which would then roll up to be BSSIDs/MACs at that office).
Then any of the SSID stuff seems to be more pure speculation (at least from what I've been able to find sourced from Microsoft so far, they are very light on details). Maybe tEAMS does something with SSID, maybe it doesn't - but the roadmap item doesn't even mention that half of the behavior at all, the Neowin article at least looks to be just inserting stuff about SSIDs without any source (and this site doesn't seem to source much at all). It certainly could use SSID as a fallback when there is no location, but where are the articles finding the plan actually has anything about doing that and why would it help more than setting the status to "Remote".
At the end of the day BSSID isn't unspoofable either (companies that care that much probably just want mobile device management or to look at the wireless controller itself), but it at least enables the actual goal of saying which office to be achieved.
(Or phone tether, if you have a good data plan)
Currently I manually check device IPs.
I followed several articles and the tree I found seems to end with this Neowin article https://www.neowin.net/news/microsoft-delays-controversial-l... but it doesn't actully clear up the sourcing. I.e. the quote in the article is the same roadmap item, yet the article talks directly to that as if it's the home SSID which will be put into Teams - where is that information in the quote it's describing? I'm not sure if they just didn't source that bit or if it's plain confusion about whether it's really limited to "connecting to your organizations Wi-Fi" which is then being picked up as a hot story.
Honestly, to me the feature seems so incredibly low-functionality that I'm surprised they're pushing it forward after all of the controversy it's generated. Like, sure, it might be nice to see if someone was out to lunch or in Building 17 or whatever without needing to message them, but at the cost of the whole "teams is spying on you" narrative and yuck-factor it pushes, I'm surprised they haven't pushed harder on either clarifying the functionality or just pulling it.
That aside, if it is SSIDs it's dead simple to fake. If it's BSSIDs it's a little more difficult and not every AP may expose a way to spoof it (but it's not too difficult to find ones which will).
Ultimately if you are at the type of company which practices presenteeism, then the technology used is immaterial
The roadmap just makes the whole thing user-facing so there's a status in Teams of where you currently are. But IT knew all along. And if IT didn't have tools deployed to get this info already count yourself lucky to work at an immature org security-wise.
I will say that "IT knows where I am" and "my manager / manager's manager / whatever sees where I am on Teams" would represent two very different personal annoyance levels at most companies I've worked at; at most places I've worked getting someone's location through IT required them to be doing something questionable or illegal (ie - working from an unapproved country) or breaking some obnoxious return-to-office policy, not just "hey is Bob out to lunch again or is he over in Building 6 so I can drive-by him with some questions real quick"
IT having the information for security is one thing.
In the hands of power-hungry lower middle managers, it becomes a weapon.
First security job I had, the CISO had already declared that enforcing "no Youtube, porn, whatever" at work was a managerial problem and not a security problem [0]. And when management needed data from computers about an employee, they had to go through security -- they couldn't just fish around on their own. HR was involved, there was a paper trail, and requests were scope limited.
There are companies that do incredibly invasive employee monitoring, but those dystopias don't use EDR or whatever. They use some other vendor's spyware to replace management with creeping.
For some reason I'm reminded of the chains or cables used to keep operator hands (Posson's pull-backs) from being crushed in a press brake.
[0] The malware, etc that can come from those sites was a security problem -- but checking if creepy Bob was looking at boobs on company equipment or even just wasting time had nothing to do with infosec.
So, either this minimal description is A: an attempt to mask the feature's true purpose of dystopian pocket spying under an innocent-sounding cover, or B: negligently deploying a technical capability with far-reaching consequences without proper diligence or care.
Even if the goal was to enable a pocket panopticon for middle manager spying on WFH staff, in less than 10 seconds I came up with a list of other negative impacts and threat vectors which should freak out any large org's corporate security, legal, compliance and HR teams.
* Like lower level employees not in the 'shielded compartment' seeing that {M&A exec} is currently on {potential acquisition target company's} guest wifi. This kind of accidental location knowledge leak has actually happened between MSFT and Google via a freak analog coincidence and it changed the course of a huge acquisition. This feature makes that accident 1000x more likely.
* Or an employee sues for being dismissed and their lawyer proves through discovery that a manager could have seen they were connected to the wifi of a competitor they might have been interviewing with or an abortion clinic or gay bar, etc.
