[HN Gopher] Tell HN: Triplebyte reverses, emails apology
___________________________________________________________________
Tell HN: Triplebyte reverses, emails apology
This just landed in my inbox. The discussion on hackernews
(https://news.ycombinator.com/item?id=23279837) surely helped
Triplebyte understand that it was a mistake to create public
profiles of their users by default: Email by Triplebyte CEO,
Ammon: --- Hi xxxxx, There's no other way to put this--I screwed
up badly. On Friday evening, I sent an email to you about a new
feature called public Triplebyte profiles. We failed to think
through the effects of this feature on our community, and made the
profiles default public with an option to opt out. Many of you were
rightfully angry. I am truly sorry. As CEO, this is my fault. I
made this decision. Effective immediately, we are canceling this
feature. You came to us with the goal of landing a great software
engineering job. As part of that, you entrusted us with your
personal, sensitive information, including both the fact that you
are job searching as well as the results of your assessments with
us. Launching a profile feature that would automatically make any
of that data public betrayed that trust. Rather than safeguarding
the fact that you are or were job searching, we threatened
exposure. Current employers might retaliate if they saw that you
were job searching. You did not expect that any personal
information you'd given us, in the context of a private, secure job
search, would be used publicly without your explicit consent. I
sincerely apologize. It was my failure. So, what happened? How did
I screw this up? I've been asking myself this question a bunch over
the past 48 hours. I can point to two factors (which by no means
excuse the decision). The first was that the profiles as spec'd
were an evolution of a feature we already had (Triplebyte
Certificates--these are not default public). I failed to see the
significance of "default public" in my head. The second factor was
the speed we were trying to move at to respond to the COVID
recession. We're a hiring company and hiring is in crisis. The
floor has fallen out on parts of our business, and other parts are
under unprecedented growth. We've been in a state of churn as we
quickly try various things to adapt. But I let myself get caught in
this rush and did not look critically enough at the features we
were shipping. Inexcusably, I ignored our users' very real privacy
concerns. This was a breach of trust not only in the decision, but
in my actual thought process. The circumstances don't excuse this.
The privacy violation should have been obvious to me from the
beginning, and the fact that I did not see this coming was a major
failure on my part. Our mission at Triplebyte has always been to
build a background-blind hiring process. I graduated at the height
of the financial crisis as most companies were doing layoffs
(similar to what many recent-grads are experiencing today). My
LinkedIn profile and resume had nothing on them other than the name
of a school few people had heard of. I applied to over 100 jobs the
summer after I graduated, and I remember just never hearing back. I
know that a lot of people are going through the same thing right
now. I finally got my first job at a company that had a coding
challenge rather than a resume screen. They cared about what I
could do, not what was on my resume. This was a foundational
insight for me. It's still the case today, though, that companies
rely primarily on resume screens that don't pick up what most
candidates can actually do--making the hiring problem much worse
than it needs to be. This is the problem we're trying to fix. We
believed that we could do so by building a better Linkedin profile
that was focused on your skills, rather than where you went to
school, where you worked, or who you knew. I still believe there's
a need for something like this. But to release it as a default
public feature was not just a major mistake, it was a betrayal. I'm
ashamed and I'm sorry. Triplebyte can't function without the trust
of the engineering community. Last Friday I lost a big chunk of
that trust. We're now going to try to earn it back. I'm not sure
that's fully possible, but we have to try. What I will do now is
slow down, take a step back, and learn the lessons I need to avoid
repeating this. I understand that cancelling this feature does not
undo the harm. It's only one necessary step. Please let me know any
other concerns or questions that I can answer (replies to this
email go to me). I am sorry to all of you for letting you down.
Sincerely, -Ammon
Author : trianx
Score : 628 points
Date : 2020-05-25 17:34 UTC (5 hours ago)
| thedumpap wrote:
| I sent an email a couple of days ago for them to delete my
| account permanently - because I did not want my info to become
| public. Glad to see it got changed
| trfhuhg wrote:
| Nothing to see here. Ammon has tried a bold move to chase big
| money, used a few common tricks (release on Friday night, opt-out
| and other dark patterns), it didn't pan out and now he's doing
| damage control. When the dust settles, he'll give this idea
| another try.
|
| This is all from a corporate playbook, but it seems Ammon hasn't
| read the entire book. There's a chapter there that tells how to
| systematically manufacture situations where all the blame flows
| downwards while all the rewards flow upwards, so when a bold move
| like this pans out, credit for it would go to the top, and if it
| fails, blame goes to the bottom. Basically, he should've created
| a clueless VP of business relations or something of that sort,
| manufacture the situation where the only way that VP can get a
| fat bonus is by implementing this shady move (the idea should be
| delivered via another channel to have plausible deniability
| later) and watch the action from his armchair. And when it's
| failed, blame that VP for too much eagerness and fire him with a
| golden parachute.
| weixiyen wrote:
| He did the next best thing outside of not releasing the feature
| in the first place. Credit to him, many companies would double
| down or ignore HN (a very small community relative to
| Triplebyte's userbase) completely.
| gkoberger wrote:
| I agree with you, although I think the opposite is true about
| the size. I imagine Triplebyte is a small subset of HN's
| userbase.
| marmaduke wrote:
| > When the dust settles, he'll give this idea another try.
|
| This was my reaction when the word "feature" was still used in
| the apology. If it creates risk or user unhappiness, we call it
| a bug, not a feature. It's like calling mitigations for spectre
| from Intel a "generous rollback of performance features".
|
| > Basically, he should've created a clueless VP of business
| relations or something of that sort
|
| reminded by of the Gervais principle which I learned about from
| this nice article
|
| https://www.ribbonfarm.com/2009/10/07/the-gervais-principle-...
| wolfgang42 wrote:
| The _feature_ is public profiles, and I for one think it's a
| neat idea to make a better alternative to LinkedIn for
| developers. This whole mess was not about the feature, but
| the way it was going to be rolled out at short notice to
| everybody who hadn't explicitly turned it off, which is very
| different. I think Ammon himself put it best:
|
| _> I still believe there 's a need for something like this.
| But to release it as a default public feature was not just a
| major mistake, it was a betrayal._
| ryanwaggoner wrote:
| Wait, so he's following the classic playbook about how to screw
| over your users and get away with it, but he also forgot to
| read and follow the part where he gets away with it?
|
| Isn't it more likely that he just made a mistake, realized it,
| and apologized? You can reject the apology, of course, but it
| doesn't seem like you have any evidence that it's not genuine.
| In fact, the evidence you claim ("classic playbook") you then
| invalidate immediately after ("he clearly forgot half the
| playbook").
|
| If someone makes a mistake, is there just nothing they can do
| to ever convince you it was not pure maliciousness? It seems
| like even an apology is then taken as evidence of ill intent.
| Why would anyone ever reverse course or apologize under your
| view?
| GhostVII wrote:
| I think the reason why this seems more likely to be malice is
| because the CEO's initial reaction to the backlash was not to
| listen to and understand the feedback, but to repeatedly try
| and justify their actions. To go from commenting all over
| hacker news about how you aren't doing anything wrong, to
| sending out an email completely reversing your decision a
| couple days later, makes it seem like the apology was more
| motivated by trying to do damage control rather than
| genuinely thinking their actions were wrong.
| ryanwaggoner wrote:
| I was on the original thread. He made a few comments over
| the course of a couple hours, if that. He wasn't "all over
| Hacker News".
| mthoms wrote:
| You're right that the CEO wasn't "all over Hacker News".
|
| But the parent is indeed correct in implying that the
| comments _he did make_ were anything but receptive or
| conciliatory.
| trfhuhg wrote:
| Often, the driving force of such moves is not the founders,
| but investors: the company accepted a generous investment in
| past and had to sign a contract where the investor may wind
| up the company if the returns are low. In other words, it
| could be that Ammon was given a choice: triple profits by end
| of year or sell his share.
|
| Regarding your question. Mistakes and apologies are words
| from the lexicon of normal emotional people. Companies, on
| the other hand, are soulless profit driven maniacs and their
| lexicon has words justifiable, plausible and profitable. When
| a company gives an apology, it's because it deems this
| combination of words the most efficient way to influence its
| user base and minimize damage (to profits) just done. People
| who run companies usually embrace this mindset if they want
| to get rich.
| solidasparagus wrote:
| > it could be that Ammon was given a choice: triple profits
| by end of year or sell his share
|
| That seems unbelievably unlikely.
| thenaturalist wrote:
| Pardon my ignorance, but what insight or experience leads
| you to this conclusion?
|
| Venture capital is quite the opposite of passive
| investing. I guess everyone on here is well aware
| investors are not doing it for fun but first and foremost
| for protecting and, ideally, multiplying their assets.
| ironmagma wrote:
| Your critique is a weird way of saying "they could have done
| worse."
| gkoberger wrote:
| I don't know Ammon, but I don't think he's chasing "big money".
|
| The best founders I know, when they make mistakes like this,
| aren't doing it for the money. They're doing it because they
| are trying to create the world they want to see exist, and that
| blinds them a bit. In this case, I genuinely believe Triplebyte
| just wanted to have a bigger impact on the hiring world, and
| try to fix it for engineers. Did they fuck up badly? Oh yeah.
| But I don't think it was for "money".
|
| Triplebyte has 33 employees. They don't have VPs getting "fat
| bonuses". They don't have "golden parachutes". Look at their
| about page (https://triplebyte.com/about), it's all engineers
| and designers and CSMs. They're just a group of people doing
| their best to try to fix something we all hate (technical
| interviewing/hiring).
| christiansakai wrote:
| Triplebyte wants to go toe to toe with LinkedIn profiles and
| take the gatekeeper throne from it. Once it has the throne it
| can do anything, forget about fixing the world.
| Non24Throw wrote:
| I think this is an overly cynical take on things.
|
| Consider the fact that if Ammon had fully considered this
| rollout, it would be very obvious to him that this would be the
| response. The legal ramifications would also have been obvious.
|
| I think the only reasonable explanation is that it wasn't fully
| thought through. I think his business being hit hard by the
| pandemic is a reasonable explanation for that. There's no way
| TripleByte isn't hit hard by this. Rushing a major feature out
| is exactly the kind of thing he's supposed to be doing right
| now. It seems he just thought too much on making the business
| and tech side of the feature successful, and didn't give enough
| time to the human and legal side of it.
|
| Personally I thought his email was way more introspective and
| revealing than it even needed to be, and I think he's being
| genuine.
| ganstyles wrote:
| I was one of the most vocal critics in the original thread,
| justifiably. I lost a little sleep over how it could potentially
| affect me at my current job.
|
| I feel bad for the company because I think the original decision
| meant the would lose a lot of trust in the community for what is
| otherwise a great service. Indeed, I had a wonderful experience
| interviewing with startups after having passed the TB interview
| process. However I also feel bad because I feel like it may
| indicate that the company is perhaps doing poorly financially.
|
| However, I will say that I am very happy with this apology. It's
| direct, takes responsibility, and gives clear action on what
| they're going to do. Classic good apology. I am happy with it and
| it goes a long way to earning my trust back. Thanks, Ammon.
| thedumpap wrote:
| I sent an email to them a couple of days ago, requesting my
| account to be permanently deleted since I did not want my
| information to become public. Glad to see it got reversed :)
| jmount wrote:
| This sword was always hanging above the heads of Triplebyte
| users. The mistake was causing the users to look up.
| 29athrowaway wrote:
| I don't think I will sign up for Triblebyte anytime soon.
|
| Having a middle-man in the interview process can result in
| depressed wages.
| colejohnson66 wrote:
| They're not a middle man though. They just let you skip to the
| final interview. Passing or failing that is up to you. Also,
| the only advocating they do is saying: "John/Jane Doe knows
| this much: ..."
| xenihn wrote:
| Have you actually used Triplebyte? You're required to provide
| an expected salary range as part of your listing. And yes,
| you can technically provide an open-ended band (e.g. $0 -
| $999,999) -- can you guess what happens if you do that, and
| why Triplebyte advises not doing this, even though you have
| the option to do so?
| colejohnson66 wrote:
| Yes I have used TripleByte. I haven't gotten any job offers
| (probable due to interviewing in February right before
| COVID-19 went big). So I'm aware of how their system works.
|
| And I stand behind my claim that they're not a middle man.
| A middle man advocates for you, and sometimes even handles
| all the back and forth. A recruiter is a middle man. A
| hiring agency isn't.
| xenihn wrote:
| >A middle man advocates for you
|
| Triplebyte is doing this by making you pass their
| assessment prior to listing you. Your presence on their
| platform is them selling you up.
|
| Even if they do nothing but provide an introduction
| between you and a third party, and have no involvement
| whatsoever after that (aside from taking some sort of
| cut), they are still a middle man, because the connection
| was made through them, and they vetted your skills and
| qualifications.
|
| It's not like LinkedIn, where you can just auth with a
| phone number and then put whatever you want on your
| profile. Triplebyte, as a company, is personally vouching
| for you by allowing you to appear on their platform.
|
| >sometimes even handles all the back and forth
|
| So you're saying some middle men handle all the back and
| forth, but not all. So is this a factor for whether they
| qualify as middle men or not? If so, why not just say
| they all do? If not, why mention it?
|
| Hired.com is very similar to Triplebyte, and I don't see
| how you can argue that they are not a middle man.
| wolfgang42 wrote:
| _> can result in depressed wages._
|
| I'm (genuinely) curious how you think this could happen? When I
| went through Triplebyte they were eager to give me tips for
| negotiating a higher salary, since their commission is based on
| a percentage of the candidate's first year salary.
| tersers wrote:
| Yeah, no. I already deleted my account and I'm not going back. I
| realise the type of candidate they cater towards would find jobs
| at companies I wouldn't really want to work at anyway. I'm
| ashamed that younger me fell for this in the first place.
| dllthomas wrote:
| I'm curious what type of company you're looking for that you'd
| expect to be underrepresented.
| EGreg wrote:
| What is the alternative you will use going forward? Another job
| site?
| milin wrote:
| URL to delete your profile, if anyone is thinking to do the
| same: https://triplebyte.com/privacy-center
| [deleted]
| Mandatum wrote:
| It takes more than one person to design, approve and implement
| this feature. Ammon is trying to take the heat for a decision
| made by multiple people.
|
| Right now, Triplebyte on a resume doesn't tell me anything very
| positive.
|
| Why hasn't Anshuk Gandhi[0], their VP of Growth, or Bryan
| Shieh[1], the Product Manager of Growth, said anything on the
| subject?
|
| People should be held to account. Working for a startup, it's
| easy to figure out who's to blame for these terrible ideas.
|
| [0] https://www.linkedin.com/in/anshukgandhi/
|
| [1] https://www.linkedin.com/in/bryan-shieh-35279948/
| heurist wrote:
| I saw the initial note and didn't think about it much. Figured a
| public profile was fine for me. For what it's worth, I found good
| work through Triplebyte at a time when I really needed it and
| other sources were not panning out. Even if I felt affected I
| would be inclined to give them a pass on this as long as I could
| opt out easily.
| maddyboo wrote:
| First off, I want to say that as a past Triplebyte user who was
| concerned about my privacy after hearing the original news, I
| appreciate your decision to cancel the feature, and I appreciate
| your apology.
|
| In the end, I don't think this was an enormous mistake as there
| was no harm done to your customers.
|
| Still, you can't erase the information you've indirectly put into
| the world about yourself and your company. Your near-actions have
| shed a bit of light on your priorities, and customer privacy was
| apparently not at the forefront of that list. The unfortunate
| truth is that this begs the question of whether other decisions
| have or will be made which similarly disregard customer privacy.
|
| I'm very glad that you realized the err of your ways in this
| instance, and I hope you continue to demonstrate your dedication
| to protecting your users' privacy in the time to come.
| rajacombinator wrote:
| Scummy move, scummy response. If you truly thought this feature
| was something valuable for your users, you wouldn't just cancel
| it entirely, and you wouldn't have dumped it on a Friday night.
| But it's cool, most businesses are scummy. Foolish for us to
| expect otherwise from you.
| marcus_holmes wrote:
| Too late. I deleted my account today.
|
| Though of course it apparently takes 30 days to process an
| account deletion. Why? Do you guys need to recruit a DBA?
| kevsim wrote:
| 30 days is the maximum time allowed under GDPR. Quite typical
| to tell people it might take up to 30 days (though it practice
| I've found it rarely does).
| minimaxir wrote:
| One question that wasn't addressed in the response: if the CEO
| did not realize that implementing the feature would be bad for
| users, then why did the company announce the feature as an email
| footnote at 5PM Friday before a holiday weekend, which is when
| bad news typically drops?
| GordonS wrote:
| And why was the CEO on HN arguing for the feature, implying
| people complaining were the ones with the problem?
|
| I don't buy it, and I'll be steering clear.
| Frost1x wrote:
| I'm all too surprised when people fall into ambiguity holes
| and give the benefit of doubt over these situations presuming
| there's some underlying candid motive or attribute ignorance
| (Hanlon's razor referenced far too often).
|
| A business saw an opportunity to make more money and took it.
| A large portion of consumer interests no longer aligned with
| their interests and we were caught in the crossfire.
| Fortunately, enough people shared the same concern that the
| risk for the business (Triplebtye) was now high enough that
| they had to mitigate fallout.
|
| That's all that happened and all that typically happens.
| Perhaps Triplebyte management didn't see the risk or
| misjudged the backlash and expected only a few users to
| complain. I find it hard to believe this side effect wasn't
| at least a considered risk brought to to table and ultimately
| ignored by management looking purely at growth.
