Hacker News new | comments | show | ask | jobs | submit login
Tell HN: AngelList told my employer that I'd updated my profile
958 points by oliversisson on Mar 21, 2016 | hide | past | web | favorite | 224 comments
I recently updated my AngelList profile and they emailed my employer, pretending to be me, to "confirm" the project I'd added. How can they think this is a good idea?



This might be "false personation" under California law. See California penal code 529.[1] This is slightly different from identity theft. It's a criminal offense. The key elements of this offense are that someone else impersonated you in some way, and they derived some benefit from doing so. Because this is a criminal offense, AngelList's TOS's arbitration clause does not apply. You can file a police report with the SFPD. If several people do that, something might be done about it.

[1] http://www.leginfo.ca.gov/cgi-bin/displaycode?section=pen&gr...


Unless you have authorized them to do this under the Terms and Conditions of course.....


No! If an offence is criminal it can't be magically made OK by a contract.

I am not a lawyer. This is not legal advice.


Wouldn't it make it impossible under California law to have an agent that impersonate me? Have them tweet from my account, reply to emails in my name etc.


These are two different things:

1. Hi, my name is John, I am contacting you on behalf of wojt_eu to confirm that he has been added to the "Cool New Project" as lead DEV.

2. Hi, it's me wojt_eu, I just wanted you to confirm that I've been added to the "Cool New Project" as lead DEV.

You can legally authorize someone to act on your behalf, in basically any Western Nation - although rules as to how this work will vary, but authorizing someone to impersonate you I don't believe would be made legal anywhere because impersonation is not just something one does on your behalf but also something one does to someone else. Both the person that acts on the impersonation as being real and the person being impersonated can be harmed by an impersonation, and therefore it is not adequate that the person being impersonated gives the impersonator the right to do so.


> authorizing someone to impersonate you I don't believe would be made legal anywhere

I think you're confused. Celebrities hire third parties to tweet for them all the time. That's essentially impersonation.


well, no, I guess in a non-legal context it might be considered impersonation but if you gave me that example and asked me would you consider that impersonating someone I would say uh, no, not if you were hired by that person.

Then it's more like acting/broadcasting.

If you had an account on twitter and said you were The Real Steve Jobs and everyone believed you were the real steve jobs and not a joke then I would say yes that would be considered impersonation - at which point the context I left out of my answer, considering it a given because I thought it was quite apparent from the top of the thread was that laws against impersonation also have to identify in some way the harm the parties affected by the impersonation suffer.

In the original post a statute was linked to http://www.leginfo.ca.gov/cgi-bin/displaycode?section=pen&gr... ,this describes a number of ways harm can be incurred in the act of impersonation.


You are not describing the facts on the ground.

http://semanticcompositions.typepad.com/index/2004/03/flexib...


no, I was very much describing the facts on the ground, I was not describing highly abstract semantic analysis that doesn't relate to legal usages.

I was also not describing linguistic usage in telephone conversation, I was describing linguistic usage in email correspondence. I don't think a correspondence would exist with a structure similar to the conversation the blog post discusses.

It can certainly be that when a conversation or correspondence moves into the realm of impersonation should be determined by the court. I think in the case under discussion here it would determined to be impersonation, the question then becomes what the harm was.

Looking through the statute referenced http://www.leginfo.ca.gov/cgi-bin/displaycode?section=pen&gr... I don't think I can see a harm defined that matches what was done very well. I think the most relevant section is 530 and it does seem a stretch.


It is, of course, perfectly legal to do that with permission.

The problem here is that it was done without permission.

The OP is claiming that the impersonation without permission is a crime, and that it is impossible to waive the crime-ness of it through a contract.


Parent is replying to a comment stating:

    > If an offence is criminal it can't be magically made OK
    > by a contract.
I think this must be mistaken (IANAL either). Boxing, assisted suicide, and voting by proxy come to mind.


The quote sounds right to me. If the act of impersonating someone is indeed a criminal offense, you can not smooth that over with a contract.

Voting by proxy is not impersonation, you give someone the right to act (vote in this case) in your name. Thus, no criminal offense.

The other cases: Assisted suicide is a criminal offense in many countries. For example (similar, but not the same), there has been some legal struggle over "Sterbehilfe" here in Germany which garnered quite some media attention.

