
Tell HN: Triplebyte reverses, emails apology - trianx
This just landed in my inbox. The discussion on hackernews (<a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=23279837" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=23279837</a>) surely helped Triplebyte understand that it was a mistake to create public profiles of their users by default:<p>Email by Triplebyte CEO, Ammon:
---<p>Hi xxxxx,<p>There’s no other way to put this--I screwed up badly. On Friday evening, I sent an email to you about a new feature called public Triplebyte profiles. We failed to think through the effects of this feature on our community, and made the profiles default public with an option to opt out. Many of you were rightfully angry. I am truly sorry. As CEO, this is my fault. I made this decision. Effective immediately, we are canceling this feature.<p>You came to us with the goal of landing a great software engineering job. As part of that, you entrusted us with your personal, sensitive information, including both the fact that you are job searching as well as the results of your assessments with us. Launching a profile feature that would automatically make any of that data public betrayed that trust.<p>Rather than safeguarding the fact that you are or were job searching, we threatened exposure. Current employers might retaliate if they saw that you were job searching. You did not expect that any personal information you’d given us, in the context of a private, secure job search, would be used publicly without your explicit consent. I sincerely apologize. It was my failure.<p>So, what happened? How did I screw this up? I’ve been asking myself this question a bunch over the past 48 hours. I can point to two factors (which by no means excuse the decision). The first was that the profiles as spec’d were an evolution of a feature we already had (Triplebyte Certificates--these are not default public). I failed to see the significance of “default public” in my head. The second factor was the speed we were trying to move at to respond to the COVID recession. We’re a hiring company and hiring is in crisis. The floor has fallen out on parts of our business, and other parts are under unprecedented growth. We&#x27;ve been in a state of churn as we quickly try various things to adapt. But I let myself get caught in this rush and did not look critically enough at the features we were shipping. Inexcusably, I ignored our users’ very real privacy concerns. This was a breach of trust not only in the decision, but in my actual thought process. The circumstances don’t excuse this. The privacy violation should have been obvious to me from the beginning, and the fact that I did not see this coming was a major failure on my part.<p>Our mission at Triplebyte has always been to build a background-blind hiring process. I graduated at the height of the financial crisis as most companies were doing layoffs (similar to what many recent-grads are experiencing today). My LinkedIn profile and resume had nothing on them other than the name of a school few people had heard of. I applied to over 100 jobs the summer after I graduated, and I remember just never hearing back. I know that a lot of people are going through the same thing right now. I finally got my first job at a company that had a coding challenge rather than a resume screen. They cared about what I could do, not what was on my resume. This was a foundational insight for me. It&#x27;s still the case today, though, that companies rely primarily on resume screens that don’t pick up what most candidates can actually do--making the hiring problem much worse than it needs to be. This is the problem we&#x27;re trying to fix.<p>We believed that we could do so by building a better Linkedin profile that was focused on your skills, rather than where you went to school, where you worked, or who you knew. I still believe there&#x27;s a need for something like this. But to release it as a default public feature was not just a major mistake, it was a betrayal. I&#x27;m ashamed and I&#x27;m sorry.<p>Triplebyte can’t function without the trust of the engineering community. Last Friday I lost a big chunk of that trust. We’re now going to try to earn it back. I’m not sure that’s fully possible, but we have to try. What I will do now is slow down, take a step back, and learn the lessons I need to avoid repeating this.<p>I understand that cancelling this feature does not undo the harm. It’s only one necessary step. Please let me know any other concerns or questions that I can answer (replies to this email go to me). I am sorry to all of you for letting you down.<p>Sincerely,<p>-Ammon
======
dang
All: this thread has more than one page of comments. If you click the More
link at the bottom you'll get to the others. I post this reminder because
confusion appeared
([https://news.ycombinator.com/item?id=23306062](https://news.ycombinator.com/item?id=23306062)).
We hope to go back to single-page threads as soon as some performance
improvements are ready. Previous explanations are at
[https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...](https://hn.algolia.com/?dateRange=all&page=0&prefix=true&query=by%3Adang%20paginat&sort=byDate&type=comment).

------
photonios
I am not an active Triplebyte user, but I have an account and followed the
thread(s).

This e-mail (which I also got) seems like a heartfelt apology. They fucked up,
realized it and turned the ship around. They listened and that's what counts
for me. They listened to the negative feedback and responded to it.

Some comments around here are extremely negative of the whole situation. More
negative than I think they deserve. They could've pushed through and ignored
all the feedback they got. They didn't, and that's enough for to show the
company and its CEO isn't utterly rotten.

@ammon Thanks for listening and participating in the discussions on HN. You
made a mistake, but the fact that you responded is enough for me to put my
trust in Triplebyte in the future if the need arises.

~~~
mosselman
> This e-mail (which I also got) seems like a heartfelt apology.

Even if it is heartfelt, I'd argue that if no alarm bells went off internally
when they were discussing this feature, they are not the group of people to
entrust with information such as this.

~~~
akerl_
Given the prevalence of comments like this, I wonder why any company would
ever bother offering an apology or retraction.

As soon as a company does something that a chunk of people on the internet
don’t agree with, there’s really no way out. They’re going to get bad press
regardless of whether they retract, whether they apologize, and whether they
say they’re taking actions to avoid the sequence that led to the action in
question.

But alongside that, for every time the internet mob has risen up over a
company’s action, very few companies seem to have experienced major long term
effects. I bet everybody knows a few people who have quit Facebook/GitHub, or
who rage about Oracle business practices or MongoDB stability, but these
companies still manage to keep trucking along.

In light of this, I’m mostly surprised that Triplebyte bothered apologizing;
it seems unlikely to do them any good, and it’s unclear to me whether
continuing course would have actually done as much harm to their bottom line
as the prior Hackernews thread appeared to indicate.

~~~
mrmr1993
The current position is "sorry for breaking your trust, please trust us". It's
hard to find it compelling.

> Given the prevalence of comments like this, I wonder why any company would
> ever bother offering an apology or retraction.

To project my own opinion onto others: these comments are warranted because an
apology has no actual value. The fact remains that Triplebytes can still do
this if they wish to, and they are constrained only by what they can manage to
slip past their users.

There's a stark asymmetry in the digital space, where service providers are
protected by the legal language in their TOS or EULA, but the users have to
trust that the service provider will not act outside their interests, and with
no recourse. By contrast, in a normal contract negotiation, there will be an
opportunity for both sides to ammend the contract to better serve their
interests.

If Triplebytes wanted to show that they will not attempt to do this again,
they could break this asymmetry and constrain themselves in their user
contract, accepting all resulting liability or specifying concrete penalties
if they do persue this route in the future. An apology is just a meaningless
PR exercise.

~~~
Aeolun
> The current position is "sorry for breaking your trust, please trust us".
> It's hard to find it compelling.

Why is this a hard thing to do? It’s literally what everyone who ever messes
something up is asking you to do.

Just because someone once committed a broken build, doesn’t mean I’ll never
again trust them with access.

It’s argubly more like “sorry for being a moron, but I hear you. Please give
us another chance”?

~~~
didibus
Break the build, okay we give you a second chance, delete the database and all
backups when you were hired as the DBA? You're probably going to be looking
for another job.

~~~
didibus
Lol did this actually happen to more people then I'd assume? Anyone got a
good: IAMA dba that deleted all our data?

~~~
erikbye
Ask Gitlab.

------
lmeyerov
Good lesson for other founders here. Early on nobody knows you, but as soon as
they do, you'll need to have chosen if you're on the trust-and-brand-building
marathon or not. By default, if you do nothing, you're building up to an
explosion like this that can take years to recover from.

How did the CEO, the board, the sales team, the marketing team, customer
support team, and the engineering team all fail to notice and act on a gross
privacy breach? How will that change?

It's good the CEO is starting to take responsibility, but an apology letter is
roughly, apology, acknowledgement, explanation, and plan to fix / prevent
repeat. I see a lot of "I...", but no post-mortem on how the internal culture
they've built encouraged breach of trust & privacy in favor of growth numbers,
and if/how that'll change top-to-bottom. For now, it remains, "I'm sorry you
caught me and made me feel like the bad person I don't think of myself as."
Once you think of systems and culture, and start tracing through the dark
patterns around the launch and the scope of the initiative, things get
uncomfortable. Hiring, on-boarding, feature planning, feature reviews,
personal responsibility, feature ownership, management prioritization, trust &
safety oversight... .

