I am not a lawyer. This is not legal advice.
1. Hi, my name is John, I am contacting you on behalf of wojt_eu to confirm that he has been added to the "Cool New Project" as lead DEV.
2. Hi, it's me wojt_eu, I just wanted you to confirm that I've been added to the "Cool New Project" as lead DEV.
You can legally authorize someone to act on your behalf, in basically any Western Nation - although rules as to how this work will vary, but authorizing someone to impersonate you I don't believe would be made legal anywhere because impersonation is not just something one does on your behalf but also something one does to someone else. Both the person that acts on the impersonation as being real and the person being impersonated can be harmed by an impersonation, and therefore it is not adequate that the person being impersonated gives the impersonator the right to do so.
I think you're confused. Celebrities hire third parties to tweet for them all the time. That's essentially impersonation.
Then it's more like acting/broadcasting.
If you had an account on twitter and said you were The Real Steve Jobs and everyone believed you were the real steve jobs and not a joke then I would say yes that would be considered impersonation - at which point the context I left out of my answer, considering it a given because I thought it was quite apparent from the top of the thread was that laws against impersonation also have to identify in some way the harm the parties affected by the impersonation suffer.
In the original post a statute was linked to http://www.leginfo.ca.gov/cgi-bin/displaycode?section=pen&gr... ,this describes a number of ways harm can be incurred in the act of impersonation.
I was also not describing linguistic usage in telephone conversation, I was describing linguistic usage in email correspondence. I don't think a correspondence would exist with a structure similar to the conversation the blog post discusses.
It can certainly be that when a conversation or correspondence moves into the realm of impersonation should be determined by the court. I think in the case under discussion here it would determined to be impersonation, the question then becomes what the harm was.
Looking through the statute referenced http://www.leginfo.ca.gov/cgi-bin/displaycode?section=pen&gr... I don't think I can see a harm defined that matches what was done very well. I think the most relevant section is 530 and it does seem a stretch.
The problem here is that it was done without permission.
The OP is claiming that the impersonation without permission is a crime, and that it is impossible to waive the crime-ness of it through a contract.
> If an offence is criminal it can't be magically made OK
> by a contract.
Voting by proxy is not impersonation, you give someone the right to act (vote in this case) in your name. Thus, no criminal offense.
The other cases:
Assisted suicide is a criminal offense in many countries. For example (similar, but not the same), there has been some legal struggle over "Sterbehilfe" here in Germany which garnered quite some media attention.
Boxing – I might be mistaken, but perhaps "beating someone" is not a criminal offense as long as it is not against the other persons will?
All these things hinge on very subtle differences in wording. For example the terms might say: "AngelList reserves the right to send mails on your behalf" which grants them the right to send mails to third parties in your name, but I'd be surprised if law would allow them to state "AngelList reserves the right to claim your identity".
> you give someone the right to act (vote in this case) in
> your name. Thus, no criminal offense.
Assisted suicide is, yes. But my point is that we have separate legislation for it, implying that is required.
Boxing, again, that's my point.
Regarding identity specifically, what I imagine we're talking about here is an automated message much like LinkedIn's:
> Hi, I'd like to add you to my network! *
* Or whatever it is. Point being, it says "I"; not "Mr Ford".
The Gmail warning that "this message may not be from who it claims to be" never worked well, but I wish they'd make it work for cases like this.
It's too bad e-mail is so unverified and insecure. A smartphone app can be prevented from making calls or sending text messages from your number: all you have to do is deny it that permission. But there's no way to prevent a website that has your name and e-mail address from sending e-mails as you.
I can give my voting proxy or power of attorney to someone else, but it's pretty clear to anyone paying attention that's what's going on. If the email said "This is AngelList on behalf of J. Random Employee" that would be different than sending an email that had every appearance of being from the employee.
Even if this is allowed in their TOS, it's pretty underhanded if they buried something like that in boilerplate that they know nobody reads.
IANAL, but it's like having sex: it's perfectly okay if all participants are consenting adults, but without this important condition it's a felony.
From what I understand, the important part here is consent, and only lack of one makes it a criminal offense. I.e. the act of impersonating isn't a crime (on its own) - the act of doing so without consent is. Well, to be certain, I guess one should take penal code of the jurisdiction in question, find the article and check the exact wording used.
You will find that in each of your examples that there is a particular statute legalizing that activity in a particular state.
I repeat that I am not a lawyer so if this is important to you then hire a lawyer in your local jurisdiction to advise you, don't listen to random people on the internet.
In principle it sounds similar. The details do matter though. Did they provide reasonable explanation of what they were doing? Did they attempt to do this in secret? Did they misrepresent anything? Are they any laws saying a person cannot sign away liability for things like this?
Most tax preparers are liable for their own mistakes, but not for omitting anything you didn't tell them.
