
A naughty CV hack - jlangenauer
http://howlingmob.net/pblog/2010/03/a-naughty-cv-trick/
======
tptacek
First, I'd get annoyed if I found you tried to bug a CV you sent me. I'd
definitely tell you not to send something like that to my clients.

Second, I think that while HTML resumes are a fine thing to post on your
website, they are a _terrible_ format for sending to a prospective employer.
You are virtually guaranteed that it will be mangled behind comprehension by
the time an interviewer gets it.

Don't send HTML resumes. Don't send DOC files. Send PDFs. Hiring managers
expect to have to read PDFs, they will print reliably, and they won't launch
MS Office when someone clicks on them. PDF. It's the way to go.

~~~
juliusdavies
tptacek, would you consider that a 'bug' even if you noticed it and carefully
traced it? I think I'd assume the guy previously referred to a CSS file but
now included it inline and forgot to remove the old <link type='text/css'>.
Maybe I'd be suspicious if python responded with headers that said, "hi this
is a python web server!". But linking to an empty CSS (or getting a 404 !)
would not ever raise my suspicions. That's part of its beauty!

Hmm, on 2nd thought, getting the server to send a 404 while tracking the
resume's travels is even more elegant.

I'd only be annoyed if in the interview he bragged about bugging the resume!!!

~~~
bluesmoon
it's easy to track 404s. They show up in your access logs. You can just post-
process the logs.

~~~
piranha
You can return 404 with python as well.

~~~
bluesmoon
but what's the point? you'll be taking up a whole bunch of CPU cycles on every
request when you can just use a fraction of the total once a day.

------
jedberg
Was anyone else really thrown off by the strange choices in bold and italic?

~~~
qeorge
Yes. At first I thought he was italicizing each mention of a programming
language, which is a nice idea. Then python was bold and not italic, and I
lost the thread.

------
chaosmachine
New startup idea: Google Analytics for Resumes.

~~~
beilabs
<http://www.trackmycv.com/>

------
ryanpetrich
He's worried about embedded viruses in .doc files but has no qualms about
adding tracking code to .html!?

~~~
ars
Do you seriously think those are at all similar?

------
jawn
While not as useful as this trick, I've setup analytics on my external facing
resume site, and it's been interesting to see the results.

It's been great for finding out how recruiters use google to search for
resumes, and to find out where open positions are in my area of expertise.

------
spudlyo
In the past I've just sent a link to my resume and looked at my access logs.
This has worked for me, but the printed results are often cringe worthy.

------
pbhjpbhj
Can't you trigger an "onload" type event in a PDF or simply attempt to load a
hidden image into your page from a tracking URL.

~~~
bluesmoon
it will ask the user for confirmation before attempting to reach out to the
web

------
dnsworks
This is also a fairly common way to track people down. I used something
similar, with an HTML email, to find an SEO shuyster who had defrauded a
friend. It helped prove he was in the country (despite his claims). It gave us
a good reason to try and setup a sting where instead of meeting a potential
customer, he was greeted by a process server.

Also a good reason why to never read HTML emails.

~~~
rbanffy
I remember the time when bugged or, worse, malware-carrying emails were
impossible. I even wrote an article on e-mail viruses circa 96.

Thanks, Microsoft, for making this too possible (by bundling HTML and
scriptable Word processing into mail viewers)...