|
| Yes, sometimes a shift in a business's goals cease to align
| with our interests and isn't necessarily meant to be
| malignant move against us directly, but there is certainly no
| concern for us in the process unless it is ultimately
| perceived as more net profitable.
|
| This is why we should be quite careful as to what we allow
| business ownership over/access to and remember that profit
| seeking cost optimizations are only useful to us while
| they're aligned with our interests. Whatever behaviors we
| allow businesses to pursue without enough repercussion to
| care, they will pursue seeking profit: a proverbial "cost of
| doing business."
|
| When a business's profit seeking interests are misaligned
| with ours or run counter opposite to our interests, we're in
| for a fight against a resource heavy entity we're likely
| lose, especially when certain behaviors are allowed to
| normalize across entire industries and accepted by culture in
| large segments.
| ammon wrote:
| My head was still in the place it was when we were developing
| the feature. I thought it was a communication problem (if I
| could only communicate how this feature could help a lot of
| people everyone would understand). Perhaps I'm just slow. But
| it took some time and repetition for the magnitude of my
| error to sink in and me to really hear what people were
| saying.
| rebotfc wrote:
| You do realise that if you have any European users you have
| majorly contravened GDPR regulations and data protection
| rules.
|
| I'm talking 20 million euros in fines
| samel1994 wrote:
| Triplebyte is not for EU users. You're forgetting that
| Triplebyte is an American company, they're not subject to
| European nanny laws.
| washitallaway wrote:
| Any European citizen is covered by GDPR no matter where
| they are located.
| colejohnson66 wrote:
| I'm curious how that'll work in practice. The sovereignty
| of a nation is a big thing. The US isn't going to just
| prosecute TripleByte because Europe said they should.
| Sure, if @ammon visits the EU, he could be arrested, but
| a nation's laws (generally) don't extend past their
| border.
| ryanwaggoner wrote:
| It's a total pipe dream. I don't know what fantasy land
| people are living in where they think the EU is going to
| successfully collect a dollar in fines from some random
| small company elsewhere in the world, no matter how
| messed up their privacy practices are.
| ryanwaggoner wrote:
| First of all, this isn't popular with the EU crowd here,
| but there's no method of enforcement for GDPR for
| American companies without a presence in Europe. Good
| luck trying to collect a fine from some tiny business in
| the US
|
| Second, you really think GDPR is going to be applied to
| some tiny American startup because they said they might
| do something and then didn't?
|
| Third, my understanding is that if you don't target EU
| customers, GDPR doesn't apply. It's not enough that an EU
| customer happens to wander into your store. You have to
| have some accommodation targeting the EU (like translated
| pages, international shipping, different currencies, etc)
| ryanwaggoner wrote:
| Here's the text from the European Commission:
|
| _When the regulation does not apply
|
| Your company is service provider based outside the EU. It
| provides services to customers outside the EU. Its
| clients can use its services when they travel to other
| countries, including within the EU. Provided your company
| doesn't specifically target its services at individuals
| in the EU, it is not subject to the rules of the GDPR._
|
| Source: https://ec.europa.eu/info/law/law-topic/data-
| protection/refo...
| ummonk wrote:
| Eh, likely some of the people who have gone through
| Triplebyte are now in Europe, subjecting its use of their
| data to GDPR law.
| colejohnson66 wrote:
| You do realize that the feature never actually launched,
| so no data was "public" (quotes because it's already
| public to recruiters who use TB).
| tgsovlerkhgsel wrote:
| > I'm talking 20 million euros in fines
|
| Unfortunately, the real fines are nowhere near the
| theoretically possible ones.
|
| This is egregious enough that it could have actually
| resulted in a fine as opposed to a "please don't do
| that", but realistically, I doubt the fine would get near
| 100k.
| wh-uws wrote:
| This is why you don't release on a Friday.
|
| Best case scenario you spend the whole weekend focused on
| whether the release went right...
|
| Worse you spend the whole weekend cleaning a mess up.
|
| Its pretty much always a lose/ lose.
| sverhagen wrote:
| If you can't reliably release on a Friday, your delivery
| process is broken. Should you send customers an
| unsettling policy change, late on a Friday, nah, still a
| hard NO.
| wh-uws wrote:
| I didn't say don't have a release process good enough to
| release be able on Friday (obviously you want this for
| emergencies).
|
| I said don't release on Friday.
|
| No ones release process is perfect and the best time to
| find holes in it is when you are just ready to have the
| week be over so you can happy hour on a Friday.
|
| In this case at least part of the release process that
| was broken was how it was communicated to users. Now they
| have to spend the whole weekend putting out this fire.
|
| Why take the chance in a non emergency situation? Enjoy
| your weekend and do it with a fresh mind Monday morning.
| JoshTriplett wrote:
| If you don't already have one, have you considered having a
| collection of users who you can privately ask about
| potential features (or run email wording by) to figure out
| how it would go over? A user of the product could easily
| have told you, in advance, "some people are looking for a
| job secretly and this would be a problem".
|
| You could also come up with incentives to encourage job
| seekers to opt in; for instance, you could temporarily tag
| such users as "likely to get hired sooner" in reports for
| prospective employers.
| hysan wrote:
| I'm actually surprised that I didn't see this posted in
| the TripleByte Alum Slack for feedback prior to
| announcement or even announced there at all. It was the
| first place I checked after seeing the email/post on HN.
| ammon wrote:
| I really like this idea. I'll talk to my head of product
| about it.
| sockr8s wrote:
| Now I am curious what the conversations so far have been
| about if opt-in was never discussed? Are you looking for
| product managers?
| mosselman wrote:
| > you could temporarily tag such users as "likely to get
| hired sooner"
|
| Lets start lying to the customers on top of this fiasco.
| fma wrote:
| I woulda thought they have enough engineers in the
| company that the engineers would have raised a red
| flag...
| colejohnson66 wrote:
| Studies actually show that subordinates generally do not
| raise concern to their superiors about issues for either
| fear of reprimand or thinking the superior knows more
| than you.
|
| If @ammon had said, "this will be a great feature," the
| devs would keep quiet because they either (1) don't want
| to be fired, or (2) trust he knows better than them.
| skinkestek wrote:
| Good answer. Actually first good answer I remember seeing
| from any of you so far.
|
| I still wonder why you tried the infamous "I'm sorry that
| you cannot understand" line here?
| dllthomas wrote:
| I don't know... it's not a great response from a company,
| but sometimes it's genuinely the case that disagreement
| comes from a lack of understanding. An impulse to try and
| explain more clearly is relatable.
| GordonS wrote:
| > if I could only communicate how this feature could help a
| lot of people everyone would understand
|
| I don't mean to flog a dead horse, but you seem to be
| intent on digging a deeper and deeper hole.
|
| It's not for you or anyone else to make someone's data
| public without their consent, because _you_ think it helps
| them.
|
| > and me to really hear what people were saying
|
| Nobody should need to tell you any of this. If it truely
| did, then you clearly don't care a jot about privacy, and
| simply aren't responsible enough to manage other people's
| data.
|
| A companies ethos and values cascade down from the top, so
| your attitude towards privacy is especially concerning.
| ColinWright wrote:
| I think you've missed the point ... that parenthetical
| comment is what was previously in his mind, he's sharing
| with us why he was, at that time, still pushing and
| defending.
|
| I don't see this in any way as still digging the hole.
|
| As for the rest of your comment, you seem purely to be
| repeating what he says he now knows. Although others
| have, I haven't downvoted you, but it feels like you're
| still being angry about what the situation was, and not
| trying to adapt to what this situation is.
|
| I agree that there are still legitimate causes for
| concern, but it's worth taking time to think about what
| they really are.
| GordonS wrote:
| Yes, I'm repeating what he already claims to know,
| because my point is he should already have known it. I am
| casting doubt on his sincerity, given this feature, his
| arguments on HN the other day, and what he's said now.
|
| I'm not still angry about what the situation _was_ - I
| believe the only reason this feature was rolled back is
| because there was a big backlash. I really believe his
| whole attitude towards other people 's data means he
| isn't responsible enough to store it.
|
| It's exactly irresponsible moves like this that led to
| the GDPR in the first place (something else contravened
| by this feature)
| elliekelly wrote:
| I can certainly understand that when you're excited about
| rolling out a new feature and you encounter some pushback
| your gut reaction might be to "sell" people on it or try
| to explain it better rather than listen. The important
| thing is that he _did_ eventually listen.
|
| I think it's also important to distinguish the idea from
| the execution. A LinkedIn alternative for developers is a
| great idea. The problem was the incredibly short opt-out
| (instead of opt-in) with notice given to users on Friday
| afternoon of a long holiday weekend.
| GordonS wrote:
| I totally understand being excited about a new feature,
| but I don't understand the lax attitude towards privacy,
| especially not nowadays.
|
| I somewhat agree, in that the important thing for _now_
| is that he did eventually relent. But I 'm not convinced
| he actually _listened_ , so much as relented under
| pressure. I don't think those values bode well for the
| company going forward. I certainly hope I'm proved wrong
| on that.
| darksaints wrote:
| The classic "gonna sneak this in here...hope you don't notice"
| time slot.
| ammon wrote:
| The Friday announcement was a result of us pushing to get the
| profile toggle feature out that the email linked to, and
| shipping late. Not something I'm proud of (either from an eng
| management perspective, or, more importantly, from a not
| violating the trust of our users perspective). It was a rushed
| schedule. In hindsight I see that the timing of the Friday
| announcement is ALSO a problem.
| woofie11 wrote:
| Hi Ammon,
|
| 1. There is an opportunity.
|
| 2. You did lose a lot of trust.
|
| 3. You didn't have enough trust in the first place to really
| take advantage of this opportunity.
|
| I would encourage you to think about how you can earn that
| trust. This comes back to transparency and checks-and-
| balances. If you want to go that route, you will need to
| build hard constraints: legal and technological constraints
| which would have prevented this in the first place which you
| can't later remove.
|
| This shouldn't have been down the bad judgement by the CEO. I
| don't know you, but even if I did, the Board can toss you
| ought next month, and the next CEO might have worse
| judgement.
|
| Baseline: Right now, your privacy policy is not bad. However,
| you can change it anytime. You can eliminate it in the case
| of sale. Etc. You're paying a lot in trust right now for
| abstract flexibility down-the-line. I would not give you a
| model of what I know with that privacy policy, and to get to
| your vision, you'd need my data.
|
| Good: Think through how organizations engineer legal
| constraint (GPL, AGPL, CC-BY-SA, etc.) to build community and
| trust. Engage folks like Eben Moglen and Larry Lessig, and
| come up with robust ways where Triplebyte can be trusted to
| manage user data, without needing to trust the Triplebyte
| management team.
|
| Your team has a fiduciary duty to maximize shareholder value.
| Down the line, you might become Google (which has a trillion
| dollars to lose if it breaks trust) or you might become Yahoo
| (which is now mining personal emails in really evil ways,
| since that's the most effective way to scrape out the last
| little bits of profit). I want to know that if you go the
| route of Yahoo, or other companies I trusted with my data
| which went south, you won't be able to weasel out.
|
| You should figure problems like:
|
| * What happens if you do have a problem? If my data leaks,
| will you be liable, or do I bear that cost? If you are, that
| sets up incentives for you to have proper security. Consider
| it a cost of business (you can get insurance too).
|
| * How can I verify what happened to my data, as you send it
| off to partners and "trusted" affiliates?
|
| * How do I know my data was properly de-identified (I don't
| believe this at all, at this point).
|
| If you can build something really robust, it will go a long
| ways to making you into a Google, by ensuring you won't turn
| into a Yahoo. It's a trillion-dollar opportunity.
| jacquesm wrote:
| This is all spot on. Super good comment, with the exception
| of the 'shareholder value maximization', that bit is bull
| and you should stop repeating it.
| ximeng wrote:
| Extract from guidelines:
|
| Please don't comment about the voting on comments. It never
| does any good, and it makes boring reading.
|
| Please don't post comments saying that HN is turning into
| Reddit. It's a semi-noob illusion, as old as the hills.
| woofie11 wrote:
| Removed.
| colejohnson66 wrote:
| > Your team has a fiduciary duty to maximize shareholder
| value
|
| That's actually not true.
|
| Also, your comment comes off as needlessly offensive:
|
| > 3. You didn't have enough trust in the first place to
| really take advantage of this opportunity.
|
| > I would encourage you to think about how you can earn
| that trust
|
| You're attacking him when he's come back, owned up, and
| apologized for the mistake.
| ammon wrote:
| We are thinking about how we can make a stronger (and
| specific) privacy guarantee so it's not just a matter of
| our future intentions. I had a long conversation with my
| co-founder about this yesterday. We did not get anything
| together in time to include it in this email. But we're
| planning to.
| g_p wrote:
| This is good to hear. I have spent a lot of time looking
| at this topic, and for me there's 3 things worth
| exploring.
|
| 1. Versioning of user consent.
|
| A lot of services have been designed around the idea that
| once a user consents to the terms, they consent to any
| alternations you make in the future. This is legally very
| questionable, at least in many countries. Some services
| manage to keep track of the version of the agreement a
| user has approved, but then force agreement with any
| updated version. But in reality there's no need for this
| - users should be able to granularly consent (and
| withdraw consent) to different things, as and when it's
| desired.
|
| In any case given the way this is interpreted in GDPR,
| and the direction of travel in California and other
| states, having granular consent seems to be a sensible
| short term investment to save a lot of pain down the
| line.
|
| 2. Handling data at a sale, acquisition or liquidation.
|
| This one is more tricky, and I believe a Stripe co-
| founder mentioned this recently on HN as something to
| look into. Lots of companies see their database as an
| asset to sell. There's an interesting history of
| companies like RadioShack, ToysRUs, and others going
| through this issue and ending up in court over it...
|
| 3. Aligning your goals with your users.
|
| It might be a bit idealistic, but it always seems to me
| that privacy works best when everyone's interests are
| aligned. I'm not sure how this fits for your situation,
| but it strikes me users wanting visibility get
| visibility, and if they get a job you'll benefit, as do
| they. That seems nicely aligned. And for people who want
| to be incognito, they remain incognito, but they know
| you're there. It's probably counter to lots of the
| "startup playbook", but even these incognito users are
| likely still valuable, maybe even net promoters, just not
| currently looking to be seen. So it seems your goals
| align nicely with users', and there need not be any hyper
| growth "dark patterns".
| woofie11 wrote:
| That would be terrific!
|
| I would encourage you to not go it alone.
|
| 1) There are people who have been thinking about this
| problem long and hard for a long time. Most are pretty
| accessible, and would be excited to see something strong
| here. There's a big pool of knowledge to build on.
|
| 2) You don't need to have something finished or polished
| to start to engage with either those people or with the
| community. You can toss out an early draft and solicit
| feedback if you're on the right track (rather than
| tossing out a fait accompli). You can even just solicit
| ideas.
| camjohnson26 wrote:
| Unfortunately the most vocal people are the only ones you're
| hearing. I got the email and didn't really care. My angel.co
| and LinkedIn are already public, why not Triplebyte too,
| especially if it raises my market value.
|
| Haters gonna hate and I wouldn't take it too seriously.
| hysan wrote:
| Given that he replied elsewhere in the thread that 2000
| accounts went through the deletion process since the
| announcement, there are actual numbers supporting the idea
| that it isn't just a vocal minority. Keep in mind, this is
| deletions, not opt-outs. The deletion process, as mentioned
| many times in the previous thread, takes significant lift
| on the user's part.
| BoysenberryPi wrote:
| Just because people are not being vocal does not mean they
| do not care about the situation. I haven't commented on the
| drama from this situation but I also got the email from
| them and my immediate reaction was "huh, thats kinda
| shitty." and proceeded to hide my profiles. A lot of people
| feel that only people who are displeased voice their
| opinion and people who are satisfied stay quiet but I would
| be wary about that line of thought. While the angriest
| voices are the loudest there are definitely a good number
| of people who aren't happy but don't feel the need to jump
| into every argument
| folli wrote:
| This speaks for an opt-in and not an opt-out.
| redshirtrob wrote:
| Are you sure about this? I didn't comment on the previous
| story. I didn't tweet about this. I didn't email
| TripleByte. I just silently purged my account of meaningful
| data and opted out.
|
| I'm only commenting now to cancel out your anecdote.
|
| (And FWIW, I would have done nothing had it been opt-in. I
| would have been happy to leave my information private and
| strategically take it public when it suited me. The email,
| and Ammon's behavior in the original thread gave me little
| confidence that was an option, so I nuked my data.)
| GordonS wrote:
| > My angel.co and LinkedIn are already public, why not
| Triplebyte too
|
| Because you opted in to creating those profiles and the
| information they contain, and made them public. You _opted
| in_.
| camjohnson26 wrote:
| It was wrong not to make it opt in but not deserving of
| the level of hate they're getting for the decision. The
| big tech companies do things every day that are much more
| damaging to your privacy and they don't send you an email
| telling you. LinkedIn's spam marketing in the early days
| was downright scandalous.
|
| I've always found Triplebyte open and insightful and
| their response shows they're receptive to feedback, which
| is a rare thing these days. People should be respecting
| that instead of crucifying one of the only companies that
| actually listens to them. No company is perfect all the
| time.
| GordonS wrote:
| I think we're going to have to agree to disagree on this
| one then, as I firmly believe they are deserving of the
| negativity.
|
| The CEO's whole attitude towards privacy shows how they
| treat privacy, and no, I'm not going to "respect" that.
