No internet connection
  1. Home
  2. Technical Support

How did IT team know that I am out of California?

By @sfan
    2023-08-22 23:27:10.853Z2023-08-23 02:37:54.337Z

    My job requires me to stay in California while I work from home. I connect the TinyPilot to my work laptop (which is the target PC) from June to Aug 10th, and accessed it using my personal laptop. My work laptop stayed at my home located in CA, and my personal laptop traveled with me in the CA during this time. I used tailscale, and everything worked perfectly.

    On Aug 11st, I flied to another place outside CA with my personal laptop connecting to my work laptop (which is still at my home). From 8:00AM to 11:00AM I worked as usual, and then my supervisor called me saying that the IT team detected that I am not in CA.

    My understanding to the TinyPilot is that it appeared to be a generic monitor+USB keyboard+USB mouse+USB storage drive, as given in None of these should contain ip information. I wonder how did the IT know that I am not in CA?

    • 23 replies

    There are 23 replies. Estimated reading time: 14 minutes

    1. Michael Lynch @michael2023-08-23 20:09:45.907Z2023-08-23 20:26:07.294Z

      Thanks for reporting this! I hope your TinyPilot hasn't gotten you into trouble at work.

      This is a tough one. This is the first report we've ever received of a third party potentially identifying remote access to a TinyPilot.

      You're right that there's no network connection between the TinyPilot and the work computer, so I don't see a way that software on the work computer would be able to infer details about the network connection between your personal laptop and the TinyPilot device.

      I initially thought perhaps your employer saw TinyPilot attached to your work computer (which they can do), but you mentioned that the TinyPilot has been connected since June. And your supervisor called you immediately after you accessed your TinyPilot from outside of CA, so it seems like just having a TinyPilot connected isn't what's making them think you left CA.

      Is it possible that they detected your location through some other means? Here are a few possibilities I can think of:

      • Do you run software provided by your employer on your personal devices (e.g., a work app on your personal phone)?
      • Do any of your personal devices talk to servers that your employer operates (e.g., work email on your personal phone, work Slack on your personal phone, personal phone synced with work calendar)?
      • Did you bring any other hardware provided by your employer with you when you traveled outside of CA?
      1. S@sfan
          2023-08-23 22:01:22.752Z

          Thank you for your reply.

          I did not bring any company hardware with me. Yet I did bring my personal iPhone, which used Outlook and Teams to receive company emails and messages. However, before I traveled outside CA, I uninstalled them. Is it possible that my company made some settings on my iPhone (possibly when I initially installed the Outlook and Teams) that could track my location and I am not aware of?

          1. Is it possible that my company made some settings on my iPhone (possibly when I initially installed the Outlook and Teams) that could track my location and I am not aware of?

            It's hard to say without knowing the processes at your employer.

            If you at any point IT enrolled your personal device in mobile device management (MDM), it's possible that IT retained some insight into your device even after you uninstalled Outlook and Teams. iPhone MDM apparently doesn't share location data, but it's possible they still have access to IP address information or other signals that could allow IT to approximate your location.

            @charles also pointed out to me that some MFA solutions collect location information. Microsoft Authenticator, for example, collects location data:

            Authenticator collects your GPS information to determine what country you are located in. The country name and location coordinates are sent back to the system to determine if you are allowed to access the protected resource. The country name is stored and reported back to your IT admin, but your actual coordinates are never saved or stored on Microsoft servers.

            1. S@sfan
                2023-08-25 00:01:50.855Z2023-08-25 00:29:41.477Z

                These are very helpful information. My iPhone does have an authenticator app, and I think it might be the one that made the IT aware of my location, because this is the only hardware that is "related" to my company.

                Do you know if there is a way to check the permissions my authenticator app have on my iPhone that can lead to location information?

                1. I don't use an iPhone and we're getting a bit too far outside the scope of TinyPilot support, but you should be able to find permissions by following Apple's instructions.

              • In reply tosfan:
                ZSantosh Krishnan @Zantosh
                  2023-09-26 09:18:01.160Z

                  If you have a company teams account on your phone, then they probably installed a device management app that doesn't get deleted just because you removed teams and Outlook. I always use VPN to put me in my home area for this reason.

                  1. S@sfan
                      2023-09-26 13:58:52.407Z

                      Thank you for your reply. I think it is probably because of my phone. I remember I installed something (although I can't find it in my phone at this moment) when I was hired by the company. I am going to test it by asking my friend to bring my phone to China :)

                      I wonder if you happen to use TinyPilot on your device and working remotely?

                      1. ZSantosh Krishnan @Zantosh
                          2023-09-26 14:02:41.649Z

                          Yes. Lots of very solid experience. I love tinypilot. Helps me be a better dad and a better consultant. Can't live without it. I've cleared out my office and do all my work on my Google Pixel fold phone. Better than sliced bread that I don't eat bread anymore. Lol

                          1. S@sfan
                              2023-10-23 19:59:47.173Z

                              Hi Santosh @Zantosh , could you please check if I understand your setup about VPN correctly?

