[HN Gopher] Patreon laid off their ENTIRE security team
___________________________________________________________________
Patreon laid off their ENTIRE security team
Author : BlackLotus89
Score : 103 points
Date : 2022-09-08 21:56 UTC (1 hours ago)
(HTM) web link (twitter.com)
(TXT) w3m dump (twitter.com)
| matrix_overload wrote:
| I think, a healthy dose of skepticism is in order. This news
| traces down to one LinkedIn post [0] from one person claiming
| that them "and the rest of the team" is no longer with the
| company and are looking for work.
|
| They have 3 clear motivations to exaggerate the situation:
|
| 1. Disgruntled employee wanting the employer to look dumb.
|
| 2. Oversensationalize the news to attract more attention to their
| "looking for a new job" message.
|
| 3. Oversell their role in the company in hopes of getting more
| interviews.
|
| For what it's worth, "me and the rest of the security team" could
| be one person with a handful on interns doing an experimental
| project in the security area. Like, trying to achieve 100% formal
| validation of a massive codebase, on top of existing engineering
| practices. Such ambitious projects do get axed at the first sign
| of a downturn, and it would not be a reason for panic.
|
| I would exercise caution and stick to quantifiable facts before
| concluding that Patreon is run by idiots.
|
| Patreon would, in turn, have a motivation to deny the layoff, so
| the truth is somewhere in between. A good independent metric
| would be other verifiable LinkedIn users confirming that they got
| sacked as well.
|
| [0] https://www.linkedin.com/posts/emetcalfe_opentowork-
| activity...
| NowhereMan wrote:
| Maybe I won't have to log in to Patreon every week now.
| nebula8804 wrote:
| The fact that I might have actually seen this person at DEFCON
| just a few weeks ago seems so cool to me. Its like my world on
| HackerNews is colliding with real life(for the first time). I
| wonder if this is how people feel when they meet celebrities?
|
| Also, that is one cool badge as their pinned post, I didn't see
| that one this year. I always miss out on the cool badges at
| DEFCON.
| datalopers wrote:
| So Patreon will announce a massive user data leak tomorrow?
| tartoran wrote:
| That's not unheard of, could be just prepping with the security
| team lay off. But it's mere speculation at this point
| ok_dad wrote:
| Unless the whole team was complicit and malicious, there's no
| need to fire them all for something like that. That would just
| performative and does nothing to fix any issues.
| jiveturkey wrote:
| well, how big is the ENTIRE security team? LinkedIn only shows up
| 4 people. Don't know what a typical percentage would be expected
| to show up there.
| golemotron wrote:
| I'm scratching my head that someone who does security and
| privacy as their job puts this out on Twitter. Aside from the
| messed up ethics, it's not a good look while job hunting.
| altruios wrote:
| that sounds like a royal fuck up... cleaning house is... unusual
| right... for an entire security department?
| dogman144 wrote:
| Security teams hedge risk and respond to realized risk
| (security incidents).
|
| Unless it is the fuck ups of all fuckups, companies that fire
| security teams for a security gap that got hacked will never be
| able to hire a security team again that's competent. They'll
| get people trying to break into the industry, but not capable
| vets.
|
| Behind 99% of security incidents is a lack of funding,
| staffing, or "no we have to deploy to prod soon, sorry." The
| very large sprawl that Series B -> pre-IPO sec teams have to
| address is staggering. Pre-IPO is usually the latest point that
| funding, staffing, support shows up.
| jiggawatts wrote:
| I've seen this happen once when there was an insider attack
| from within the IT department involving multiple staff.
|
| Instead of trying to figure out who the bad actors were and who
| could still be trusted, the directors simply fired everybody in
| the team.
|
| I was brought in as an outsider on the Friday evening to
| reverse engineer their passwords and basic network info so that
| they could continue to operate on Monday morning.
| isatty wrote:
| I have also seen a large security team gutted because of some
| royal fuckup. It was at a large-ish startup, but they
| retained enough people to operate day to day till
| replacements could be hired.
| Brian_K_White wrote:
| Funny how the same reasonable logic doesn't ever seem to
| apply to the people saying it.
|
| Those same directors are part of the same organization and
| are responsible for the actions of everyone under them. That
| responsibility is supposedly WHY they get to enjoy those big
| paychecks.
|
| But somehow "everyone involved has to go" still doesn't
| include them...
| maerF0x0 wrote:
| Rules for thee and not for me
| okdood64 wrote:
| > reverse engineer their passwords
|
| Elaborate?
| nebula8804 wrote:
| Go on...did you manage to keep operations running on Monday?
|
| Everyone else has all the cool stories meanwhile here I am
| aspiring to live Homer Simpson's lifestyle. Oh well.
| sleepybrett wrote:
| I've never worked at a company where the security
| department was actually key to uptime. Mostly they are
| responding to design proposals/consulting with engineering
| teams, responding to scanner alerts, etc.
| noodleman wrote:
| Normally, I'd first go with "So what did they do wrong?".
|
| But since it's the _security_ team, I 'm gonna go with Patreon is
| in dire financial straits and this is the tip of the iceberg.
| sleepybrett wrote:
| how could they not be rolling in cash. their product is not
| that sophisticated and i assume they take a decent haircut from
| every subscription. Seems like a money printing machine to me.
| nebula8804 wrote:
| Furthermore, if Patreon goes then a lot of indie people are
| royally screwed. So many demonetized Youtubers or people at
| risk of being booted depend on Patreon.
| jimbob45 wrote:
| SubscribeStar does basically the same thing, right? I
| imagine everyone would just move right over, business as
| usual.