For instance, civil forfeiture, wherein property can be taken from a person who has not been proven guilty of a crime in a fair trial, is widely rejected by the public, even when the opinion poll uses the most biased questions possible. (i.e. Should drug dealers be allowed to keep the profits from their crimes if they escape conviction and punishment on a technicality?)
Also, a jury verdict is little more than an aggregated bunch of layman opinions.
The opinion of the general public is that software should not have bugs in it. Also, it should be gratis and always keep up with the latest GUI and HID fashion trends. As a software professional, I often do additional work to meet those public expectations, even if it has no technical merit. That's because the opinion of the customer matters, when they are employing the experts to work on their behalf.
The entire point of a contract is to get permission to do something that otherwise is not allowed.
We can agree in a contract to sell you my daughter's virginity, but that does not mean you can actually buy it.
Terms and conditions and even contracts are often inadmissible. Just because you signed something, doesn't mean it's valid. Being handcuffed to a contract happens only in the movies,
I am not a lawyer.
"...any person who knowingly AND WITHOUT CONSENT credibly impersonates another actual person..."
To illustrate why this is the case, we can look at an extreme example: a contract to have someone murdered. Would a court enforce that? Of course not.
If impersonating someone is a criminal offense in a particular jurisdiction, then -- assuming that jurisdiction has a sane criminal code -- there is no way to make it legal through a contract.
Edit: there are good reasons why this is in place, the most relevant of which is that it provides protection against abuses. Otherwise, we'd have things like employers that would still be at liberty to use lashing and beating as disciplinary action against employees who don't really have a choice about signing a contract or not.
A contract can establish consent.
E.g. if I go into your house without permission and take stuff, then it is theft. If I have a contract saying that I have permission to go into your house and take stuff, then it is not.
I have not contracted my away from something illegal. The contract has established consent, which meant the criteria that otherwise would have made my actions criminal are not fulfilled.
> If impersonating someone is a criminal offense in a particular jurisdiction, then -- assuming that jurisdiction has a sane criminal code -- there is no way to make it legal through a contract.
That depends whether or not the criteria that needs to be met for it to be a crime requires lack of consent. If it requires lack of consent, then a contract can document that the consent has been given.
All jurisdictions I'm aware of (not a lawyer) have the concept of agents that may act on your behalf with consent. To what extent such agents can act using your name (with consent) vs. using their own name but on your behalf, varies greatly.
E.g. some places your agents (say a PA) will sign letters "[agents name] for and on behalf of [your name]" or similar, while other places they will use a signature stamp with your signature, or do "p.p. [their signature] [your printed name]" (the p.p. stands for "per procurationem"). Many other variations are in use, and how obvious signs there are that a document was not personally signed by the person the letter is from varies greatly.
> All jurisdictions I'm aware of (not a lawyer) have the concept of agents that may act on your behalf with consent. To what extent such agents can act using your name (with consent) vs. using their own name but on your behalf, varies greatly.
They do, but things are not as simple as "can act on your behalf with consent". Around here, for instance (but I'm in Europe), they can only act on your behalf if:
a) You have explicitly given them consent to act on your behalf in that specific situation (i.e. you told them "you can go to the bank on this date and cash in this much in my name"), or if you have explicitly given them consent to act on your behalf with that particular party and for a specified period of time (i.e. you can go to this bank and do anything in my name for this period of time), and
b) The contract that states this has been validated by a notary and recorded by authorities, and
c) The party that they are acting on your behalf with knows about this, has been explicitly informed that they are acting on your behalf, and agrees to work with them under these conditions.
If they fail to do any of these, it's flat-out illegal. I think this is covered under civil law here, though, so it can be voided by a contract -- but the idea is that consent is not as trivial as signing a sheet of paper that says yeah, do whatever you want. It's bound by specific terms, too, the breach of which makes the whole thing illegal, even if on the whole the operation was consensual (i.e. if an agent, with my consent, goes to the bank to cash in a deposit, but does not explicitly inform the cashier that they are acting on my behalf so that they record the transaction accordingly (i.e. done by X on behalf of NotALaser), he's breaking the law).
(Edit: or, to make it clearer: he can represent me, but he cannot claim he's me. He has to explicitly inform the other party that he's acting on my behalf, declare his identity and present the proper authorization etc.)
Yes, I pointed that out.
> They do, but things are not as simple as "can act on your behalf with consent"
I believe that was exactly the point I was making.
> Around here, for instance (but I'm in Europe), they can only act on your behalf if:
While I'm sure you're right for your location, "Europe" encompasses not only ~50 distinct legal systems, but also half a dozen or so distinct legal traditions (with e.g. Common law, Germanic law, Napoleonic law and Roman law as the biggest traditions), which is one of the reasons I specifically pointed out that it varies greatly how clear one has to be about whether or not something is signed by an agent.
Worldwide it gets even more complicated.
To be very clear: I agree that some places the agent will need to specifically sign and state their own name and specify they are acting as an agent. Exactly in line with the examples I gave, a couple of which are from Europe.