~~~
wolfgang42
Ammon says a postmortem is in the works:
[https://news.ycombinator.com/item?id=23304127](https://news.ycombinator.com/item?id=23304127)

~~~
lmeyerov
Yes, I was responding to the apology. This should have been part of it, and is
part of the lesson to founders. If you are in position of responsibility,
mistakes are inevitable, and so is having to correctly apologize. (I learned
the hard way.)

This incident is about a self-inflicted customer data breach. As it surprised
the CEO, it suggests a full-company culture & governance issue, and is hard to
be reactive about. Even when things are going well, customer responsibility &
data protection should be a constant and non-obvious responsibility _for
everyone_ as soon as anything like marketing, sales, engineering, hiring,
delegation, etc. gets interesting. A _lot_ of people are involved in a major
move like this and the governance structures that inform them. Think their VCs
/ VPs / managers / etc either signing off... or not caring.

And again, I'm writing this more as a warning for other founders. Building a
culture is a constant marathon, and it's way harder to fix one. (For the CEO:
I'd consult with a few folks knowledgeable about communicating apologies ASAP,
esp. before any further unvetted public comms, and for longer-term, get
regular external advisors + directly responsible internal leaders for fixing
culture + security, and rethink why multiple internal leaders failed in both.
But that's super generic.)

------
JoeCortopassi
One of two things happened:

1\. Triplebyte attempted a big move against LinkedIn, tried to ease the blow
to users by dumping on a Friday before memorial day weekend

2\. Triplebyte, the company built around helping people find jobs, truthfully
didn't understand that people might have concerns about their current
companies knowing they are job-hunting

It's pretty obvious it's #1, and that opt-out rather than opt-in was the only
way it would gain the critical mass needed. The outcry hit critical mass and
now they need to walk it back, until they have a different strategy for re-
segmenting LinkedIn's market

~~~
ammon
I'd say it was both. I wanted to move against LinkedIn profiles, I thought
that opt-out was the way to get critical mass, and I screwed up and did not
realize how large a privacy violation this was.

~~~
krn
> I thought that opt-out was the way to get critical mass

But what about following every dark pattern in the book to prevent people from
actually opting out[1][2]? There was not even an option to opt-out
indefinitely.

It seemed like an extremely carefully engineered effort to trick the users.
How can something like this be considered "unintentional"?

[1]
[https://news.ycombinator.com/item?id=23280040](https://news.ycombinator.com/item?id=23280040)

[2]
[https://news.ycombinator.com/item?id=23283237](https://news.ycombinator.com/item?id=23283237)

~~~
skinkestek
Regarding [2] This is extremely bad, like Google+ forced-real-name-policies
bad..!

(For those who wonder: that and the Buzz incident made lots of people hate or
at least distrust Google.)

Why why why do companies do this?

During the last 6 months I've stopped logging into Stack Overflow. It is a
nice resource but for me it is read only for now because they messed up so
hard - and refused to come up with a real apology.

Same goes for Quora: they betrayed us hard by trying to tell everyone what we
were looking at. (Edit: next sentence added later:) Now imagine you've been
reading up about health issues and realize it is suddenly on your profile.
Still now, many years later I shun them as they haven't as far as I see come
clean.

In some cases, if it get caught early enough, just saying: "we messed up,
sorry, here's what we will do:" can be enough.

In other cases - where there are layers of bad patterns, lies and contempt for
users and volunteers I actively want to punish them until they start behaving.

Quora (broadcasting sensitive information), Google (trying to kill the web,
insulting me with insanely misplaced ads for years, trying to kill Firefox),
Stack Overflow all goes on my list of companies that I actively work against,
but I guess only until I see real change ;-)

~~~
AlexCoventry
I think I missed the SO news. What happened there?

~~~
skinkestek
They kicked a mod (Monica) who dared to ask questions about the implementation
of their new policy regarding gender words.

IIRC Monica asked if would be OK if she (or someone else?) wrote in a way that
sidestepped the whole issue, for example by writing about "the user" instead
of "he and/or she".

Again IIRC they leaked information to newspapers, misrepresented the case and
issued one or more non-apologies before trying to pretend nothing had
happened.

~~~
AgentME
Is it really surprising that a moderator, who is meant to be enforcing the
rules, protesting a "respect trans people's pronouns" rule with "what if I
just stop using pronouns" didn't go well for them? StackOverflow should pick
moderators that respect the spirit of the rules they're going to be enforcing.

~~~
__blockcipher__
You should read more about the situation. I think your take is quite naive,
frankly.

And why it became okay to compel someone to use a certain pronoun as opposed
to compelling them to _not misgender_ is absolute lunacy. Monica wanted to
write her sentences in a way that did not require pronouns period, and they
decided that was not okay. Not to mention all the mud-dragging and character
assassination they pulled.

I’m on mobile so won’t dig up the link but go find what Monica wrote on it

~~~
judge2020
This is the best high-level overview:
[https://meta.stackexchange.com/a/334417/302954](https://meta.stackexchange.com/a/334417/302954)

------
minimaxir
One question that wasn’t addressed in the response: if the CEO did not realize
that implementing the feature would be bad for users, then why did the company
announce the feature as an email footnote at 5PM Friday before a holiday
weekend, which is when bad news typically drops?

~~~
ammon
The Friday announcement was a result of us pushing to get the profile toggle
feature out that the email linked to, and shipping late. Not something I'm
proud of (either from an eng management perspective, or, more importantly,
from a not violating the trust of our users perspective). It was a rushed
schedule. In hindsight I see that the timing of the Friday announcement is
ALSO a problem.

~~~
camjohnson26
Unfortunately the most vocal people are the only ones you’re hearing. I got
the email and didn’t really care. My angel.co and LinkedIn are already public,
why not Triplebyte too, especially if it raises my market value.

Haters gonna hate and I wouldn’t take it too seriously.

~~~
GordonS
> My angel.co and LinkedIn are already public, why not Triplebyte too

Because you opted in to creating those profiles and the information they
contain, and made them public. You _opted in_.

~~~
camjohnson26
It was wrong not to make it opt in but not deserving of the level of hate
they’re getting for the decision. The big tech companies do things every day
that are much more damaging to your privacy and they don’t send you an email
telling you. LinkedIn’s spam marketing in the early days was downright
scandalous.

I’ve always found Triplebyte open and insightful and their response shows
they’re receptive to feedback, which is a rare thing these days. People should
be respecting that instead of crucifying one of the only companies that
actually listens to them. No company is perfect all the time.

~~~
GordonS
I think we're going to have to agree to disagree on this one then, as I firmly
believe they are deserving of the negativity.

The CEO's whole attitude towards privacy shows how they treat privacy, and no,
I'm not going to "respect" that.

------
trfhuhg
Nothing to see here. Ammon has tried a bold move to chase big money, used a
few common tricks (release on Friday night, opt-out and other dark patterns),
it didn't pan out and now he's doing damage control. When the dust settles,
he'll give this idea another try.

This is all from a corporate playbook, but it seems Ammon hasn't read the
entire book. There's a chapter there that tells how to systematically
manufacture situations where all the blame flows downwards while all the
rewards flow upwards, so when a bold move like this pans out, credit for it
would go to the top, and if it fails, blame goes to the bottom. Basically, he
should've created a clueless VP of business relations or something of that
sort, manufacture the situation where the only way that VP can get a fat bonus
is by implementing this shady move (the idea should be delivered via another
channel to have plausible deniability later) and watch the action from his
armchair. And when it's failed, blame that VP for too much eagerness and fire
him with a golden parachute.

~~~
gkoberger
I don't know Ammon, but I don't think he's chasing "big money".

The best founders I know, when they make mistakes like this, aren't doing it
for the money. They're doing it because they are trying to create the world
they want to see exist, and that blinds them a bit. In this case, I genuinely
believe Triplebyte just wanted to have a bigger impact on the hiring world,
and try to fix it for engineers. Did they fuck up badly? Oh yeah. But I don't
think it was for "money".

Triplebyte has 33 employees. They don't have VPs getting "fat bonuses". They
don't have "golden parachutes". Look at their about page
([https://triplebyte.com/about](https://triplebyte.com/about)), it's all
engineers and designers and CSMs. They're just a group of people doing their
best to try to fix something we all hate (technical interviewing/hiring).

~~~
stevens32
I interviewed with Ammon when the founders were running interviews themselves,
and after a not-great interview he still stuck around with a junior to just
talk tech for a good while. He left a really positive impression on me.

I see them as mission driven, this was a bad step but I trust that they're
still focused on trying to fix a broken hiring system.

------
ganstyles
I was one of the most vocal critics in the original thread, justifiably. I
lost a little sleep over how it could potentially affect me at my current job.

I feel bad for the company because I think the original decision meant the
would lose a lot of trust in the community for what is otherwise a great
service. Indeed, I had a wonderful experience interviewing with startups after
having passed the TB interview process. However I also feel bad because I feel
like it may indicate that the company is perhaps doing poorly financially.

However, I will say that I am very happy with this apology. It's direct, takes
responsibility, and gives clear action on what they're going to do. Classic
good apology. I am happy with it and it goes a long way to earning my trust
back. Thanks, Ammon.

------
alexpetralia
This is a very good apology.

Yes, it is possible that this is merely the perfunctory apology TripleByte's
users were undoubtedly due. It is possible it is entirely inauthentic, a mere
artifice for damage control from a reputationally maimed business.

But it is also possible that, like all people, the CEO seriously screwed up.
There were some bad premises, some bad motives, some bad confirmation bias at
play here.

That being said, we ought not to judge people by who they were, but who they
are capable of being. Is Ammon capable of rehabilitating?