| rammy1234 wrote:
| If company is upfront and listens, any feature they will
| release or change will be done considering the privacy
| and security. You give your customer power and not take
| it away from them. You chose what you do about your data
| and no one else can make that decision on behalf of you
| adnanh wrote:
| Just curious, did you have any engineers/product owners
| telling you that you should probably not do this feature,
| especially not push so hard (doing stuff late on Friday that
| can easily wait for Monday, etc...) to get it out?
| travisjungroth wrote:
| The tree of possible causes here looks really bad. Either
| no one spoke up, or someone did. If no one spoke up because
| no one knew this would be a problem, it means the team is
| completely unqualified. If no one spoke up but they did
| know this would be a problem, then it means people are
| afraid to speak out (my money is on this one). If people
| did speak out, then the right people with the right
| concerns aren't getting listened to.
| ponker wrote:
| Yeah, we don't even do any kind of code deploy on Friday
| after 10am. Not even bug fixes unless they are for site
| reliability.
| capableweb wrote:
| It's one thing to do regular code deploys and there is no
| harm in doing it on fridays, if the code happens to be
| ready. If something goes bad, you rollback, which
| hopefully is automatic.
|
| But, pushing features out the door is different than just
| deploying, so seems this is what happened. Then it
| doesn't matter what day you release your unfinished
| feature, it's gonna cause bad times.
| yjlim5 wrote:
| This, I'm very curious to know. Did anybody speak up about
| it? That's what product discussion meetings are for, right?
| WrtCdEvrydy wrote:
| Yeah, those guys got laid off early on the COVID-19 cost
| reductions as being 'troublemakers'.
| cryptonector wrote:
| Your reputation is shot.
| dylz wrote:
| > The Friday announcement was a result of us pushing to get
| the profile toggle feature out that the email linked to
|
| The absolute most important part of the feature was a last-
| minute addition?
| ummonk wrote:
| It sounds like the overall feature was delayed because the
| eng work for the profile toggle landed late.
| ceocoder wrote:
| The West Wing (tv show) even had an episode around it "Take our
| the trash day"[0].
|
| [0] https://www.imdb.com/title/tt0745682/
| lisading wrote:
| I received the email today, then went to check my triplebyte
| profile. On visibility settings, I saw the default public
| visibility is still ON. Probably they are cancelling this feature
| anyway, but still showing showing ON in public visibility seems
| like another messed up!
| ammon wrote:
| PR to pull the visibility toggle from prod is under review.
| Much of the eng team is out for the long weekend, and we may
| not merge until tomorrow. However, the public profiles
| themselves are not in production and we are canceling the
| feature.
| Invictus0 wrote:
| Not a good look from all the pro-privacy folks here to redouble
| your criticism after you got what you wanted. Assuming good faith
| is part of the HN guidelines, so let's give Ammon benefit of the
| doubt here as well.
| trianx wrote:
| I agree - it's as good an apology as it gets. Let's honour this
| and react more positively than had Triplebyte send a non-
| apology apology.
| christiansakai wrote:
| Tangentially related topic, but I never found success with
| Triplebyte, 2 times I tried them. I found that their companies'
| selection is too small compared to competitors.
|
| Also I heard from a company that used them that they are
| expensive.
|
| Not to mention cringy ads on Reddit.
| foota wrote:
| Funny enough, the email announcing this went to my spam filter on
| Gmail.
| conjecTech wrote:
| I've had the good fortune of knowing the TripleByte team
| personally. I'm not at all surprised to see this being handled in
| such a sincere and agreeable way.
|
| Ammon is a sincere and truth-seeking individual. He's willing to
| be convinced that his opinion is wrong, a character trait we
| don't do enough to praise and which I've found to be exceedingly
| rare these days. Situations like this highlight exactly why I've
| trusted them with my data in the past and will continue to
| recommend TripleByte to friends in the future.
| sockr8s wrote:
| Great job PR dept.
| dang wrote:
| That would be ok as a top-level comment (albeit not a very
| substantive one) but it breaks the site guidelines to post it
| to attack another user. Would you mind reviewing
| https://news.ycombinator.com/newsguidelines.html and sticking
| to the rules when commenting here? We'd be grateful.
| dayjah wrote:
| Unfair. I've worked with Ammon IRL at a different co, he's
| one of the most genuine people in the valley. Did PR consult?
| Probably. Is it just spin? Definitely not.
| RcouF1uZ4gsC wrote:
| The apology is very nice, and I am glad that they are not pushing
| ahead with this feature. However, actions are what matter.
|
| One thing that was brought up in the comments was that if you
| wanted to cancel your TripleByte account, you had to email the
| company. This is a dark pattern.
|
| If TripleByte really wants to show they changed they need to
| immediately implement a "Delete my account" button that after
| requiring you to retype in your password for confirmation,
| immediately deletes your account. Immediately. No waiting period.
| No having to email anyone.
|
| Implementing that feature in their next sprint would go a long
| ways toward showing that they are genuinely contrite.
| jacquesm wrote:
| And certainly not having to provide 'government issued ID' to
| the company for the privilege of having your account deleted,
| especially since none was required for account creation.
| ravenide wrote:
| For what it's worth, if they'd just made the feature opt-in, I
| actually think it's a great feature. I'd love a Triplebyte page
| that I can link to instead of a resume (that's what I originally
| imagined when I read the email).
|
| I'm a huge fan of Triplebyte, they got me two great jobs I never
| would've gotten otherwise (I didn't go to college, my resume
| usually gets automatically tossed). Their mission to fix
| credentialism succeeded with me. Hope this setback doesn't deter
| them from building more great things.
| headgasket wrote:
| I just deleted my account. I was unaware that I even had one. I
| clicked on a little puzzle that popped in my FB feed back when I
| was still using.(FB)
|
| This quiz was super easy, and I got pulled into doing an
| interview, just for fun, and a programming test in a language I
| had not used in 5 years. I did not do too well, but I did not
| care, it was for fun!
|
| Well I did not expect that bad score to be recorded and become
| public!
|
| This economy built around private/public information quiproquo
| has to be reigned in. I feel for the founder. But I still think
| there's something going on we need to stop before we get to the
| Stasi.
| zitterbewegung wrote:
| Five years ago I tried out Triplebyte was a HN reader and I tried
| it out. I got to the point where they would contact me but
| instead the rules and criteria changed so that I wasn't eligible.
| I then forgot about the site.
|
| A year or two after I think I tried Triplebyte again but then my
| account was in some weird state. After complaining on an HN
| thread about Triplebyte my account was restored. I didn't take
| the site really seriously at all.
|
| While browsing reddit I used to see constant Triplebyte ads. I
| think I saw them dry up at this point and that seems to conform
| to current economic conditions.
|
| Now fast forward to this year and I deleted my account after this
| public profile idea was announced on a Friday. the whole point
| about having public profiles is probably a way for Triplebyte to
| get seen by more people and get some kind of network effect going
| on since they are in dire straights.
|
| The response that Triplebyte has done is quite admirable in that
| they aren't launching the feature. Launching on a Friday when
| people also think that you are trying to bury the story or people
| won't notice is something to regard.
|
| The thing I don't see anything really different between these new
| startups attempting to disrupt existing staffing companies. My
| current job which I am very happy about I got from a staffing
| agency after going through hundreds of recruiters contacting me.
| vyhd wrote:
| Hopefully this proves to be an illustrative lesson: the best
| apologies are _almost_ as good as not doing something that
| requires an apology at all.
| freshbagels wrote:
| Can anyone explain why they'd be a LinkedIn data partner yet did
| this to compete with LinkedIn?
|
| Go to their site and paste this in your console:
| window._linkedin_data_partner_id
| wilde wrote:
| It might be attribution for any LinkedIn ads they're running?
| lasky wrote:
| "oops we forgot to NOT do the plainly shady wrong thing and make
| your private data public, for our benefit - thank you SO much for
| reminding me. Shady shit will never happen again. I promise. ;)"
| gigatexal wrote:
| In terms of corporate apologies this is amazing. Kudos to them
| and the CEO.
| wbronitsky wrote:
| Wow, this reads as incredibly disingenuous considering the
| glaring dark patterns they were using to try and sell your
| private data and make more money. I cannot reconcile this apology
| with the underhanded tactics the CEO was using to promote this
| now cancelled feature.
| heavyset_go wrote:
| Almost got away with it, too, if it wasn't for those meddling
| kids and their inability to accept that a small violation of
| their privacy would have a big impact on my bottom line.
| MattGaiser wrote:
| Why not just make it opt-in?
|
| Lots of people would have done it right away and others would do
| it as they started to want new opportunities and/or got laid off.
|
| Candidates who didn't opt in probably wouldn't be open to being
| contacted out of the blue anyway in a public manner.
|
| They burned a lot of goodwill for nothing.
| mlazos wrote:
| New features are _almost never_ opt-in. It's way more tempting
| to show a high user number in a status meeting than care about
| user privacy.
| fma wrote:
| I'm not a user, but making the feature opt-in for existing
| users...and opt-out for new users would have seemed the make
| the most common sense.
|
| And this might go against the grain, but if I had to give up a
| bit of privacy and get an edge against a peer for job that I
| need...I'd likely do it. But it seems like a lot of complaints
| were from still employed engineers and having their employers
| find out.
| jamestimmins wrote:
| I suspect that this comes from tunnel vision and not
| interacting with enough casual users. Hypothetically, if the
| feedback they're seeing is that people desperately want jobs
| and will do whatever it takes, they may only be exposed to a
| subset that would have no qualms with making the info public.
| Especially if that subset is already out of work.
|
| I can imagine, in that scenario, not thinking about all the
| devs who signed up over the years and are no longer searching,
| or are searching but doing so quietly.
| hagy wrote:
| Agreed. I could imagine how many of the most active users of
| their platform would be excited for any feature that improved
| their prospect of landing a job. Combined with the team's
| excitement for taking on LinkedIn and expanding their
| company, I could see how they'd fall into this tunnel vision.
|
| Initially I was quite unhappy with how their CEO blindly
| defended the decision on the earlier HN thread, but I gotta
| give him credit for changing his mind and drafting this
| earnest apology. Everyone is human and its easy to get caught
| up in your own bubble, especially when you've been excitedly
| executing on a vision with a team that also lives in that
| bubble.
|
| Still don't think I'll ever use their platform as either a
| member of a hiring team or as a job seeker. But at least this
| followup lessens my negative connotation for Triplebyte that
| developed over the previous few days.
| ammon wrote:
| Yeah... that's a much better idea. I can tell you what was
| going through my head on Friday (I'm not at all trying to
| defend this now). Basically, it was that for a credential to
| carry weight with recruiters, it needs scale. There's a
| bootstrapping problem. But that's not an excuse for violating
| people's privacy. Opt-in would have been a far better idea.
| weaksauce wrote:
| In the future it's worth noting that it's a terrible idea to
| take something away from someone when you promised them
| something else. This is privacy in this case. On others it's
| offering something for free and then charging for it.
|
| Even if you wanted to make this an opt out feature the _only_
| sensible way to go about it is grandfathering in the old
| accounts into an opt in feature. Just like many companies
| grandfather in free customers while they charge new ones.
|
| This is the foundation of trust.
| everybodyknows wrote:
| > take something away
|
| Quite true. T-Mobile is now forever to me the weasels that
| silently broke free Google Visual Voicemail in order to
| force me into their own, judging by the reviews quite
| crappy, paid app.
| ummonk wrote:
| I've been through Triplebyte and am a fan of the mission.
| This was definitely a major screw-up, both for the opt-out
| and email dark patterns (I had skimmed the original email and
| assumed it was opt-in before I saw this thread), and for the
| subsequent doubling down in response to feedback. Glad you
| took some time to reflect and reverse course.
|
| I do think the bootstrapping problem is unfortunate -
| hopefully you can hit critical mass via opt-in.
| ferzul wrote:
| that's the kind of response from a ceo i want to see. normally, i
| would just expect "We did something that was unpopular. please
| buy our other product. also, the word apologize occurs somwhere
| here but it does not carry any of its significance" but this
| ammon person actually explained what he did and why
| ivanfon wrote:
| If anyone is looking to delete their account:
| https://triplebyte.com/privacy-center
| polote wrote:
| People need to be less naive, how many companies in the world
| care more about their users than their business ? none ?
|
| Triplebyte reverting their decision is a business choice, they
| have probably estimated that their brand will be less impacted if
| they excuse themselves than if they continue. Everything is a
| business decision
|
| Is it bad ? I don't think so, this is just business. We give our
| data to companies and they do whatever they want with it, because
| the legal system is not strong enough on that.
| top-flight wrote:
| I didn't get the apology email. I immediately ask they delete my
| account which never got a response either when I got the public
| profile email.
|
| I asked them to delete my account a couple years ago as well and
| they never did then either.
|
| I will never, ever trust this company or use their product. There
| are other options out there just as good and not sketchy.
|
| PS I like how the email went out on a Friday night too, even more
| sketch to try and limit # of people who opt out.
| jrib wrote:
| I haven't received the apology e-mail either. The only action I
| took though was to rummage around the profile preferences to
| find the setting to turn off public profiles.
|
| I wonder if they're sending the e-mails out in waves or if
| they're only sending them to users who still have the feature
| enabled?
| Aardwolf wrote:
| > As CEO, this is my fault. I made this decision. Effective
| immediately, we are canceling this feature.
|
| I'd love to know the dynamics behind such decision
| covid1984 wrote:
| Hold up, a company that secretly recorded interviews without
| consent found other ways to violate user privacy?
| jacquesm wrote:
| Nice apology, that's a lot better than in the original thread.
| Now there remains an awful lot of dark patterns around the whole
| cancellation process, as well as a bunch of others besides. If
| Triplebyte wants to clean this up for real then they should
| starting now be 100% clean and tackle that as well (and have a
| good review on the use of further dark patterns in other parts of
| the site). Otherwise it feels as if the only reason they changed
| course on this one thing is because it got too much attention,
| the real proof will be in how they run the company as whole
| rather than just this 'feature'+ retraction.
|
| +insofar as involuntary sensitive data disclosure can ever be
| labelled a feature.
| alexpetralia wrote:
| This is a very good apology.
|
| Yes, it is possible that this is merely the perfunctory apology
| TripleByte's users were undoubtedly due. It is possible it is
| entirely inauthentic, a mere artifice for damage control from a
| reputationally maimed business.
|
| But it is also possible that, like all people, the CEO seriously
| screwed up. There were some bad premises, some bad motives, some
| bad confirmation bias at play here.
|
| That being said, we ought not to judge people by who they were,
| but who they are capable of being. Is Ammon capable of
| rehabilitating?
|
| I think the HN community should rightly accept this apology with
| great skepticism. They should scrutinize TripleByte's every move.
| They should wonder: has he rehabilitated? It will certainly take
| time.
| woofie11 wrote:
| I'm not sure it matters. TripleByte is asking for super-
| sensitive information. 10 years down the line, Ammon won't be
| CEO anymore.
|
| No matter how much of a jerk Ammon is, I'm willing to trust-
| and-verify, so long as they get the and-verify part right.
|
| No matter how great a guy Ammon is, I'm not willing to trust
| without the and-verify part. He might get fired tomorrow, and
| Steve Ballmer or Carly Fiorina might get brought in. It might
| go under, and get sold to Oath. There's a ton of possibilities.
|
| He sounds honest enough in his apology, and on a personal
| level, I'm all for redemption and rehabilitation. It was also a
| one-time mistake. But I'm not dealing with a person. I'm
| dealing with an organization.
|
| Zero of the organizations who got my data in the nineties are
| the same organizations today.
| EGreg wrote:
| The apology definitely sounds honest, but why are we putting
| all our data in one place and then trusting someone to make
| the "right decisions" regarding it?
|
| I believe society should stop centralizing its data, votes,
| money, etc. in the hands of a few. This decade we can work to
| change that.
|
| _No matter how great a guy Ammon is, I 'm not willing to
| trust without the and-verify part. He might get fired
| tomorrow, and Steve Ballmer or Carly Fiorina might get
| brought in. It might go under, and get sold to Oath. There's
| a ton of possibilities._
|
| Exactly. But when I say this, people often respond to me "no,
| this is the perfect example of a company that should be
| centralized" followed by justifications and downvotes.
| Decentralization is still as uncomfortable as the civil
| rights movement in the 50s, for many people.
| woofie11 wrote:
| I like decentralized in some places, and centralized in
| others. I think decentralized can and should replace
| Facebook, LinkedIn, blogs, and similar.
|
| On the other hand, there are a lot of places where
| centralized, with proper checks-and-balances, allows for a
| larger degree of scientific research and transparency.
| Medical and education come to mind.
| EGreg wrote:
| How about this dichotomy:
|
| 1. Infrastructure should be more decentralized and let
| nameless providers _compete_
|
| 2. Information should be available to everyone and let
| nameless authors _collaborate_
|
| 1 produces a market of prices and competition, while 2
| produces a collaborative edifice of knowledge and well
| architected software.
| jiveturkey wrote:
| > It is possible it is entirely inauthentic, a mere artifice
| for damage control from a reputationally maimed business.
|
| I honestly don't think that matters in the slightest. One of
| two things happened.
|
| 1. deletion requests spiked like you wouldn't believe
|
| 2. the board caught wind of the bad feedback and forced this
| response.
|
| #2 i don't believe for a second. it beggars belief that the
| board is following day-to-day activity and further, at the
| start of a holiday weekend? no. way.
|
| not independently anyway.