In others they can stamp or use a machine to "fake" the name of the person they are acting on behalf of -- as long as they have that persons consent to do so.
In the US we have perhaps one of the most famous examples of the latter: The office of the US President frequently uses an Autopen  to sign documents on behalf of the president, such as autographs or letters to constituents. The purpose of it is to duplicate the signature precisely, making actual pen strokes in order to make the signature seem more authentic than e.g. the use of a stamp or seal.
But US presidents have used it for much more important things than letters and autographs, including several times that Obama has had staffers use an Autopen to sign laws on his behalf.
Of course. I mentioned I'm in Europe just to ensure that it's clear I'm not referring to any law that apply in the US, as this is what HN is most familiar with. Europe is, indeed, very diverse when it comes to law.
I'm sorry, but: no. "In most places in the civilised world" there are these guys called hairdressers and they could routinely - technically - be charged with committing assault causing bodily harm. It's a pretty clear cut (sorry) case that gets trotted out in most any first year criminal law class. The reason they aren't charged is simple: you consent to that bodily harm being inflicted upon you. There are variously defined limits to your ability to consent, especially with regard to duress or excessive harm, but your reasoning is otherwise completely incorrect.
Normally, I can't take your stuff or enter your property, but if you make a contract granting me the right to take (specific things among) your stuff or enter your property in specific cases, that's enforceable.
Can you similarly sign away your right not to be murdered similarly? To be impersonated? Maybe not, but it depends on the circumstances, and isn't simply a matter of "that's illegal so you can't sign it away".
The point here is that you either _can_ contract your way out, or (what I suspect is the case) there re exclusions in the law were relevant.
Either way, it suggests this might not be illegal if covered by something blindly tick-boxed.
> What about boxing, martial arts sparring, fencing
Consent only works up to a point. I cannot consent to you stabbing me or beating me into a bloody pulp.
It's worth noting that bare knuckle boxing is illegal in the UK, and you can't just sign a document to do it.
> assisted suicide
Assisted suicide is illegal in the UK. It does not matter if the patient signs a contract to say it's OK, it's still illegal.
Is Facebook usage of their user's profile pic for advertisement purpose a false impersonation too ? (I don't know if it's still in practice or if it was ever implemented)
This is similar to agreements you might sign with an employer, photographer or other third party so they can use your photo in an ad or as part of marketing material. And from what I understand (IANAL) the requirements vary from state to state in the US and obviously outside the US. Although there are blanket terms that cover it from what I have seen.
BTW -- Anytime you have professional photos done, this is something you should always look for and make sure you are comfortable with the terms they lay out in their "Agreement". Many have boiler plate in their agreements that states they can use your likeness without paying you for it and without prior written consent. I just went through this when looking for a professional photographer when we had some family photos done as I don't want anyone using images of my family or kids.
I’m Dave and I work at AngelList on our Talent platform. Please accept our sincere apologies for what happened here.
Sending an email without giving you a heads-up or control over its content was wrong. Here’s what we’re doing to fix it:
* We’ve made it clearer that tagging a company on a project may notify them by email.
* We’ve revised the project tagging email to clarify that it’s automatically generated by AngelList.
* We’re looking through all emails we send on behalf of our users to make sure that a) it’s clear when an action may generate an email notification, and b) any automatically generated notifications come directly from AngelList.
As long as you keep your profile up-to-date by tagging your current and previous employers, we won't show them you’re looking for a job— they won’t see your name or resume appear when using our recruiting tools.
Again, please accept our apologies. We’re working to make this better. Please let me know if you have any further questions or concerns -- firstname.lastname@example.org.
I understand some companies are not large enough to have a dedicated privacy professional, but as someone who knows quite a bit about it, it's really frustrating when the response to something like this is "whoops! here are the steps we are taking to correct this".
But this is more than a one time bug to be quashed. IMHO all companies (even small startups) should endeavor to move beyond reactive solutions like this, and put processes and controls in place so that these incidents never happen to begin with.
If you or anyone reading this is on the fence, think of it as marketing. Marketing in the sense of providing a quality product that fulfills a need, and makes other people want to buy your product because it's solid and good.
Are you guys trying to sends us all back to LinkedIn?
Any kind of notification is a dead give away you're looking for another job.
I guess this goes to show that AngelList is all about the "Angels" and gives no f*cks about the talent.
Shameful and sad. Time to kiss AngelList goodbye.
I had such high hopes for you. Sigh...back to face to face networking.
I wonder if they're seeing a higher number? Or maybe my upvotes aren't doing anything? (Except I just upvoted you, and that seemed to increase your karma.)
Also, I just upvoted you, and your karma didn't change (stayed at 35897.) Interesting stuff.
The correct answer was
> The interface now yells loudly when a change would notify anyone but yourself, with the option not to send that notification.