I think the HN community should rightly accept this apology with great
skepticism. They should scrutinize TripleByte's every move. They should
wonder: has he rehabilitated? It will certainly take time.

~~~
woofie11
I'm not sure it matters. TripleByte is asking for super-sensitive information.
10 years down the line, Ammon won't be CEO anymore.

No matter how much of a jerk Ammon is, I'm willing to trust-and-verify, so
long as they get the and-verify part right.

No matter how great a guy Ammon is, I'm not willing to trust without the and-
verify part. He might get fired tomorrow, and Steve Ballmer or Carly Fiorina
might get brought in. It might go under, and get sold to Oath. There's a ton
of possibilities.

He sounds honest enough in his apology, and on a personal level, I'm all for
redemption and rehabilitation. It was also a one-time mistake. But I'm not
dealing with a person. I'm dealing with an organization.

Zero of the organizations who got my data in the nineties are the same
organizations today.

~~~
EGreg
The apology definitely sounds honest, but why are we putting all our data in
one place and then trusting someone to make the "right decisions" regarding
it?

I believe society should stop centralizing its data, votes, money, etc. in the
hands of a few. This decade we can work to change that.

 _No matter how great a guy Ammon is, I 'm not willing to trust without the
and-verify part. He might get fired tomorrow, and Steve Ballmer or Carly
Fiorina might get brought in. It might go under, and get sold to Oath. There's
a ton of possibilities._

Exactly. But when I say this, people often respond to me "no, this is the
perfect example of a company that should be centralized" followed by
justifications and downvotes. Decentralization is still as uncomfortable as
the civil rights movement in the 50s, for many people.

~~~
woofie11
I like decentralized in some places, and centralized in others. I think
decentralized can and should replace Facebook, LinkedIn, blogs, and similar.

On the other hand, there are a lot of places where centralized, with proper
checks-and-balances, allows for a larger degree of scientific research and
transparency. Medical and education come to mind.

~~~
EGreg
How about this dichotomy:

1\. Infrastructure should be more decentralized and let nameless providers
_compete_

2\. Information should be available to everyone and let nameless authors
_collaborate_

1 produces a market of prices and competition, while 2 produces a
collaborative edifice of knowledge and well architected software.

~~~
woofie11
I'd actually like infrastructure to be at home. When I was in college, my
"infrastructure" consisted of a PC running Linux in my dorm room, a good bit
slower than a Raspberry Pi. It was fine for managing my documents, email, etc.

I'd like information to either be under my control, or managed as a public
good by a non-profit or government agency with appropriate checks-and-balances
and transparency.

~~~
EGreg
That’s great

A hosting company can be local Or you could host your files on your computer.
If you host a social network where others also contribute content then you ARE
the local hosting company and now you’re responsible for their data

That should all be a choice.

~~~
woofie11
Back in the early '00s, I designed a social network architecture which was
fully decentralized. The only people whose information I'd have would be my
friends', and vice-versa. I never built it, mind you, it was all a thought
experiment. But I still think that sort of thing ought to be how it works.

------
maddyboo
First off, I want to say that as a past Triplebyte user who was concerned
about my privacy after hearing the original news, I appreciate your decision
to cancel the feature, and I appreciate your apology.

In the end, I don't think this was an enormous mistake as there was no harm
done to your customers.

Still, you can't erase the information you've indirectly put into the world
about yourself and your company. Your near-actions have shed a bit of light on
your priorities, and customer privacy was apparently not at the forefront of
that list. The unfortunate truth is that this begs the question of whether
other decisions have or will be made which similarly disregard customer
privacy.

I'm very glad that you realized the err of your ways in this instance, and I
hope you continue to demonstrate your dedication to protecting your users'
privacy in the time to come.

------
headgasket
I just deleted my account. I was unaware that I even had one. I clicked on a
little puzzle that popped in my FB feed back when I was still using.(FB)

This quiz was super easy, and I got pulled into doing an interview, just for
fun, and a programming test in a language I had not used in 5 years. I did not
do too well, but I did not care, it was for fun!

Well I did not expect that bad score to be recorded and become public!

This economy built around private/public information quiproquo has to be
reigned in. I feel for the founder. But I still think there's something going
on we need to stop before we get to the Stasi.

~~~
wendyshu
Did you need to submit a government ID and all that?

~~~
headgasket
I googled delete triplebyte account, I had to reset a password I did not know
I had, then a few clicks, no dark patterns, really. It did take a few hours
but I just got an email saying the account delete process is complete. Not
sure how deleted it is, but hey I guess it's like everything that finds it's
way on the internets... It's as deleted as enforceable.

Let's keep hacking a free internet, for fun, emancipation and progress. (all
endeavours that can be for profit) Cheers

------
tersers
Yeah, no. I already deleted my account and I'm not going back. I realise the
type of candidate they cater towards would find jobs at companies I wouldn't
really want to work at anyway. I'm ashamed that younger me fell for this in
the first place.

~~~
dllthomas
I'm curious what type of company you're looking for that you'd expect to be
underrepresented.

~~~
tersers
Basing your worth around a quiz only further enables whiteboard and leetcode
style interviews. I've never seen why these interviews are useful or an
indicator of anything beyond someone's ability to sit at home for hours on end
doing the same things over and over. A company I would want to work for would
be doing something for sustainability/climate change or another social good
and would focus more on behaviour and critical thinking skills.

~~~
dllthomas
> sustainability/climate change or another social good

Ah, yeah, if you get too narrow in your targeting, it probably makes more
sense to focus on networking than any sort of recruiter.

That said, I saw quite a range when I went through Triplebyte a bit more than
a year ago.

I wound up at a company making 3D printers, which has (temporarily) semi-
pivoted to make lots and lots of (clinically validated) NP swabs for COVID
testing. So social good can show up in a lot of places :)

------
rsweeney21
I honestly believe that the public profile fiasco was caused by pressure from
his investors/board.

VC money makes you do stupid things. Your next round of funding is your number
one priority, customers are second. I've been there (raised $17M for my last
startup).

I run a company[1] that is a competitor to Triplebyte. Yes, hiring has slowed,
and we will miss all our sales targets this year by miles, but we will be just
fine because we are bootstrapped and profitable. So we'll only double our
revenue instead of triple. For a VC backed startup that could kill you. But
we'll just hire a bit slower and have a huge party at the end of the year.

When you are venture backed, you watch your bank account balance decrease
every week. Having a "burn rate" is awful. It messes with you.

With a bootstrapped company you watch your bank account balance _increase_
every week. It's a great feeling.

So many venture backed startups are being really hurt by the current
environment. I really hope that it makes more people reconsider raising money.

1: www.facetdev.com

------
phreack
One of the first things they could do is stop with the dark patterns. The
original thread had many people mentioning that deleting an account was a
ridiculous process, with a 30-day delay once you managed to start it.

~~~
ammon
Yeah... we made this better yesterday (removed the delay and the request for
ID). It was totally a dark pattern. We built the initial deletion process
right after GDPR passed. We were thinking about it mostly from a legal
perspective then, and had not reviewed it since.

~~~
GordonS
But this makes no sense. Why would you legally need someone's ID to delete
their account, but not to create it?

~~~
aaanotherhnfolk
GDPR devalued PII-stores, and companies tried really hard to only let the
value drop on the European portion of their data. Requiring ID is a way to
discourage and even deny deletion requests in other countries.

These constraints are walked back almost immediately in practice, once
companies learn that requiring a human touch for a deletion flow is not worth
the hassle.

I think "legal" here meant what's the bare minimum to respect the letter of
GDPR law, while not actually implementing a useful delete flow.

------
minimaxir
> I failed to see the significance of “default public” in my head.

Hmm? This just raises more questions about Triplebyte's product development
process than answers, especially since privacy is a _core product feature_.

~~~
trianx
I am still trying, and achieving, to give them the benefit of the doubt. They
understood and took it back.

But I am scratching my head how they could honestly miss the importance of
what they were planning to do.. I guess a combination of stress, pressure and
usual disregard of privacy by big players clouded their judgement.

~~~
runawaybottle
They didn’t miss anything, they just weren’t able to get away with it.

~~~
xeromal
They could get away with but just charging forward despite the backlash.

To me, that puts them at least in the middle

Malicious

Meh<\---

Respectful

~~~
runawaybottle
Amoral if I had to suggest a word, but business and amoral is basically
redundant.

------
dccoolgai
I bet _most_ of their users aren't reading HN regularly and probably just
skimmed past the email (I did). HN provided a nice little teapot for this
tempest to play out in, from a larger strategic picture. As mad as it probably
made them when that first user put the comment up the other day, that may have
just saved their business from complete annihilation. If I were Ammon, I would
find that person and send them some kind of nice gift.

