

Show HN: Quick and anonymous salary "surveys" at lunch - narcissus
http://www.salarysecret.com

======
narcissus
Hi all,

I made this site for the situation where you and your colleagues are all at
lunch and the discussion of salary comes up. While a lot of people don't feel
comfortable discussing specific numbers, they're all still curious :) So this
site lets someone start a 'secret' with just a few clicks (no registration
etc.). That 'secret' has a code that other people can enter on the site, too,
and then by telling the site your salary it will show everyone on that secret
the minimum, maximum and average salaries.

As per the 'privacy' page, I'm not storing any personal information... it is
anonymous.

It was also a good chance for me to learn Silex (the PHP "micro-framework")
and Twitter Bootstrap (though not so well), practice 'progressive
enhancements' with Javascript and play with PaaS via Openshift.

Anyway, thanks for any feedback, flames or criticisms...

~~~
macobo
Are you familiar with the Millionaires' problem? [1]

There's an easy solution when you're looking for an average salary (and
everyone doesn't mind doing a little bit of calculation). The first person
thinks of a random number, adds his salary to it and tells it to the person on
his/her right (so noone else hears!). The next one adds his salary and tells
it to the next person and so on. When it re-reaches the first person, he then
subtracts the original random number. The result is the sum of their salaries,
which can then be divided to yield an average. All done in a way that no one
person learns what the salary of any other person was.

[1]: <http://en.wikipedia.org/wiki/Yaos_Millionaires_Problem> (link sadly
broken by HN url parsing?)

~~~
narcissus
I have actually heard of this process before. In fact, it was this 'problem'
that originally made me think of the site, but then I realised that if I'm
doing in online, I may as well automate it a bit and came to this 'solution'.

That is to say, I'm all for people doing it that way if they like. If,
however, they'd rather use an 'app' or whatever, then they're more than
welcome to use this.

------
thirdstation
Say I wanted to know your salary. I could start a secret and enter the minimum
minus one before I send you the link.

Is there a way to prevent this sort of scenario while letting the service
remain anonymous?

~~~
narcissus
That's a good point and not something I had thought about to be honest. I
guess the whole "bad actor" thing didn't play into how I expected the site to
be used. Which is a terrible response, I know!

Out of curiosity, are there ways I wonder to actually try and stop this? I
mean there are obviously ways to deter it, but is there a way to stop it
outright I wonder? I'd have to guess no, but then again, I am definitely not
the right person to think about this.

~~~
aiiane
You can display the # of items already entered and the timestamps they were
entered at (but not the values). It's not perfect, but it would help eliminate
the "pre-loading" attack. However, that still leaves the "post-loading"
attack, where you send someone a blank link, and then afterwards, fill in the
other entries with known values.

~~~
hmsimha
This (and the other suggestion by zerr) still leave the potential for someone
to create multiple false 'minimum' datapoints, then target one of their
coworkers to find out their salary.

~~~
aiiane
Yeah, it's not at all foolproof or even great. I don't think there's really a
good solution that still provides true anonymity, since the only way to
prevent box-stuffing is to actually restrict people to one entry per real
person (and that generally requires a more involved real-world authentication
process).

------
troygoode
I started a "secret" here (for up to 25 of us) to give this thing a test
drive:

<http://www.salarysecret.com/continue/36-teputo13>

~~~
ipince
<http://www.salarysecret.com/continue/358-ratoru54>

------
therandomguy
Great idea. Why not make the code easier? Start with three letter dictionary
words, then four, so on till about eight. Then restart with non-dictionary.

Now regarding knowing friend's salaries; From personal experience I can now
say that it is not a good thing. I come from a culture where salary is not
well kept secret and you usually know your friend's. This leads to a constant
state of discontent unless a] You are on the top b] you are the type of person
that can factor in intangibles well (hint: most people are not).

You might be working on a really good project, but the next day you arrive at
work you will sit there sipping coffee and thinking how come my buddy is
earning double working on a iFart app?