|
| #1 must have happened, ammon asked for advice from the board
| and other close allies, who wordsmithed this reply. there is
| 100% no way that this email came from the same hamfisted person
| that deployed this change in this particular way with this
| particular timing.
|
| So why doesn't it matter? Because the action is taken, quickly,
| and the lesson learned. For observers this is also a great
| lesson - in damage control.
|
| The problem as I see it is that this has to get buried,
| quickly. The damage is done. TB was obviously already on the
| ropes, leading to this poor decision in the first place. I've
| never used TB, but what I hear about it is more bad than good.
| Good luck to them.
| greenyoda wrote:
| > 2. the board caught wind of the bad feedback and forced
| this response.
|
| > #2 i don't believe for a second. it beggars belief that the
| board is following day-to-day activity and further, at the
| start of a holiday weekend? no. way.
|
| I don't think it's so implausible. Remember that Triplebyte
| is a YCombinator company (so someone from YC probably sits on
| the board), and the uproar about its actions occurred on HN,
| YCombinator's site. I wouldn't be surprised someone who read
| this on HN was either (1) a partner or employee of
| YCombinator or (2) knew someone at YCombinator and alerted
| them.
| adnanh wrote:
| I'm re-reading the threads, and I can't stop wondering if this
| whole mess could have been avoided by simply posting a "Ask HN:
| As a TripleByte user, would you mind having a default public
| profile..." question here on HN? Anyway, I still believe that
| asking your target audience for an opinion is a better way than
| trying to think instead of them. Steve Jobs might have gotten
| away with that, but we are not Steve Jobs, or Apple for that
| matter... Not trying to say that Steve didn't listen to the
| audience though, I bet he did, but he had some strong opinions on
| how something should be.
| ammon wrote:
| I want to do a bunch more of this in the future.
| adnanh wrote:
| (thumbsup)
| xiphias2 wrote:
| I already changed all my data on my profile (including email), so
| I won't be getting the apology email.
|
| It's not just failure of ,,effects''. I'm an EU citizen and it
| was a clear intent of GDPR violation.
| rebotfc wrote:
| Wow, they had European users? They are fucked.
|
| This is about a serious and willful GDPR contravention as you
| can get. I hope they have good lawyers because they are gonna
| be hauled over the coals by multiple countries' data
| commissioners.
|
| Wow just wow.
| abh123 wrote:
| well no, because they didn't actually release the feature,
| therefore no damage was actually done.
| erik_seaberg wrote:
| If Triplebyte has no representative or assets in an EU
| jurisdiction, what could they do?
| samel1994 wrote:
| Triplebyte is not for EU citizens anyway. So nobody really
| cares. Goodbye.
| nabilhat wrote:
| This is an excellent example of effective apology!
|
| 1. Accept responsibility
|
| 2. Acknowledge the harm done
|
| 3. Describe your understanding of how the mistake was made
|
| 4. Describe your understanding of the wronged party's
| expectations and their significance
|
| 5. Close with an unreserved expression of sincere regret
|
| 6. Listen
|
| One person can't accept full responsibility, however. Effective
| leadership requires accountability, and the only way Triplebyte
| is going to recover their user's trust is to overhaul that
| accountability in the open. I suspect the company's future will
| depend on whether the members of leadership and ownership who
| certainly put pressure behind this response can adopt the message
| and back it up with structural commitment and transparency.
| rsweeney21 wrote:
| I honestly believe that the public profile fiasco was caused by
| pressure from his investors/board.
|
| VC money makes you do stupid things. Your next round of funding
| is your number one priority, customers are second. I've been
| there (raised $17M for my last startup).
|
| I run a company[1] that is a competitor to Triplebyte. Yes,
| hiring has slowed, and we will miss all our sales targets this
| year by miles, but we will be just fine because we are
| bootstrapped and profitable. So we'll only double our revenue
| instead of triple. For a VC backed startup that could kill you.
| But we'll just hire a bit slower and have a huge party at the end
| of the year.
|
| When you are venture backed, you watch your bank account balance
| decrease every week. Having a "burn rate" is awful. It messes
| with you.
|
| With a bootstrapped company you watch your bank account balance
| _increase_ every week. It 's a great feeling.
|
| So many venture backed startups are being really hurt by the
| current environment. I really hope that it makes more people
| reconsider raising money.
|
| 1: www.facetdev.com
| swang wrote:
| i tried out triplebyte when they were first coming out and i had
| a negative experience with them. okay fine whatever. on to the
| next.
|
| then all this hubbub came out. i was annoyed because i had
| ignored the email like most people until they saw the hackernews
| post. so i went to their site, spent way too long finding the
| opt-out flag and was about to close the window when i saw that my
| "profile" that i never agreed to said i had zero years of
| programming experience.
|
| i'm actually very upset about this. a company who most people
| think is "legitimate" is telling potential companies who are
| looking me up that i have zero experience. they could have cost
| me a job in the future all because i didn't agree to play their
| game and fill out their profile.
|
| so no thanks. i've already been put down twice by them.. no real
| need for a third time now is there?
| TheSpiceIsLife wrote:
| This is why we need strong data protection legislation, and a
| regulator with teeth.
|
| No service should be allowed to unilaterally decide what happens
| to our data, and gross changes to service agreements need to be
| vetted.
| trianx wrote:
| ... (continuation of Triplebyte email)
|
| Rather than safeguarding the fact that you are or were job
| searching, we threatened exposure. Current employers might
| retaliate if they saw that you were job searching. You did not
| expect that any personal information you'd given us, in the
| context of a private, secure job search, would be used publicly
| without your explicit consent. I sincerely apologize. It was my
| failure.
|
| So, what happened? How did I screw this up? I've been asking
| myself this question a bunch over the past 48 hours. I can point
| to two factors (which by no means excuse the decision). The first
| was that the profiles as spec'd were an evolution of a feature we
| already had (Triplebyte Certificates--these are not default
| public). I failed to see the significance of "default public" in
| my head. The second factor was the speed we were trying to move
| at to respond to the COVID recession. We're a hiring company and
| hiring is in crisis. The floor has fallen out on parts of our
| business, and other parts are under unprecedented growth. We've
| been in a state of churn as we quickly try various things to
| adapt. But I let myself get caught in this rush and did not look
| critically enough at the features we were shipping. Inexcusably,
| I ignored our users' very real privacy concerns. This was a
| breach of trust not only in the decision, but in my actual
| thought process. The circumstances don't excuse this. The privacy
| violation should have been obvious to me from the beginning, and
| the fact that I did not see this coming was a major failure on my
| part.
|
| Our mission at Triplebyte has always been to build a background-
| blind hiring process. I graduated at the height of the financial
| crisis as most companies were doing layoffs (similar to what many
| recent-grads are experiencing today). My LinkedIn profile and
| resume had nothing on them other than the name of a school few
| people had heard of. I applied to over 100 jobs the summer after
| I graduated, and I remember just never hearing back. I know that
| a lot of people are going through the same thing right now. I
| finally got my first job at a company that had a coding challenge
| rather than a resume screen. They cared about what I could do,
| not what was on my resume. This was a foundational insight for
| me. It's still the case today, though, that companies rely
| primarily on resume screens that don't pick up what most
| candidates can actually do--making the hiring problem much worse
| than it needs to be. This is the problem we're trying to fix.
|
| We believed that we could do so by building a better Linkedin
| profile that was focused on your skills, rather than where you
| went to school, where you worked, or who you knew. I still
| believe there's a need for something like this. But to release it
| as a default public feature was not just a major mistake, it was
| a betrayal. I'm ashamed and I'm sorry.
|
| Triplebyte can't function without the trust of the engineering
| community. Last Friday I lost a big chunk of that trust. We're
| now going to try to earn it back. I'm not sure that's fully
| possible, but we have to try. What I will do now is slow down,
| take a step back, and learn the lessons I need to avoid repeating
| this.
|
| I understand that cancelling this feature does not undo the harm.
| It's only one necessary step. Please let me know any other
| concerns or questions that I can answer (replies to this email go
| to me). I am sorry to all of you for letting you down.
|
| Sincerely,
|
| -Ammon
| dang wrote:
| I'm going to inline this text into the top post so that
| everyone can read it. (Edit: that's done, and I deleted
| "continued in comments" - normally I'd ask for permission
| first, but in this case it seemed better not to wait.)
|
| You probably split the post up this way because the software
| told you the text was too long. Tip for the future: you can get
| around that by clicking 'edit' and adding the rest later. Don't
| tell anybody :)
| trianx wrote:
| correct, and thanks, i'll keep it for myself :)
| wolfgang42 wrote:
| Would you mind also doing that thing where the comment is
| collapsed by default? I spent way too long trying to figure
| out what was different about this text compared to the email
| or the top post before I skipped down and saw your
| explanaion.
| dang wrote:
| Ok, done.
| wolfgang42 wrote:
| Thanks!
| ceocoder wrote:
| Thanks for the tip! I won't tell anyone either :)
| Throwaway42123 wrote:
| What a crock of $#(& the backtrack is.
|
| The answer is they are so incompetent they did not realize that
| publicly exposing job seekers could threaten their employment...
| an company who's soul vertical is to deal with employment... Is
| triple-byte that incompetent I honestly doubt it.
|
| No what happened was what all companies that get to greedy do,
| try to expand to fast and do dirty tricks like email a marketing
| email on a Friday before a holiday weekend in hope most people
| wont notice it to get a good "kick off" for your profiles. Got to
| have big numbers for the board/VC's right? At the cost of those
| who trusted you with their data and private job search.
|
| No the only incompetence here was they did not account for HN and
| other engineering communities spreading the word and need to
| backtrack to not have it hurt their core business. Anyone would
| be a fool to trust Triplebyte again.
| momokoko wrote:
| I'd be very curious how many account deletion requests happened.
|
| This is interesting in that it's the new GDPR / CPPA era where
| users were legally protected to request the complete deletion of
| their data. Something that Triplebyte would have had no
| obligation to do in the past. Are we seeing a change in that
| violating user privacy can have a meaningful negative impact on a
| company?
|
| Interesting developments
| ammon wrote:
| We've seen about 2k account deletions since Friday.
| pinewurst wrote:
| I'm proud to have been one of them.
| milin wrote:
| Url to delete your profile, if unfortunately you have one.
|
| https://triplebyte.com/privacy-center
| kemonocode wrote:
| All they needed to do was to make the feature opt-in. That's it.
| Encourage it all you want, advertise all of its supposed
| benefits, but just make it opt-in.
|
| Still, probably too little, too late for most people (myself
| included) who just saw their trust permanently breached by a
| brash move and get told by a CEO that you'll love it, honest! All
| you just need is to understand it! If you don't like it then it's
| your fault because you don't understand! And this doesn't even
| begin to address all the dark patterns they've caked in their UX.
| thaumaturgy wrote:
| I haven't received the email yet. Are they canceling the feature
| altogether, or just making it opt-in by default?
|
| I liked the idea of the feature quite a lot. I'd love to be able
| to publish select Triplebyte info. It just needs to be something
| I can choose to do, rather than chosen for me.
| blockchainman wrote:
| So is triple byte safe to use after this ? Or should I just use
| another service?
| phreack wrote:
| One of the first things they could do is stop with the dark
| patterns. The original thread had many people mentioning that
| deleting an account was a ridiculous process, with a 30-day delay
| once you managed to start it.
| wbronitsky wrote:
| I wholeheartedly agree. I can not reconcile this apology with
| the blatant use of dark patterns they employed when trying to
| roll out this product.
| rantwasp wrote:
| to be fair it is "up to" 30 days. mine went through in a day.
| YMMV
| imheretolearn wrote:
| To be precise this the email they send you when you request
| them to delete your account.
|
| "We're processing your request and should be done within 30
| days.
|
| We will verify your request using the information associated
| with your account. Government identification may be required
| and we may ask you for more information in order to verify your
| identify.
|
| Any questions? Email us at privacy@triplebyte.com"
|
| They didn't need "government identification" when I signed up
| for it. Never going back to this site again.
| ammon wrote:
| Yikes! Was this today? We pushed a fix for this yesterday,
| but if it's not fixed I need to look into it.
| EGreg wrote:
| @ammon, I don't know you, but definitely want to give you a
| hug about damage control.
|
| You built a company that's obviously valuable and lots of
| people rely on. Now you have a lot of responsibility.
| You're going through the "trough of sorrow" with respect to
| a new feature.
|
| This is what inevitably happens when lots of people come to
| rely on you. The one thing I'd like to say, which may
| sounds strange at first, is think about why you really need
| each piece of data.
|
| https://www.theguardian.com/technology/2019/jan/20/shoshana
| -...
|
| There is now a growing movement including GDPR and
| California's privacy laws. You can see how duckduckgo is
| able to make money by advertising around keywords rather
| than personal data, etc.
|
| You can help lead this movement, by allowing job candidates
| to have most of the data encrypted, and only reveal it to
| companies on a need-to-know basis. Push the point where
| they reveal it further back, and you'll have less friction
| for new signups. Every time people are asked for data,
| they'll already have a good reason: someone wants it. To be
| clear, that includes the candidate's Name, Age, Gender, and
| other private info.
| milin wrote:
| Yes. Can confirm this is the case as of 5 mins ago.
| ammon wrote:
| OK, I just spoke to my co-founder. The functionally was
| changed yesterday, but the copy was not updated on the
| confirmation email. The copy will be updated in a few
| minutes.
| dentemple wrote:
| Thank you for being on top of this.
| ammon wrote:
| This is bad. Calling our eng team now. We'll have a fix
| out ASAP.
| GordonS wrote:
| How did this happen in the first place?
| ammon wrote:
| Yeah... we made this better yesterday (removed the delay and
| the request for ID). It was totally a dark pattern. We built
| the initial deletion process right after GDPR passed. We were
| thinking about it mostly from a legal perspective then, and had
| not reviewed it since.
| phreack wrote:
| Thanks for recognizing it. I think it'd be encouraging to see
| a post mortem detailing the positive changes that came out of
| this whole ordeal, the sort of user hostile behaviors that
| you (as a company) recognized from this self reflection,
| their origins and corrections.
| sah2ed wrote:
| > _Yeah... we made this better yesterday (removed the delay
| and the request for ID). It was totally a dark pattern. We
| built the initial deletion process right after GDPR passed.
| We were thinking about it mostly from a legal perspective
| then, and had not reviewed it since._
|
| Appreciate the honesty here by admitting that account
| deletion relies on dark patterns, but it brings up two
| salient questions regarding how you approach product
| development.
|
| 1. Internally, do you at least have the equivalent of a
| "directly responsible individual" (DRI) for the product? It
| seems no one spoke up in the interests of users against
| legal's overzealous decision to tack on lots of friction to
| the account deletion process?
|
| 2. It seems you could have also garnered some push back on
| the feature from your alumni Slack [0] but didn't, perhaps
| due to the rush to ship quickly?
|
| In addition to the changes you've pledged as part of
| rebuilding user trust, hopefully, you & your team will
| reassess your product development practices to add these
| checks so that such mistakes are not repeated in future.
|
| [0] @hysan mentions that TB maintains an alumni Slack
| upthread: https://news.ycombinator.com/item?id=23304199
| GordonS wrote:
| But this makes no sense. Why would you legally need someone's
| ID to delete their account, but not to create it?
| aaanotherhnfolk wrote:
| GDPR devalued PII-stores, and companies tried really hard
| to only let the value drop on the European portion of their
| data. Requiring ID is a way to discourage and even deny
| deletion requests in other countries.
|
| These constraints are walked back almost immediately in
| practice, once companies learn that requiring a human touch
| for a deletion flow is not worth the hassle.
|
| I think "legal" here meant what's the bare minimum to
| respect the letter of GDPR law, while not actually
| implementing a useful delete flow.
| [deleted]
| grensley wrote:
| Good on them to admit they were wrong and changing course. I wish
| there was less "oh, but they only did it because of the outrage"
| and "oh, they'll just sneak it back in later".
|
| They messed up, they sought to rectify it. Good job.
| colejohnson66 wrote:
| I'm sure it wasn't helped by the CEO coming in and defending
| the decision. But he's taken the blame and apologized himself,
| and he's here talking about what went wrong and what he was
| thinking. It's not gonna convince everyone, but to me, that's
| an apology.
| atemerev wrote:
| Now, this is a good apology, compared to some other pieces of the
| genre I have seen in my life. Looks believable.
| sepisoad wrote:
| it's ok, they are admitting the mess they made and it is ok
| rplnt wrote:
| I have no idea what this is, but I'm a huge fan. The reign of
| Linkedin as de-facto standard has to end. It's unacceptable
| recruiters expect me to have a profile on some proprietary
| website. Luckily not everyone is a moron and it's not a blocker
| in getting a job, but I still hate people asking me about it.
| hitekker wrote:
| IIRC, TripleBye had a vision to be the recruiting division of all
| tech giants. Big-name companies would centralize their most
| important recurring, expensive, risky process into a third party
| to save some money and time. Even when that third party just so
| happened to be working for all of their direct competitors.
|
| At the time, I thought that vision was a mirage; a recruiting
| agency grasping for VC dollars.
|
| Now, it looks they're trying to find a new vision.
| runawaybottle wrote:
| Well those companies exist right? Accenture, Cognizant, EPAM,
| etc.
|
| If anything, I'd say Triplebyte hopes to be what those
| consulting companies are but to startups.
|
| Now, if it turns out startups just have crappy budgets, then
| you have to lower the barrier to entry into the platform to
| accommodate those budgets.
