Fortunately this email made it through my spam filter. Looks like they want to take on LinkedIn and are planning to seed it by making existing accounts public unless you opt OUT within the next week:
Hey [redacted],
I’m excited to announce that we are expanding the reach of your Triplebyte profile. Now, you can use your Triplebyte credentials on and off the platform. Just like LinkedIn, your profile will be publicly accessible with a dedicated URL that you can share anywhere (job applications, LinkedIn, GitHub, etc). When you do well on a Triplebyte assessment, your profile will showcase that achievement (we won’t show your scores publicly). Unlike LinkedIn, we aim to become your digital engineering skills resume — a credential based on actual skills, not pedigree.
The new profiles will be launching publicly in 1 week. This is a great opportunity to update your profile with your latest experience and preferences. You can edit your profile privacy settings to not appear in public search engines at any time.
Our mission is to build an open, valuable, and skills-based credential for all engineers. We believe that allowing Triplebyte engineers to publicly share their profiles and skills-based credentials will accelerate this mission.
Thanks,
Ammon Co-founder & CEO, Triplebyte
I clicked privacy center, ( https://triplebyte.com/privacy-center ), couldn't find the option, but chose 'Opt out of Personal Information Sharing' because why not?
After clicking the button I had to click a confirmation email to get this approved. Then it said it would happen within 30 days and I may be required to show govt ID.
Why? I am already verified with my login account. It is not like I am doing something sensitive like changing a password or email. And what is this about needing to show govt id? They have zero reason to need govt ID to opt out of 'Personal Information Sharing' of all things.
Honestly tempted to just delete my profile. (That may also require govt ID.)
https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...
Identifiers, third parties. “ Companies that use our services to be matched with job candidates. Candidate profiles created by our users are accessible to the public. “
Note that you are opening yourself up to major legal and financial liabilities, besides the obvious personal ramifications, ie: you're on the record as a sleaze unless you handle this with velvet gloves from here on in.
https://en.wikipedia.org/wiki/General_Data_Protection_Regula...
When a user creates a profile on Stack Overflow or Hacker News, they are consenting to share whatever data they give on that particular platform.
When a user created a profile on Triplebyte, up until now, they were consenting to that data being used in a private profile for the purpose of connecting them with job opportunities, privately. Now, you've emailed all of your users on a Friday evening to say "by the way, if you don't opt-out in the next week, we will take this data that you gave to us under the assumption that it would be private, and make it public (and potentially searchable)."
By saying "we'll do it unless you say no", you are not getting consent.
If you're familiar with the tea analogy of consent, a la https://www.youtube.com/watch?v=oQbei5JGiT8, this would be like you saying "well, other users (not necessarily every user, or you, the user in question right now) have had tea (not necessarily the same type of tea) from other platforms. This is just like that. So, if you don't say no to our tea in the next week, we're going to drop the tea on you. We hope you enjoy!"
You are not just "launching public profiles for a product that has not had them in the past", you are launching public profiles and on them you are _sharing data that was given to you under the agreement that it was private_. You are using data that folks gave you in a very, very different way than for the purpose they gave it.
Finally, just to really drive this home, you say "What we've focused on to keep that from harming anyone is what data we include in the profiles."
And, what data is that? What personal data, given under the agreement that it would stay private, won't harm someone if made public?
Full (presumably legal, or at least professional) name, coupled with profile picture (presumably a clear photo of their face) and, I'm guessing, also the locations they said they were looking for a job in? Although, fine, in most cases sharing that data is mainly annoying and trust-breaching, that combination of information can be devastating if leaked. Consider a person who has escaped an abusive ex-partner, and has managed to keep private about what new city they've moved to, now popping up in a Google search for their name that has their picture and the fact that they're looking for a job in Los Angeles. This person probably isn't your core user-base, but stories like this are real, they happen, and if you get enough users, they will be among your real life user stories. You have to consider user stories like this when you are trusted with personal information.
This ain't it.
Have logged in to stop this from happening and currently apparently I'm "Open to discussing new opportunities", which is news to me. On trying to change it to "Not interested in any new opportunities" there's a dropdown that says "I’d be open to new opportunities in:" and most you can set it to is 2 years. These are whole new dark patterns.
UPDATE You can turn off the setting they're talking about by going to [0] and then clicking the little grey "Visibility settings" under the Profile URL section.