When doing a thing spams other people, we stop doing the thing.
If this isn't changed... bye-bye AngelList account.
Why the heck does AngelList think this is a good idea? If the choice is between (a) not using AngelList, and (b) having an uncomfortable conversation with my bosses about an e-mail they received, then sorry, I'm going with (a).
We’ve made more changes:
1) We stopped using the first-person on all emails. We wrote that first-person notification literally 5 years ago when we had a few thousand users, and we never re-visited it. It was pretty stupid. Now they all clearly come from AngelList.
2) We won’t send notifications to companies when you add them to a project. We used to because the project shows up on the company profile too. But it’s not what people expect, so we stopped, and we stopped showing the projects on company profiles too.
1. (a) AngelList sent out email on [my] (not me) behalf by surprise.
1. (b) AngelList sent out email on [my] behalf as a result of something [I] did on their site.
2. AngelList sent out email that appeared to have been written by [me].
3. AngelList notified [my] employer that [I]'d updated my resume. (The headline complaint, in fact!)
This response addresses (1a) and (2), and it's understandable that you might not want to swear off (1b) entirely (although it does seem to be a source of resentment).
You've completely failed to respond to (3), though, which I find surprising because it was the headline complaint. Adding projects to your resume is sine-qua-non functionality on a job hunting site; pretending that you're not job hunting is more or less required by office decorum. Does AngelList provide a way of listing projects you've done at your current company without notifying your boss that you're looking to leave? It's nice that you don't show candidates on AngelList to employers who are already employing them, but without the ability to update your resume you don't have much.
When people join a company, that is the last time that most of us think about updating our profile so that we will be ready to leave. When people leave a company, we realize that we have to and do it. And everyone around us knows what that means because that is what they do as well.
You therefore need to create a way to distinguish between verified and unverified positions. And default to making the current job unverified exactly because of this problem.
> Their support is absolutely non-existent. I heard nothing back from them whatsoever, after sending several emails.
I sent several more emails, because the longer I tried to get my profile the way I wanted it, the more diverse glitches I encountered.
Here is a run-down:
1) Added a company I used to work for. Went to the company's page, and looked at the Jobs section. Saw a button that said "[checkbox] Sent" in a context that meant that AngelList had sent a job application to my former employer on my behalf. In retrospect, it's even worse than I realized at the time: I now know that the email headers claimed it came directly from me, and the text was written in the first person. There was no way to delete a job application, or list all job applications that AngleList randomly decided to send on my behalf.
2) Entering jobs is very difficult and clumsy. Imported jobs from my Facebook history. Only some of them showed up.
3) The ordering of the jobs I imported was random, not sorted by date.
4) I attempted to re-order the jobs myself. I was totally baffled why some of them show up in the large sections at the top, but many others are listed below in a paragraph with just their names. How can I control which jobs appear as larger sections, instead of as a list of names?
5) I entered another job and it appeared at the top of the page, and I went into reorder mode, and I was not able to drag it up or down — it was pinned to the top of the list. And afterwards it actually disappeared from the list!
6) And the first time I was entering jobs it did not allow me to enter a description, but now it is asking for a description, and I don’t know why it suddenly changed.
7) It's impossible to enter the same company name twice. I worked for Sun Microsystems as an intern, and later I was employed full time. I worked for EA full time, and later worked as a contractor. Those should be listed as separate jobs, during separate times. LinkedIn certainly supports that.
8) How do I represent being hired by one company, that's then bought by another company (like EA bought Maxis)? Or that spins off another company (like Sun Microsystem split off SunSoft). This kind of stuff happens all the time in the industry, so it should not be impossible to describe.
9) The triangular "EXIT" corner on company description boxes renders incorrectly, with scrambled text. This is not rocket science. I included a screen dump of the error and Chrome debugger DOM tree to show what was wrong.
10) But the larger problem from a user interface design perspective is that it's terrible to use a call to action verb like "EXIT" in what looks like an orange triangular "EXIT" sign, which falsely affords clicking on it to exit the page.
11) What is so important about a company "exiting" that it deserves such a prominent raggedy orange dog-ear "EXIT" sign on the company listing? What's important is what I did at that company, not the incidental fact that it was bought by another company. That's just buzzword bingo fetishism. Do they hand out green "PIVOT" tags and red "BANKRUPT" tags too?
12) I am listed as both "Employee" and "Past Employee" of one of my former employers. I don't have any control over that, apparently.
I encountered even more problems I didn't have time to write up, but obviously after spending so much time trying to work around those problems, then writing them up, sending them into email@example.com, then waiting more than a year for a reply, I have not wasted any more time on my AngelList profile, even though I had to leave it in an incorrect, embarrassing state.
I probably should have deleted my AngelList account a long time ago, after not receiving a reply within a week or so. Perhaps some of these problems are already solved, after more than a year since I reported them. And perhaps some of the privacy problems will finally be solved now that many other people have announced they deleted their accounts.