~~~
fxthea
That's probably a good thing, no? You probably feel discontent because your
mind is telling you that you should do something about the situation. Either
correct the injustice if it is an injustice or invest in yourself more to put
yourself in a situation where you can be earning more. If you are a company
where the workforce is in high demand and you are not paying your employees
enough to stop them from thinking about these situations then you are going to
start slowly but surely swapping out top talent for mediocre talent.

~~~
therandomguy
My take is that everyone should be always aware of their market value (the
reasons for which you have stated). Friend's salary (especially in different
domains), I'm not so sure.

------
run4yourlives
One of the main issues I see with this is that people lie.

They lie so much, that almost everyone in HR completely discounts employee
based salary data. Instead, if they need to understand what a market rate is
for a salary, they ask _employers_ what they are paying, since to them it is
just another expense.

Talk to anyone worth anything in HR and they will echo exactly what I said.
You may as well guess what your buddy is being paid, because whatever they
tell you is never going to be accurate enough to provide you with an informed
opinion.

~~~
narcissus
Yeah, so I guess the site doesn't make its "raison d'etre" very clear. If I'm
at lunch with my mates, and we are discussing salaries, and there's a way for
us to anonymously give each other an idea of how much we're all making, well,
I trust them enough not to lie. That's also partly why I'm shooting for
"really simple to set up and add to".

Any other use of the site is going to be gamed. I agree.

~~~
run4yourlives
_give each other an idea of how much we're all making, well, I trust them
enough not to lie_

You shouldn't, because they will. Pride is a horrible thing.

------
thirdstation
This is a neat idea. I like that you didn't choose to implement another todo
list in order to experiment with a new framework.

I think the wording of "continue a secret" is a little confusing. I appreciate
the brevity but maybe "participate in a secret" would be more accurate. "Share
a secret" sounds nice -- because that's what we do with secrets :-) But, it
might get confused with the sharing of that particular secret code instead.

On a UI note, having to click on the help icon to dismiss the pop-up was a
little annoying.

~~~
narcissus
Thanks for the feedback. I agree that the wording of that middle part is a bit
dodgy... I think it's time I pulled out me thesaurus :)

Thanks for the reminder about the popup. I did that part right at the start
and kept telling myself I needed to go back to it. I can work on that tonight.
Thanks!

------
mikegagnon
Cool idea. I'm wondering if there's a way to implement this system without
having to rely on trusting the server with your data. Homomorphic encryption
seems like it could be useful in this context, since the data is small.

~~~
swalberg
If all you care about is the mean, I think it was Applied Cryptography that
suggested:

1\. First person picks a random number and adds it to their salary. Writes it
down ands hands it to the next person. 2\. Next person adds their salary to
that number and writes it down on a new note, hands to the next person. 3\.
When the first person gets the note, subtract the original number and divide
by number of people.

~~~
NegativeK
It was definitely mentioned there, and that was what I was expecting.

That method requires that there's no collaboration to remain secure.

------
rglullis
Hey! This looks eerily familiar to <http://salaryshare.me>. :)

~~~
narcissus
Definitely the same concept. I had no doubt that this idea wasn't already
done, but it was just one of those random itches I wanted to scratch :)

~~~
rglullis
If you have any interest in working with Python (Django, or any other
reasonably modern framework), I would be totally okay with open sourcing my
code and developing this further. You should take a look at my original
announcement [1] thread: there are some good ideas in there.

In the end, I didn't work more on it because I was really busy at the time
with my real startup, and I saw no real interesting way to compete with
Glassdoor. Plus, I got sort of pissed that all the publicity (articles on TC,
MSN Money and ABC news) we got was co-opted by the Glassdoor PR people.

[1]: <https://news.ycombinator.com/item?id=2441888>

~~~
avree
Hey man—just wanted to let you know about a typo on salaryshare.me. It says
"No punctuaction." when entering a salary.

~~~
rglullis
Thank you. Should be fixed now.

------
artax77
good idea to help people gauge how well (or not) they're doing salary wise.

is there a control to prevent too few minimum participants, which would make
it more obvious whose numbers are whose?

the interface could be more graphical, less text heavy.

~~~
narcissus
Thanks artax77. At the moment it does require at least 3 people to participate
and/or to reveal the end values. I think mathematically that's the minimum,
though it probably should be pushed up to 4 or 5, you're right.

I agree that the UI could be more graphical... unfortunately I totally suck at
the UI side of things. That, I think, I'm going to just have to let slide for
now :(

Thanks!

~~~
artax77
i do too, just learning little by little. cool project though, interesting
points raised by other commenters.

