How do you handle the sensitive information (api keys, user personal data) that can be displayed in the screenshots?
It might be different for others, but for most sensitive data I'm privy to on a job (api keys, their users' personal data), my employer could or should already have access to all of that. I've removed the occasional screenshot that had a personal dev tool key or similar though. Typically all this should be covered by a contract with a client though; they shouldn't just be stealing API keys and whatnot from your screenshots...
Seems like it is just a one person project with donations and a paid SaaS tier if you don't want to role your own.
Sure here you go, screen shots, live monitor, recording, audio too...but everyone gets it the same.
In fact if you install security cameras in your work place they can not be used to track employees.
You are permitted to gather overall metrics over all employees but you can't track individuals. There are exceptions but only for very specific instances.
If you don't trust your employees to do the work then what guarantee do you have that they do their work well? This is how you end up with door hinges meant for the front ending up installed in the rear. Zero trust means their is zero incentive for the employee to give a shit about doing their job right.
The intent of the surveillance and the communication to employees is more relevant thant the technical means.
> In short, a surveillance system is prohibited if it is intended solely or primarily to monitor the actual behaviour of employees. However, the same system will not be prohibited if it is used for on legitimate reasons, such as ensuring safety or enabling the organisation or planning of work. However, the system chosen must be proportionate to the aim pursued and the employees must be informed in advance
https://www.edoeb.admin.ch/edoeb/en/home/datenschutz/arbeit_...
Last spring in Ireland we rented a cottage and then we discovered a video camera and could view some footage of us cluelessly strolling around the cottage. I had mixed feelings about that. Of course it's not a video camera inside, only the outside.
It’s about storage though.
It’s one thing if your employer can access the data from an encrypted database with carefully managed access - and another to also keep it in a random screenshot in a third party time tracking tool.
There are also regulations and requirements, for example about deletion of personal data.
In the Upwork example, screenshots are already encrypted and only accessible behind authenticated flows in their site/app; can be deleted manually (e.g. after you've been paid and don't need them for liability reasons); and automatically delete after some period of time otherwise (6mo or 1 year IIRC).
There are probably plenty of other time-tracking tools that give you more fine-tuned control over the privacy of your screenshots if you want that, but I can't imagine it's something most freelancers want to spend much time on.
Kudos to the developer for standing their ground, but if we're talking about a remotely managed client computer then I don't think there's much the user can do to protect their privacy.
But if you add remote management around it then this screenshot feature can be invasive, but then again so is the management software that prevents the end user from changing the config.
So the way I see it, the developer is getting upset over something they'd be unable to control.