|
| Similarly, if you indoctrinate enough of new grads/bootcampers
| to feel like they need the Triplebyte cert (feeling left out
| that everyone is in Triplebyte and you're not? Welcome to the
| psychological game, behold the public profile and badges), you
| can then also indoctrinate startups into thinking that's the
| standard that they need to be looking for too.
|
| Anyway, devs with enough experience should be out of this game
| mostly, this will affect the entry level tier of developers
| going forward. You might be stuck in the damn Triplebyte loop.
| alasdair_ wrote:
| THIS is how you write an apology letter.
|
| Kudos to @ammon
|
| I deleted my Triplebyte account over this issue. While I'm still
| somewhat wary, I would now consider using Triplebyte again after
| this apology. Thanks for posting it!
| lmeyerov wrote:
| Good lesson for other founders here. Early on nobody knows you,
| but as soon as they do, you'll need to have chosen if you're on
| the trust-and-brand-building marathon or not. By default, if you
| do nothing, you're building up to an explosion like this that can
| take years to recover from.
|
| How did the CEO, the board, the sales team, the marketing team,
| customer support team, and the engineering team all fail to
| notice and act on a gross privacy breach? How will that change?
|
| It's good the CEO is starting to take responsibility, but an
| apology letter is roughly, apology, acknowledgement, explanation,
| and plan to fix / prevent repeat. I see a lot of "I...", but no
| post-mortem on how the internal culture they've built encouraged
| breach of trust & privacy in favor of growth numbers, and if/how
| that'll change top-to-bottom. For now, it remains, "I'm sorry you
| caught me and made me feel like the bad person I don't think of
| myself as." Once you think of systems and culture, and start
| tracing through the dark patterns around the launch and the scope
| of the initiative, things get uncomfortable. Hiring, on-boarding,
| feature planning, feature reviews, personal responsibility,
| feature ownership, management prioritization, trust & safety
| oversight... .
| wolfgang42 wrote:
| Ammon says a postmortem is in the works:
| https://news.ycombinator.com/item?id=23304127
| lmeyerov wrote:
| Yes, I was responding to the apology. This should have been
| part of it, and is part of the lesson to founders. If you are
| in position of responsibility, mistakes are inevitable, and
| so is having to correctly apologize. (I learned the hard
| way.)
|
| This incident is about a self-inflicted customer data breach,
| which the surprise by the CEO suggests is a full-company
| culture & governance issue. That's harder to be reactive
| about. Even when things are going well, customer
| responsibility & data protection should be a constant and
| non-obvious struggle as soon as anything like marketing,
| sales, engineering, hiring, delegation, etc. gets
| interesting. (And again, if it isn't, that's also a
| decision.)
| minimaxir wrote:
| > I failed to see the significance of "default public" in my
| head.
|
| Hmm? This just raises more questions about Triplebyte's product
| development process than answers, especially since privacy is a
| _core product feature_.
| dylan604 wrote:
| Going to show my age here, but I find that younger generations
| are much less concerned about privacy in the sake of self-
| promotion via social media. By definition, keeping user's data
| private when developing a sharing platform is prohibitive of
| gaining traction. Gathering users data for a non-sharing site,
| and then pivoting to a sharing platform without user's consent
| to use the existing data is absolutely 100% without a doubt
| wrong (should be criminal).
| GordonS wrote:
| Completely agree - it demonstrates quite succinctly how
| seriously they take privacy. Doubly do when the CEO was on HN
| the other day arguing with those complaining about it!
| SV_BubbleTime wrote:
| Exactly what I was thinking. Either they're just not ready for
| this Brave New World, or they did think about the issues and
| did it anyway.
|
| I'm just tickled pink that privacy is becoming a feature people
| care about.
| trianx wrote:
| I am still trying, and achieving, to give them the benefit of
| the doubt. They understood and took it back.
|
| But I am scratching my head how they could honestly miss the
| importance of what they were planning to do.. I guess a
| combination of stress, pressure and usual disregard of privacy
| by big players clouded their judgement.
| runawaybottle wrote:
| They didn't miss anything, they just weren't able to get away
| with it.
| xeromal wrote:
| They could get away with but just charging forward despite
| the backlash.
|
| To me, that puts them at least in the middle
|
| Malicious
|
| Meh<---
|
| Respectful
| runawaybottle wrote:
| Amoral if I had to suggest a word, but business and
| amoral is basically redundant.
| eitland wrote:
| I read their answers in the discussion here and it felt a lot
| like:
|
| _I 'm sorry that you..._
|
| That might have been another bad day at work but whatever it
| was it really doesn't inspire confidence
| weaksauce wrote:
| Yeah it's hard to reconcile that discussion and this
| apology. That is unless they were hemorrhaging users after
| that email hit and reversed course because of that. I like
| the idea of triplebyte but I'm a bit hesitant now. Perhaps
| this is the blindness that people in privileged positions
| in life can't see... similar to the real name policy on
| google that caused a problem for the people that didn't
| want their identities tied to it. Gay people that weren't
| out of the closet yet or gay people in countries with laws
| against that or people escaping abusive exes/stalkers etc.
|
| Hopefully this reflection is sincere.
| skinkestek wrote:
| > Perhaps this is the blindness that people in privileged
| positions in life can't see...
|
| Yep, and that privilege may take many forms.
|
| - Secure, well paid job.
|
| - Friends in high places.
|
| - Correct opinions for your area.
|
| etc
| sngz wrote:
| great apology, but doesn't justify the incompetence and initial
| justifications.
|
| You're telling me that no one on your team has brought up the
| issue throughout the whole process? That leaves three
| possibilities.
|
| 1. someone brought it up but you ignored it and pushed through
| anyways 2. Nobody brought it up due to incompetence 3. Both
| happened just 2 happened late in the process.
|
| Why would anyone trust their data with leadership that
| incompetent?
| EGreg wrote:
| Oh boy. Where do I begin?
|
| _Rather than safeguarding the fact that you are or were job
| searching, we threatened exposure. Current employers might
| retaliate if they saw that you were job searching. You did not
| expect that any personal information you'd given us, in the
| context of a private, secure job search, would be used publicly
| without your explicit consent. I sincerely apologize. It was my
| failure._
|
| How about we stop giving our data to third parties just so we can
| use their software.
|
| "The Cloud" is a corporate euphemism for "extreme centralization
| of data in our servers".
|
| And "Software as a Service" is even worse, because it basically
| says you are RENTING the software, and trusting them to do "the
| right thing", including and especially with your data.
|
| This is insane. It's 2020. Why are we doing this? One reason: we
| don't have a good open source alternative that can be hosted on
| many different places. Such an alternative should actually be
| end-to-end encrypted, and the hosting should be just redundant
| dumb boxes earning cryptocurrency for storing something.
|
| _So, what happened? How did I screw this up? I've been asking
| myself this question a bunch over the past 48 hours._
|
| What happened was the same thing that happened 17 years ago when
| Mark Z laughed about the "dumb f$cks* who "trusted him" with
| their passwords. To quote the excellent V for Vendetta speech:
|
| _How did this happen? Who 's to blame? Well certainly there are
| those more responsible than others, and they will be held
| accountable, but again truth be told, if you're looking for the
| guilty, you need only look into a mirror. I know why you did it.
| I know you were afraid. Who wouldn't be? War, terror, disease.
| There were a myriad of problems which conspired to corrupt your
| reason and rob you of your common sense. Fear got the best of
| you, and in your panic you turned to the now high chancellor,
| Adam Sutler. He promised you order, he promised you peace, and
| all he demanded in return was your silent, obedient consent._
|
| Look, I'm biased. I have put my money where my mouth is and am
| building this reality (https://qbix.com/platform and
| https://intercoin.org). I have historically been downvoted for
| even mentioning that I am doing tangible things to solve this and
| give away the software. But I persist in doing so because it's
| better to actually _build the alternative_ than talk about it
| endlessly. The Impossible Burger will do more for veganism than
| decades of talk ever could.
|
| If you want to join this effort, email greg at the domain
| qbix.com . But whether you choose to support Mastodon, Matrix,
| IPFS, Dat, MaidSAFE or whatever, realize that we need to move
| towards a future where infrastructure is decoupled from power
| over your data. Your data should be encrypted and only enough
| shared for indexing. It should be provable with verified claims
| and zero-knowledge proofs, but only with your consent.
| gbear605 wrote:
| TripleByte is literally the perfect example of a company that
| should be centralized. They work because they have a reputation
| that companies can trust. Trying to make it decentralized takes
| away any value that TripleByte provides.
| sfgweilr4f wrote:
| Not trusted so much now.
| EGreg wrote:
| That's exactly right, it does take away that value from
| TripleByte and gives it to everybody. The value that
| TripleByte provides is because of the current state of
| technology.
|
| Take for example the telephone industry. We had telephone
| switchboard operators, and it cost $1-3 a MINUTE to make
| overseas calls. You could make the same argument: _" AT&T is
| the perfect example of a company that should be centralized.
| They have a reputation for connecting your calls reliably,
| and you trust them to not broadcast your calls to others._
| But, of course, in the last 20 years the Internet has
| introduced Voice over IP and now ANY company can provide
| faceless, nameless infrastructure and get paid, while your
| calls go end-to-end encrypted via the wire.
|
| Are we all better off? Yes! Having decoupled infrastructure
| from power over your data (calls), we have dropped the cost
| to zero. We went from monopolies and cartels and feudalism to
| "dumb pipes". We have videoconferencing right now, something
| unimaginable 20 years ago not just because of bandwidth but
| because there were "perfect examples of companies that should
| be centralized" and "reputations that we can trust". There is
| far more at stake.
|
| In the past, we had human calculators, printers, mailmen,
| etc. They provided a lot of value. Lots of industries did.
| Today we don't. Don't blame TripleByte. Blame the lack of
| good permissionless, encrypted alternatives.
| zebnyc wrote:
| Given that interviewing is a skill unto itself which needs to
| be practiced, what happens to candidates who need to take a
| few interviews before they start hitting their stride. For
| me, I can see that using Triplebyte once the candidate is
| "warmed up" makes sense.
|
| If TripleByte was the only game in town then a new candidate
| would fail their test and then it is game over. No more job
| search.
| wolfgang42 wrote:
| I agree with your concerns about a monopoly, but just
| wanted to respond to your point about needing to "warm up":
| Triplebyte gives you a free practice interview that doesn't
| count (unless you ace it), and also lets you retry in a few
| months if you fail the actual interview.
| alexpetralia wrote:
| "Never let a good crisis go to waste"?
| EGreg wrote:
| Please explain the meaning behind your words explicitly.
|
| I am enjoying my -3 downvotes at the moment, waiting for my
| post to be flagged for daring to speak to the root of the
| issue.
|
| The root of the issue is not TripleByte. Don't blame
| TripleByte. Blame the lack of open source, end-to-end
| encrypted alternatives. Why is saying this such a scandal?
| sockr8s wrote:
| Why are you under such tremendous pressure? It is this a
| desperate move of a company finally going out of business or a
| result of an extreme pressure from the vc side?
|
| Who has accessed the data already? Not only directly but
| indirectly as well? Have you received any compensation or settled
| any transactions by exposing the data?
| colejohnson66 wrote:
| They didn't expose any data. The feature wasn't live yet.
| sockr8s wrote:
| "The new profiles will be launching publicly in 1 week" It
| means a preview was already available in a limited way.
| colejohnson66 wrote:
| No it doesn't. It means they finished a feature and were
| making it live in a week. Nowhere in that statement implies
| that there's a limited beta.
| sockr8s wrote:
| Nowhere it implies there isn't.
| colejohnson66 wrote:
| You're moving the goal posts and asking me to prove a
| negative. Absent any evidence that there was a limited
| beta, we can't assume there was one.
| ammon wrote:
| We're under a lot of pressure because of the COVID crisis. We
| did have layoffs, but we're not in immediate danger of going
| out of business. The pubic profiles were set to go live next
| week, but this is now not happening. No data has been accessed
| externally.
| rammy1234 wrote:
| An action will not be upright unless the intention behind it is
| upright, for the action depends on it." Seneca
| sys_64738 wrote:
| Did this company decide to do this blindly or did they try
| canvasing a response from a target set of users about what they
| planned to do? Surely if they did canvas feedback for their plan
| then an overwhelming No would have prevented this unmitigated
| disaster.
| ammon wrote:
| We did user research, but not about the opt-out release, just
| about the features of the profile. This was part of the major
| screw-up.
| vikramkr wrote:
| Any chance of a post-mortem write up on how exactly things
| went wrong? Including some discussion on how data's going to
| be protected moving forward? Now that everyone knows this is
| a type of privacy violation that could occur, it's going to
| stay back of mind (a "why should we trust you with this sort
| of data now?" sort of deal). Potentially losing a job or
| having career plans stunted because a website added a new
| feature is a lot of power to trust a website with.
| ammon wrote:
| We're working on a post-mortem internally right now. The
| thing I want to do externally is make a more clear/binding
| commitment to user privacy. The idea is still a bit
| inchoate, but I want to do something that makes this not
| just about trusting us.
| lasky wrote:
| "I want to do something that makes this not just about
| trusting us.".
|
| Is that because deep down inside you know the public
| would be foolish to trust your company in its current
| form?
| lianmunoz wrote:
| This sounds like the best response they could have given under
| the circumstances, and it's not like they can undo the
| announcement or the initial response. I deleted my account, and
| I'd be hesitant to have anything to do with them in the future,
| but I'm open to having my mind changed if the company winds up
| placing a higher value on business ethics as a result of this
| whole thing.
| aditya_1723 wrote:
| it seems like heartfelt apology
| [deleted]
| weareconvo wrote:
| Now apologize for spamming my inbox without an unsubscribe link.
| [deleted]
| gcheong wrote:
| I'm curious to know from anyone who has hired through triplebyte
| - has the quality of candidates been consistently better in terms
| of success at the company post-hire than it has through your
| previous recruiting efforts? Also, for a candidate that comes to
| you through triplebyte do you consider them vetted and are just
| interviewing for cultural fit at that point or do you still put
| them through your own hiring process?
| rolph wrote:
| please dont call this sort of thing a feature
| hysan wrote:
| I'm for a competitor to LinkedIn, but I never got an answer to
| what the play was after opening up profiles. I support
| TripleByte's mission, yet I don't believe that you have critical
| mass in both job seekers nor in sway to convince
| companies/recruiters to change their process.
|
| What was/is TripleByte's plan to _" push the industry to look
| beyond traditional credentials"_? [1]
|
| [1] https://news.ycombinator.com/item?id=23280341
| JoeCortopassi wrote:
| One of two things happened:
|
| 1. Triplebyte attempted a big move against LinkedIn, tried to
| ease the blow to users by dumping on a Friday before memorial day
| weekend
|
| 2. Triplebyte, the company built around helping people find jobs,
| truthfully didn't understand that people might have concerns
| about their current companies knowing they are job-hunting
|
| It's pretty obvious it's #1, and that opt-out rather than opt-in
| was the only way it would gain the critical mass needed. The
| outcry hit critical mass and now they need to walk it back, until
| they have a different strategy for re-segmenting LinkedIn's
| market
| ammon wrote:
| I'd say it was both. I wanted to move against LinkedIn
| profiles, I thought that opt-out was the way to get critical
| mass, and I screwed up and did not realize how large a privacy
| violation this was.
| fnbr wrote:
| Good on you for doing this- I think the apology is great and
| shows TripleByte listens to feedback. I also think that
| taking on LinkedIn could be amazing for the broader
| ecosystem- LinkedIn is terrible, and anything competing
| against them would be awesome, so I wish you luck.
| ethanbond wrote:
| How about the dark patterns you employed on the opt-out?
| itronitron wrote:
| Sadly, those patterns are just industry standard UX at this
| point.
| jacquesm wrote:
| The hell they are.
| Silhouette wrote:
| No, they really aren't. Some of the reported patterns
| probably aren't even legal in large parts of the world
| today.
|
| Not that it would matter if they were. Other people doing
| nasty things is no excuse for doing them yourself as
| well.
| elliekelly wrote:
| Do you have a Chief Privacy Officer? Or Chief Information
| Security Officer? Was the issue raised and the privacy impact
| miscalculated (not ideal, but mistakes happen) or were the
| potential privacy implications overlooked entirely?
| ammon wrote:
| We do not have a Chief Privacy Officer or Chief Information
| Security Officer. The issue was raised by our head of
| product and I dismissed it. I saw it as a minor concern
| (I'm ashamed to say).
| [deleted]
| ngneer wrote:
| Though you are small and do not have an official chief
| privacy officer or CISO, do you have personnel that are
| champions of those desires? If not, nurture or acquire.
| If so, listen to them. This is 2020. If you look at Zoom,
| you can argue that security and privacy can come later,
| that the market will do anything for features and forgive
| any security or privacy faux pas. You would not be wrong,
| but such a calculus is what people in this forum are
| objecting to. People mainly feel bad that the economic
| incentive for privacy is weak. Are you following GDPR?
| Have you heard of it? A privacy move on top of your
| apology and retraction could differentiate your company
| as the privacy aware alternative, much like DuckDuckGo
| has made privacy its key differentiator, or, if you need
| a stronger financially motivating example, much like
| Apple is touting privacy in all that they do.
| steve_adams_86 wrote:
| I hope you went back to Aaron and thanked him for that
| input and perhaps apologized for dismissing it. It can be
| really frustrating to lead something and have
| founders/execs shoot down your professional input, ideas,
| or concerns because... Well, why did you?
| jacquesm wrote:
| Next time: pass it by your lawyers for a quick review if
| you can't trust your own judgment on things like this.