* Or as part of a harassment claim an employee says the company's required app showed them the phrase "Big Titz Rule!!!" because it was the name of a wifi network another employee was connected to.
Just having an opt-out or hours limit is woefully inadequate. Even if those should prevent senior execs and M&A teams location being accidentally visible to employees not in a trust circle (or worse contractors, vendors or customers looped into a Teams group), it STILL creates huge new threat surfaces. At a minimum the 'feature' needs ways to limit it to only show wifi network names: A. On an approved list, B. Matching a regex pattern, C. limited within a list of IP sub-domains, etc. And at many companies, as part of compliance, all those wifi network names will need to be passed through the "problematic words" list maintained by the HR and security teams (and in many companies hits on those lists trigger auto-reports which will now create discoverable "evidence" in any future lawsuit keyword search).
The unintended-but-foreseable consequences stretch for miles. And this isn't the MSFT Office/Teams group's first self-inflicted trip to this rodeo. I just don't understand how they keep repeating the Same. Obvious. Mistakes.
Also if they cared so much about where I was to punish me for it, I’d quit that company. The only companies I will work for are ones that treat me like an adult, it’s fairly simple.
It's also kind of unclear whether the blog post is correct that it would show the name of another network if you connect to it - I'd sort of assume it would just show "Out of Office" instead of "connected to YO_MAMAS_WIFI" or whatever, but who knows.
> what building you're in at the office
On Windows you can see this (from an elevated context and, in newer versions, with location services enabled) by running: "netsh wlan show interfaces"
> And obviously, the mobile app (your pocket spy).
Don't these ask for location permissions? This story is light on details.
I found a lot of news stories about this dating back to where it showed up on the roadmap in early 2025, but none of them with any more implementation details (ie - is it using _only_ WiFi network name, or some other data too?)
The really weird thing is going to be when people start internalizing the LLM voice and writing that way. It's probably happening already.
> Remember when you could text Dave from the office to turn your PC on because you were stuck in traffic?
I honestly don't. This was a thing? Why?
> So if you decide to take a "working lunch" and connect to "Starbucks_Guest_WiFi", your boss sees it instantly.
I would have a lot of fun with "creative" names for my Wi-fi network.
Yes, MAC addresses can be spoofed, but that isn't going to be what most employees will do.
If you work in a factory with time cards that need to be punched in, and you punch in a buddy's who is late, that's a thing -- a very risky thing if you get caught, since it's fraud.
But the idea that you'll give a coworker your password so they can boot up and log in and somehow make it look like you're online...? Not a thing. And doesn't even make sense today when you can just open your chat client on your phone anyways and be present there. We've been in an era of remote work for a long time now.
Huh? If you're in the office already then your real time location is... the office. Makes 0 sense to me.
Switch to Linux, it's better to ask forgiveness than permission. Say it's a security measure against spyware by malicious and hostile entities online.
The more data you collect, the bigger your legal liability when something inevitably goes pear-shaped.
Stop treating workers like grifters or prisoners and you won’t have nearly as many problems.
Denied.
This is about satiating the warden's control fetish, consequences for the company be damned.
Hint: Bossware and most things the MBA's drool over.
Unfortunately, there's enough people out there that are fine with implementing said features if it means they get a paycheck; even if it ruins the world for everyone else.
Looks like I need to rename my home wifi to "Corporate Network."
Yet the contrarians here will always say "iTs bEtTeR wItHoUt uNiOn cuz I nEgoTiaTe beTtEr"
What this does is track when you are not working in the office.
But what if I have a secondary wifi network in my home that says "BigCorpSuperSecureWifi", wouldn't that work? What if that's the name of my phone's hotspot?
However badging data is much more coarse-grained than WiFi. For one, because the building is large, you can’t tell which part of the office the employee is. For two, you can’t tell when the employee has left work because no badging is needed to exit the building.
There's already the Big Brother Awards [0] and EFF's smattering of Worst Government and Worst Data Breach articles each year. [1]
But I think we need more.
Personally I would love to nominate:
- Mark Stefik and Brad Cox for their contributions to DRM
- Erick Lavoie for his work on Wildvine DRM
- Vern Paxson for his contributions to DPI (Deep Packet Inspection)
- Latanya Sweeney and Alexandre de Montjoye for their contributions to re-identification of anonymized data
- Steven J. Murdoch and George Danezis for their work on de-anonymization attacks
[0]http://www.bigbrotherawards.org/
[1]https://www.eff.org/deeplinks/2025/12/breachies-2025-worst-w...