Boxing – I might be mistaken, but perhaps "beating someone" is not a criminal offense as long as it is not against the other persons will?

All these things hinge on very subtle differences in wording. For example the terms might say: "AngelList reserves the right to send mails on your behalf" which grants them the right to send mails to third parties in your name, but I'd be surprised if law would allow them to state "AngelList reserves the right to claim your identity".


    > you give someone the right to act (vote in this case) in
    > your name. Thus, no criminal offense.
Right, it would be an offence, except that you've given express permission; so it isn't.

Assisted suicide is, yes. But my point is that we have separate legislation for it, implying that is required.

Boxing, again, that's my point.

Regarding identity specifically, what I imagine we're talking about here is an automated message much like LinkedIn's:

    > Hi, I'd like to add you to my network! *
Do we have a problem with this too?

* Or whatever it is. Point being, it says "I"; not "Mr Ford".


I definitely have a problem with that. It's an abuse of e-mail to automatically impersonate someone, especially for a purpose as banal as expanding a social network.

The Gmail warning that "this message may not be from who it claims to be" never worked well, but I wish they'd make it work for cases like this.

It's too bad e-mail is so unverified and insecure. A smartphone app can be prevented from making calls or sending text messages from your number: all you have to do is deny it that permission. But there's no way to prevent a website that has your name and e-mail address from sending e-mails as you.


Yes, I think the difference would be are they representing you or impersonating you. I.e. did the other party know.

I can give my voting proxy or power of attorney to someone else, but it's pretty clear to anyone paying attention that's what's going on. If the email said "This is AngelList on behalf of J. Random Employee" that would be different than sending an email that had every appearance of being from the employee.

Even if this is allowed in their TOS, it's pretty underhanded if they buried something like that in boilerplate that they know nobody reads.


> If the act of impersonating someone is indeed a criminal offense, you can not smooth that over with a contract.

IANAL, but it's like having sex: it's perfectly okay if all participants are consenting adults, but without this important condition it's a felony.

From what I understand, the important part here is consent, and only lack of one makes it a criminal offense. I.e. the act of impersonating isn't a crime (on its own) - the act of doing so without consent is. Well, to be certain, I guess one should take penal code of the jurisdiction in question, find the article and check the exact wording used.


Contracts must have 'legality of object' - the 'thing' that is contracted cannot be criminal, tortious, or against the prevailing public policy.

You will find that in each of your examples that there is a particular statute legalizing that activity in a particular state.


Are you saying assisted suicide is illegal, but _can_ be made OK by a contract? That's not the case in England. By contrast, proxy voting is fine if you register your proxy with the local electoral office in advance.


No, I'm wondering why would there be a separate law if it was automatically covered by not being able to consent your way out of being murdered.


Probably because it's not murder, it's suicide. Assisted suicide is generally not asking another person to kill you, it's asking another person to set up some situation so you can more easily kill yourself. And though suicide is illegal, such laws further define that assisting another person to commit suicide is also illegal.


Boxing is not illegal. Boxing is regulated under certain conditions.


Agreeing to the terms could be giving permission though...


That would be for a court to decide and I doubt that any of us are qualified to advise the GP (I certainly am not!).


There are lots of competent tech lawyers on HN.


I have no idea. My post was more general and about principles rather than specifics. I have no knowledge of the specifics of the relevant terms of service for this company, I also don't know whether they form a binding contract in the relevant jurisdiction or what things are specifically legal to do in contracts in the relevant jurisdiction.

I repeat that I am not a lawyer so if this is important to you then hire a lawyer in your local jurisdiction to advise you, don't listen to random people on the internet.


I bet you can hire a tax preparer in California. That is someone hired to represent you and do things on your behalf for tax purposes. That is a highly regulated financial specialist though.

In principle it sounds similar. The details do matter though. Did they provide reasonable explanation of what they were doing? Did they attempt to do this in secret? Did they misrepresent anything? Are they any laws saying a person cannot sign away liability for things like this?


They also don't sign the tax form as you. They sign it as a "preparered by" and you sign it as the taxpayer.

Most tax preparers are liable for their own mistakes, but not for omitting anything you didn't tell them.


What is it about not being a lawyer (psychiatrist, economist, whatever) that makes people feel their contributions, though unqualified and generally incorrect, are still valuable? Is there a magical state of not-being that I've never picked up?