~~~
dccoolgai
Perhaps more distressing to me, I got these emails but I _know_ I never
actually signed up to the site: I just took the little quiz. I _know_ I didn't
sign up because I recall being irritated that I had to sign up to see the
results of the quiz - and I was afraid of something happening _just like
this_. I was watching this because I was fairly certain - based on whatever
they published about me - that I was going to take some kind of legal action.
So in a way, this person saved them from _me_.

~~~
Mandatum
Currently located in the EU and contacted my lawyer. Told them as such. I
think they realised they fucked up from a legal standpoint more than anything
else.

------
nabilhat
This is an excellent example of effective apology!

1\. Accept responsibility

2\. Acknowledge the harm done

3\. Describe your understanding of how the mistake was made

4\. Describe your understanding of the wronged party's expectations and their
significance

5\. Close with an unreserved expression of sincere regret

6\. Listen

One person can't accept full responsibility, however. Effective leadership
requires accountability, and the only way Triplebyte is going to recover their
user's trust is to overhaul that accountability in the open. I suspect the
company's future will depend on whether the members of leadership and
ownership who certainly put pressure behind this response can adopt the
message and back it up with structural commitment and transparency.

------
Throwaway42123
What a crock of $#(& the backtrack is.

The answer is they are so incompetent they did not realize that publicly
exposing job seekers could threaten their employment... an company who's soul
vertical is to deal with employment... Is triple-byte that incompetent I
honestly doubt it.

No what happened was what all companies that get to greedy do, try to expand
to fast and do dirty tricks like email a marketing email on a Friday before a
holiday weekend in hope most people wont notice it to get a good "kick off"
for your profiles. Got to have big numbers for the board/VC's right? At the
cost of those who trusted you with their data and private job search.

No the only incompetence here was they did not account for HN and other
engineering communities spreading the word and need to backtrack to not have
it hurt their core business. Anyone would be a fool to trust Triplebyte again.

------
MattGaiser
Why not just make it opt-in?

Lots of people would have done it right away and others would do it as they
started to want new opportunities and/or got laid off.

Candidates who didn’t opt in probably wouldn’t be open to being contacted out
of the blue anyway in a public manner.

They burned a lot of goodwill for nothing.

~~~
ammon
Yeah... that's a much better idea. I can tell you what was going through my
head on Friday (I'm not at all trying to defend this now). Basically, it was
that for a credential to carry weight with recruiters, it needs scale. There's
a bootstrapping problem. But that's not an excuse for violating people's
privacy. Opt-in would have been a far better idea.

~~~
weaksauce
In the future it’s worth noting that it’s a terrible idea to take something
away from someone when you promised them something else. This is privacy in
this case. On others it’s offering something for free and then charging for
it.

Even if you wanted to make this an opt out feature the _only_ sensible way to
go about it is grandfathering in the old accounts into an opt in feature. Just
like many companies grandfather in free customers while they charge new ones.

This is the foundation of trust.

~~~
everybodyknows
> take something away

Quite true. T-Mobile is now forever to me the weasels that silently broke free
Google Visual Voicemail in order to force me into their own, judging by the
reviews quite crappy, paid app.

------
polote
People need to be less naive, how many companies in the world care more about
their users than their business ? none ?

Triplebyte reverting their decision is a business choice, they have probably
estimated that their brand will be less impacted if they excuse themselves
than if they continue. Everything is a business decision

Is it bad ? I don't think so, this is just business. We give our data to
companies and they do whatever they want with it, because the legal system is
not strong enough on that.

------
RcouF1uZ4gsC
The apology is very nice, and I am glad that they are not pushing ahead with
this feature. However, actions are what matter.

One thing that was brought up in the comments was that if you wanted to cancel
your TripleByte account, you had to email the company. This is a dark pattern.

If TripleByte really wants to show they changed they need to immediately
implement a “Delete my account” button that after requiring you to retype in
your password for confirmation, immediately deletes your account. Immediately.
No waiting period. No having to email anyone.

Implementing that feature in their next sprint would go a long ways toward
showing that they are genuinely contrite.

~~~
jacquesm
And certainly not having to provide 'government issued ID' to the company for
the privilege of having your account deleted, especially since none was
required for account creation.

------
conjecTech
I've had the good fortune of knowing the TripleByte team personally. I'm not
at all surprised to see this being handled in such a sincere and agreeable
way.

Ammon is a sincere and truth-seeking individual. He's willing to be convinced
that his opinion is wrong, a character trait we don't do enough to praise and
which I've found to be exceedingly rare these days. Situations like this
highlight exactly why I've trusted them with my data in the past and will
continue to recommend TripleByte to friends in the future.

------
grensley
Good on them to admit they were wrong and changing course. I wish there was
less "oh, but they only did it because of the outrage" and "oh, they'll just
sneak it back in later".

They messed up, they sought to rectify it. Good job.

~~~
colejohnson66
I’m sure it wasn’t helped by the CEO coming in and defending the decision. But
he’s taken the blame and apologized himself, and he’s here talking about what
went wrong and what he was thinking. It’s not gonna convince everyone, but to
me, that’s an apology.

------
xiphias2
I already changed all my data on my profile (including email), so I won’t be
getting the apology email.

It’s not just failure of ,,effects’’. I’m an EU citizen and it was a clear
intent of GDPR violation.

~~~
rebotfc
Wow, they had European users? They are fucked.

This is about a serious and willful GDPR contravention as you can get. I hope
they have good lawyers because they are gonna be hauled over the coals by
multiple countries' data commissioners.

Wow just wow.

~~~
erik_seaberg
If Triplebyte has no staff or assets in an EU jurisdiction, what could they
do?

~~~
xiphias2
Setting up a country based IP filter is trivial if they don't want to serve EU
and California.

~~~
erik_seaberg
They could filter traffic, but they might have some profiles for users who
later moved to the EU.

But I'm asking whether GDPR authorities have any recourse to take against a US
corporation that has not expanded into the EU.

~~~
xiphias2
[https://gdpr.eu/companies-outside-of-europe/](https://gdpr.eu/companies-
outside-of-europe/)

If Triplebyte doesn't even do IP filtering for signups, they are servicing EU
citizens. Actually I told them that I don't have US VISA, so the ,,local golf
course we site'' case doesn't apply.

------
ivanfon
If anyone is looking to delete their account: [https://triplebyte.com/privacy-
center](https://triplebyte.com/privacy-center)

------
ratherbefuddled
Well written apology but despite that I'd still be very concerned that a
company entrusted with so much sensitive personal data can get this so wildly
wrong and then also get the initial responses to the very predictable negative
reaction so wrong.

Did nobody in the room speak up? Is this a culture problem too?

To have a chance at winning back trust these guys need to make deleting
accounts instantly their next feature and make confidentiality the first
priority in everything they do - and that means doing it not just marketing
it.

They probably also need to hire someone to tell the CEO "No!" the next time if
nobody else is prepared to. It seems likely there will be a next time if this
one didn't set off alarm bells.

------
jacquesm
Nice apology, that's a lot better than in the original thread. Now there
remains an awful lot of dark patterns around the whole cancellation process,
as well as a bunch of others besides. If Triplebyte wants to clean this up for
real then they should starting now be 100% clean and tackle that as well (and
have a good review on the use of further dark patterns in other parts of the
site). Otherwise it feels as if the only reason they changed course on this
one thing is because it got too much attention, the real proof will be in how
they run the company as whole rather than just this 'feature'\+ retraction.

+insofar as involuntary sensitive data disclosure can ever be labelled a
feature.

------
sys_64738
Did this company decide to do this blindly or did they try canvasing a
response from a target set of users about what they planned to do? Surely if
they did canvas feedback for their plan then an overwhelming No would have
prevented this unmitigated disaster.

~~~
ammon
We did user research, but not about the opt-out release, just about the
features of the profile. This was part of the major screw-up.

~~~
vikramkr
Any chance of a post-mortem write up on how exactly things went wrong?
Including some discussion on how data's going to be protected moving forward?
Now that everyone knows this is a type of privacy violation that could occur,
it's going to stay back of mind (a "why should we trust you with this sort of
data now?" sort of deal). Potentially losing a job or having career plans
stunted because a website added a new feature is a lot of power to trust a
website with.

~~~
ammon
We're working on a post-mortem internally right now. The thing I want to do
externally is make a more clear/binding commitment to user privacy. The idea
is still a bit inchoate, but I want to do something that makes this not just
about trusting us.

~~~
lasky
“I want to do something that makes this not just about trusting us.”.

Is that because deep down inside you know the public would be foolish to trust
your company in its current form?

------
cbanek
Didn't get the apology email which may mean that they actually deleted my
account as asked with no further nonsense or asking for identification. Which
is honestly good on them. With this reversal, in the future, if I'm looking
for a job, I _may_ look at Triplebyte again, but I'm certainly not giving them
any info before then. Good luck, Triplebyte.

Edit: Nevermind, I just got the email. Still no response to my request to
delete my account.

~~~
wolfgang42
Ammon says they’ve gotten 2k deletion requests since the announcement
([https://news.ycombinator.com/item?id=23304097](https://news.ycombinator.com/item?id=23304097)).
They probably never automated the feature (why would they? before this they
were probably getting a couple a week) so I imagine it may take a while for
them to work through the queue.