My partner asked me to enter the information more than a year ago, because he was raising money and he assumed investors would want to look at that site. So I put a lot of time and effort into trying to get it right, but was unsuccessful, and left it hanging for more than a year. But now he is afraid that the old boys network will be annoyed because I posted about the problems I had with the AngelList web site. So I sincerely apologize if I've inadvertently offended anyone, because all I wanted to do was to have some control over the information that AngelList was publishing about me and the email that they were sending on my behalf.
I won't go into the merits, or lack of them re: the overall method of handling this issue. Others are covering this well.
> We’ve made it clearer that tagging a company on a project may notify them by email.
This is not good. If your users tag a company and you are planning to "maybe notify that company of activity on your profile" that still shows negative ambiguity, (a) just don't do this, or if you must (b) specifically ask your user to opt in on this activity notification, and state exactly what you will share.
Of course, this quickly enumerates into a list of things the majority of people would opt out of at, so that should be a clue that you are trying to add features to your product, that none of your users want.
And then why didn't you respond to any of my subsequent emails with detailed descriptions and screen snapshots of other problems I encountered?
Is it not enough for one user to report a privacy problem, so you decided not to acknowledge my report, but to wait more than a year until it became a huge public issue that caused hundreds of people to delete their accounts?
Well, your lack of response to my and everyone else's questions certainly confirms my impression about AngelList, and says a lot more than your non-apology apology did.
I gave you more than a fair chance to respond, provided you the date and time of my unanswered message from more than a year ago, and even gave you a second chance in case you deleted my year-old email, by sinking even more of my time into summarizing the problems I originally reported to you, and posting them here for you to read again. 
But still: no response from you, as more and more people continue to announce they're deleting their AngelList accounts.
You're asleep at the wheel, the lights are on, but nobody's home. If your attention has wandered on to other things, and you no longer have any interest in maintaining your web site or responding to your users for over a year, then you really should shut it down gracefully, and save everyone from wasting their time and having their privacy unexpectedly violated. Old unmaintained web sites running on auto-pilot that collect sensitive private information from their users (and automatically forge first-person email pretending to be from their users in order to virally promote themselves) are a dangerous security threat, which should be shut down for the safety of the internet.
You went with an immoral strategy to grow your business and that now it has finally hit you in the face on a very visible website you are here to be all apologetics. It's the "easier to ask for forgiveness rather than permission" strategy and it is deliberate thus I must conclude that your apology is insincere and is only an attempt at limiting the backlash against you.
If he didn't take the time to respond and explain things, you might have a point. But this seems like a knee-jerk reaction that doesn't fit the response that was given by Dave.
I think his point was that this is a non-apology in his eyes because it doesn't say "were going to stop this practice, but rather just make it clearer to users what they will do.
In other words, the apology is for the grievance of stabbing you in the back, so now were going to stab you to your face.
Note, I don't share this concern but I certainly get where he is coming from... The semantic argument he made was just a manifestation of the frustration of what he considers a non-apology.
they're going to put gray text in 4 point font at the bottom of the page saying they're gonna email your ceo. Cool? Cool...
That person, however, was a Chinese high school student, not a native speaker of English. What's your excuse?
This is not correct. They are the same speech act, at a higher level of formality.
You can easily offend people by treating them more casually than they feel is warranted. A nonnative speaker who has been taught that English apologies come in the form "I'm sorry" is perfectly justified (though mistaken) in insisting on that form; scott_s just has a chip on his shoulder.
"Please accept my apologies" is me telling you what to do: take what I'm giving you.
I can easily give you my apologies without being remotely sorry. Sorrow is a feeling, but apology is a statement.
But it's still up to you to decide if you want to take the apologies I want to give to you, or disregard my polite command that you should.
Hi [My Name],
I'm building an AngelList profile for [our company] and need your help.
Can you do me a favor and confirm that you're a team member by clicking here:
To prove that you're the real [My Name] you will be asked to create an account if you don't already have one.
This is important to us; confirming that you're a team member will help us build our profile.
P.S. If you would like to visit our profile first, go here: https://angel.co/[our company]
I can understand why they do it, but it seems like a very hill-climby optimization.
This was basically my first interaction with them and it engendered a lack of trust in their product.
I filled out the minimum amount of info in my account and don't intend to use them much going forward, mainly given how creepy I found this interaction.
Or are they actually forging it? (and somehow not getting put into spam due to SPF/DKIM failing)
From: [CEO Name] <firstname.lastname@example.org>
Reply-To: [CEO Name] <ceo's email address>
On a related note, I try to avoid applying to jobs through AngelList. I'll usually go directly to the company website itself and apply.
From applicant perspective: as soon as you apply for a job through AngelList, everyone who ever works at that company (now and future) can trivially find you and decide your fate.