Generally, it's because we feel that layman opinions on how the law work should affect how it actually works in a democratic society.

For instance, civil forfeiture, wherein property can be taken from a person who has not been proven guilty of a crime in a fair trial, is widely rejected by the public, even when the opinion poll uses the most biased questions possible. (i.e. Should drug dealers be allowed to keep the profits from their crimes if they escape conviction and punishment on a technicality?)

Also, a jury verdict is little more than an aggregated bunch of layman opinions.

The opinion of the general public is that software should not have bugs in it. Also, it should be gratis and always keep up with the latest GUI and HID fashion trends. As a software professional, I often do additional work to meet those public expectations, even if it has no technical merit. That's because the opinion of the customer matters, when they are employing the experts to work on their behalf.


I include that I am not a lawyer partly to provide a warning that I am probably wrong and that what I am saying is not particularly valuable. I welcome someone that is an expert jumping in and correcting me...


Pro-tip: don't make exclamations when you don't know if what you are saying is true.

The entire point of a contract is to get permission to do something that otherwise is not allowed.


No, the point of a contract is to agree on mutual conduct. The conduct itself is still subject to laws, unless the law itself explicitly allows to be overridden with contracts.

We can agree in a contract to sell you my daughter's virginity, but that does not mean you can actually buy it.


There are many things that would be illegal without a contract that are legal with one. That's kind of the point.


Illegal is not the same thing as criminal, the latter being a very special subset of the former.


Of course it can. Lack of consent is a key element in many crimes. Rape, for example.


This is not an appropriate analogy. You are reversing the situation.

Terms and conditions and even contracts are often inadmissible. Just because you signed something, doesn't mean it's valid. Being handcuffed to a contract happens only in the movies,

I am not a lawyer.


One can argue over whether Angellist's ToS constituted valid consent. But the original blanket claim that an action "can't be magically made OK by a contract" is just flat-out false. It can.


The claim I made was that a specifically criminal action can't be made non-criminal by a contract if the action is inherently criminal.


It can in some circumstances. If the action is illegal in the first place, no contract can make it OK.


But being "illegal in the first place" almost always hinges on consent, at least in the case of crimes that have victims. (Victimless crimes obviously cannot hinge on consent because there's no one to consent.) I think you'll find it very challenging to come up with an example of an action that is a crime with a victim that doesn't involve lack of consent as an essential element. The only example I can think of offhand is statutory rape, and in that case it's only independent of consent because the victim is explicitly barred by law from giving consent.


Here in the UK I can add: assisted suicide, many sexual activities particularly on camera (even between very enthusiastic participants), driving in a vehicle on the public highway without a seatbelt, working for under the minimum wage, corporal punishment and polygamy.


Question isn't consent here. Consent is part of what constitutes a contract, but you've clearly consented to their TOS. More importantly, their TOS cannot allow or compel a party to perform a criminal or tortious act. If impersonating you is criminal, then the contract is invalid.


But in your example, the act in question would be sex - which is not itself a criminal act.


Impersonating someone isn't a criminal act either. It is impersonating someone without consent that is the criminal act. Read the statute:

"...any person who knowingly AND WITHOUT CONSENT credibly impersonates another actual person..."

(Emphasis added.)


Elvis impersonators.....


Another element of the criminal statute is that the impersonation has to be "credible".


Not sure why you're being downvoted so much. The statute clearly imposes penalties for impersonation "without consent," so consent is a defense here.


A contract that requires a party to do something illegal is inherently unenforceable.

https://en.wikipedia.org/wiki/Illegal_agreement

To illustrate why this is the case, we can look at an extreme example: a contract to have someone murdered. Would a court enforce that? Of course not.


Correct me if I'm wrong, but as I understand it, you cannot contract your way out of criminal law.


In this case, every giving would be stealing. If I gave you something, you didn't steal it from me. Likewise, if I gave you the right to impersonate me in particular circumstances, it's not a criminal offense if you do.


It depends on where you are in the world, but in most places in the civilized world, criminal law does not work that way. If something is illegal, we cannot sign a contract that says it's ok between you and me, and magically make it legal. E.g. if I kill someone, the state will prosecute me for murder, regardless of whether or not that guy and I signed a contract that said it was fine.