------
extriplebyte123
Just went through Triplebyte right as Ammon laid off my talent manager
(strangely right before most COVID layoffs) and a lot of their staff. I wrote
Ammon and he wrote back saying "layoffs are hard! blah blah blah." I
previously had written Ammon about a Triplebyte-facilitated on-site where the
company refused to offer me an accommodation due to an arm injury I had and
one of the interviewers told me they move so fast that they couldn't hire
somebody with such an injury (WTF? it's going to heal!). Ammon replied "hiring
is hard!! blah blah blah" and now that company is a favorite of theirs-- the
company even has their own channel on Triplebyte's slack community.

I then deleted my Triplebyte account, but they continue to spam me and try to
get me to engage on their blogging spinoffs. I would never again trust Ammon
with my personal information.

Triplebyte has built a pretty remarkable, data-driven evaluation system; the
Talent Managers were also really helpful to me. But Ammon is really _really_
over his head when it comes to managing people and balancing ethics with
financial headwinds. The product deserves a much better leader.

------
quickthrower2
What you need to do is to imagine you are designing a hammer, not a honey
trap.

With a hammer, you are creating a tool that you will sell to people that they
can use (or not) freely and they are in control of it. Design the handle so it
doesn't splinter and the head so it doesn't fall off. Make a great product.
The mind set is user-first. Or "Don't fuck the user"

With the honey trap you are trying to attract pests and trick them to coming
in thinking they'll get something special but really they just get stuck. The
users are the victims of the trap and you are the trap owner. You are more
interested in how to attract and leverage users than how to serve them. The
mind set is, how do we leverage the user to make our business more valuable,
or "How do we fuck the user?"

Step 1: Sniff out all dark patterns and eliminate them. For example 1 month
time limits on preference opt-outs e.g. "I am not interested in looking for a
job". WTF?. It should be no time limit on that, and no follow up "are you
sure" emails. Be a resource, not another 'shady recruiter'. My hammer doesn't
yell at me that I haven done any DIY jobs lately.

------
jorblumesea
Just makes you wonder what else is going on there from a product standpoint.
How many similar "good ideas" have they launched? Selling data? Employers
access to your profile?

Hiring _is_ their business and such a complete misunderstanding of the system
and subsequent tone deaf responses (up until today) really make you question
the entire thing. Or their grasp of hiring in general. Even with the best
intentions, does make you worry.

------
dgreensp
One way to avoid making mistakes like this would be to run your big ideas by a
handful of average users of your product. Take the information that will be in
the eventual announcement, show it to 10 users, and ask for their feedback.
Better yet, have a panel of trusted users that advise you.

The reality is, pretty much anyone could have told you this was a bad idea,
and that should suggest a process that involves asking someone, and listening
to the answer. It's a certainty that people within Triplebyte knew this was a
bad idea, and may have even said so. I'm sorry to say that most CEOs I've
worked under don't really believe anything that didn't come from a business
book or their own brain. Anything else is just one poor idiot's opinion. There
are many truths known by the team at large, discussed over lunch and around
the water cooler on a daily basis, that the CEO has heard before, but just
isn't interested in taking seriously.

------
lasky
“oops we forgot to NOT do the plainly shady wrong thing and make your private
data public, for our benefit - thank you SO much for reminding me. Shady shit
will never happen again. I promise. ;)”

------
alasdair_
THIS is how you write an apology letter.

Kudos to @ammon

I deleted my Triplebyte account over this issue. While I’m still somewhat
wary, I would now consider using Triplebyte again after this apology. Thanks
for posting it!

------
victoriadobbs
I’m a non-technical lurker of Hacker News - a community builder who comes here
for credible, thought-provoking news with intelligent comments. First time
commenter.

My biggest takeaway from the reaction to this letter is that people seemingly
would have rather had this CEO’s sincere and heartfelt words filtered through
a PR agency, who would have mangled the genuine sentiments to create sterile
and thoroughly-filtered corporate bullshit. People would rather be spoon fed
crap from a campaign team than listen to the earnest, well-intentioned, real
voice of the person who wrote them. What kind of a world are you creating when
you reward an honest, but imperfect, apology with derision and judgement?

I have no stakes in this game. I’ve never used TripleByte’s services to seek
employment. I don’t know how to code. But I believe in merit-based hiring, and
I would not be so eager to burn to the ground this company that I think is
performing a valuable service (to individuals, but also in shifting trends of
hiring practices as a whole) over an oversight that they owned up to after a
night’s sleep to reprocess.

The world I want to live in is one in which people are hired based on their
capabilities, and where people are willing to extend trust and forgiveness to
people when they are being honest and owning up to their oversights. The flaws
in this letter that commenters are tearing apart make it clear to me that this
CEO is a rare example of someone not lying through the teeth of a campaign
team. I value that much more than the facade of perfection.

------
kemonocode
All they needed to do was to make the feature opt-in. That's it. Encourage it
all you want, advertise all of its supposed benefits, but just make it opt-in.

Still, probably too little, too late for most people (myself included) who
just saw their trust permanently breached by a brash move and get told by a
CEO that you'll love it, honest! All you just need is to understand it! If you
don't like it then it's your fault because you don't understand! And this
doesn't even begin to address all the dark patterns they've caked in their UX.

------
ravenide
For what it's worth, if they'd just made the feature opt-in, I actually think
it's a great feature. I'd love a Triplebyte page that I can link to instead of
a resume (that's what I originally imagined when I read the email).

I'm a huge fan of Triplebyte, they got me two great jobs I never would've
gotten otherwise (I didn't go to college, my resume usually gets automatically
tossed). Their mission to fix credentialism succeeded with me. Hope this
setback doesn't deter them from building more great things.

------
zitterbewegung
Five years ago I tried out Triplebyte was a HN reader and I tried it out. I
got to the point where they would contact me but instead the rules and
criteria changed so that I wasn't eligible. I then forgot about the site.

A year or two after I think I tried Triplebyte again but then my account was
in some weird state. After complaining on an HN thread about Triplebyte my
account was restored. I didn't take the site really seriously at all.

While browsing reddit I used to see constant Triplebyte ads. I think I saw
them dry up at this point and that seems to conform to current economic
conditions.

Now fast forward to this year and I deleted my account after this public
profile idea was announced on a Friday. the whole point about having public
profiles is probably a way for Triplebyte to get seen by more people and get
some kind of network effect going on since they are in dire straights.

The response that Triplebyte has done is quite admirable in that they aren't
launching the feature. Launching on a Friday when people also think that you
are trying to bury the story or people won't notice is something to regard.

The thing I don't see anything really different between these new startups
attempting to disrupt existing staffing companies. My current job which I am
very happy about I got from a staffing agency after going through hundreds of
recruiters contacting me.

------
toodles1628
The true part is that the business is in crisis and they were trying to move
quickly to save it.

I don't believe that he did not know the impact of the default public option -
that is not credible. It certainly sounds better in an apology than "I knew it
was bad but decided to try it anyway." The privacy problem is obvious to
anyone thinking about it for 10 seconds, and the fact that he would try shows
a lack of respect for his users.

------
freshbagels
Can anyone explain why they'd be a LinkedIn data partner yet did this to
compete with LinkedIn?

Go to their site and paste this in your console:
window._linkedin_data_partner_id

~~~
wilde
It might be attribution for any LinkedIn ads they're running?

------
tcbasche
Imagine being on the dev team and hearing this. I'd probably quit. Good grief
...

Having said that, it's weird that no-one raised this as dodgy while working on
it.

~~~
gliese1337
What, just because a feature got cancelled?

Heck, that's every single day at my last job. North of 50% of the code I ever
worked on because a C-O insisted it was top priority got thrown in the trash.
C-O screwed up, feature won't o to production, hurry up and work on this other
thing instead? Oh, I guess it's Tuesday. Paychecks keep coming, I keep
workin'....

~~~
tcbasche
Seems like it was an entire platform rather than just a feature. I don't know
how you do it! I've worked somewhere like that too and I found it so
demoralising.

Reminds me of the study where people built things out of Lego, and watched on
as someone disassembled them and handed them back to be rebuilt, finding this
to be deeply unsatisfying. (well duh)

~~~
gliese1337
I separate my identity from my job, and my "work product" from my personal
projects. If I get paid to make something for somebody else, it belongs to the
person or organization who paid for it, and they can do what they want with it
--including burning it down and throwing it away. I already have their money;
what they do with their property is none of my business. As long as I know
that I did a good job on what was asked of me, that's all that matters--I can
be satisfied with my work.

Now, if they tried to tell me what to do with my own personal projects, we'd
have problems!

------
hitekker
IIRC, TripleBye had a vision to be the recruiting division of all tech giants.
Big-name companies would centralize their most important recurring, expensive,
risky process into a third party to save some money and time. Even when that
third party just so happened to be working for all of their direct
competitors.

At the time, I thought that vision was a mirage; a recruiting agency grasping
for VC dollars.