I don't see it anywhere.
It seems like highlighting how anonymization is a lot harder than a lot of people assume is a really useful service. If researchers can do it, without any particular secret sauce, so can a lot of other people. (Unless I'm totally misunderstanding your comment.)
Some of Sweeney's most well-known work in this area is from the LATE 1990s. She was sounding the alarm about problems with anonymized data in medical datasets: https://en.wikipedia.org/wiki/Latanya_Sweeney#Medical_datase...
Her work almost certainly contributed highly to awareness of these risks.
More recently she has apparently worked on things like protecting voting rights in the US by notifying voters if their registration records change.
But, yeah, at some point in the 90s, Massachusetts decided to release some "anonymized" health records for research purposes (I think just state employees). One was governor William Weld who obviously had a lot of public information widely available. As I recall, Sweeney wrote the governor's office a bit later basically saying "I have your medical records."
I used this as a slide or two in some AI presentations in the mid-2000s or so pre-LLMs when I had some peripheral involvement with some of the privacy-preserving research going on (differential privacy, multiparty computation, fully homomorphic encryption). Haven't really followed most of this for a while.
Should issue the award!
If they hadn't done it, you can bet that bad guys would have done it instead (and maybe were already doing it). What the researchers did is publicly show that the existing schemes were broken, hence motivating the design of better schemes.
Like, you fundamentally misunderstand computer security research if you think that shitting on people publishing attacks is a good thing.
You can be pretty sure some three-letter agency trash had been already using it around the world along with shady spyware startups.
You're assuming Hollywood studios would ever release their content without DRM of some kind. They were quite content to ignore computers entirely if they didn't bend.
The world where Widevine doesn't exist isn't a DRM free one; but a world where an iPad or Smart TV can stream and a PC can't.
I also find it hard to get offended about because there is basically no job, outside of tech, which doesn't involve physical location. >95% of jobs require physical location. Do you think a concrete worker, a plumber, an electrician, or literally anyone who works with their hands, has a right to location privacy? Whining about this is extremely hard for me to generate sympathies for.
Heck, my employer's entry system was already coupled to my phone's location (optional, but meant I didn't have to reserve a desk manually). So, I already looked like I was coming to the office on weekends because the grocery store is next door.
EDIT: not to mention Teams already shows your status as "Away" if you don't type for 5 minutes. Sitting there reading a document - yep, you're clearly smoking in the parking lot or wandering around gossiping.
Is there anything more than the Wifi SSID stuff below?
> If you connect to a Wi-Fi network that isn't your company's, Teams will simply display the name of that network. So if you decide to take a "working lunch" and connect to "Starbucks_Guest_WiFi", your boss sees it instantly. You can’t hide behind a generic "Remote" status anymore.
So how exactly does this work? It'd be pretty trivial setup my access point to provide a work SSID? How much access does Teams really have to get info to discern your location?
It sounds far less than the diagnostics data I get from a small go binary.
If corporate policy is you can't connect to starbucks wifi, then enforce that at the MDM mangement layer - I assume things like SCCM can do it.
So it sounds like if you want to circumvent this: get a travel router that spoofs a work access point, and make sure any kind of identification requests that would reveal a public IP are either blocked or are going through your work VPN.
I know E911 was a big deal in the telephony world and since Teams is a phone service, this makes sense.
I don't like it but it makes sense.
Add this to the infinite list of reasons why I don't put company-issued spyware on my personal devices. If Slack/Teams/Outlook/whatever wants to "administer" my personal device in any way, it's a hard no for me.
Looks like I need to remove Teams from my phone.
"The Bottom Line"
It reads like AI generated content, is it just me?
I don't understand why this doesn't still work. If Dave from the office has access to your PC, presumably Dave and your PC are in the office, connected to your office's network, and thus it would appear that you are in the office?
Or is the assumption that you're carrying another device with you that would give you away? In which case, shouldn't the complaint be more about being forced to perform some kind of work task (like carrying/being accessible by your phone) when you're off the clock...which is hardly a new issue/complaint?
If this is for people physically working at some place they have access controls and will see if you left the building, when and for how long.