If impersonating someone is a criminal offense in a particular jurisdiction, then -- assuming that jurisdiction has a sane criminal code -- there is no way to make it legal through a contract.

Edit: there are good reasons why this is in place, the most relevant of which is that it provides protection against abuses. Otherwise, we'd have things like employers that would still be at liberty to use lashing and beating as disciplinary action against employees who don't really have a choice about signing a contract or not.


The point is that the specific criteria defining what is criminal can include whether or not there is consent.

A contract can establish consent.

E.g. if I go into your house without permission and take stuff, then it is theft. If I have a contract saying that I have permission to go into your house and take stuff, then it is not.

I have not contracted my away from something illegal. The contract has established consent, which meant the criteria that otherwise would have made my actions criminal are not fulfilled.

> If impersonating someone is a criminal offense in a particular jurisdiction, then -- assuming that jurisdiction has a sane criminal code -- there is no way to make it legal through a contract.

That depends whether or not the criteria that needs to be met for it to be a crime requires lack of consent. If it requires lack of consent, then a contract can document that the consent has been given.

All jurisdictions I'm aware of (not a lawyer) have the concept of agents that may act on your behalf with consent. To what extent such agents can act using your name (with consent) vs. using their own name but on your behalf, varies greatly.

E.g. some places your agents (say a PA) will sign letters "[agents name] for and on behalf of [your name]" or similar, while other places they will use a signature stamp with your signature, or do "p.p. [their signature] [your printed name]" (the p.p. stands for "per procurationem"). Many other variations are in use, and how obvious signs there are that a document was not personally signed by the person the letter is from varies greatly.


Yes, but consent is not something that can be universally declared in a credible manner. There are things that remain illegal even after you have consented to them. For instance, having sex with someone below the age of consent is illegal even if they have consented to it (the idea being, of course, that they may be coerced into expressing that consent).

> All jurisdictions I'm aware of (not a lawyer) have the concept of agents that may act on your behalf with consent. To what extent such agents can act using your name (with consent) vs. using their own name but on your behalf, varies greatly.

They do, but things are not as simple as "can act on your behalf with consent". Around here, for instance (but I'm in Europe), they can only act on your behalf if:

a) You have explicitly given them consent to act on your behalf in that specific situation (i.e. you told them "you can go to the bank on this date and cash in this much in my name"), or if you have explicitly given them consent to act on your behalf with that particular party and for a specified period of time (i.e. you can go to this bank and do anything in my name for this period of time), and

b) The contract that states this has been validated by a notary and recorded by authorities, and

c) The party that they are acting on your behalf with knows about this, has been explicitly informed that they are acting on your behalf, and agrees to work with them under these conditions.

If they fail to do any of these, it's flat-out illegal. I think this is covered under civil law here, though, so it can be voided by a contract -- but the idea is that consent is not as trivial as signing a sheet of paper that says yeah, do whatever you want. It's bound by specific terms, too, the breach of which makes the whole thing illegal, even if on the whole the operation was consensual (i.e. if an agent, with my consent, goes to the bank to cash in a deposit, but does not explicitly inform the cashier that they are acting on my behalf so that they record the transaction accordingly (i.e. done by X on behalf of NotALaser), he's breaking the law).

(Edit: or, to make it clearer: he can represent me, but he cannot claim he's me. He has to explicitly inform the other party that he's acting on my behalf, declare his identity and present the proper authorization etc.)


> There are things that remain illegal even after you have consented to them.

Yes, I pointed that out.

> They do, but things are not as simple as "can act on your behalf with consent"

I believe that was exactly the point I was making.

> Around here, for instance (but I'm in Europe), they can only act on your behalf if:

While I'm sure you're right for your location, "Europe" encompasses not only ~50 distinct legal systems, but also half a dozen or so distinct legal traditions (with e.g. Common law, Germanic law, Napoleonic law and Roman law as the biggest traditions), which is one of the reasons I specifically pointed out that it varies greatly how clear one has to be about whether or not something is signed by an agent.

Worldwide it gets even more complicated.

To be very clear: I agree that some places the agent will need to specifically sign and state their own name and specify they are acting as an agent. Exactly in line with the examples I gave, a couple of which are from Europe.