This is really uncomfortable from the company's perspective too. I could just as easily have been an employee who isn't expected to recruit / shouldn't be making first contact with candidates / shouldn't be able to touch job listings.
Though overall AngelList seem like a site that's focused on helping startups (and investors), and unlike most sites, they don't even charge for their job listings.
Ultimately it's a social network with accounts for orgs and people - it's no surprise that people are getting _some_ notification, but the impersonation is a little discomforting. It would be totally find if they just showed it as a template and said "hey, we're about to send this, okay?"
So happy that I'm not the only one who was extremely surprised and upset about Angel List's impersonation tactics.
In my experience, 100% of the people who received this impersonation email that angel.co sent, thought it was written by me. If the system wants to send a message on my behalf, it must AT LEAST show me what would be sent with my signature on it, and allow me to confirm or cancel any email that's signed with my full name before it's sent. Angel List is sending out emails with your signature and other impersonation tricks, totally behind your back.
I've had people impersonate emails from me in the past as well. Even if the emails aren't offensive, just the idea that someone else now thinks they have my permission to send whatever they want to, while impersonating me behind my back makes me feel extremely uneasy.
Here's the impersonation email they send to cofounders when they're added to a profile. As you can see, signing the email with the user's full name, as if the user had written the letter, is a clear impersonation that the user never consents to.
FROM: <MY_FULL_NAME> <email@example.com>
I'm building an AngelList profile for <PROJECT_NAME> and need your help.
Can you do me a favor and confirm that you're a founder by clicking here:
This is important to us; confirming that you're a founder will help us build our profile.
P.S. If you would like to visit our profile first, go here: https://angel.co/<PROJECT_NAME>
From: <MY_FULL_NAME> <firstname.lastname@example.org>
Reply-To: <MY_FULL_NAME> <MY_EMAIL@gmail.com>
1. Click your profile picture on the top right corner
2. Click settings in the dropdown.
3. Click Delete account
The problem, in this case, is that the company might notify your employer that you're making those changes. Not sure what I'd do in this case. It might be worth creating some dummy accounts to see what actions actually trigger notifications.
From: YOUR_NAME <email@example.com>
Reply-To: YOUR_NAME <YOUR_EMAIL@gmail.com>
I had a similar experience with F6S sending emails in my name so I know how uncomfortable it feels.
This is a shame and hopefully just a one-off error.
(Posting at top-level in case people miss it as a reply)
Everyone should put down their pitchforks till we get more information. This is something HN REALLY needs to work on imo.
From: Oliver Sisson <firstname.lastname@example.org>
Date: March 20, 2016 at 10:02:25 AM PDT
Subject: [recruiting] I created a project for Coursera, could you confirm?
Reply-To: Oliver Sisson <email@example.com>
I created a project for Coursera:
[Project description redacted]
Could you please confirm the project, by following this link:
The person puts an order for $100,000 in Dogecoin on the exchange, and you'd like more information before you process it in case its fraudulent. So you call up their bank and pretend to be them, using all the information they've given you to bypass their security questions. Then you ask the representative to have a year's worth of statements sent to you via email. Bank of America will mail them to you for free.
This seems like it should be fraud, even though they didn't steal any money.
There's a couple differences:
* They used a email to trick the target rather than the telephone. Telephone has a history of regulations associated with it.
* They're tricking your employer rather than your bank. Regulations surrounding banks are tighter, so this might only be fraud if it deals with a bank.
* They may have used fewer documents when authenticating themselves. For example, they probably don't have your government id, so they likely only sent publicly available information when identifying themselves.
* They may have used an automated system to send the email rather than having someone manually craft it. I don't think this matters, except to make it a little harder to establish intent.
* They're not using this to gain new information, but rather to validate information already given. So no theft of company secrets, unless they ask for more details in the email.
* AngelList is based in California, so depending on where OP or his previous employer were, it might not cross state lines and so could be immune to federal law.
* It's unclear to me what exactly the contents of these emails are. Are they basically like LinkedIn spam, clearly identifiable as such? Or is someone crafting emails by hand and pretending to have a conversation with the manager to get details about the project? Imagine saying you worked at Valve on a secret game, so they called up your manager pretending to be you and ended up getting the release date for Half Life 3. That's fraud.
* It's unclear how they pretended to be the OP. Did they just forge the from: header on the email? Did they log into his gmail account and send an email authenticated from Google's servers? The latter would escalate the crime.
To answer your question, I was mainly thinking identity theft and that they'd fine the AngelList LLC. Exactly which of these differences matters I'm unsure about.
I don't think anyone would seriously care too much about it even if it were illegal though. The worst that would happen would be them being told to stop if enough people complained. It'd be worse if they were doing it to investors.
Their web site certainly claims they are, but I've never heard anything back from my repeated emails to firstname.lastname@example.org, and I don't see them posting anything here. Even Sourceforge has better community outreach and reputation management. How is that not irony?