| Ditto for all the dark patterns you are still using today
| on your website, clean up your act. Note that you are
| firmly in the crosshairs of the EU data privacy watchdogs
| and that the fines are nothing to sneeze at, if you
| expect to establish and maintain a foothold in this
| market realize two things:
|
| - trust is a crystal ball, you can drop it and break it,
| patch it back together again but it will never ever be
| the same way it was before, it can only degrade
|
| - if you plan on being a player in this field you will
| have to take the privacy of your users serious, this
| includes doing your privacy and security reviews by the
| book because _if_ there ever is an involuntary disclosure
| what you 've seen in the last couple of days will come
| back hundredfold.
| krn wrote:
| > I thought that opt-out was the way to get critical mass
|
| But what about following every dark pattern in the book to
| prevent people from actually opting out[1][2]? There was not
| even an option to opt-out indefinitely.
|
| It seemed like an extremely carefully engineered effort to
| trick the users. How can something like this be considered
| "unintentional"?
|
| [1] https://news.ycombinator.com/item?id=23280040
|
| [2] https://news.ycombinator.com/item?id=23283237
| p4bl0 wrote:
| > But what about following every dark pattern in the book
|
| If the goal is to run after LinkedIn it seems a logical way
| to go, but they have a very strong head start on that.
| skinkestek wrote:
| Regarding [2] This is extremely bad, like Google+ forced-
| real-name-policies bad..!
|
| (For those who wonder: that and the Buzz incident made lots
| of people hate or at least distrust Google.)
|
| Why why why do companies do this?
|
| During the last 6 months I've stopped logging into Stack
| Overflow. It is a nice resource but for me it is read only
| for now because they messed up so hard - and refused to
| come up with a real apology.
|
| Same goes for Quora: they betrayed us hard by trying to
| tell everyone what we were looking at. (Edit: next sentence
| added later:) Now imagine you've been reading up about
| health issues and realize it is suddenly on your profile.
| Still now, many years later I shun them as they haven't as
| far as I see come clean.
|
| In some cases, if it get caught early enough, just saying:
| "we messed up, sorry, here's what we will do:" can be
| enough.
|
| In other cases - where there are layers of bad patterns,
| lies and contempt for users and volunteers I actively want
| to punish them until they start behaving.
|
| Quora (broadcasting sensitive information), Google (trying
| to kill the web, insulting me with insanely misplaced ads
| for years, trying to kill Firefox), Stack Overflow all goes
| on my list of companies that I actively work against, but I
| guess only until I see real change ;-)
| AlexCoventry wrote:
| I think I missed the SO news. What happened there?
| skinkestek wrote:
| They kicked a mod (Monica) who dared to ask questions
| about the implementation of their new policy regarding
| gender words.
|
| IIRC Monica asked if would be OK if she (or someone
| else?) wrote in a way that sidestepped the whole issue,
| for example by writing about "the user" instead of "he
| and/or she".
|
| Again IIRC they leaked information to newspapers,
| misrepresented the case and issued one or more non-
| apologies before trying to pretend nothing had happened.
| momokoko wrote:
| Let's be honest. This was out of desperation. Without this
| pivot Triplebyte was dead. And now it probably is anyway.
|
| Ammon, the big money is going to be chasing cost savings as
| more remote workforces can now take advantage of overseas
| labor. The perfect storm of cost reduction pressure and
| remote workplace growth gives Triplebyte a great position to
| be the front runner in helping companies find less expensive
| overseas talent.
| treis wrote:
| > Let's be honest. This was out of desperation. Without
| this pivot Triplebyte was dead. And now it probably is
| anyway.
|
| IMHO, that's the saddest thing about this. Triplebyte has a
| niche where they can provide value to companies and job
| seekers. But producing an objective analysis of someone's
| coding skills is expensive and doesn't scale well. They
| could make millions every year but it's not and never would
| be a billion dollar company. And it's too bad that millions
| is not good enough.
| JMTQp8lwXL wrote:
| Applying a marginal amount of business accumen: there's
| other ways to get from millions to billion(s). They don't
| have to further monetize engineers. There's companies
| looking for all sorts of talent, beyond software
| engineers, in fact 99% of hiring is for non-software
| engineering roles. You can't get blood from a stone, but
| you can expand your total addressable market.
| treis wrote:
| It's too hard to scale and protect margins. If Triplebyte
| proves out a business model you'll get a bunch of
| Triplebyte for X competitors. For example, someone will
| start the equivalent of Triplebyte focused on DBAs
| another for Erlang devs, another for embedded, etc.
| greenyoda wrote:
| Wouldn't a growing company that needed to hire for
| several different roles rather deal with a single service
| than a separate service for each specialty role?
| my_usernam3 wrote:
| He was honest and completely addresses this
|
| > The floor has fallen out on parts of our business, and
| other parts are under unprecedented growth. We've been in a
| state of churn as we quickly try various things to adapt.
| But I let myself get caught in this rush and did not look
| critically enough at the features we were shipping.
|
| In fact that paragraph is what made me accept his apology.
| The reflection and honest answer of how he decided to ship
| this feature was more than any company apology I've heard
| in the past.
| ALittleLight wrote:
| Hey, I was complaining at you in the previous thread, so I
| feel obliged to say thanks for the apology and the reversal.
| I think the feature, IFF opt-in, is a good idea.
|
| Thanks!
| g_p wrote:
| Kudos for owning up straight on this.
|
| I think LinkedIn is a massively privacy violating service,
| and alternatives are a very good and important thing to see.
| I would add one comment though perhaps helpful in the future:
|
| One reason people here take such a vigorous stance against
| startups doing these kinds of "dirty tricks" is because they
| want real alternatives that treat them as more than a number
| of a row in a database. The incumbents will use opt-out
| techniques and consent walls, and dark patterns to grow.
|
| But at the end of the day, they're being valued by the number
| of rows in their database. It seems there's a real potential
| to have lots of (but fewer) rows in your database, but for
| them to be actual valued users who get value from your
| service, and you make money from. Hyper growth scaling
| doesn't always have to be the only way. A curated network of
| a focused and high value verified demographic is likely worth
| orders of magnitude more than the incumbent, without any data
| selling or shenanigans.
| tgsovlerkhgsel wrote:
| > massively privacy violating service
|
| And that's saying it gently.
|
| Not sure if they're still doing it, but the way they were
| harvesting e-mails and then using them to spam the
| harvested contacts, they were no better than any other
| phishing site.
|
| For people who use the same password on LinkedIn and their
| e-mail account, it was extremely easy to accidentally
| "consent" to this, and I've seen many an apology to the
| spam victims from someone who accidentally gave access. And
| they would spam everyone multiple times, with no way for
| the recipients to stop it. (They paid a $13M settlement for
| this; gladly, I assume).
|
| It still boggles my mind that e-mail providers didn't both
| block LinkedIn's IPs from accessing contacts and spam-can
| everything from their mail servers.
| g_p wrote:
| Agreed - I think they stopped doing this, but I am still
| tempted to make a GDPR complaint on the basis I have
| never consented to receiving contact from them.
|
| Looking back at my email archives, I was still getting
| "X's invite is awaiting your response" emails in October
| 2018, after GDPR began.
|
| Perhaps I am taking an overly strict view here, but given
| my email address is _my_ personal data, no amount of
| consent (or indeed waivers /warrants from users that they
| have my consent, which LinkedIn has no genuine reason to
| believe true) can grant them permission to store and
| process _my_ personal data.
|
| It seems nonetheless unavoidable for LinkedIn to have
| carried out the process of linking my email to the person
| that sent the (unsolicited) request. This kind of
| behaviour is really rather scummy. I hope that invite
| spam could be a separate case on the basis of a GDPR
| violation, rather than the "accidentally going into
| people's email and getting their contacts" (as
| incredulous as it is to even write this!)
| voz_ wrote:
| This is how people grow. By fucking up, taking some heat, doing a
| little introspection, and correcting their mistakes.
|
| > Nor in the critic let the man be lost
|
| > Good-nature and good sense must ever join;
|
| > To err is human, to forgive, divine.
| ponker wrote:
| I don't think this guy can recover trust from here. It's not just
| the feature and the email, it's his indignant and dismissive tone
| in the comments here afterwards:
|
| https://news.ycombinator.com/item?id=23280137
|
| This comment is the hallmark of a company that doesn't feel like
| it needs to answer to users or criticism. They can reverse a
| decision and send out a tearjerker of a _mea culpa_ but people do
| not change their nature over a weekend, and I am just not going
| to trust the man who wrote the comment I linked above.
| [deleted]
| loveJesus wrote:
| Luke 17:4 and if he sins against you seven times in the day, and
| turns to you seven times, saying, 'I repent,' you must forgive
| him."
| QUFB wrote:
| I suppose that like with SCOTUS and Citizens United, Jesus
| would want us to treat corporations as people too.
| dang wrote:
| Single-purpose accounts aren't allowed on HN, and the religious
| material is off topic, so I'm afraid we've banned this account.
| Nothing against Jesus.
|
| https://news.ycombinator.com/newsguidelines.html
| cbanek wrote:
| Didn't get the apology email which may mean that they actually
| deleted my account as asked with no further nonsense or asking
| for identification. Which is honestly good on them. With this
| reversal, in the future, if I'm looking for a job, I _may_ look
| at Triplebyte again, but I'm certainly not giving them any info
| before then. Good luck, Triplebyte.
|
| Edit: Nevermind, I just got the email. Still no response to my
| request to delete my account.
| wolfgang42 wrote:
| Ammon says they've gotten 2k deletion requests since the
| announcement (https://news.ycombinator.com/item?id=23304097).
| They probably never automated the feature (why would they?
| before this they were probably getting a couple a week) so I
| imagine it may take a while for them to work through the queue.
| photonios wrote:
| I am not an active Triplebyte user, but I have an account and
| followed the thread(s).
|
| This e-mail (which I also got) seems like a heartfelt apology.
| They fucked up, realized it and turned the ship around. They
| listened and that's what counts for me. They listened to the
| negative feedback and responded to it.
|
| Some comments around here are extremely negative of the whole
| situation. More negative than I think they deserve. They could've
| pushed through and ignored all the feedback they got. They
| didn't, and that's enough for to show the company and its CEO
| isn't utterly rotten.
|
| @ammon Thanks for listening and participating in the discussions
| on HN. You made a mistake, but the fact that you responded is
| enough for me to put my trust in Triplebyte in the future if the
| need arises.
| cmroanirgo wrote:
| I'm like you, not actually a triplebyte customer, but have
| followed on hn.
|
| > They listened and that's what counts for me.
|
| The fact is that they didn't listen. The ceo ammon was here on
| hn clearly not listening and clearly not apologising.
|
| I would surmise that it's only due to a flood of account
| deletion requests that he started to notice... Add this proves
| one thing: on triplebyte you are the commodity and not the
| customer.
|
| Although it's unlikely I'd have ever used them, because of this
| fiasco you can be sure I'll be warning people away from the
| platform entirely, heartfelt apology or no.
|
| For my view to change he'll have to do a whole lot more than
| one email. He needs to change his way of thinking and one email
| is no way of proving that it's happened.
| mlthoughts2018 wrote:
| Are you kidding? Pandering to covid-19 based urgency to release
| this feature?
|
| To put it much more politely than they deserve, this company is
| scum.
| willart4food wrote:
| > This e-mail (which I also got) seems like a heartfelt apology
|
| Ever hang out with a sociopath/narcissist? They give the best
| heartfelt apologies, they almost make you feel guilty or
| something.
|
| And then, they do it again. And again. And then again some
| more.
|
| Only time will tell how "real" something is.
| moreaccountspls wrote:
| You're getting downvoted, but you're 100% correct.
|
| Let's be real here. This guy's business went to shit because
| of the pandemic, and he's panicing that he's going to get
| kicked out of the cool kids VC club. Then he made a big
| strategic boo boo to try to stay in the club, and laid on a
| bunch of rationalizations why that wasn't the case last week.
| Now, he realizes he's doubly fucked, and got a PR firm to
| help him do damage control.
|
| Which honestly is fine to me. I don't care one way or the
| other. It's just funny to see people contort to not see the
| obvious.
| colejohnson66 wrote:
| Do you have any evidence @ammon is a sociopath/narcissist?
| hn_throwaway_99 wrote:
| I totally agree with this. When I see corporate apologies I
| look for two things:
|
| 1. Actions speak louder than words. In this case, they are
| reversing what originally caused the outcry.
|
| 2. Did they look introspectively to try to really understand
| what made people mad in the first place. In this case I believe
| the CEO did.
|
| If we don't ever accept sincere apologies, then we're left with
| a world where there is never an incentive to apologize and
| improve. Frankly, seeing a taste of this in US politics with
| politicians doubling down on their past mistakes even when
| confronted with all evidence to the contrary - this is not a
| path I'd prefer to go down further.
| danieltillett wrote:
| It is sad that you felt you had to use a throwaway account to
| post this totally reasonable opinion.
| lazyasciiart wrote:
| It's a three year old account. Not everyone wants a HN
| account in their real name.
| tikthot wrote:
| > Some comments around here are extremely negative of the whole
| situation. More negative than I think they deserve
|
| People would have gotten laid-off to this. The dark patterns
| are just cherry on top.
|
| The negativity is well deserved.
| photonios wrote:
| The negativity towards to original announcement of making
| profiles public was deserved. For me, the negativity towards
| the CEO's apology and cancelling the feature is not.
|
| Everyone makes mistakes and if nobody would be willing to
| look past that, then we'd never get anywhere.
| wyck wrote:
| This isn't just a whoopsy mistake, this is a drastically
| stupid decision that brings the whole business into
| question. This wasn't really a technical mistake, this is
| bad leadership mixed with bad procedures. When you drive
| you boat into the ground because your "not thinking" as the
| captain, it doesn't remove the fact that you drove a boat
| into the ground. Irresponsible would be an under statement,
| it would be more appropriate to call this moronic.
| treis wrote:
| It would have gone over a lot better if he didn't spend a
| couple days on HN telling people they shouldn't be mad
| about it.
|
| And it would have gone over a lot better if he was honest
| about what happened. He got caught with his hand in the
| cookie jar and he's all "was that wrong? Should I not have
| done that?". They knew exactly what they were doing and
| calculated that it was worth it.
| wolfgang42 wrote:
| Quick correction:
|
| _> spend a couple days on HN telling people they shouldn
| 't be mad about it._
|
| It was actually a only a couple of hours and a few (very
| inflammatory and highly downvoted) comments, near the
| beginning of the thread, and then radio silence as the
| fire raged on.
|
| I think that he took a step back and began reconsidering
| after realizing that his comments weren't helping any,
| but because they were the only thing he said in that
| thread and a lot of discussion was focused on them it
| seemed like a lot more activity than it really was. (Not
| that this excuses anything, but I think it's important to
| be clear about what happened.)
| photonios wrote:
| I can see how that conclusion gets drawn.
|
| Any new feature that is announced can be met with some
| negativity. Sometimes it just ends up working despite
| that. It is not surprising to me that at first, they
| tried to defend their plans. It probably took a while for
| the backslash to sink in and their own opinions to
| change.
|
| I wouldn't expect every company, even ones that target
| HN's primary audience to turn everything around right
| away because of an angry thread within a few hours. They
| turned around in 2-3 days. Quick enough if you ask me.
|
| Disclaimer: I am really not in any way affiliated with
| Triplebyte. I am not even a user/customer. I just see a
| lot of negativity that I that I find unjustified.
| treis wrote:
| Nobody is mad about a "feature". They're mad because
| Triplebyte made sensitive private data public.
| RobertRoberts wrote:
| This ^. This is the issue.
|
| Calling it only a "feature" is just downright twisting
| the facts.
| Silhouette wrote:
| _They 're mad because Triplebyte made sensitive private
| data public._
|
| And engaged in a host of dark patterns that made it
| difficult for people to effectively respond to that, for
| example by getting the data deleted and cancelling any
| account they had. The problem wasn't just the original
| error in judgement, serious as that was. It was the
| doubling down on it in both the implementation and the
| handling of the criticism when it was announced.
| colejohnson66 wrote:
| Except they didn't make any data public. Yes, they were
| _going_ to, but they hadn't _yet_.
| BurningFrog wrote:
| > _He got caught with his hand in the cookie jar_
|
| This confuses me. What big payout could they have gotten
| from making this public?
| username3 wrote:
| He didn't spend a couple days on HN telling people they
| shouldn't be mad about it.
| JshWright wrote:
| He certainly spent a great deal of time saying "I'm sorry
| you feel that way" (a classic non-apology... there's no
| better way to make a bad situation worse than by starting
| off with those words).
| neonate wrote:
| Yeah but not for a couple days. He got whipped by
| downvotes and left after a couple hours. Agreed about the
| sorry you feel part.
| yomly wrote:
| What I've come to observe is that you can never make
| everyone happy - a truism detached from this specific
| incident.
|
| So when you receive negative feedback on something - how
| should you respond?
|
| What if you're used to some certain baseline level of
| negativity? How should you respond then?
|
| I feel like there is feedback on the individual level and
| the aggregate level. Clearly in this case TripleByte saw
| that they would have alienated a large and important
| community but I'm convinced you can blame a CEO for being
| diplomatic but thick skinned.
|
| I mean this is the community famed for trivialising
| Dropbox
| otterley wrote:
| I interpret such a statement as expressing sympathy with
| someone's point of view, but also disagreeing with it.
| nogabebop23 wrote:
| It's pretty well understood by people far less
| experienced than the CEO (i.e. me) that you need to split
| those messages up.
