Triplebyte (YC S15) is a tech recruiting company that operates by getting developers to take skill tests, and then using the results to match them with employers. Back in 2020, they got in a lot of hot water by suddenly announcing that user profiles -- which had been collected with assurances that the data wouldn't be shared without consent -- would be made public, unless you opted out within a week[1]. This provoked a lot of backlash, especially since the CEO seemed totally oblivious to the privacy concerns[2]. After a lot of angry comments, he publicly apologized and reversed course[3].
Then in 2021, some users started once again being notified that their profiles were automatically being made public[4]. This time, it was explained away as an "oversight" related to the fact that previously, opt-outs weren't permanent but had a hidden expiration time. Triplebyte once again apologized and promised that it wouldn't happen again, and many people seemed satisfied with the "transparency and candidness" of their response.
Now it's 2022, and yesterday I got a recruiting email from a company that found me via the Triplebyte account I created back in 2019. When I logged in to check, sure enough, my profile was set to "publicly visible" and "open to new opportunities". I was pretty sure I had never made those changes, but just in case I was misremembering, I contacted Triplebyte support to find out what was going on. Today I got this response:
"I was able to do some digging on to why this must have happened, It looks like before we did our last update to the platform you did not have the profile visibility set to indefinitely so the profile was turned on. Since then we have made a privacy chance once you set the profile to off there is not reset time frame it will remain off until you turn it on."
(Unlike the user in [4], I never got any kind of notification that this automatic change was being made.)
So despite their explicit promises, Triplebyte did not actually go back and fix the privacy settings for users who had them silently changed by the previous "dark pattern". This is a heads-up to anyone else who has a Triplebyte account and might be affected by the same issue.
[1]: https://news.ycombinator.com/item?id=23279837
[2]: https://news.ycombinator.com/item?id=23280120
[3]: https://news.ycombinator.com/item?id=23303037
[4]: https://news.ycombinator.com/item?id=27255742
We'll have a more complete answer shortly.
EDIT: This does not appear to be a widespread issue. Continuing to investigate.
EDIT2: Full response from Ammon, our CEO, at https://news.ycombinator.com/item?id=31771836
You can get a shareable link to share on e.g. your personal website if you want to, but you have to manually enable it.
Nope. Just to show that I'm not yanking your chain, this is the email I'm referring to: https://imgur.com/2FpAiik
The redacted name and email address are exactly the same as when I contacted you yesterday.
To be clear, I'm not trying to criticize you for not taking action on this message, because for all I know it could have gotten dropped by a mail server along the way. I'm just using it to illustrate the fact that I wasn't even aware that I still had an active Triplebyte account, so I find it implausible that I logged in, set my profile to public, and then completely forgot about it.
> Can you reply here if you haven't been able to do at least one round of back-and-forth with them within the next day or so?
Sure, will do.