
How to stop recruiters posing as applicants - ColinWright
https://twitter.com/richardhyland/status/328602096255512576/photo/1
======
asveikau
What I see here is one group of people (the company with the hiring page)
doing the standard "fun/playful/lightweight engineering task" that people have
been doing for years to filter applicants. Then some unrelated person tweets
that this will prevent recruiters posing as applicants. Now the HN thread is
assuming this is the only purpose and questioning if this problem is worth it.

Has it not occurred to anyone that what one dude says on twitter is the
primary purpose might not be so?

~~~
downandout
Whether or not they had recruiters posing as applicants in mind when designing
this, it doesn't change the fact that this particular task is ill advised. The
first person that becomes remotely disenchanted with them will flood them with
random applications. I'd bet almost anything that they will have to scrap this
exercise and start over.

~~~
rickhanlonii
I disagree. Were it to become a problem, it would be trivial to deal with an
application flood.

Among many options, provide a unique 'application key' on the instructions
page which expires after first use. If you're really concerned, or it becomes
a problem, just add a Captcha-like requirement to get your application key.

Besides, as asveikau points out, the risk is no different than any other
application acceptance system. Take applications by mail? Fine, I'll buy a
roll of stamps and make a few stops to the post office.

~~~
downandout
<http://www.de-captcher.com/> \- have 1,000 Captchas solved through their API
for $2. Captchas haven't been a reliable anti-spam solution for years.

~~~
rickhanlonii
Considering that I said "Captcha-like," don't you think you're missing my
point altogether?

------
diminoten
Am I the only one who finds the phrase "json encoded hash"... inaccurate?
Maybe someone can enlighten me, but is JSON really an "encoding"?

And what exactly do they mean by "hash"? They want the JSON to be a fixed
length? How would you like my JSON hashed? How are you going to pull my data
out of the hash?

And as a 'field' called response? Don't they mean, "as the value of a field
called response"?

Is this part of the test, deciphering the jargon soup? Because if I'm
understanding this correctly, a _bunch_ of terms just got misused in a very
short sentence, which would put me off of applying here.

~~~
cperciva
"hash" = "hash table" = "associative array" (even if the implementation used
by the language is not, in fact, a hash table)

~~~
diminoten
Okay that's fair but... ugh. Unnecessary.

~~~
rickhanlonii
That was my initial reaction, and then I thought that they may be just trying
to obfuscate the process a bit. The more "technical" terms they use, the more
they deter non-target applicants.

Though, being too pedantic is certainly risks deterring the target applicants.

~~~
yunu_ng
No, you're confused. Nobody is saying they are being pedantic. Everyone is
saying the opposite - they are being sloppy and non-technical with their
terms.

~~~
rickhanlonii
I don't believe I am, since JSON is a hash by definition. It is
characteristically technical.

------
downandout
I wasn't aware that this was even a problem. I would think that using a tactic
like this would immediately turn any contacts they made into enemies,
rendering this a futile exercise. They also effectively made an API for anyone
that feels like flooding them with millions of applications containing random
data. All in all, like a cold medication that happens to cause cancer, I'd say
this is a solution to a small problem that opens the door to dramatically
larger problems.

~~~
hkmurakami
I'm guessing the logic might be that there's a certain percentage chance that
once communications are open with the hiring manager, the recruiter may be
able to talk his/her way into getting the hiring manager to look at some of
the recruiter's candidates.

From an EV perspective:

    
    
      Contacting company as a recruiter: 0% or very low % of success
     
      Posing as an applicant at first: 
      - x% chance of initial reply from hiring manager
      - y% chance of "conversion" of manager into "client"
      - x*y is perceived to be greater than other options
    

I imagine that the recruiter can either, (a) submit a "real" resume that
he/she has, or (b) submit a "fake" resume that looks really good, eliciting a
response, then bait and switching to a different "real" candidate, saying that
the initial one is no longer available.

------
jon-wood
Well this would explain why my phone has been going crazy all evening!