Now, it looks they're trying to find a new vision.

~~~
runawaybottle
Well those companies exist right? Accenture, Cognizant, EPAM, etc.

If anything, I’d say Triplebyte hopes to be what those consulting companies
are but to startups.

Now, if it turns out startups just have crappy budgets, then you have to lower
the barrier to entry into the platform to accommodate those budgets.

Similarly, if you indoctrinate enough of new grads/bootcampers to feel like
they need the Triplebyte cert (feeling left out that everyone is in Triplebyte
and you’re not? Welcome to the psychological game, behold the public profile
and badges), you can then also indoctrinate startups into thinking that’s the
standard that they need to be looking for too.

Anyway, devs with enough experience should be out of this game mostly, this
will affect the entry level tier of developers going forward. You might be
stuck in the damn Triplebyte loop.

------
sngz
great apology, but doesn't justify the incompetence and initial
justifications.

You're telling me that no one on your team has brought up the issue throughout
the whole process? That leaves three possibilities.

1\. someone brought it up but you ignored it and pushed through anyways 2\.
Nobody brought it up due to incompetence 3\. Both happened just 2 happened
late in the process.

Why would anyone trust their data with leadership that incompetent?

------
lianmunoz
This sounds like the best response they could have given under the
circumstances, and it's not like they can undo the announcement or the initial
response. I deleted my account, and I'd be hesitant to have anything to do
with them in the future, but I'm open to having my mind changed if the company
winds up placing a higher value on business ethics as a result of this whole
thing.

------
marcus_holmes
Too late. I deleted my account today.

Though of course it apparently takes 30 days to process an account deletion.
Why? Do you guys need to recruit a DBA?

~~~
kevsim
30 days is the maximum time allowed under GDPR. Quite typical to tell people
it might take up to 30 days (though it practice I've found it rarely does).

------
rplnt
I have no idea what this is, but I'm a huge fan. The reign of Linkedin as de-
facto standard has to end. It's unacceptable recruiters expect me to have a
profile on some proprietary website. Luckily not everyone is a moron and it's
not a blocker in getting a job, but I still hate people asking me about it.

------
swang
i tried out triplebyte when they were first coming out and i had a negative
experience with them. okay fine whatever. on to the next.

then all this hubbub came out. i was annoyed because i had ignored the email
like most people until they saw the hackernews post. so i went to their site,
spent way too long finding the opt-out flag and was about to close the window
when i saw that my "profile" that i never agreed to said i had zero years of
programming experience.

i'm actually very upset about this. a company who most people think is
"legitimate" is telling potential companies who are looking me up that i have
zero experience. they could have cost me a job in the future all because i
didn't agree to play their game and fill out their profile.

so no thanks. i've already been put down twice by them.. no real need for a
third time now is there?

------
thaumaturgy
I haven't received the email yet. Are they canceling the feature altogether,
or just making it opt-in by default?

I liked the idea of the feature quite a lot. I'd love to be able to publish
select Triplebyte info. It just needs to be something I can choose to do,
rather than chosen for me.

------
wbronitsky
Wow, this reads as incredibly disingenuous considering the glaring dark
patterns they were using to try and sell your private data and make more
money. I cannot reconcile this apology with the underhanded tactics the CEO
was using to promote this now cancelled feature.

------
lisading
I received the email today, then went to check my triplebyte profile. On
visibility settings, I saw the default public visibility is still ON. Probably
they are cancelling this feature anyway, but still showing showing ON in
public visibility seems like another messed up!

~~~
ammon
PR to pull the visibility toggle from prod is under review. Much of the eng
team is out for the long weekend, and we may not merge until tomorrow.
However, the public profiles themselves are not in production and we are
canceling the feature.

------
adnanh
I'm re-reading the threads, and I can't stop wondering if this whole mess
could have been avoided by simply posting a "Ask HN: As a TripleByte user,
would you mind having a default public profile..." question here on HN?
Anyway, I still believe that asking your target audience for an opinion is a
better way than trying to think instead of them. Steve Jobs might have gotten
away with that, but we are not Steve Jobs, or Apple for that matter... Not
trying to say that Steve didn't listen to the audience though, I bet he did,
but he had some strong opinions on how something should be.

~~~
ammon
I want to do a bunch more of this in the future.

~~~
adnanh
(thumbsup)

------
ponker
I don’t think this guy can recover trust from here. It’s not just the feature
and the email, it’s his indignant and dismissive tone in the comments here
afterwards:

[https://news.ycombinator.com/item?id=23280137](https://news.ycombinator.com/item?id=23280137)

This comment is the hallmark of a company that doesn’t feel like it needs to
answer to users or criticism. They can reverse a decision and send out a
tearjerker of a _mea culpa_ but people do not change their nature over a
weekend, and I am just not going to trust the man who wrote the comment I
linked above.

------
TheSpiceIsLife
This is why we need strong data protection legislation, and a regulator with
teeth.

No service should be allowed to unilaterally decide what happens to our data,
and gross changes to service agreements need to be vetted.

------
hysan
I'm for a competitor to LinkedIn, but I never got an answer to what the play
was after opening up profiles. I support TripleByte's mission, yet I don't
believe that you have critical mass in both job seekers nor in sway to
convince companies/recruiters to change their process.

What was/is TripleByte's plan to _" push the industry to look beyond
traditional credentials"_? [1]

[1]
[https://news.ycombinator.com/item?id=23280341](https://news.ycombinator.com/item?id=23280341)

~~~
decafninja
The Triplebyte process sounds difficult enough that, paraphrasing one user
experience I read: "someone who would pass the Triplebyte interview/process is
likely someone who probably wouldn't have needed to use Triplebyte in the
first place".

From what I understand, Triplebyte is supposed to help candidates that might
be "good", but not getting any traction from applying to jobs (either by
themselves or contacting a recruiter). And to skip the phone screen.

However, from personal experience, as a candidate with a less-than-awesome
profile and resume, I still get contacted by top tech company recruiters. And
frankly, most phone screens are not terribly difficult. So I am confused what
the value proposition of Triplebyte is.

~~~
hysan
For me, I come from a mixed career background which even one manager told me
was a red flag to them during the interview process. Triplebyte’s value prop,
to me, is in helping my resume get looked at at all. This is great because
I’ve generally done very well in phone screens when I can actually get them.
However, my comment stems from the experience that bias only gets removed from
screening phase. Once you’re onsite, you can still tell which interviewers
look down at your resume and suddenly you’re back to square one. Only this
time in a high pressure situation where the interviewer has full reign to try
and find flaws in you.

As for recruiters, I get contacted a lot but I have yet to meet a recruiter
who was willing to work with me to communicate to hiring managers why my
resume looks the way it does. All of them just want to drop off your resume
and put in no effort in helping you which is no different from cold applying.

------
voz_
This is how people grow. By fucking up, taking some heat, doing a little
introspection, and correcting their mistakes.

> Nor in the critic let the man be lost

> Good-nature and good sense must ever join;

> To err is human, to forgive, divine.

------
synaesthesisx
It seems to me that this is some sort of last-ditch effort. The fact that this
was even considered in the first place shows a massive misalignment between
Triplebyte and the type of users it is intended for. Engineering types are
less likely to use LinkedIn/Social Media in general, and having a total
disregard for privacy is something that generally does not fly well for us.

I’m glad the decision was reevaluated, however there needs to be more work
done to re-gain the trust of the community.

------
nirav
Personal thoughts for ammon, hoping @dang hides me, please hide me @dang.

Ammon,

You single handedly destroyed something you created but I can relate and feel
what you might be going through ATM.

It will suck and it will leave you with scars that'll be hard to come off and
stick for the foreseeable future.

Eventually, You'll come out of "it realizing this decision and reversal of an
easy growth idea with hard execution and be subjected to it on target
vocalists on HN"

You'll do better, never stop because of internet shit.

\- Be Good

(Random individual, doesn't matter)

------
heavyset_go
Almost got away with it, too, if it wasn't for those meddling kids and their
inability to accept that a small violation of their privacy would have a big
impact on my bottom line.

------
chegra
I am happy that he reverse his position. I think once they keep providing
value to their user in mind that they should be in good stead. Even if this
idea falls apart, and users see that they genuinely tried to provide value,
users would not mind taking a chance on them the next time.

Right now they are in a hole, but I think providing value will definitely dig
them out of that hole.

I think the first act of good faith can be removing dark patterns, allowing
users to unsubscribe easily from your service.

------
top-flight
I didn't get the apology email. I immediately ask they delete my account which
never got a response either when I got the public profile email.

I asked them to delete my account a couple years ago as well and they never
did then either.

I will never, ever trust this company or use their product. There are other
options out there just as good and not sketchy.

PS I like how the email went out on a Friday night too, even more sketch to
try and limit # of people who opt out.

~~~
jrib
I haven't received the apology e-mail either. The only action I took though
was to rummage around the profile preferences to find the setting to turn off
public profiles.

I wonder if they're sending the e-mails out in waves or if they're only
sending them to users who still have the feature enabled?

------
gcheong
I’m curious to know from anyone who has hired through triplebyte - has the
quality of candidates been consistently better in terms of success at the
company post-hire than it has through your previous recruiting efforts? Also,
for a candidate that comes to you through triplebyte do you consider them
vetted and are just interviewing for cultural fit at that point or do you
still put them through your own hiring process?

------
vyhd
Hopefully this proves to be an illustrative lesson: the best apologies are
_almost_ as good as not doing something that requires an apology at all.

