I am pretty tech illiterate; I come hat-in-hand.
I'm onboarding for a short-term, remote project, which nonetheless requires me to work from home only from a particular location. I'd rather not be so restricted.
Can I (and if so, how can I) create the digital impression that I am working exclusively from a certain location, while not doing so?
From what I understand about the technical side of the project, I'll be working from my personal computer (rather than a work computer conveyed to me by my employer), running Citrix Workspace. I'll also need to use my phone for some kind of two-factor authentication (presumably this will be required to access Citrix, but perhaps authentication is required in a different capacity (some application w/in Citrix?)). To my knowledge, I will not be required to use or download any other monitoring or tracking apps.
I'm running Windows 10 and using an android phone.
If it matters, I would be planning to use a modem which has other people/devices connecting to it, none of which would be taking any of the precautions I'm planning to attempt below.
I'm not entirely sure all the ways my location could be tracked, but here are some concerns, and possible solutions:
Employer can identify my location by my IP address
I could run a VPN on phone used for authentication
I could run a VPN on computer running Citrix
WRT the VPNs, I have access to servers which are fairly close to my purported working location. And I don't think I'm that concerned with employer even coming to assume that I use a VPN -- I could have additional privacy concerns on my personal computer that don't need to imply I'm trying to insulate myself from the employer.
Employer can identify my actual location given my GPS/ location data on my phone and/or computer
On my computer, I could set make my default location to a static, dummy location with default Windows 10 privacy settings
On my phone, I could create a static, dummy location using something like GPS Joystick/Fake GPS
Or is the solution here as simple as turning off GPS on my phone/deny apps permission to use location data w/ default Windows privacy settings?
Are these sensible solutions? Are there other methods by which my employer could glean my location, which I need to address? Are other people/devices "insecurely" using the same modem a cause for concern?
Appreciate your solidarity and any advice.
When you say that they "require you to work from a certain location"
How certain are you of this?
Would it be possible that as long as you get the work done, no questions would be asked?
Appreciate the questions.
How certain are you of this?
I'm certain insofar as it was a material condition of employment. Which is very frustrating, because the work itself/my work product won't turn at all on where I am located. I'm quite sure the requirement is just a crude proxy to make sure people on the project aren't free-wheeling it in the Caribbean, or working "odd" hours", or otherwise not communicating for meetings/emails.
Would it be possible that as long as you get the work done, no questions would be asked?
Yes, I think it's very likely/possible that there won't be a need to verify my location over and beyond what is conveyed by Citrix (esp. if they don't have a reason to investigate, which they won't). My concern is that some location data is necessarily conveyed over Citrix; I could be in hot water in that case -- I feel like it's possible that they could receive some routine location data which would otherwise suggest I've misrepresented myself. This might be less of them asking questions about where I am, and more me tacitly announcing that I'm not where I've said I'd be.
So the questions sort of are: what kind of routine location data might Citrix be privy to? If this includes IP/GPS data, would the VPN/manual GPS setting strategies mentioned above be sufficient to hide my actual location? Are there kinds/modes of data that Citrix is privy to that I'm not aware of?
(This doesn't even really need to be particular to Citrix -- at a higher level: how does the world know where my computer/phone is? can i trick the world into thinking my computer/phone are somewhere else?)
Set up a Raspberry Pi as an OpenSSH server in the location you need to "work from" and tunnel your traffic from your WIndows 10 computer into it, essentially setting up your own VPN. Also, if you're employer isn't as lazy as they probably actually are, if they check the IP you're working "from" they aren't going to see a noted/known VPN IP address and would just see the IP address of whatever network you have your Pi connected to.
This, of course, requires that you have a physical location to place a Pi and a router/network to attach it to via ethernet cable. Potentially you could also install a wifi card to the Pi if you aren't able to connect physically but this would be less reliable.
If you only need to have your browser coming out of that location, that's easy enough to set up a SOCKS proxy in Firefox rather than tunnel your entire traffic through it.
Come to think of it, you might need to do some port forward magic in the router settings so that you can set up an external connection to the Pi.
If the location you need to be working "from" is a major city, you could potentially do this more easily (and safely) using a dirt cheap VPS hosting plan (ie: spin up a $5 / month Digital Ocean droplet from Los Angeles for example, and configure it as an OpenSSH server, but this you would need to implement some more strict security policies like only allowing your IP addresse(s) to access it)
This is an incredible answer, I ended up not needing to do it, but really thanks so much for thoroughly addressing my question.