I'm the person who put this process in place for Hubbub (which incidently is a
great place to work, you should apply). I'll quickly skim through comments and
post some answers now, but it's 0014 here so I'll probably catch up with the
rest tomorrow. If you have any questions feel free to drop us a line on
developers@hubbub.co.uk (unless you're a recruiter!)

As a final note, we have much more detail at
<http://developers.hubbub.co.uk/>, including information about the year's
supply of bacon on offer to both successful applicants and the people who
referred them.

~~~
GhotiFish
You mean to tell me that if I work for you, you'll supply me with bacon, for a
year?

I can't tell if you are making a pun. If you are, it's a good pun.

~~~
jon-wood
I mean literally. One of the perks is a year's supply of bacon, as in smoked
back bacon from pigs. Specifically some of the best bred pigs in the UK!

------
shubb
Just like you wouldn't make it hard to pay for your product, I think making it
hard to apply for jobs at your company is a bad move.

Because most people are applying to a 'better' job than the one they have now
(Cooler? More money? More responsibility?), they know that most initial
applications will come to nothing.

If you believe your CV will get a reply 1/5th of the time, spending more than
the 5 minutes it takes to send over a slightly customized CV is foolish. There
are a lot of other people that don't require this much effort. Time is better
spent writing to them.

This is going to get plenty of replies, because it's on Hacker News, but if it
was getting the traffic more organically (i.e. if this was widespread), I'm
not sure it would get a single one.

Yeah sure, for the applicant he wants, this is solved with, notepad, curl, 10
minutes, but it's still more effort than emailing it to his rival.

~~~
jon-wood
We put this in place to automate the screening of applicants after our first
round of advertising yielded a glut of people who could barely write code, and
no one who was actually worth taking past a phone screen.

Since then we've been receiving applications of a far higher calibre, and many
applicants who went onto a full interview after phone screening. We definitely
receive fewer applicants, but that's a trade off we're willing to make.

------
t0
I've seen a few of these before. Here's an interesting one if you can figure
it out.
[http://web.archive.org/web/20120722010228/http://forrst.com/...](http://web.archive.org/web/20120722010228/http://forrst.com/jobs/details/305-PUT_thetalented_me_at_work_Social_Media_Developer)

~~~
runarb
Google had a nice one back in 2004 also:
[http://articles.businessinsider.com/2011-07-22/tech/30049105...](http://articles.businessinsider.com/2011-07-22/tech/30049105_1_innovation-
problem-website)

But probably wouldn't work so good today. The first one to find the solution
would probably post it on twitter, then the recruiters could follow :)

~~~
jon-wood
Great example - Google's billboard ads were the inspiration when I put this
together.

------
jiggy2011
Yep, because a recruiter couldn't pay someone $5 to beat this.

~~~
civilian
Developers often cost $100/hr. It'd take at least half an hour to teach a
recruiter how to use Postman. I think you're off by an order of magnitude.

It also has the precondition that the recruiter is willing to learn.

~~~
jiggy2011
Just wrote a python script to do this in ~3 minutes (will resist urge to post
source code) for recruiters who know how to use the command line.

Would take me another ~3-5 to build a web front-end in flask.

So let's call it 10 minutes all in.

At $100 per hour that is $16. And you can get developers who would be capable
of doing this for _way_ less than $100 per hour (like $10 per hour) so $5 is
about right.

------
aquarion
A few jobs back we did something similar, and posted in the ad that people
could apply by solving <http://unhelpfulclue.aqxs.net/lookup.php> (Resulting
email changed)

Technical tests before screening appear to be getting more common. Currently
job-seeking, I'm getting a little frustrated by the number of times I have to
prove that I can actually implement variants of Fizz Buzz. It'd be nice if I
could submit a link to a previously completed Codility test or something...

(Yeah, it'd be nice if they accepted Github links or something as proof of
technical competence, but as someone on the other side I don't really want to
have to validate a hundred random OSS projects and check the province of the
code in them)

------
lucb1e
Recruiters pose as applicants? What for?

~~~
bdcravens
To communicate with a hiring manager that otherwise might not give them the
time of day.