UPDATE There's a delete your account option on this page [1], though YMMV:
>> Government identification may be required and we may ask you for more information in order to verify your identify
https://www.hipaajournal.com/does-gdpr-apply-to-eu-citizens-... seems to suggest it is based on location. There would seem to be standing for anyone based in Europe that made an account when considering a move to the US, or who is based in Europe next Friday when the "data processing operation" occurs. That seems like it would give them standing, even if they weren't protected while overseas, as this is a new data processing operation.
- request a full copy of any information held about you (article 15)
- withdraw consent and request deletion of any information about you (article 17)
- object any further processing of your data, including making it public (article 21)
Playing with people's data like this is not okay and personally I plan to take them to court if they don't comply.
IANAL, but they may already be in violation of the GDPR with the 30 days processing time. While the GDPR states 30 days as the upper bound, the article about erasure also states:
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies [...]
Notice the phrase undue delay. It seems that the legal interpretation of undue delay is as soon as possible [2]. Since the sign-up for Triplebyte seems to be immediate (you just create an account), they could also remove an account with a simple delete account button (remove some rows from a SQL database). So in the case of most web services as soon as possible seems to be with the click of a button to delete an account itself. Allowing a few more days for changes to propagate through storage systems and backups.
For anything longer, they should probably come up with damn good reasons when this is brought to court.
At any rate, they will have more serious problems if they make citizens public for people in the EU. They'll open up themselves to a huge liability. You are simply not allowed to use data for other purposes than what the data subject gave explicit well-informed consent for. And no, burying somethings in the terms and conditions is not explicit consent.
[1] https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CEL...
[2] https://www.linkedin.com/pulse/term-without-undue-delay-cont...
INAL, but from my understanding that's exactly what GDPR itself suggests to do:
> The controller should use all reasonable measures to verify the identity of a data subject who requests access, in particular in the context of online services and online identifiers.
Thats mainly because [2]:
> There is a very real concern of fraudulent requests from bad actors, who might use a customer’s data for nefarious purposes.
While it's great to know that noone else is able to delete my account, it still feels shady af.
[1] https://eur-lex.europa.eu/eli/reg/2016/679/oj#d1e1374-1-1
[2] https://konfirmi.com/blog/gdpr-personal-data-id-verification...
Shameless plug:
If anyone would like to create a developer profile that you have full control over and that doesn't expose you to recruiter spam, please check out what I'm building at https://fizbuz.com.
Also, I clicked that "visibility hidden" and got this email:
"Hey Jeff,
You’re no longer letting companies know that you’re open to discussing new opportunities. Your profile will be hidden from employers for the next 24 months. You can change your job search status and make your profile visible again, whenever you feel ready explore new opportunities." (https://imgur.com/a/OBWexgo)
So even that only will get rid of it for 24 months. Let's see if they'll just delete my account.
>In the politician’s apology, you apologize not for the offense itself, but for the fact that what you did offended someone. “I’m sorry you’re a hypersensitive crybaby.”
What 'nabilhat is talking about is the way the Triplebyte CEO’s comments in this thread (which are the opposite of “highly critical”) are being downvoted to very light grey.
This is theoretically true, but the fact that it's been on the home page for 12 hours and has accumulated hundreds of critical comments, none of which any mod has touched, seems to (a) eliminate that possibility and (b) demonstrate that the risk is theoretical, not actual.
(Keep in mind that YC has thousands of investments, so whatever you think of their ethics or the incentives, a filter like this would be impractical and obvious. Also see "Not behaving in a way that damages the reputation of his/her company" on https://www.ycombinator.com/ethics/ - it's hard to imagine YC supporting this.)
You are totally missing the point. You think the change significantly improves your product, but your users perceive the change as a massive breach of trust. Why? Because the underlying JTBD (job-to-be-done) for a lot of engineers is discreet job searching. IOW, for a lot of people, a public TB profile would be like having a private Ashley Madison profile [0] exposed to the public. Ashley Madison was a major source of embarrassment for many when they suffered a breach.
Rather than double-down, might be time to step back a bit. The aphorism "the market's perception is your reality" is especially instructive.