------
raymondgh
Until we make crap like this illegal, companies will always be incentivized to
abuse our rights -- even at the cost of their leaders' credibility.

------
yalogin
I don’t know what value triplebyte provides in a sea of similar sites. I am
sure this was an attempt to do some vertical integration and build
differentiation from their competitors. It backfired. I can see why did the
public by default thing as that way they can force themselves as a LinkedIn
clone. It backfired and they retreated a little bit. They will be back

------
momokoko
I’d be very curious how many account deletion requests happened.

This is interesting in that it’s the new GDPR / CPPA era where users were
legally protected to request the complete deletion of their data. Something
that Triplebyte would have had no obligation to do in the past. Are we seeing
a change in that violating user privacy can have a meaningful negative impact
on a company?

Interesting developments

~~~
ammon
We've seen about 2k account deletions since Friday.

~~~
sah2ed
~2k account deletions in just 3 days is a lot. Would be nice to get a ballpark
on the total number of accounts?

------
heurist
I saw the initial note and didn't think about it much. Figured a public
profile was fine for me. For what it's worth, I found good work through
Triplebyte at a time when I really needed it and other sources were not
panning out. Even if I felt affected I would be inclined to give them a pass
on this as long as I could opt out easily.

------
stanfordkid
This is why we need data breach laws -- to which dictated Terms of service's
must abide. You can't write in a TOS "we have the right to kill you"... it
should be the same way with data -- any changes to the scope of how and to
whom data is accessible must be approved.

------
rammy1234
An action will not be upright unless the intention behind it is upright, for
the action depends on it." Seneca

------
ferzul
that's the kind of response from a ceo i want to see. normally, i would just
expect “We did something that was unpopular. please buy our other product.
also, the word apologize occurs somwhere here but it does not carry any of its
significance” but this ammon person actually explained what he did and why

------
brooklyn_ashey
Um, so you... failed to check a pretty glaring "edge case" is what you are
saying? You maybe failed to optimize the solution, is what you are saying? Ok.
Fortunately, this glitch— although certainly catastrophic— is a weakness in
analysis and execution that can be practiced over time.

------
fullstackchris
I understand the anger by some users, but why punish those (like myself) who
were quite interested in having a public Triplebyte profile?

I think they should go the middle road: make it opt-in. If you do nothing,
nothing changes, but if you want a public profile, you can get one!

------
bmy78
While this does seem like a heartfelt apology from the CEO, this incident is a
reminder of how much of our privacy we willingly hand over to companies and
how much power they wield over us. It is immensely disturbing.

I will not be using Triplebyte’s services.

------
jzer0cool
Regarding the previous post: "WTH TripleByte". Regarding this post, "Thank
you".

------
christiansakai
Tangentially related topic, but I never found success with Triplebyte, 2 times
I tried them. I found that their companies' selection is too small compared to
competitors.

Also I heard from a company that used them that they are expensive.

Not to mention cringy ads on Reddit.

------
skinkestek
I feel sorry for them and Ammon in particular and I think this can be turned
around but that mail and that feature seems like only the icing on the cake
from what I can see.

It seems to me there's a whole cultural problem going on.

------
gigatexal
In terms of corporate apologies this is amazing. Kudos to them and the CEO.

------
foota
Funny enough, the email announcing this went to my spam filter on Gmail.

------
thedumpap
I sent an email to them a couple of days ago, requesting my account to be
permanently deleted since I did not want my information to become public. Glad
to see it got reversed :)

------
milin
Url to delete your profile, if unfortunately you have one.

[https://triplebyte.com/privacy-center](https://triplebyte.com/privacy-center)

------
nirav
Why are people using this crap instead of portfolios and filtering crap jobs?
You don't want to be working for these types; you can own and operate as a
business.

------
thedumpap
I sent an email a couple of days ago for them to delete my account permanently
- because I did not want my info to become public. Glad to see it got changed

------
fullstackchris
Not fending for triplebyte at all here, but what do you all have in your
Triplebyte account that isn't on the web somewhere already anyway?

------
nunez
The public profile feature was not a great decision, but Ammon revoking it in
two days and sending an apology to everyone is extremely respectable.

------
Aardwolf
> As CEO, this is my fault. I made this decision. Effective immediately, we
> are canceling this feature.

I'd love to know the dynamics behind such decision

~~~
lasky
dynamics:

“oh shit, the public is now aware of how broken my moral compass is.

let’s continue to frame this internally as a “PR” problem rather than address
the difficult reality: a light being shined on our apathy toward our users and
our willingness to ruthlessly sell people out until we get minted”

------
ryan-allen
It's good they sorted this out, their product seems like a great idea, and I
was not aware of their service prior to this incident.

Good on ya Ammon!

------
jmount
This sword was always hanging above the heads of Triplebyte users. The mistake
was causing the users to look up.

------
covid1984
Hold up, a company that secretly recorded interviews without consent found
other ways to violate user privacy?

------
blockchainman
So is triple byte safe to use after this ? Or should I just use another
service?

------
wendyshu
Should have known there'd be outrage and never done it in the first place.

------
rajacombinator
Scummy move, scummy response. If you truly thought this feature was something
valuable for your users, you wouldn’t just cancel it entirely, and you
wouldn’t have dumped it on a Friday night. But it’s cool, most businesses are
scummy. Foolish for us to expect otherwise from you.

------
sepisoad
it's ok, they are admitting the mess they made and it is ok

------
callamdelaney
Not sure how you could get this so, so wrong.

------
rolph
please dont call this sort of thing a feature

------
antonvs
> Triplebyte can’t function

Looking forward to that.

------
29athrowaway
I don't think I will sign up for Triblebyte anytime soon.

Having a middle-man in the interview process can result in depressed wages.

~~~
colejohnson66
They’re not a middle man though. They just let you skip to the final
interview. Passing or failing that is up to you. Also, the only advocating
they do is saying: “John/Jane Doe knows this much: ...”

~~~
xenihn
Have you actually used Triplebyte? You're required to provide an expected
salary range as part of your listing. And yes, you can technically provide an
open-ended band (e.g. $0 - $999,999) -- can you guess what happens if you do
that, and why Triplebyte advises not doing this, even though you have the
option to do so?

~~~
colejohnson66
Yes I have used TripleByte. I haven’t gotten any job offers (probable due to
interviewing in February right before COVID-19 went big). So I’m aware of how
their system works.

And I stand behind my claim that they’re not a middle man. A middle man
advocates for you, and sometimes even handles all the back and forth. A
recruiter is a middle man. A hiring agency isn’t.

~~~
xenihn
>A middle man advocates for you

Triplebyte is doing this by making you pass their assessment prior to listing
you. Your presence on their platform is them selling you up.

Even if they do nothing but provide an introduction between you and a third
party, and have no involvement whatsoever after that (aside from taking some
sort of cut), they are still a middle man, because the connection was made
through them, and they vetted your skills and qualifications.

It's not like LinkedIn, where you can just auth with a phone number and then
put whatever you want on your profile. Triplebyte, as a company, is personally
vouching for you by allowing you to appear on their platform.

>sometimes even handles all the back and forth

So you're saying some middle men handle all the back and forth, but not all.
So is this a factor for whether they qualify as middle men or not? If so, why
not just say they all do? If not, why mention it?

Hired.com is very similar to Triplebyte, and I don't see how you can argue
that they are not a middle man.

------
aditya_1723
it seems like heartfelt apology

------
mot0rola
wtf, had a bad experience interviewing with them.

------
sabujp
are they in europe?

------
sabujp
are they in euro?

------
JamesGTP
its not good one

------
trianx
... (continuation of Triplebyte email)

Rather than safeguarding the fact that you are or were job searching, we
threatened exposure. Current employers might retaliate if they saw that you
were job searching. You did not expect that any personal information you’d
given us, in the context of a private, secure job search, would be used
publicly without your explicit consent. I sincerely apologize. It was my
failure.

So, what happened? How did I screw this up? I’ve been asking myself this
question a bunch over the past 48 hours. I can point to two factors (which by
no means excuse the decision). The first was that the profiles as spec’d were
an evolution of a feature we already had (Triplebyte Certificates--these are
not default public). I failed to see the significance of “default public” in
my head. The second factor was the speed we were trying to move at to respond
to the COVID recession. We’re a hiring company and hiring is in crisis. The
floor has fallen out on parts of our business, and other parts are under
unprecedented growth. We've been in a state of churn as we quickly try various
things to adapt. But I let myself get caught in this rush and did not look
critically enough at the features we were shipping. Inexcusably, I ignored our
users’ very real privacy concerns. This was a breach of trust not only in the
decision, but in my actual thought process. The circumstances don’t excuse
this. The privacy violation should have been obvious to me from the beginning,
and the fact that I did not see this coming was a major failure on my part.

Our mission at Triplebyte has always been to build a background-blind hiring
process. I graduated at the height of the financial crisis as most companies
were doing layoffs (similar to what many recent-grads are experiencing today).
My LinkedIn profile and resume had nothing on them other than the name of a
school few people had heard of. I applied to over 100 jobs the summer after I
graduated, and I remember just never hearing back. I know that a lot of people
are going through the same thing right now. I finally got my first job at a
company that had a coding challenge rather than a resume screen. They cared
about what I could do, not what was on my resume. This was a foundational
insight for me. It's still the case today, though, that companies rely
primarily on resume screens that don’t pick up what most candidates can
actually do--making the hiring problem much worse than it needs to be. This is
the problem we're trying to fix.

We believed that we could do so by building a better Linkedin profile that was
focused on your skills, rather than where you went to school, where you
worked, or who you knew. I still believe there's a need for something like
this. But to release it as a default public feature was not just a major
mistake, it was a betrayal. I'm ashamed and I'm sorry.

Triplebyte can’t function without the trust of the engineering community. Last
Friday I lost a big chunk of that trust. We’re now going to try to earn it
back. I’m not sure that’s fully possible, but we have to try. What I will do
now is slow down, take a step back, and learn the lessons I need to avoid
repeating this.

I understand that cancelling this feature does not undo the harm. It’s only
one necessary step. Please let me know any other concerns or questions that I
can answer (replies to this email go to me). I am sorry to all of you for
letting you down.

Sincerely,

-Ammon

~~~
dang
I'm going to inline this text into the top post so that everyone can read it.
(Edit: that's done, and I deleted "continued in comments" \- normally I'd ask
for permission first, but in this case it seemed better not to wait.)

