Read on Twitter
If you’re a software engineer and you’ve ever made a Triplebyte account, you need to read this thread and may want to act immediately to protect yourself. This is not a regular privacy update.
Up-front: I do not work at Triplebyte.
Triplebyte is a company intended to provide another way for software engineers to easily apply to jobs. Among other tasks, they do interviews with job candidates and send the results to other companies that are hiring.
Triplebyte is a company intended to provide another way for software engineers to easily apply to jobs. Among other tasks, they do interviews with job candidates and send the results to other companies that are hiring.
At 5:25 PM (Pacific time) on Friday, May 22, 2020, Triplebyte sent out an email.
The email included the following: “Just like LinkedIn, your profile will be publicly accessible with a dedicated URL...The new profiles will be launching publicly in 1 week...You can edit your profile privacy settings to not appear in public search engines at any time.”
There are several issues here we should look at. Let’s start with the big obvious one: public profiles.
With public profiles, it’s much easier for a nosy employer to see which employees are considering switching jobs. It leaves employees open to retaliation. There even exist third party services that search the internet for this exact purpose.
The job search involves trust and privacy. If profiles become public, it becomes substantially easier for others to see who is even *considering* a job move. That is not information you necessarily want public.
In addition, understand that Triplebyte’s change could easily put people in danger. What might another piece of information mean to potential stalkers constantly searching the internet for more information on their targets?
Second issue: this change is opt-out. If you missed this email, or if the email got caught in your spam filter, or you fail to take action within 1 week, then your profile will become public by default on May 29, 2020.
Let’s also look at the timing. Triplebyte sent the email on a Friday afternoon, after 5 PM in the US, right before a national holiday and 3-day weekend. During historic levels of unemployment and a pandemic.
I cannot be sure they deliberately picked *now* to send this email. I can only say that if someone wanted to sneak unethical updates under the radar, now would be a great time to do it, while everyone’s distracted.
Note also that you have only 1 week to act. If you only check your email again next Tuesday, that gives you only three days to read, understand, evaluate, and act on this tiny scrap of information buried under a pile of who knows what else in your email.
If you wish to not be public, here is one option: go to https://triplebyte.com/candidates/profile_builder and click “Visibility Settings” under Profile URL.
In your profile you can select that you are “Not interested in any new opportunities” to make your account invisible. However, you cannot make it invisible for more than 2 years. There is no “permanent invisible” option. See screenshot
You can also attempt to delete your account: https://triplebyte.com/privacy-center . However, the account deletion form says they *may* require government ID to proceed. Considering how this situation already looks from a privacy perspective, however...
(Note: a number of commenters have pointed out that they were able to delete their account in a timely manner without requiring ID. YMMV)
Triplebyte’s CEO made an appearance in the comments of this Hacker News post: https://news.ycombinator.com/item?id=23279837
Commenter yaacov says they agree with the other commenters that this is a betrayal of trust.
CEO Ammon’s reply opens with "Well, sorry that you feel this way."
You may observe that this is not actually an apology. https://news.ycombinator.com/item?id=23280220
See screenshot
CEO Ammon’s reply opens with "Well, sorry that you feel this way."
You may observe that this is not actually an apology. https://news.ycombinator.com/item?id=23280220
See screenshot
Ammon continues, "My view, building this, is that we're not displaying anything more private than hundreds of other companies."
ncallaway points out, correctly, that sometimes "employees would want to keep the fact that they have a Triplebyte account secret instead of public".
ncallaway points out, correctly, that sometimes "employees would want to keep the fact that they have a Triplebyte account secret instead of public".
I am NOT a lawyer, this is NOT legal advice. If necessary, you may find it helpful to speak to a lawyer, as well as become aware of GDPR and/or the California Consumer Privacy Act if it applies to you.
Please make the decision that makes the most sense for you, and best of health to you all.