                              For example the company want me to work at California. My understanding is that the target PC is connected to TinyPilot. Then a personal laptop is connected to TinyPilot over the internet using, e.g. TailScale. Then I need to set up VPN on the personal laptop to route to California, even I the personal laptop is physically at Canada? i.e.
                              target PC <--> TinyPilot <--> TailScale <--> VPN (route to CA) <--> personal laptop

                              Thank you for helping.

                              1. ZSantosh Krishnan @Zantosh
                                  2023-10-23 20:08:44.579Z

                                  Hi @sfan,

                                  the company want me to work at California ==> Your company laptop stays in California
                                  Company laptop is connected to TinyPilot, which is also in California

                                  Now you have two approaches, up to you and mileage may vary.

                                  Approach 1 - Find an old laptop and set it up for Windows RDP in california on the same network as your TinyPilot. Setup TailScale on this laptop. This is all now in your California location on the same LAN. Next, when you are far away, from your tablet, phone or other laptop, do a Windows RDP to the laptop that you have in your California location. From that laptop, you can connect locally to your TinyPilot and do your job.

                                  Approach 2 - Setup TailScale on TinyPilot. When you are far away, from your tablet, phone or other laptop, open your browser and connect to your TinyPilot box that is in your California location and do your job. Problem with this approach is that TinyPilot has not been designed to stream video so you will have drops. Windows RDP is designed to stream the video so you will only have a degradation in quality, but it won't drop.

                                  1. S@sfan
                                      2023-10-23 20:17:21.746Z

                                      Thank you! Approach 1 is so smart.

                                • In reply tosfan:
                                  ZSantosh Krishnan @Zantosh
                                    2023-09-26 14:04:31.481Z

                                    Don't send your phone to China. That's a terrible idea.

                                    Instead load a VPN software line NordVPN and have it always on. Route your data through whichever state you need to be in and set it up to route all traffic via the VPN and if the connection drops then to kill your network. Works best.

                                    1. S@sfan
                                        2023-09-26 14:18:49.926Z

                                        Thanks a lot!!

                                • In reply tomichael:
                                    2023-10-23 19:03:01.626Z

                                    Hi Michael,

                                    Can you please explain how the IP works when Tailscale is used to connect to the Tinypilot?

                                    When people connect Tinypilot via Tailscale at Canada (for example), does Tinypilot receive any IP information (or any other location information) from Canada?

                                    1. Hi @sfan, thanks for your question about using Tailscale with TinyPilot.

                                      When you join a TinyPilot device to a Tailscale network, the TinyPilot device will be able to see information about the local network you have connected to (whether wired or wireless) and the Tailscale network. Other devices on these networks may be able to see that the TinyPilot device is on the same network.

                                      1. S@sfan
                                          2023-10-24 04:18:50.836Z

                                          Thank you for you reply.

                                          Is it true that my company (which is not connected to my local network) will not see that the Tailscale is connected to the target PC (i.e. work PC) via TinyPilot?

                                          1. Your TinyPilot device doesn't expose any information to the target computer about the network and services to which you have connected your TinyPilot device. Our article on whether anyone can detect TinyPilot contains more details that may be helpful.

                                    2. M
                                      In reply tosfan:
                                      Martin Goudreau @MartyG
                                        2023-08-24 12:14:11.812Z

                                        Could it be that you are connecting to your office laptop via VPN?

                                        1. S@sfan
                                            2023-08-24 12:15:42.682Z

                                            Office laptop does connect the server via VPN, but I am not bringing my office laptop with me. The office laptop stays at home.

                                            1. MMartin Goudreau @MartyG
                                                2023-08-24 12:18:36.184Z

                                                hmmm... how do you connect to your office laptop? using some 3rd party remote software?
                                                I'm just asking as that may be the way they "see" you connecting...

                                                1. In reply tosfan:
                                                  MMartin Goudreau @MartyG
                                                    2023-08-24 12:21:38.283Z

                                                    Nevermind... my bad...
                                                    You are connecting to a TinyP...

                                                2. B
                                                  In reply tosfan:
                                                    2024-04-25 11:57:24.059Z

                                                    Do you have a 2 step authorization to log in, usually all companies have authorization software and if your using your phone in California to do two step authorization it logs where the phone was via GPS and network.

                                                    1. A
                                                      In reply tosfan:
                                                      a7673 @a7673
                                                        2024-06-16 20:21:57.875Z

                                                        @Zantosh @MartyG @sfan Hope you are doing well. I am reaching out to you since I am in the same boat as the OP's question (@sfan).
                                                        Do you have any work around figured out for this situation, asking since it seems like you've been working with TP device for many years. If you can shed some light on a solution that would be helpful to the community.

                                                        On other note, I was thinking about virtualizing phones (iOS or Android)/ Use a KVM with Mobile phones and have them stationed in the work country and use the 2-Factor authentication apps remotely. I am not sure about this if it will work. I havent found any solution yet to this. Also, most of the authorization apps are only supporting In-App authorizations but not OTP over SMS or vice versa.