[0] The Ashley Madison metaphor used by this commenter is especially apt: https://news.ycombinator.com/item?id=23280782
> Socialcam's popularity on Facebook suddenly increased in the spring of 2012, via unusually aggressive actions to induce contacts to join. It was criticized as "invasive" and a "bully" by many reviewers, for sharing what users were viewing without them realizing that that would happen.
It was only after articles like "Why I Hate Socialcam Even If It Might Be the Next Instagram"[2] (spoiler alert: it was not) started appearing that Ammon and friends sold to Autodesk for $60 million. I'm sure that investment worked out swimmingly for Autodesk. Win some, lose some, eh? But hey, at least Ammon got some resources out of it, which he went on to use to make the world a better place, and some valuable life lessons about privacy and honesty and respect, right? Right, Ammon?
[1] https://en.wikipedia.org/wiki/Socialcam#Criticism
[2] https://www.forbes.com/sites/roberthof/2012/04/30/why-i-hate...
https://news.ycombinator.com/item?id=23280120
Piggybacking on this comment and linking here so people can more easily see how completely tone-deaf it was.
More from his comment history here:
Looking at their privacy page: https://triplebyte.com/privacy
It mentions these options for deleting:
https://triplebyte.com/privacy-center
privacy@triplebyte.com
By CCPA law, they must acknowledge and comply with a deletion request within a time limit. The fines can add up very quickly per user request if they don't comply.
EDIT: Updating my post since I looked at the deletion request forms for some other sites and it seems similar. Probably try the form first and if it doesn't work, then the email.
https://hackaday.com/2014/11/18/thalmic-labs-shuts-down-free...
HaD wasn't hidden.. Thalmic was.
Dang has usually responded with noncommital responses like they never do that. But further requests for being transparent has fallen on deaf ears.
edit: and -1'ed. Is this because "my content sucks"? Is it because of 'offtopic'? Or is it a mod?
Considering karma here determines rights, rate limiting, mod-down, flagging, and more - these points do matter here. And of course the larger issue here is lack of transparency. In fact, with removal of mod scores, the site has gone down in transparency.
YC's economic interest in HN is having it be a happy, thriving community. That dominates all other considerations put together. A fast way to ruin that would be to destroy the community's good faith by suppressing negative posts about YC or YC startups. In addition to being wrong (we wouldn't want to belong to such a community ourselves), it would be dumb. If anyone wants more explanation there are posts about HN vis-à-vis YC's business interests going back years: https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu.... See also https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que..., which describes the simple way we try to optimize this (simple in principle, though not in execution). And see https://blog.ycombinator.com/two-hn-announcements/ from 2015 about HN's editorial independence.
(Edit—because I've been wanting to write about this for some time and this may as well be the place:)
The above is the answer I always give to questions of how HN serves YC's business, because it's true and it's solid economics. It's the right answer to give to anyone who's looking at the question through a cynical economic lens (as we all have been trained to do) since it basically says "we can be even more cynically self-interested by not doing that".
However, I also always feel a little bad after giving that answer because it's not the deeper truth. The deeper truth is that we just feel this way. HN and YC grew up together. In a way they are siblings, and one doesn't exploit one's sibling. Or, to switch metaphors: because HN and YC grew together, the connections between them are complex and organic, like the connections between brain hemispheres. If you get in there and start snipping and moving things around, you'll probably lobotomize yourself.
If you want a hard-nosed business reason for how HN makes money for YC, one is: it leads to people starting startups that wouldn't otherwise exist, and it leads to YC funding startups that it wouldn't otherwise get to fund. That's how HN adds to YC's core business (edit: but see [1] below). I use that reasoning to explain to people why we don't need to sell ads on HN or do other things to monetize it or drive growth. Again, though, it doesn't capture how I (and I think most at YC) really think and feel about HN. The deeper truth is the two have always been together and we can't imagine them otherwise.
In other words, the value of HN to YC is intangible. That affects how we operate HN. If the value were tangible, then snipping things and moving them around and generally being bustling and managerial would be the way to go, or at least the most likely thing that people inside a business would do. But since it's intangible, all that kind of thing gets supplanted by a general feeling of "this is good, don't fuck it up". Since the main indicator of whether we're fucking it up or not is the community, the way HN can most add value to YC is by keeping the community happy. Happiness means interest (HN is supposed to be interesting) and trust (a community can't exist without trust).