You probably split the post up this way because the software told you the text
was too long. Tip for the future: you can get around that by clicking 'edit'
and adding the rest later. Don't tell anybody :)

~~~
wolfgang42
Would you mind also doing that thing where the comment is collapsed by
default? I spent way too long trying to figure out what was different about
this text compared to the email or the top post before I skipped down and saw
your explanaion.

~~~
dang
Ok, done.

~~~
wolfgang42
Thanks!

------
lisper
How did you manage to submit this? I tried to submit it myself about the same
time you did but got an error that the text could not be more than 2000
characters. How did you get past this limit?

~~~
dang
They originally put a prefix in the root text and the rest here:
[https://news.ycombinator.com/item?id=23303045](https://news.ycombinator.com/item?id=23303045).
I inlined it. You can get around the limit by using 'edit' after a post is up.

~~~
lisper
Heh, that'll teach me to try to follow the rules. All that karma, gone! Gone,
I tell you!!!!

;-)

------
loveJesus
Luke 17:4 and if he sins against you seven times in the day, and turns to you
seven times, saying, ‘I repent,’ you must forgive him.”

~~~
dang
Single-purpose accounts aren't allowed on HN, and the religious material is
off topic, so I'm afraid we've banned this account. Nothing against Jesus.

[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

------
Mandatum
It takes more than one person to design, approve and implement this feature.
Ammon is trying to take the heat for a decision made by multiple people.

Right now, Triplebyte on a resume doesn't tell me anything very positive.

Why hasn't their VP of Growth or the Product Manager of Growth said anything
on the subject?

People should be held to account. Working for a startup, it's easy to figure
out who's to blame for these terrible ideas.

~~~
dang
Sorry, but it's not ok to look up people based on their employer and drag them
into a thread like that. That's a trope of the online callout/shaming culture,
and we don't want HN to go that route.

[https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...](https://hn.algolia.com/?dateRange=all&page=0&prefix=true&query=by%3Adang%20shaming%20culture&sort=byDate&type=comment)

~~~
Mandatum
Sorry Dang, I did check the guidelines on this. If I remove the names and only
kept the titles, would that be acceptable for HN?

~~~
dang
I'm really not sure. If the spirit is still to shame them or demand that they
account for themselves, maybe not. If it's to make a more general point about
organizations, maybe. If you had just included the titles and not the names or
the links, I wouldn't have replied, so I guess the line is thereabouts.

It's true that the guidelines don't spell everything out, partly because that
would be impossible, partly because beyond a certain length no one would read
them, and partly because if they were written in a more legalistic or
formalistic way, people would take them as sort of a bitmask, everything in
the inverse of which must be ok. That's definitely not how things work here.
We want a spirit of the law, not a letter of the law kind of place. I guess
I've been saying this for a long time:
[https://news.ycombinator.com/item?id=7606756](https://news.ycombinator.com/item?id=7606756).

~~~
Mandatum
That's fair. Can the names in my post be redacted? It still shows up in DDG. I
tried to edit it earlier after your response, but I left it too late.

~~~
dang
I've reopened your comment for editing so you can modify it.

Edit: just to close the loop on this, the way you modified your comment does
actually seem fine to me, so this was a nice test case of probing where the
line actually should be. Thanks!

------
EGreg
Oh boy. Where do I begin?

 _Rather than safeguarding the fact that you are or were job searching, we
threatened exposure. Current employers might retaliate if they saw that you
were job searching. You did not expect that any personal information you’d
given us, in the context of a private, secure job search, would be used
publicly without your explicit consent. I sincerely apologize. It was my
failure._

How about we stop giving our data to third parties just so we can use their
software.

"The Cloud" is a corporate euphemism for "extreme centralization of data in
our servers".

And "Software as a Service" is even worse, because it basically says you are
RENTING the software, and trusting them to do "the right thing", including and
especially with your data.

This is insane. It's 2020. Why are we doing this? One reason: we don't have a
good open source alternative that can be hosted on many different places. Such
an alternative should actually be end-to-end encrypted, and the hosting should
be just redundant dumb boxes earning cryptocurrency for storing something.

 _So, what happened? How did I screw this up? I’ve been asking myself this
question a bunch over the past 48 hours._

What happened was the same thing that happened 17 years ago when Mark Z
laughed about the "dumb f$cks* who "trusted him" with their passwords. To
quote the excellent V for Vendetta speech:

 _How did this happen? Who 's to blame? Well certainly there are those more
responsible than others, and they will be held accountable, but again truth be
told, if you're looking for the guilty, you need only look into a mirror. I
know why you did it. I know you were afraid. Who wouldn't be? War, terror,
disease. There were a myriad of problems which conspired to corrupt your
reason and rob you of your common sense. Fear got the best of you, and in your
panic you turned to the now high chancellor, Adam Sutler. He promised you
order, he promised you peace, and all he demanded in return was your silent,
obedient consent._

Look, I'm biased. I have put my money where my mouth is and am building this
reality ([https://qbix.com/platform](https://qbix.com/platform) and
[https://intercoin.org](https://intercoin.org)). I have historically been
downvoted for even mentioning that I am doing tangible things to solve this
and give away the software. But I persist in doing so because it's better to
actually _build the alternative_ than talk about it endlessly. The Impossible
Burger will do more for veganism than decades of talk ever could.

If you want to join this effort, email greg at the domain qbix.com . But
whether you choose to support Mastodon, Matrix, IPFS, Dat, MaidSAFE or
whatever, realize that we need to move towards a future where infrastructure
is decoupled from power over your data. Your data should be encrypted and only
enough shared for indexing. It should be provable with verified claims and
zero-knowledge proofs, but only with your consent.

~~~
gbear605
TripleByte is literally the perfect example of a company that should be
centralized. They work because they have a reputation that companies can
trust. Trying to make it decentralized takes away any value that TripleByte
provides.

~~~
zebnyc
Given that interviewing is a skill unto itself which needs to be practiced,
what happens to candidates who need to take a few interviews before they start
hitting their stride. For me, I can see that using Triplebyte once the
candidate is "warmed up" makes sense.

If TripleByte was the only game in town then a new candidate would fail their
test and then it is game over. No more job search.

~~~
wolfgang42
I agree with your concerns about a monopoly, but just wanted to respond to
your point about needing to “warm up”: Triplebyte gives you a free practice
interview that doesn’t count (unless you ace it), and also lets you retry in a
few months if you fail the actual interview.

------
atemerev
Now, this is a good apology, compared to some other pieces of the genre I have
seen in my life. Looks believable.

------
weareconvo
Now apologize for spamming my inbox without an unsubscribe link.

------
Invictus0
Not a good look from all the pro-privacy folks here to redouble your criticism
after you got what you wanted. Assuming good faith is part of the HN
guidelines, so let's give Ammon benefit of the doubt here as well.

~~~
trianx
I agree - it's as good an apology as it gets. Let's honour this and react more
positively than had Triplebyte send a non-apology apology.

------
sockr8s
Why are you under such tremendous pressure? It is this a desperate move of a
company finally going out of business or a result of an extreme pressure from
the vc side?

Who has accessed the data already? Not only directly but indirectly as well?
Have you received any compensation or settled any transactions by exposing the
data?

~~~
colejohnson66
They didn’t expose any data. The feature wasn’t live yet.

~~~
sockr8s
"The new profiles will be launching publicly in 1 week" It means a preview was
already available in a limited way.

~~~
colejohnson66
No it doesn’t. It means they finished a feature and were making it live in a
week. Nowhere in that statement implies that there’s a limited beta.

~~~
sockr8s
Nowhere it implies there isn't.

~~~
colejohnson66
You’re moving the goal posts and asking me to prove a negative. Absent any
evidence that there was a limited beta, we can’t assume there was one.