It's dishonest of you to insinuate otherwise.
Do you also think I'm being dishonest to insinuate that they ignored my repeated emails to email@example.com reporting the problems I encountered?
This is related to a much less bad (but still kinda bad) thing that companies often do, namely sending smarmbot emails: http://blog.beeminder.com/smarmbot
You could call what Angel List sent "nonconsensual smarmbot emails".
"John Fraser has just added you as an employer, can you confirm? -Linkedin"
"I'd like to add you as an employer on linkedin, can you confirm! -John Fraser"
They send these emails from firstname.lastname@example.org but the name and content definitely gives the impression it came from someone else.
I just started pointing to groups at bars when the bartender asks me if I want to start a tab. It's done wonders for my personal finances! /s
They were steadily becoming THE place for listing your startup and get seen by investors, but then this happened.
I wonder if we will see a trickle down and this gets reported on those popular SV tech sites.
May just be a bump in the road though.
Kudos to the person recommending filling your profile with dummy data before deleting your account. Then again, every company and their dog is doing "big data", so your real info is probably trapped in an AWS server until the end of time.
I had not previously heard of AngelList but I am grateful that this declaration appeared early in these comments as I can now stop reading, knowing with full confidence that AngelList is an organization that I will never, Ever, EVER do any kind of business with. OMFG...
Major features were totally broken. Many things about the design were devoid of thought and just haphazardly thrown together, as if I was using a mock-up that was nowhere near ready for prime time. Obviously whoever implemented it and runs it had no intention of using it themselves, and puts no time into maintaining the site or supporting the "customers" (who are actually the product). The only "design" apparent was in the most shallow surface details and of the least meaningful kind.
Their support is absolutely non-existent. I heard nothing back from them whatsoever, after sending several emails. Lights are on but nobody's home. It has the feel of yet another ghost town scam web site run by a sociopathic all-talk-no-chops frat boy "idea man" who long ago went on to something else after pissing off and driving away all their developers who worked for free on the promise of equity, and is now letting it run on autopilot. Too many self described "Serial Hacktrepeneurs", not enough programmers.
Because I encountered so many problems that I have no control over but should, it's an embarrassment to be listed with so many glitches that I am unable to work around, which cause investors to see my profile in such a haphazard state. Their carelessness makes it look like I'm the one who's careless.
I hope Silicon Valley does an episode parodying AngelList, or at least somebody writes some fanfic about it. 
HN is an experiment in avoiding some of the factors that have brought down internet discussion forums in the past. We depend on users for that, so please use your formidable flamewar powers for good.
My intention was to make a last ditch effort to get some much needed customer support, before giving up and deleting my account. But even though Dave from AngelList has finally replied to this discussion, he still hasn't replied to any of my email or postings, or acknowledged and addressed the problems I encountered and reported to him more than a year ago.
I've already sunk a lot of time and energy into unsuccessfully trying to get my AngelList profile into an acceptable state, and I also went the extra mile to describe and illustrate many of the numerous problems I had in detail, and report them to email@example.com.
I have been waiting for a response before sinking any more time into it, and more than a year has passed with no reply. So I took this discussion as an opportunity to try to get an acknowledgement from somebody at AngelList, but so far to no avail.
To prove my good intentions, and give them a chance to fix the problems so I can salvage my profile instead of deleting it, I've just sunk even more time into summarizing the details of the emails I sent to firstname.lastname@example.org in another message below, because apparently my emails to email@example.com never seem to get through to anyone who's paying attention.
I've told Dave the date and time of the first message I sent, 29 January 2015 at 11:09 CET, so he can check his support email archives, and see all the problem reports with screen snapshots that I sent him more than a year ago. But so far, I've seen no response from him.
If Dave continues to ignore the issues that I and other people have raised, that just further reinforces my impression that the lights are on but nobody's home, and that I'm just the product, not the customer.
I also get an email from an AL engineer now and again asking if things are working. Not sure they are getting my responses, because they should have asked more questions given what I replied.
AL itself also interviewed me once, and they sent a socially incompetent guy who couldn't listen properly without reverting to a script. I would answer a question and the guy would literally ask the same thing again, as if he hadn't heard me.
Also, if you hate them so much but seem to have some sort of reliance on their service, why not take yourself off the site and make a competing product?
A counter-argument in the form of "if you criticize something, make something better" is just really weak.
I spent quite some time trying to work around the glitches, which I was helpless to do anything about. So then I spent some more time writing up a detailed problem report including screen snapshots of Chrome debugger traces showing where some of the problems were. When I didn't hear back from them, I put even more time into trying to work around the glitches, and found even more, different glitches. So then I spent even more time writing up those problems in detail and sending them in. Then I continued to wait for a reply. And waited. And waited. And so far I have never received any acknowledgement of any of my problem reports. And none of the problems have been fixed. I have much better things to do with my time than to help AngelList debug their web site, and wait for a response before finishing my profile. Now my profile is still in a half-finished inconsistent state, because I went on to more important tasks, and have never heard back from them since then.