| paranoidrobot wrote:
| It's not that straightforward.
|
| For the Creator, even if you exclude the things that
| interact with Patreon to do the benefit-management bits,
| you have to also do any KYC/Identity verification bits,
| re-setup account transfers.
|
| Then you need to reach out to all your supporters and
| convince them to move over. They're going to lose some
| percentage of those people -- how much is going to depend
| on the creator and the fanbase. Some people are just
| going to ignore it, every single one of them though are
| going to re-evaluate that math in their head as to
| whether they really want to continue supporting that
| person.
|
| Patreon also has major brand-awareness. Someone telling
| you to move over to SubscribeStar, Liberapay, Buy Me a
| Coffee or whatever might get a "This seems like a scam"
| type reaction.
| throwaway5959 wrote:
| I'm not sure if demonetized YouTubers going down is the end
| of the world.
|
| Edit: found the alt-righters
| nebula8804 wrote:
| Normally you'd think its just right wingers and yeah a
| lot of their garbage ends up demonetized but its also
| people that are pro-Union, anti-establishment (right wing
| and left wing), people who are anti-empire/anti-war/anti-
| Israel/Pro-palestine (Abby Martin for example). Craziest
| example I heard of recently is people who post anti-Tesla
| videos are getting attacked and demonetized by their
| fanboys.
| egypturnash wrote:
| The queer lefty independent webcomics scene leans on
| Patreon a lot too, I'm one of them.
| tartoran wrote:
| If there's a need in the market someone will step in and
| fill the void. Probably it's for the best if they don't get
| greedy and keep it simple, shave a bit as a fee and that's
| all.
| nebula8804 wrote:
| Tell that to Parler and the aftermath of their disastrous
| data leak. There needs to be more respect for the effort
| that goes into making well built online services. Turns
| out its much harder than a lot of people realize.
| shawn-butler wrote:
| OnlyFans is just waiting to be "legit"
| TillE wrote:
| I have faith in their ability to screw up a good thing for no
| reason.
|
| A couple years ago, they tried to change their whole payment
| system so each subscription was billed individually, racking
| up more fees for patrons. They kept defending it and
| _finally_ backed down at the last minute after a ton of their
| biggest creators yelled at them.
| simlevesque wrote:
| They serve videos. That can be easily more costly than the
| cut they get.
| bparsons wrote:
| Don't they use Vimeo?
| ZephyrBlu wrote:
| Patreon takes the lowest cut of any platform. Only something
| like 12% vs most others taking 20-30% or more.
|
| E: see this video https://youtu.be/bGvfYv5nzs0?t=138
| picardo wrote:
| > Seems like a money printing machine to me.
|
| Only if the creatives are making their money on _their
| platform_.
|
| Since Patreon's entire business model is based on taking a
| cut of the revenue artists make on their platform, they don't
| make money if the artists make money elsewhere. Many
| creatives use Patreon only for fan outreach, and sell
| merchandise outside of Patreon.
|
| If Patreon charged a fixed rate for their software, they
| could make more money, but they would lose the business of
| small creatives. That's the dilemma.
| dorkwood wrote:
| More people turning to things like Stable Diffusion instead
| of commissioning artists likely has an effect too.
| LegitShady wrote:
| Patreon has raised hundreds of millions (https://www.crunchba
| se.com/organization/patreon/company_fina... - according to
| this $414M in 10 rounds) in venture capital.
|
| Meanwhile in January they said they had taken in a total of
| $3.5 billion in creator lifetime funding. At lets say 8%
| average cut that means they've made a total of $280M in their
| whole history, although earlier accounts got grandfathered at
| the original 5% rate I think. We'll go with 8% to be
| generous. Even at 12% that means total lifetime income for
| patreon is $420M, around the same as their VC funding.
|
| Then they have to pay all the processing fees, their own
| development and operational staff, etc. Then they have to pay
| back their VC money.
|
| VC funding killed patreon.
| dagi3d wrote:
| you don't have pay back your vc's you raised from(unless
| you raised debt). another story is that their investors
| might have forced them to cut costs and make everything
| needed to become profitable as soon as possible.
| 6stringmerc wrote:
| That guy from Pomplamoose taking Patreon to VCs is what
| killed it.
| sailfast wrote:
| Good point. I also can't help but notice their CEO
| monetizes almost entirely on YouTube with scary pockets and
| other videos.
| robocat wrote:
| > VC funding killed patreon.
|
| A company is worth it's future cash flows. You are making
| an argument about the sunken costs which does have some
| relevance to individual funds.
|
| You don't get 10 rounds of investment without a convincing
| argument (or believable story) for future profitability at
| each round (even if some rounds turn out to be duds later).
| maerF0x0 wrote:
| > But since it's the security team, I'm gonna go with Patreon
| is in dire financial straits and this is the tip of the
| iceberg.
|
| a couple additional cases that can cause a security team to be
| laid off:
|
| 1. Outsourcing or Offshoring
|
| 2. evidence of significant corruption or incompetence within
| the team requiring a full reset
| midislack wrote:
| Didn't they also just steal the Flipper money?
| bagels wrote:
| Do you have any references for this? I've no idea who you're
| accusing (the employees or Patreon) or what Flipper money is.
| klyrs wrote:
| That's paypal
|
| https://news.ycombinator.com/item?id=32739950
| vouaobrasil wrote:
| Sounds rather scary but I would like to hear both sides of the
| story. I don't like guessing and passing judgment with basically
| a single sentence describing something that could have more to it
| than meets the eye.
___________________________________________________________________
(page generated 2022-09-08 23:00 UTC)