This is not a paradise that will last forever—it's a historical accident that an internet forum ended up in a sweet spot vis-à-vis the company that owns it, where the business is better off optimizing for the forum being good and happy than by banner ads or growth hacking. But we all know that it's an honor to get to be stewards of a community in that way, and while nothing lasts forever, we want to keep it going as long as possible, and maybe longer than one could reasonably have thought possible.
[1] edit: for some reason I forgot to mention the three formal things that HN also gives to YC: job ads for YC startups, Launch HNs for YC startups, and displaying YC founder usernames in orange to other YC founders. See https://news.ycombinator.com/item?id=23293437 for more.
That raises the obvious question of why we have such software if it causes such problems, but the answer is simply that it helps more than it hurts, overall.
Meta threads and discussions tend to invite objections from the litigious type of user. Such users are rarely satisfied, but have a ton of energy for meta argument, so it's easy to get into a situation where any answer you give leads to two or three fresh objections. Such objections have to be answered with great care, because if you slip up and say the wrong thing, people will use it to drum up a scandal (edit: and will quote it against you for years to come!). This consumes a lot of mental and emotional energy. (Edit: btw, this is asymmetrical: the people raising objections and making accusations are under no such restriction. They can say anything without downside, no matter how false it is or what they accuse you of. They can make things up with impunity and people will believe them by default, because on the internet you are guilty until proven innocent, plus everyone loves the underdog. These are additional reasons why it's easy to end up in a situation where every comment you spend an hour painstakingly composing earns you a bunch more counterarguments and demands.) These arguments tend to be repetitive, so you find yourself having to say the same things and defend against the same attacks and false accusations over and over. This is discouraging, and there's a high risk of burnout. Disgruntled users are a tiny minority, but there are more than enough of them to overwhelm our limited resources—it ends up being something like a DoS attack.
I fear this outcome, so we've always shied away from adding such a system. We want to be transparent, and we answer whatever questions people ask, but it feels safer to do it ad hoc as questions come up. There's no specific question you can't get an answer to, other than a few special cases like how HN's anti-abuse software works.
There's an opportunity cost issue too. The vast majority of the community is pretty happy with how we do things—I know that because if they weren't, we'd never hear the end of it, and then we'd say sorry and readjust until they were. I think it makes more sense to do things to keep the bulk of the community happy, or make them happier, than to pour potentially all our resources into placating a small minority—especially since, once you've done this job for a while (say, a week) you know that nothing you do will ever be completely right or please everyone.
On the other hand, if I could ever be persuaded that a full moderation log would satisfy everyone's curiosity and reduce the overhead of misinterpretation, complaints, imagined malfeasance, etc., then we'd be happy to do it.
This question has come up repeatedly, so if you're curious to read previous answers, see https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que....
> Your public profile includes any badges you've earned, your basic info (current job title and company, current location, and years of experience), and the tech experience & resume section.
This information can very easily be used to identify a person, especially at smaller companies.
> ... to provide us the canvas to release badges. That’s it.
So before you were taking on LinkedIn, but now it’s just a place to release badges?
[0] https://triplebyte.zendesk.com/hc/en-us/articles/36004382061...
Here’s an old article about it: https://money.cnn.com/2012/01/26/technology/google_privacy/i...
I suspect TripleByte is about to learn some similar lessons.
Definitely #2. The job ads that appear on the front page are only for YC startups, and that's one of three formal ways that HN gives back to YC in exchange for funding it. The other two are that YC startups get to do Launch HNs, which get placed on the front page (see https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...), and YC alumni usernames are displayed in orange to other YC alumni. For some reason I always forget to mention these things when writing on the above topic, I guess because I don't think they add up to the biggest thing, even though they're significant. In my mind the big thing is the connection to startups forming and applying to YC. However, no one has ever tried to measure these things, and I'd feel a bit queasy about doing so. It would feel like stepping out of the magic circle in a fairy tale. One should not step out of the magic circle.
Google Legal will until 2031 or so.
https://www.ftc.gov/news-events/press-releases/2011/10/ftc-g...
Guess who'll be counting to 2040 if everything goes according to plan next week?!
This is the company in question, I'm not sure if there's an online repository for all the ridiculous drama and bad decisions though.
I could explain more but honestly James Clear has done a far better job here: https://jamesclear.com/why-facts-dont-change-minds