The first problem I reported was related to inappropriate unsolicited email that Angel List sent to my former employer on my behalf without my consent, applying for a job at a company I used to work for, presumably with forged headers and first-person pronouns making it seem like it came directly from me:
I added an entry for a company I worked for, XXX, and when looking at that page, I was surprised to see a button that said “[checkbox] Sent” in their Jobs section. I did not mean apply for a job there, and I do not remember doing anything that expressed my intention to apply there — I used to work there, but I’m working somewhere else now. There does not seem to be any way to list all of the jobs that I have applied for (or that AngelList applied for on my behalf without telling me), or DELETE any applications that I may have mistakenly made. Can you please remove my application for a job at the company I used to work at, XXX, or explain to me how I can do that myself.
How am I supposed to fix the problem myself, without access to their source code and servers and databases? Don't you think the ball is in their court to reply to my bug reports, after I've spent so much time unsuccessfully trying to work around it myself and writing up and sending in bug reports?
Or are you suggesting I start my own web site from scratch to compete with AngelList, instead of spending my time reporting problems that I have with AngelList to their team who ignores me, or even spending my time on my real job that I'm trying to describe on AngelList?
Was I wrong to spend so much time trying to work around the problem and writing up bug reports, when I should have instead spent my time watching a Ruby on Rails in 10 Minutes screencast, developing my own competing web site, deploying all the infrastructure required to publish it, hiring people to maintain it, getting the money together to run it, and renting office space? Should I use AngelList to get funding for that, in spite of all its flaws? Or are you offering to fund my AngelList competitor yourself?
We detached this subthread from https://news.ycombinator.com/item?id=11329246 and marked it off-topic.
It's a little worrying that people will be upset by something that didn't happen to them and throw it all away without a second thought.
There was an op-Ed in the New York Times the other day about a former UN bureaucrat saying the UN is broken and needs reform, and the astounding reader reaction was essentially to burn it down and start fresh.
I don't think many programmers here would seriously advocate the same approach with large systems.
What works at a startup often can't work at a big company. Or a university. Or a government. You have to work with the system you have. For those that leave angellist without a second thought, what are your alternatives? LinkedIn?
How would they confirm if you are lying or Telling the truth? I believe the only wah would be to confirm from the organization owner. Or else, ANYONE can claim to have done any project.
I believe they do the same verification (it's simple verification) for roles in an organization.e.g Adviser, Co founder, Investor etc. And the verification is the other way too. If an employer adds you as an employee, you are to verify it too.
I struggle to find what the issue is. Perhaps they should have told you they were going to verify your project?
Animats / John, when you invite your friend on a social network and they send a message on your behalf, is that criminal too? Remember, OP(Oliver) took an action by claiming he did a project in an organization. It could have been true or false.
Don Hopkins, take a deep breath man. You can pass a message without being mean. Except that's the intention for a reason not stated here. In that case, it's all good.
If it wasn't clear already, this sort of move shows exactly who AngelList is serving. After all, as you said, how will the employer, in their contractual fantasies, ever be able to confirm that a potential interviewee is telling the truth?
If you add yourself to an open site, your employer will see it. It is indexed on Google. It shows up when you search the site for the organization.
Are you saying as an owner of an organization, you are happy for anyone to claim to be an employee and to have done any project at your company without you knowing?
Should I be able to claim I did the Dropbox AWS migration without the folks at Dropbox getting notified I am making the claim?
It would be bizarre for an employer to fire an employee for stating (s)he works at the company and did a project.
But what do I know.
>>> Perhaps they should have told you they were going to verify your project?
That would a huge difference and that's why the frustration - it's not something expected.
Remember, the person in question had to chose they were in the said organization and did a certain project.
Anyway, asking Angelist to show any claim will be confirmed is not asking for too much. However, it is not such a scandal as OP makes it out to be.
It's not disallowed, it's just not good. You might not pay attention when your employees are looking for other jobs, but most business owners do, and react rather negatively to it.
> it is not such a scandal as OP makes it out to be
OP posted a one-line "Tell HN" comment, you're actually the one calling it a scandal.
You are right re: the second part. I projected the "WHAT A SCANDAL??!!" comment thread to the OP.
As an aside though. Is there something wring for an employer to know ahead of time if their employee is planning to leave? Of course if an employee updating their profile gets you panicked, then you are not doing something right.
So I am speaking of non paranoid situations.
So in the ideal world, there's nothing wrong.
However, we don't live in such a world, unfortunately, and should adjust accordingly.
There are many small companies that would struggle horribly if one of the key employees would leave, and eventually they will. Also, some employers expect loyalty and treat it very personally if they know that someone's is definitely looking to jump the ship.
It's right, I agree, but that's how it is usually.