So this is only good to track when your company phone leaves to the toilet. I imagine if they want to get rid of you they just set up a WiFi access point in the toilet and track your poop time. Then tell you to "optimize" your diet so you are more productive or get fired.
I mean it’s Microsoft the king of shitty features.
If this is for catching people working from home, just clone the WiFi and Mac on an OpenWRT 5g mobile router and take it with you and enjoy laughing at your boss while brunching with the whole team on company time.
Sometimes I think people forget that you borrow the company your (life)time and skills for the agreed terms. You’re not some kind of pig that is tracked until you’re fat enough to get butchered.
If your company turns this on, just look for a better workplace immediately that is actually respecting you as a human being and not "human capital" and tell them to get fucked.
Just go to the damn office already!!!
A lot of people are coming across as whiny children here, "Oh no I might have to go to the office for my 6-figure paycheck." Grow up and go to work, as George Carlin might say.
It's about hiring adults, respecting and trusting them to do the job and support the team, and be responsible for their methods. The details are not important to that goal.
If an employer instead treats people like toddlers needing supervision, spoon feeding, and metrics around methods, not work, they will get only that.
1. I don't speak authoritatively and
2. I don't have knowledge of the whole product - there's always a rogue team here and there doing stuff.
We've had that feature turned on at MSFT for some time now. It does not allow your manager to see that you're at Starbucks, at home, on the shitter or anything like that. There's a new toggle in the calendar settings called "Share location with my organization", and the settings are: "all details: building, desk, etc.", "general location: office or remote", "can't view any location information". What it does when turned on is just adding, at the top of your calendar, icons that tell you which of your colleagues are in office, and if they share and you click on someone's picture, what building they're in (when it works).
The whole "it will tell your manager what your wifi is" is just baseless extrapolation, and plainly false from what I can tell.
marekful•1h ago
toomuchtodo•1h ago
https://www.wyden.senate.gov/
marekful•1h ago
toomuchtodo•1h ago
I would be chuffed if I see someone present on breaking this at Defcon this year.
marekful•1h ago
toomuchtodo•12m ago
boogrpants•1h ago
There are law's against wage theft.
Both happen quite often, recent ICE events aside.
Turns out words written in a book do not actually constrain physics.
What is this? The medieval ages? You seem to believe laws are mage armor.
Individuals need to grow a spine and not be so kowtowed. This battered wife shit where everyone has to kneel before some rando with an iPhone clipped to their belt is pathetic. Management isn't actually anymore useful to humanity than me, cause like me there's a huge backlog of people who can do managements job.
reactordev•1h ago
boogrpants•1h ago
All I see is frail old, codependent losers who need blue pills to simulate virility.
toomuchtodo•13m ago
direwolf20•1h ago
pixl97•1h ago
direwolf20•1h ago
idle_zealot•1h ago
dangus•1h ago
Of course it does.
I don’t know that we can draw broad conclusions about worker rights on this issue.
My company probably DOES need to know that I’m not taking company information to certain locations like overseas if I work in certain industries like if I am in healthcare covered by HIPAA and I’m handling PHI.
Hyperbolic example, but if I’m taking a teams call or reading my email in North Korea, that is a gigantic problem.
Right to privacy doesn’t exist inside of employer apps and company devices, and there isn’t a strong argument that it should exist.
jen20•1h ago
Indeed, but the right of an employer to have you carry their device outside of their building also doesn't exist.
ilinx•1h ago
loloquwowndueo•1h ago
abdullahkhalids•1h ago
How did companies enforce the worker not taking the files with them on their international trip? Just by punishment when it was discovered after the fact. Things worked fine. It was good enough.
There is no need for additional surveillance, just because computers and internet can be used to do it.
jodrellblank•1h ago
Of course it doesn't. (What can be asserted without evidence can be dismissed without evidence).
> "there isn’t a strong argument that it should exist."
Did you google for anything on this topic? Did you set a timer for 5 minutes and spend some time trying hard to think of one? Did you look at other countries and their regulations (e.g. Germany?[1]) and why they ended up that way?
[1] https://www.jdsupra.com/legalnews/employee-monitoring-in-ger...
whynotmaybe•57m ago
If you install corporate teams on your personal device, you are part of the problem.
You must request a device for that and never mix personal and professional stuff.
iberator•25m ago
Lazy and fraudulent people destroyed WFH. Should be banned forever. 20% people working, 80% slacking