Flip side of posting fake jobs to get resumes.

~~~
lucb1e
I'm afraid I still don't get it. A recruiter wants to contact someone managing
hiring in some company (or his own company)? How does posting a fake
application help, it'll be found out in no-time..?

~~~
flexxaeon
I don't think they pose as applicants as much as they use the contact method
(usually email) to solicit their services, even sometimes ignoring when the
hiring company specifically says "please no recruiters." If they are posing,
it would be pretty easy as well, as they could send in resumes & CV's of job
seekers they represent.

Recruiters also pose as companies posting 'jobs', and from what I've seen when
looking for gigs it's likely they solicit in the other direction as well. How
low they sink, who knows.

------
leeny
Wait, why do recruiters pose as applicants? Is this a common problem?

Also, Parse (and a few other companies whose names escape me now) have been
doing this for a while. <https://parse.com/jobs> (scroll down to "Apply to
Parse!")

------
windsurfer

        Your post advocates a
        
        (X) technical ( ) legislative ( ) market-based ( ) vigilante
        
        approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
        
        ( ) Spammers can easily use it to harvest email addresses
        ( ) Mailing lists and other legitimate email uses would be affected
        ( ) No one will be able to find the guy or collect the money
        ( ) It is defenseless against brute force attacks
        (X) It will stop spam for two weeks and then we'll be stuck with it
        ( ) Users of email will not put up with it
        ( ) Microsoft will not put up with it
        ( ) The police will not put up with it
        ( ) Requires too much cooperation from spammers
        ( ) Requires immediate total cooperation from everybody at once
        (X) Many email users cannot afford to lose business or alienate potential employers
        ( ) Spammers don't care about invalid addresses in their lists
        ( ) Anyone could anonymously destroy anyone else's career or business
        
        Specifically, your plan fails to account for
        
        ( ) Laws expressly prohibiting it
        ( ) Lack of centrally controlling authority for email
        ( ) Open relays in foreign countries
        ( ) Ease of searching tiny alphanumeric address space of all email addresses
        (X) Asshats
        ( ) Jurisdictional problems
        ( ) Unpopularity of weird new taxes
        ( ) Public reluctance to accept weird new forms of money
        (X) Huge existing software investment in SMTP
        ( ) Susceptibility of protocols other than SMTP to attack
        ( ) Willingness of users to install OS patches received by email
        ( ) Armies of worm riddled broadband-connected Windows boxes
        (X) Eternal arms race involved in all filtering approaches
        (X) Extreme profitability of spam
        ( ) Joe jobs and/or identity theft
        ( ) Technically illiterate politicians
        ( ) Extreme stupidity on the part of people who do business with spammers
        (X) Dishonesty on the part of spammers themselves
        ( ) Bandwidth costs that are unaffected by client filtering
        ( ) Outlook
        
        and the following philosophical objections may also apply:
        
        (X) Ideas similar to yours are easy to come up with, yet none have ever
        been shown practical
        ( ) Any scheme based on opt-out is unacceptable
        ( ) SMTP headers should not be the subject of legislation
        ( ) Blacklists suck
        ( ) Whitelists suck
        ( ) We should be able to talk about Viagra without being censored
        ( ) Countermeasures should not involve wire fraud or credit card fraud
        ( ) Countermeasures should not involve sabotage of public networks
        ( ) Countermeasures must work if phased in gradually
        ( ) Sending email should be free
        ( ) Why should we have to trust you and your servers?
        ( ) Incompatiblity with open source or open source licenses
        ( ) Feel-good measures do nothing to solve the problem
        ( ) Temporary/one-time email addresses are cumbersome
        ( ) I don't want the government reading my email
        ( ) Killing them that way is not slow and painful enough
        
        Furthermore, this is what I think about you:
        
        (X) Sorry dude, but I don't think it would work.
        ( ) This is a stupid idea, and you're a stupid person for suggesting it.
        ( ) Nice try, assh0le! I'm going to find out where you live and burn your
        house down!