|
| Empathy is unconditional. It says "wow, that must be
| really painful/terrible/scary". It carries no judgement
| around the accuracy of such feelings, only an
| understanding that they are real for the other person.
|
| Disagreeing comes later after you have shown there are
| legitimate competing solutions.
|
| "I'm sorry you feel that way" fails at the first so you
| haven't yet earned the right to disagree agreeably.
| otterley wrote:
| What makes it complicated, though, is that some people
| interpret "I'm sorry" as an admission of guilt or
| agreement, so conservative lawyers and others recommend
| specifying what you feel sorry for so as to not give away
| the farm.
| vehementi wrote:
| You're just full of misinformation, aren't you?
| dang wrote:
| Hey, please don't break the site guidelines even if
| another commenter is wrong (or you feel they are). This
| is particularly a bad way to defend someone because
| readers will instinctively take the other side in
| response to the personal attack. Instead, please provide
| correct information in a conversational way, like some of
| the sibling replies did.
|
| https://news.ycombinator.com/newsguidelines.html
| MintelIE wrote:
| Is it possible to look too kindly at somebody? I think
| so. Clearly the CEO is backpedaling now that there's been
| a public outcry.
|
| He's not sorry about what he did. He's sad he got caught.
| CathedralBorrow wrote:
| What's the penalty for looking too kindly at somebody in
| this context?
| MintelIE wrote:
| One continues to be taken advantage of, over and over
| again.
|
| Assuming good faith is not prudent when dealing with
| people who want your money or data. We have enough
| collective experience at this stage to say this
| conclusively.
|
| Edit: Being cynical is the new normal when dealing with
| companies. Especially if they have your data, or want it.
| colejohnson66 wrote:
| You're assuming ill intent on a new company. To be so
| cynical is not a good way to view things in life. Also,
| they don't want my money. You literally pay _nothing_ to
| use them; they get paid (a one time lump sum) by the
| company who hires you
| skinkestek wrote:
| Think of it this way: If someone I trusted with my data
| doxxes me it doesn't matter if they do it for free!
|
| Yes, we know they weren't doing it for the goodness in
| their hearts, but there's a huge leap between
|
| - using what they know about me to sell services to
| others (classic Google)
|
| - and outright selling/publishing my data to others
|
| There's a reason why I still - despite all my dislike for
| Google - still respect them somewhat: they actually seems
| to try to guard their treasure chest of juicy customer
| data against both governments as well as everyone else,
| they seem to be in this for the long haul.
|
| Edit: try to avoid being rude / abrasive
| CathedralBorrow wrote:
| Wait, I thought we were talking about kindness after they
| pulled the plug and backtracked on everything.
|
| How am I being taken advantage of if I read that letter
| and think "Well, good for them to finally realize things
| and take the right steps"? And I hope you're not speaking
| for everyone when you talk about good faith.
| mthoms wrote:
| > Assuming good faith is not prudent when dealing with
| people who want your money or data. We have enough
| collective experience at this stage to say this
| conclusively.
|
| Well said. This ought to be taught in schools.
|
| Being slightly pedantic I'd change it to "when dealing
| with _companies_ that want your money or data " rather
| than "people" (though I've pretty sure that's the general
| meaning you intended anyhow).
| rammy1234 wrote:
| At this point in time it doesn't matter if there is an
| apology or not. Like above mentioned, some would have got
| laid-off or for some their intentions of job search is
| revealed. This is much worst of an effect that an apology
| would do any good. He apologized so what. It is good but
| damage is done. Can anything be about it ?
| photonios wrote:
| But they didn't. They cancelled the feature in time. So
| no real harm was done.
| tikthot wrote:
| They cancelled because someone caught it and posted it
| here on HN. It would have been a different story if it's
| given no publicity
| jki275 wrote:
| They emailed their entire user base and notified them of
| their intentions.
|
| You make it sound like they tried to hide this and got
| caught - that's absurd given the facts.
| greenyoda wrote:
| They gave their user base only one week's notice of the
| upcoming change[1], and according to the discussion in
| the original thread, had dark patterns in their UI that
| made it hard to opt out of the feature (it would only
| allow you opt out for 24 months)[2] or cancel your
| account.
|
| [1] https://news.ycombinator.com/item?id=23279837
|
| [2] https://news.ycombinator.com/item?id=23283237
| jki275 wrote:
| I got the email. Your characterization is inaccurate.
| wolfgang42 wrote:
| I also got the email. I think the characterization is
| entirely accurate. (The bit about needing to opt out was
| badly phrased at best, and buried in the middle of a
| paragraph. I skimmed the email and thought it was a neat
| feature, and made a note to turn it on before my next job
| hunt.)
| rammy1234 wrote:
| I thought it went already live. Misread and misinformed.
| iajrz wrote:
| Since they reversed before making the information pubilc,
| was damage really done?
| wolfgang42 wrote:
| Yes, massively, to Triplebyte's reputation.
| californical wrote:
| It wasn't just an apology -- they reversed the decision
| before it happened, preventing any damage.
|
| I was also furious when I found out, and still am upset
| at how they went about this situation in the beginning.
| They could've handled it much better. But they did what
| the community asked for, and nobody was harmed in the
| end. I would argue that this was the system actually
| working.
|
| I think we should incourage good behavior, instead of
| being totally unforgiving of all mistakes. Hopefully
| other companies can learn a lesson from Triplebyte and
| think twice before making this mistake at all in the
| future.
|
| I'm still not sure if I'm going to keep my account with
| them, but I do feel better about it
| RobertRoberts wrote:
| "...and nobody was harmed in the end"
|
| Consider how you would feel if a credit card or a bank
| did this? Would you ever trust them again?
|
| No, you would not.
| heavyset_go wrote:
| With your attitude, someone could try to something sneaky
| and dishonest like TripleByte did, but as long as they
| walk back on it _eventually_ , it's all good.
|
| Why _wouldn 't_ another company first try to push privacy
| violating changes on a Friday, when people like you are
| so willing to turn a blind eye to it if they get caught?
|
| They violated trust and it's going to take a lot more
| than an email apology to get it back from people who
| care.
| colejohnson66 wrote:
| Did you read his comments here (on this thread)? It was
| that they were rushing to have this feature done earlier,
| but missed the deadline.
| heavyset_go wrote:
| Yes, I read his initial comments and the ones here. Those
| very comments are the reason I am not as willing to turn
| a blind eye as others are. Those comments showed blatant
| intent to minimize the privacy violations and
| TripleByte's dishonest tactics. The follow up reads just
| like an excuse that sounds plausible to those with an
| engineering mindset. Given the audience of the blunder,
| and this site, I'd say that many users' capacities for
| forgiveness and second option bias are being taken
| advantage of.
|
| Again, it will take a lot more than some words on the
| internet to gain back trust from people who care about
| the fact that they were tricked for financial gain.
| mosselman wrote:
| Could you maybe describe the damage to users that has
| been done? It is my understanding that they cancelled the
| feature before it went live.
| RobertRoberts wrote:
| Broken trust, induced fear, damage is done.
|
| And worse, who is to say they won't do this again later
| when no one is paying attention?
|
| Do you have personal guarantees they won't?
| TheSpiceIsLife wrote:
| Stress, _real or imagined_ , is stress.
| hn_1234 wrote:
| I believe you are misinformed. They didn't go public yet.
| rammy1234 wrote:
| How could a CEO the one major feature they were trying to
| do can't think something which many caught that upfront.
| Its not like something, that was caught after 2 months or 2
| years of a change, it was caught and discussed immediately
| after the announcement.
| jzoch wrote:
| The explanation for how it actually would have worked (as
| opposed to how HN thought it worked) seems to clarify the
| reaction imo. I can totally see how they thought they were
| justified in the rollout of this feature. They believed it,
| while opt-out, was merely a badge and contained no sensitive
| data (compared to HN profiles).
|
| This reaction seems way overblown. Its fine to criticize a
| feature but lets not pretend this is some nefarious plot that
| would have resulted in layoffs
| greenyoda wrote:
| > merely a badge
|
| > This reaction seems way overblown.
|
| A badge on a user's _now-public profile_ at a service that
| 's used _only when job hunting_. Any company that noticed
| that one of their existing employees had a profile at
| Triplebyte could guess that the employee was looking for
| employment elsewhere. This would not be good for their
| career prospects, and could easily result in the job-
| hunting employee being chosen for a layoff or skipped for a
| promotion - most companies would rather keep or promote
| someone who 's not about to leave.
| JMTQp8lwXL wrote:
| Are workers in a competitive industry such as tech really at
| risk for getting fired for possibly looking for new work?
| Having a TripleByte profile would say as much as having a
| LinkedIn profile. It doesn't necessarily mean you're looking
| for a job. And when it's extremely difficult and expensive to
| replace an engineer, it seems like a bad business decision to
| fire a worker for this reason.
| mentat wrote:
| There are what, 15000+ engineers competing for that many
| fewer jobs? Getting fired for looking for new work looks
| much more possible now than it did 3 months ago.
| lmeyerov wrote:
| This gets into all sorts of dynamics and who controls them:
|
| -- Layoffs are happening around COVID, now who do you think
| a manager will feel more OK picking?
|
| -- For luckier companies, bonuses/refreshers/promotions
| happen at different times, a candidate may want their
| manager thinking about their work vs. them exploring
| greener pastures
|
| That's sensitive stuff! Some candidate may like being
| exposed (it's a threat!), some won't (shows disinterest!
| distracts!). Crucially, the question is of _agency_ : folks
| entrusted TripleByte, expected privacy based on
| TripleByte's marketing and industry norms, and instead of
| having the decision, got into a world of dark patterns
| (opt-out, weak notification, difficult avoidance, long time
| delays, ...).
|
| Edit: People are down-voting this. Consumer tech companies
| have been going through layoffs, generally one or more
| rounds of 20%. Many B2B's are on a delay, and are starting
| to see numbers around their b2c customers plummet: easy for
| more to happen as ripples continue. What could have been an
| opt-in feature to help folks _maybe_ get better new
| positions was instead setup to add easily-avoidable risk.
| JMTQp8lwXL wrote:
| I didn't downvote, but I reasonably question how much
| energy is put into looking if employees have a TripleByte
| page. Performance reviews are typically backwards looking
| (what did this individual deliver for us in the last
| year) and forward looking (what trajectory does this
| person have in continuing to deliver value to our
| organization).
| lmeyerov wrote:
| Imagine an HR person using Triplebyte to recruit. As part
| of regular self-googling, finding folks with similar
| skills, etc., they'd see employees looking for new
| opportunities. A good HR person would notify the manager
| etc. of flight risk.
|
| This won't happen to everyone, but again, it's a matter
| of agency. Someone at a tiny startup may not care, but
| someone at a bigger or more political org might might
| feel risk differently. It's their career, not
| TripleByte's.
| jki275 wrote:
| I really doubt this.
|
| If a company would lay you off because you have a profile on
| a jobs network, they're really a shit company you wouldn't
| want to work for anyway.
|
| Not that I agree with their actions - anything like this
| ought to be opt in only, but I can't see people getting laid
| off. I have a profile on linked in with my boss and multiple
| people from my company as contacts, I've got profiles on
| multiple additional jobs board both locally and nationally.
| I'm not really looking for a job, but I have absolutely no
| reason to think I'd get fired for having a profile on
| triplebyte (which I do as well).
| greenyoda wrote:
| > you wouldn't want to work for anyway
|
| That would have been much easier to say a few months ago.
| But now, lots of startups and even large companies like
| Uber and Airbnb are laying off workers. Suddenly, for many,
| staying at that crappy company they currently work for is
| starting to seem like a much better option.
| frandroid wrote:
| > you wouldn't want to work for anyway.
|
| Sure, but you still have a mortgage to pay and would like
| to switch companies on your terms rather than on your
| employer's terms, right? Have enough time to find the right
| job you want, instead of the least-worst because you're
| really not comfortable with being out of work in what's
| looking to be a long economic crisis?
| mthoms wrote:
| Scenario: You're the boss. Your company needs to layoff one
| of two people in a specific role. The two employees up for
| termination are more or less equal in terms of performance,
| wages, experience, etc.
|
| You have strong evidence Employee A is unsatisfied and
| looking to move on. Employee B has given no indication of
| such.
|
| Which one do you lay off? Keep in mind that unsatisfied
| employees often have a detrimental effect on the morale of
| their (otherwise content) co-workers.
|
| Answer: You lay off Employee A. And not because you are a
| bad CEO or bad person. You do it because it's legitimately
| in the best interest of the company.
|
| Now take the same scenario and substitute a promotion in
| place of a termination. Which employee will get the
| promotion? Which employee is it in your best interest to
| _invest_ more money and time in? I think you know the
| answer.
| dangerboysteve wrote:
| I disagree, the site is by developers for developers. Every
| developer on planet earth is well aware of privacy issues and
| the evil dark pattern of negative options. They knew this ahead
| of time, they took a gamble and shit hit the fan. The apology
| is not heartfelt or sincere, its just damage control.
|
| If they want to correct this mistake, turf the product manager
| or make a $25K donation to the EFF as an act of penance.
| colejohnson66 wrote:
| If they make a $25k donation to the EFF, people will just ask
| "why not $50k?" or "why not pay _me_?" They can't win against
| people who have their mind made up.
| tmpz22 wrote:
| Even the greatest of apologies is not a time machine that will
| completely undue what happened. A C-level/director-level team
| pushed out a massively privacy violating policy with zero
| feedback in an effort to compete against an incumbent company
| (LinkedIn) on a Friday afternoon.
|
| It reeks of they-raised-too-much-money-and-now-have-to-do-BIG-
| things syndrome and would seriously discourage me as either a
| user or enterprise customer, as if the AI/machine-learning
| BULLSHIT didn't already do that. They're a recruiting company
| that took a sucker punch with CV-19 and effectively tried to
| sell their user data as a get out of jail free card.
|
| The saving grace is that LI Recruiter is a trash product (for
| years...) and they could probably eek out a consumer net-good
| by bringing more competition to the market, if only they went
| about it the right way.
| PopeDotNinja wrote:
| People screw up. It happens. I accept the apology.
| rammy1234 wrote:
| Really even if it's a bank or a financial entity. Here it
| is privacy
| wildermuthn wrote:
| Sure, Triplebyte made a dumb move here. But "massively
| privacy violating" is hyperbole.
|
| It seems as if everything is considered "private" now. No,
| not everything is private. You interviewing for a job isn't
| private unless both parties make it private with a legally
| binding contract. It is a mistake to wishfully label public
| information as private simply because we don't want it to be
| public. It also makes it harder to talk about true violations
| of privacy and distracts from understanding the real issues
| at stake.
|
| What people ought to say, and have often said here, is that
| it is a violation of trust. People trusted Triplebyte to find
| them a new job, not lose their current job. That trust was
| violated not by an invasion of privacy -- it is their data as
| much as it is ours -- but a violation of using that data in a
| harmful way.
|
| Privacy isn't the problem here. The problem is with whatever
| broken processes led to this bad product and poor decision.
| stanleydrew wrote:
| > You interviewing for a job isn't private unless both
| parties make it private with a legally binding contract.
|
| I would gently suggest that you look into the idea of
| "reasonable expectation of privacy" which has a long
| history in the courts.
| dnautics wrote:
| I was about to read this apology cynically but I think this is
| one of the best apologies I've ever read.
| eloff wrote:
| So many companies issue an apology that's been composed by a PR
| team and edited by legal. It ends up being a wishy washy we
| admit nothing but care about our customers kind of statement.
|
| It's refreshing to see a real, detailed, apology. Just taking
| responsibility and owning each mistake of judgment or process
| along the way.
|
| My opinion of these guys actually went up a notch over this
| debacle.
| RandomBacon wrote:
| I'm in a different industry, but I read the HN thread about it
| a few days ago. In the CEO's comments, I saw a lot of 'I'm
| sorry _you_ feel that way ' type of apologies. I wrote that he
| should take responsibility for his own actions.
|
| Perhaps he read that and took it to heart. Perhaps he read that
| and realized it would sound better if it seemed like he took it
| to heart. Perhaps after the monumental PR screw-up, they hired
| a PR professional that wrote the apology.
|
| Who knows. Actions speak louder than words.
| mattm wrote:
| They scrapped the feature so that's an action backing up his
| words.
| rammy1234 wrote:
| Question is why was it there in the first place , so
| hideous, so late on Friday, one week time to update the
| profile. Why not more time when it concerns privacy.
| RandomBacon wrote:
| The fact that it got to this point I think would be
| concerning:
|
| a) No one thought this was a bad idea, or
|
| b) people who thought it was a bad idea didn't want to
| say it was a bad idea (why?), or
|
| c) people who did say it was a bad idea were not listened
| to (feedback was not acted on).
| japhyr wrote:
| Your comment was the first thing I thought of when reading
| today's email. I hav worked most of my life as a secondary
| math and science teacher, and one of the things we teach all
| students about communication is "I statements."
|
| This email is full of sincere I statements. Whether it comes
| from reading your comment or just reflecting on the whole
| situation, this is about the best response I could have
| imagined a few days ago. It accepts responsibility, and
| shares the thinking and feeling behind getting so far from
| where they should be heading.
|
| I don't have a TripleByte account at the moment, but if I did
| I'd be open to what they do next. A CEO who has made a major
| mistake and taken sincere responsibility for it in my eyes is
| more trustworthy than many who just haven't made their first
| major public mistake yet. I know we need to watch them
| carefully for a while, but this is about the best statement I
| could imagine Ammon and TripleByte putting out right now.
