The reason you report is to make the call if he should have had that level of trust in the first place.

I'm not so sure.

I can imagine trusting someone to set up (and even enforce) eg an alcohol policy, but still be prone to alcohol abuse themselves.

Weak wills are a thing. Or people thinking they are smarter than the protocols that apply to the masses.

All I mean is he is the person paid to do this already so it's not extra dangerous. It's like a policeman doing a citizens arrest if they spot a crime on the off hours. It's frowned upon but you know it's the same thing they do in their job.

Our HN user, mr-wendel, worked at the company, but I'm not sure they said what their job was. It might have been sysadmin, but since mr-wendel talks about snitching on a senior sysadmin directly to the CEO, it's save to say that the sysadmin did not report to mr-wendel; and I presume that mr-wendel was a lot lower an the pecking order.

I don't think the senior sysadmin was paid to hide browsing from the oversight?

I'm not defending running rogue workloads on your employers infrastructure, that's obviously wrong. I'm just saying from the description, and the role of who did it, it probably wasn't super problematic in terms of security.

I think this thread highlights nicely that context is everything.

In this case, I think vasco's take is correct: the sysadmin was indeed trustworthy enough to exercise this discretion in response to overzealous employee productivity rules without at all undermining his primary responsibilities.

The proxy was definitely in a place to essentially trivialize it's impact. I'm pretty sure thats why it was placed where it was, as opposed to make it harder to find. If that was the chief concern, disabling logging would have obviously been the first thing to happen.