How I handle my Upwork contracts.

Table of Contents

I think writing this is a bit overdue given I’ve been doing contracting for a good month now and earning a fair amount. Plus this can also serve as an FAQ I can send to clients who my have questions about how I do my work.

What environment do I use?

I have the following:

  • A Windows 11 based PC (Physical, at home).
  • A Mac Mini M1.
  • A MacBook Pro M2.
  • A MacBook Air M1.
  • 2x Gigabit async baremetal linux machines (one located in Finland, the other in Germany).
  • 3x Gigabit async VPS linux machines (All based on the Hetzner network).

That said, specifically for contracting I’ll hop on my Windows machine, and utilise the sandbox function to spin up an ephemeral (read: Temporary) Windows instance with no connection to the host machine.

Windows Sandbox

In short this sandbox instance allows me to conjure a temporary windows instance with no user data, and will allow me to conduct work so that which when closed will completely erase any trace of what’s happened on there.

Why?

The benefits are there for both the client and I.

  • I operate on a machine where I can’t save things like credentials or company files.
  • The client can take peace of mind that my machine is malware free.
  • I can take peace of mind knowing that the machine is hardened and any infected files I get won’t escape onto the host.

What are my processes for working?

Record everything.

I record absolutely everything I do and then upload it to YouTube under private videos. This is so that I have a record of what was done, and I can then forward you the link for your review.

  • Videos are kept uploaded for 2 weeks from contract end
  • You can get a copy sent via Google Drive.
  • All videos are in MKV format and at a high enough quality to make out all movements.
  • Pauses can be made in videos where I’m getting a drink, taking a break, or looking at my own personal documentation.

No access via screensharing.

Explained further below.

All communication (pre-contract award) is done via the platform.

It’s against terms of service to communicate outside the platform. I’m not risking my account so we can chat on Skype. Where there are issues with Zoom (as much as I hate Zoom), we’ll either keep talking via text messaging until the contract is issued.

Once the contract is awarded, I prefer to keep text messaging via the platform, and video calling via Google Meet.

If the requirements of the contract change, so does the pricing.

Good example:

  • A client wants to solve their DKIM/SPF/DMARC records.
  • I quote an hour at $XY rate.
  • The contract begins, the contract needs to state the exact work to be undertaken.
  • Midway through the job, the client wants me to look at something else (maybe a WAF rule in Cloudflare)
  • I can do that, but it needs to be a seperate contract with it’s own rates established.

Why?

  • If either side opens a dispute about the work done, we both should be afforded the opportunity for protection by giving clear reason why the dispute is being made.
  • This helps grade me on the work I do for each task. More contracts completed = more jobs completed on my profile = more positive reputation where earned.
  • Changing the rules mid game doesn’t seem fair.

Exceptions to the rule:

  • A main task cannot be completed safely without undertaking additional work.

    • That additional work is something I forgot to quote.

    Example: A client needs their local users administrative privleges removed. Those users are the only people on their machines. To make sure there’s a fallback, I feel pushing an administrator to be created via intune as a break-glass solution is needed. I talk to the client and include it in the time/cost in a manner that is either fair, or do not charge for it as a matter of getting the job done (if it’s something I can rollback later when the contract ends).

  • A critical issue has arisen and needs attention NOW.

    Example: The domain I am working on has expired. In order to get this show back on the road I guide the client through re-registering their domain.

Why won’t I take on work/access via screensharing? (Zoom)

As a matter of principle, screensharing your administrative access to me is indicative that you’re probably giving access to contractors this way because:

  • You may not own the systems you need help with and are therefore unable to provide proper authorization.

  • You might lack explicit permission from the party who owns the systems to share contractor access.

  • Sensitive information could be involved, and granting external IP access might violate your organisation’s information security policies. This is particularly crucial when data sensitivity or regulatory compliance is at stake.

  • The Zoom client has a history of security vulnerabilities. For example, just two years ago, a significant backdoor was discovered, potentially allowing unauthorized access to your machine. I don’t accept those risks.

How do I know I can trust you?

Scouts honour? But no seriously:

  • This is a paid platform, I pay to get tokens which I use for applying for contracts in the hope of earning them back. I don’t get them back if I intentionally mess about.
  • I genuinely enjoy the work I do. It’s fun.
  • I want to make money.
    • There is money in long term repeat work.
  • Messing-about damages my reputation both on the platform and amongst my peers.