| mthoms wrote:
| My personal belief is that any educated, native English
| speaker who peddles in non-apologies like "I'm sorry that YOU
| feel that way" is to be avoided as much as possible (socially
| _or_ professionally). In my experience, these are typically
| the same people who will do other weasel-y things like tell
| lies by omission and justify it to themselves (and others) by
| saying didn 't _technically_ lie so what 's the big deal?
|
| Indeed I've learned this the hard way.
|
| Having said all that, the above apology goes even farther in
| accepting personal blame than I would have expected... so I'd
| be slightly torn on this one if the cynic in me didn't know
| he was likely coached heavily in crafting it.
| 737min wrote:
| I think what the critics are trying to say is that plenty of
| companies in the same space were _not_ tempted to do this kind
| of stuff, despite all the pressures, and instead atayed
| committed to engineers' privacy and putting candidates first.
| takeda wrote:
| I don't have an account there, and didn't even know about them
| a week ago, but based on what people posted I don't understand
| the drama.
|
| They want to make profiles pubic, like LinkedIn. The public
| profiles only contain subset of information from actual
| profile. Their FAQ page says that you can enable/disable
| sharing of your profile. They sent email to their users
| announcing the change and giving plenty of time to change
| settings.
|
| I don't see how could they do better than that.
| RandomBacon wrote:
| Explanations in comments:
| https://news.ycombinator.com/item?id=23279837
|
| Synopsis IIRC: Dark paterns, requiring ID to close account,
| 30 days to close account (and they quietly cancel the request
| if you log in), only 7 days notice, no permanent opt-out.
| moreaccountspls wrote:
| This is 100% a PR firm doing damage control. Go look at the
| other thread and tell me if this sounds like someone who's
| actually sorry, or sorry they got caught with their hand in the
| cookie jar.
|
| edit: A lot of people in this thread are naive to the nature of
| sociapaths....
| dang wrote:
| The cookie jar argument is fine, plenty of people are making
| it. The sociopath thing is over the line - you can't attack
| someone like that on HN. I'm happy to see that users rightly
| flagged it.
|
| https://news.ycombinator.com/newsguidelines.html
|
| p.s. While I have you, could you please stop creating
| accounts for every few comments you post? We ban accounts
| that do that. This is also in the site guidelines. You
| needn't use your real name of course, but for HN to be a
| community, users need some identity for others to relate to.
| Otherwise we may as well have no usernames and no community,
| and that would be a different kind of forum. https://hn.algol
| ia.com/?query=by:dang%20community%20identity...
| moreaccountspls wrote:
| Sure, I didn't realize the account thing was against the
| rules.
|
| I don't mind being flagged though. This is a [YC invested]
| company that just exhibited another example of the valley
| libertarian "the rules don't apply to me as long as I make
| money [or I get caught]" mentality. And hey, if that's what
| his priority is, more power to him! I personally think
| "sociopath" is an accurate label for that group of people,
| but sure, we can use a different term. How about
| objectivist? :)
| dang wrote:
| For me it falls into the IPD category (Internet
| Psychiatric Diagnosis), which is generally a no-go on HN.
| https://hn.algolia.com/?dateRange=all&page=0&prefix=true&
| que...
|
| Thanks for responding so nicely about the accounts thing.
| [deleted]
| mosselman wrote:
| > This e-mail (which I also got) seems like a heartfelt
| apology.
|
| Even if it is heartfelt, I'd argue that if no alarm bells went
| off internally when they were discussing this feature, they are
| not the group of people to entrust with information such as
| this.
| grawprog wrote:
| People do make mistakes. Sometimes people really do just fuck
| up. We're only human. All of us. Whether you're a CEO or just
| a worker. Whether it's even heartfelt or not, it's nice to
| see someone without any bullshit or wishy washy words, just
| straight up say, sorry everyone, i really fucked up.
| Personally, i appreciate the honesty from people, whether
| they mean it or not, it still takes some bit of honour and
| humbleness to openly admit your mistake. It's not an easy
| thing to do and i can appreciate the effort it takes to come
| out and just straight up say 'yeah i'm an idiot and i fucked
| up pretty bad.'
| glenstein wrote:
| >Even if it is heartfelt, I'd argue that if no alarm bells
| went off internally when they were discussing this feature,
| they are not the group of people to entrust with information
| such as this.
|
| On one level I agree with this, in that I don't think
| 'heartfelt' is a fair metric. It's subjective, it's a ritual,
| and on some level the demand for performative contrition
| feels to me like something that doesn't have well defined
| parameters and past a certain point doesn't serve a purpose.
|
| What is important to me are the statements that acknowledge
| error and recognize what made it a bad thing to do. Those
| seem on-point to me and, insofar as apologies go, I'm not
| sure what else should have to be said.
| JMTQp8lwXL wrote:
| I'm surprised they didn't consider beta testing the feature
| with a subset of users to see how it'd go first.
| mattm wrote:
| According to one of the CEO's replies in the other comment
| thread, one of the drivers to push forward was that they
| need to meet their sprint goal.
|
| I don't have any inside information but it seems that this
| could also be a case of the downsides of deadlines. They
| set a deadline and then all other considerations go out the
| window when trying to meet that.
| rammy1234 wrote:
| Whoa! Deadline was a reason to push a feature which is
| big and privacy violating one. Can a bank say due to
| deadlines we made passwords not encrypted ? The feature
| which is your core cannot be part of deadlines. If they
| really intent of user protection, they would have de-
| scoped it to next sprint.
| srtjstjsj wrote:
| For anyone who thinks this is too ridiculous to be true,
| here is the CEO confirming this was rushed out to meet a
| fake-Agile fake deadline, without regard for how it might
| affect users or developers:
|
| https://news.ycombinator.com/item?id=23280137
| ibejoeb wrote:
| Lol. Gotta have priorities. That's some serious b school
| negative work.
| at_a_remove wrote:
| I am trying to evaluate this as fairly as I can. "Sprint"
| is one of those words that just ... sets me off. I have
| to remind myself to be rational and measured in my
| response.
|
| Having said that, "sprint" is not a word I associate with
| thoughtful progress toward a reasonable goal. What it
| does say is "rush forward in a heedless manner" and
| "don't think, just run."
|
| Another artificial deadline dressed up with terminology
| that encourages plunging ahead without due consideration.
| bJGVygG7MQVF8c wrote:
| This is more sensible than people in this thread seem to
| think. The company emitted a signal about how they reach
| decisions -- you can debate the strength of it but it makes
| sense to update one's priors accordingly. Hey, path
| dependence is a bitch.
| andrewljohnson wrote:
| Both a cynical and wrongheaded answer.
| enriquto wrote:
| > if no alarm bells went off internally when they were
| discussing this feature, they are not the group of people to
| entrust with information such as this.
|
| On the other hand, once shit hit the fan, you could argue
| that these people would be extra-careful about fucking it up
| again, as opposed to another company where everything seems
| silently OK.
|
| It's a bit like the story of the engineer who did a 400.000
| dollar mistake on his first job. Asking the manager if they
| were going to fire him, he was told that no way they were
| going to fire somebody that just cost them so much money to
| train!
| smt88 wrote:
| > _On the other hand, once shit hit the fan, you could
| argue that these people would be extra-careful about
| fucking it up again_
|
| In my experience with Facebook, Google, and a variety of
| smaller companies, this doesn't happen.
|
| To people who think the way TripleByte apparently does, the
| fuck-up was _getting caught_ , not violating trust in the
| first place. If they had no moral issues with betraying
| users, they won't have any in the future (unless executives
| and board are replaced).
|
| Instead, they will pay more lip service to privacy concerns
| and be more secretive about violating user trust.
| travisjungroth wrote:
| I also read a story on HN where a devops engineer made a
| $80k mistake and got fired. He got hired at a new startup
| and the founder thought "of course he won't make the same
| mistake twice". He did.
| gavinray wrote:
| Anyyyy chance you happen to have that link handy?
| Terrible misfortune but sounds like a good read.
| travisjungroth wrote:
| https://news.ycombinator.com/item?id=22719573
| BurningFrog wrote:
| At least we can be sure lightning won't strike _thrice_!
| afterburner wrote:
| It's like they don't even internet.
| paulcole wrote:
| There was a study about surgical fuckups. In almost every
| case, multiple people in the OR admitted they recognized the
| problem but were too scared to speak up because the surgeon
| said things were going fine.
| greenyoda wrote:
| The same issue was found to be the cause of plane crashes:
| the crew knew that something was going wrong, but did not
| feel that they could contradict the captain (or the captain
| just wouldn't listen). This gave rise to the practice
| called Crew Resource Management (CRM):
|
| > _Crew resource management formally began with a National
| Transportation Safety Board (NTSB) recommendation made
| during their investigation of the 1978 United Airlines
| Flight 173 crash. The issues surrounding that crash
| included a DC-8 crew running out of fuel over Portland,
| Oregon while troubleshooting a landing gear problem._
|
| > _The term "cockpit resource management" (later
| generalized to "crew resource management") was coined in
| 1979 by NASA psychologist John Lauber who had studied
| communication processes in cockpits for several years.
| While retaining a command hierarchy, the concept was
| intended to foster a less authoritarian cockpit culture,
| where co-pilots were encouraged to question captains if
| they observed them making mistakes._
|
| Source:
| https://en.wikipedia.org/wiki/Crew_resource_management
| afterburner wrote:
| Many engineers complained about the risks before the
| Challenger disaster. Management suppressed the concerns and
| championed incorrect risk math in order to justify it.
| Judgmentality wrote:
| Do you have a link to the study?
|
| I certainly believe it. Projecting my own anecdotal bias,
| most surgeons I've met have been a special kind of
| arrogant.
| avip wrote:
| The pilots' case is subject of entire chapter in the book
| _outliers_.
|
| Book is... of oscillating quality.
| ddrt wrote:
| That last part is called the God Complex. Many surgeons
| have it.
| arawde wrote:
| I can't find the specific study, but it is part of the
| third part of the book The Power of Habit.
| vezycash wrote:
| Same happened for pilots
|
| https://www.linkedin.com/pulse/20140217220032-266437464-a
| sia...
| ibejoeb wrote:
| He dropped it on the Friday before the biggest holiday
| weekend of the year. He knows what he's doing. He's done it
| before, and he's still doing it. Just pulling power moves.
| Move fast and fuck shit up.
|
| The dude has personally tried to pull fast ones on me. This
| is a fucked company since day one. I brushed it off, but when
| you keep up these patterns for years...jog on.
| clockworksoul wrote:
| >The dude has personally tried to pull fast ones on me.
|
| Can you clarify?
| akerl_ wrote:
| Given the prevalence of comments like this, I wonder why any
| company would ever bother offering an apology or retraction.
|
| As soon as a company does something that a chunk of people on
| the internet don't agree with, there's really no way out.
| They're going to get bad press regardless of whether they
| retract, whether they apologize, and whether they say they're
| taking actions to avoid the sequence that led to the action
| in question.
|
| But alongside that, for every time the internet mob has risen
| up over a company's action, very few companies seem to have
| experienced major long term effects. I bet everybody knows a
| few people who have quit Facebook/GitHub, or who rage about
| Oracle business practices or MongoDB stability, but these
| companies still manage to keep trucking along.
|
| In light of this, I'm mostly surprised that Triplebyte
| bothered apologizing; it seems unlikely to do them any good,
| and it's unclear to me whether continuing course would have
| actually done as much harm to their bottom line as the prior
| Hackernews thread appeared to indicate.
| aaomidi wrote:
| I mean I deleted my account. They probably realized they're
| getting a ton of account deletions and went back on it.
| rammy1234 wrote:
| Probably which is mentioned in the email. " Last Friday I
| lost a big chunk of that trust. " which translates to
| account deletion
| ak-47 wrote:
| I also deleted my account and encouraged others to do so.
| I'd love to see their account metrics and to know whether
| the reason for the decision reversal was primarily driven
| by individual email responses, HN/reddit outrage, or mass
| account deletion.
| sbergot wrote:
| I mean, I can accept an apology when I can somehow
| understand the initial intention. In the thread the CEO was
| answering "but stackoverflow also has public accounts!" to
| people explaining why this was a very bad move. The guy
| seemed completely clueless. It was like trying to explain
| that hurting people is bad to someone who has just punched
| you in the face. And this guy justifies his move saying
| that he has watched a boxing match and that seems a normal
| thing to do. And then the day after that he finally
| understand for some reason? The apology is useless because
| the harm done is too great.
| jhanschoo wrote:
| Just as with a person, you'd need them to also demonstrate
| a series of correct decisions, and moving to give greater
| accountability to their actions before trusting them again.
| coldtea wrote:
| > _As soon as a company does something that a chunk of
| people on the internet don't agree with, there's really no
| way out._
|
| And yet, tons of companies had done that, and suffered very
| little. Heck, any company has done something that "a chunk
| of people on the internet don't agree with"...
|
| It's not about never doing anything wrong, or it being
| futile to apologize.
|
| It's about, you don't do THIS kind of privacy affecting
| changes without publicly announcing it first, and without
| red flags raised internally that it might not be a good
| idea.
|
| That's a good thing to instill in companies, whether this
| one apologized or not...
| akerl_ wrote:
| Given that there don't seem to be actual business
| repercussions from the internet mob's displeasure, and
| the internet mob's displeasure, once roused, cannot be
| quieted by apologies, changes in behavior, or
| explanations, it's unclear to me that we're actually
| "instilling" anything in companies, other than the lesson
| that it's not worth bothering to pay attention to the
| internet mob.
| mrmr1993 wrote:
| The current position is "sorry for breaking your trust,
| please trust us". It's hard to find it compelling.
|
| > Given the prevalence of comments like this, I wonder why
| any company would ever bother offering an apology or
| retraction.
|
| To project my own opinion onto others: these comments are
| warranted because an apology has no actual value. The fact
| remains that Triplebytes can still do this if they wish to,
| and they are constrained only by what they can manage to
| slip past their users.
|
| There's a stark asymmetry in the digital space, where
| service providers are protected by the legal language in
| their TOS or EULA, but the users have to trust that the
| service provider will not act outside their interests, and
| with no recourse. By contrast, in a normal contract
| negotiation, there will be an opportunity for both sides to
| ammend the contract to better serve their interests.
|
| If Triplebytes wanted to show that they will not attempt to
| do this again, they could break this asymmetry and
| constrain themselves in their user contract, accepting all
| resulting liability or specifying concrete penalties if
| they do persue this route in the future. An apology is just
| a meaningless PR exercise.
| ravenstine wrote:
| They're undoubtedly going to have to do more to make things
| right in the future for those who have been following this
| issue, but it's at least refreshing to read what seems like a
| genuine apology. If we can take away anything from this, it's
| that Triplebyte actually understand why people were upset
| over this. I've read lots of apology emails where those in
| charge clearly either didn't understand the problem or they
| were dismissive towards their consumers.
| dccoolgai wrote:
| I bet _most_ of their users aren't reading HN regularly and
| probably just skimmed past the email (I did). HN provided a nice
| little teapot for this tempest to play out in, from a larger
| strategic picture. As mad as it probably made them when that
| first user put the comment up the other day, that may have just
| saved their business from complete annihilation. If I were Ammon,
| I would find that person and send them some kind of nice gift.
| dccoolgai wrote:
| Perhaps more distressing to me, I got these emails but I _know_
| I never actually signed up to the site: I just took the little
| quiz. I _know_ I didn't sign up because I recall being
| irritated that I had to sign up to see the results of the quiz
| - and I was afraid of something happening _just like this_. I
| was watching this because I was fairly certain - based on
| whatever they published about me - that I was going to take
| some kind of legal action. So in a way, this person saved them
| from _me_.
| Mandatum wrote:
| Currently located in the EU and contacted my lawyer. Told
| them as such. I think they realised they fucked up from a
| legal standpoint more than anything else.
| skinkestek wrote:
| I feel sorry for them and Ammon in particular and I think this
| can be turned around but that mail and that feature seems like
| only the icing on the cake from what I can see.
|
| It seems to me there's a whole cultural problem going on.
| jorblumesea wrote:
| Just makes you wonder what else is going on there from a product
| standpoint. How many similar "good ideas" have they launched?
| Selling data? Employers access to your profile?
|
| Hiring _is_ their business and such a complete misunderstanding
| of the system and subsequent tone deaf responses (up until today)
| really make you question the entire thing. Or their grasp of
| hiring in general. Even with the best intentions, does make you
| worry.
| ratherbefuddled wrote:
| Well written apology but despite that I'd still be very concerned
| that a company entrusted with so much sensitive personal data can
| get this so wildly wrong and then also get the initial responses
| to the very predictable negative reaction so wrong.
|
| Did nobody in the room speak up? Is this a culture problem too?
|
| To have a chance at winning back trust these guys need to make
| deleting accounts instantly their next feature and make
| confidentiality the first priority in everything they do - and
| that means doing it not just marketing it.
|
| They probably also need to hire someone to tell the CEO "No!" the
| next time if nobody else is prepared to. It seems likely there
| will be a next time if this one didn't set off alarm bells.
| raymondgh wrote:
| Until we make crap like this illegal, companies will always be
| incentivized to abuse our rights -- even at the cost of their
| leaders' credibility.
| lisper wrote:
| How did you manage to submit this? I tried to submit it myself
| about the same time you did but got an error that the text could
| not be more than 2000 characters. How did you get past this
| limit?
___________________________________________________________________
(page generated 2020-05-25 23:00 UTC)