
TripleByte Public Profiles Response Email - twillin
https://pastebin.com/pt2pwVvQ
======
threatofrain
Ongoing discussion with CEO responding:

[https://news.ycombinator.com/item?id=23303037](https://news.ycombinator.com/item?id=23303037)

------
jorblumesea
Hiring _is_ their business. How they could not factor this in? The hiring
process requires a very high level of trust and discretion. Insane. Makes you
wonder what else is wrong there, from a culture/product standpoint.

------
twillin
I received this email from TripleByte today. Here's the full text:

There’s no other way to put this--I screwed up badly. On Friday evening, I
sent an email to you about a new feature called public Triplebyte profiles. We
failed to think through the effects of this feature on our community, and made
the profiles default public with an option to opt out. Many of you were
rightfully angry. I am truly sorry. As CEO, this is my fault. I made this
decision. Effective immediately, we are canceling this feature. You came to us
with the goal of landing a great software engineering job. As part of that,
you entrusted us with your personal, sensitive information, including both the
fact that you are job searching as well as the results of your assessments
with us. Launching a profile feature that would automatically make any of that
data public betrayed that trust. Rather than safeguarding the fact that you
are or were job searching, we threatened exposure. Current employers might
retaliate if they saw that you were job searching. You did not expect that any
personal information you’d given us, in the context of a private, secure job
search, would be used publicly without your explicit consent. I sincerely
apologize. It was my failure. So, what happened? How did I screw this up? I’ve
been asking myself this question a bunch over the past 48 hours. I can point
to two factors (which by no means excuse the decision). The first was that the
profiles as spec’d were an evolution of a feature we already had (Triplebyte
Certificates--these are not default public). I failed to see the significance
of “default public” in my head. The second factor was the speed we were trying
to move at to respond to the COVID recession. We’re a hiring company and
hiring is in crisis. The floor has fallen out on parts of our business, and
other parts are under unprecedented growth. We've been in a state of churn as
we quickly try various things to adapt. But I let myself get caught in this
rush and did not look critically enough at the features we were shipping.
Inexcusably, I ignored our users’ very real privacy concerns. This was a
breach of trust not only in the decision, but in my actual thought process.
The circumstances don’t excuse this. The privacy violation should have been
obvious to me from the beginning, and the fact that I did not see this coming
was a major failure on my part. Our mission at Triplebyte has always been to
build a background-blind hiring process. I graduated at the height of the
financial crisis as most companies were doing layoffs (similar to what many
recent-grads are experiencing today). My LinkedIn profile and resume had
nothing on them other than the name of a school few people had heard of. I
applied to over 100 jobs the summer after I graduated, and I remember just
never hearing back. I know that a lot of people are going through the same
thing right now. I finally got my first job at a company that had a coding
challenge rather than a resume screen. They cared about what I could do, not
what was on my resume. This was a foundational insight for me. It's still the
case today, though, that companies rely primarily on resume screens that don’t
pick up what most candidates can actually do--making the hiring problem much
worse than it needs to be. This is the problem we're trying to fix. We
believed that we could do so by building a better Linkedin profile that was
focused on your skills, rather than where you went to school, where you
worked, or who you knew. I still believe there's a need for something like
this. But to release it as a default public feature was not just a major
mistake, it was a betrayal. I'm ashamed and I'm sorry. Triplebyte can’t
function without the trust of the engineering community. Last Friday I lost a
big chunk of that trust. We’re now going to try to earn it back. I’m not sure
that’s fully possible, but we have to try. What I will do now is slow down,
take a step back, and learn the lessons I need to avoid repeating this. I
understand that cancelling this feature does not undo the harm. It’s only one
necessary step. Please let me know any other concerns or questions that I can
answer (replies to this email go to me). I am sorry to all of you for letting
you down. Sincerely, -Ammon

------
MintelIE
[https://web.archive.org/web/20200525173210/https://pastebin....](https://web.archive.org/web/20200525173210/https://pastebin.com/pt2pwVvQ)

Pastebin's locked behind Cloudflare and it won't work if you use Tor Browser
(which you should, for everything) so I fetched the link from archive.org. A
bit redundant thanks to twillin but the habit of linking to locked-off sites
should be broken.

~~~
colejohnson66
Not a snark; it’s a genuine question: What’s the point of using Tor if you’re
gonna be signed into a website? That deanonymizes you, no? Also, doesn’t Tor
have (relatively) huge latency and really slow speeds due to all the hops?

Tor has its uses; I just don’t see the point in uses it for everything.

~~~
MintelIE
I might sign into a web site willingly, but I might not want the perhaps
dozens of other companies' assets which I pull in also identifiying me, and
tracking my habits.

Why wouldn't one use it for everything? That would seriously damage the
Internet tracking industry, who after all is the Internet user's enemy or at
best, hostile adversary.

~~~
colejohnson66
You can hurt the internet tracking industry by just using uBlock and uMatrix

~~~
MintelIE
I already do, but I can hurt it even more by always using Tor Browser. Heck,
it's even fast enough these days to watch Youtube and handle torrents.