In others they can stamp or use a machine to "fake" the name of the person they are acting on behalf of -- as long as they have that persons consent to do so.

In the US we have perhaps one of the most famous examples of the latter: The office of the US President frequently uses an Autopen [1] to sign documents on behalf of the president, such as autographs or letters to constituents. The purpose of it is to duplicate the signature precisely, making actual pen strokes in order to make the signature seem more authentic than e.g. the use of a stamp or seal.

But US presidents have used it for much more important things than letters and autographs, including several times that Obama has had staffers use an Autopen to sign laws on his behalf.

[1] https://en.wikipedia.org/wiki/Autopen


> While I'm sure you're right for your location, "Europe" encompasses not only ~50 distinct legal systems, but also half a dozen or so distinct legal traditions (with e.g. Common law, Germanic law, Napoleonic law and Roman law as the biggest traditions), which is one of the reasons I specifically pointed out that it varies greatly how clear one has to be about whether or not something is signed by an agent.

Of course. I mentioned I'm in Europe just to ensure that it's clear I'm not referring to any law that apply in the US, as this is what HN is most familiar with. Europe is, indeed, very diverse when it comes to law.


> It depends on where you are in the world, but in most places in the civilized world, criminal law does not work that way.

I'm sorry, but: no. "In most places in the civilised world" there are these guys called hairdressers and they could routinely - technically - be charged with committing assault causing bodily harm. It's a pretty clear cut (sorry) case that gets trotted out in most any first year criminal law class. The reason they aren't charged is simple: you consent to that bodily harm being inflicted upon you. There are variously defined limits to your ability to consent, especially with regard to duress or excessive harm, but your reasoning is otherwise completely incorrect.


The parent's point was that obviously some rights (even on criminal matters) are obviously waivable in this manner.

Normally, I can't take your stuff or enter your property, but if you make a contract granting me the right to take (specific things among) your stuff or enter your property in specific cases, that's enforceable.

Can you similarly sign away your right not to be murdered similarly? To be impersonated? Maybe not, but it depends on the circumstances, and isn't simply a matter of "that's illegal so you can't sign it away".


If Alice and Bob enter into a contract that says Alice will kill Carol for $1m, can Bob sue her for breach of contract if she does not? Or does the legality of the contract supercede the body of the contract such that the contract is void?


The court will not enforce the contract against Bob because it is illegal to do the act specified by the contract. Furthermore, Alice and Bob could both be prosecuted for conspiracy to commit murder.


If your Windows EULA said "Microsoft can take any of your property" they still can't steal from you just because you agreed to it.


It would no longer be stealing because you agreed to it. This is why repossession is legal.


Such a contract would likely be ruled unconscionable (invalid) if anyone challenged it. I don't think there's a judge in the country that could be convinced that any piece of code is good enough consideration for random tangible property.


Yes, you can agree to transfer all of your property to Microsoft in exchange for a Windows license. But including this in EULA will not work though, as there are limits on what you can agree to without signature or notary.


The comparison to stealing is frankly ridiculous, as the law doesn't say you can't transfer money. It will explicitly talk about consent. If contracts allowed you to agree to anything then minimum wage laws couldn't work. Which side the impersonation laws fall on will depend on how they're written.


What about boxing, martial arts sparring, fencing, assisted suicide, and voting by proxy?

The point here is that you either _can_ contract your way out, or (what I suspect is the case) there re exclusions in the law were relevant.

Either way, it suggests this might not be illegal if covered by something blindly tick-boxed.


You cannot, uniformly, give people the ability to do anything to you. That's the point I'm making.

> What about boxing, martial arts sparring, fencing

Consent only works up to a point. I cannot consent to you stabbing me or beating me into a bloody pulp.

https://en.wikipedia.org/wiki/Consent_(criminal_law)

https://en.wikipedia.org/wiki/R_v_Brown

It's worth noting that bare knuckle boxing is illegal in the UK, and you can't just sign a document to do it.

> assisted suicide

Assisted suicide is illegal in the UK. It does not matter if the patient signs a contract to say it's OK, it's still illegal.


Again, my point about AS was that it has it's own legislation, implying to me at least that that of murder, manslaughter, suicide do not necessarily cover it by default.


You seem to be opertating under the delusion that the law is logically consistent. It isn't. There are some things you can allow by contract/permission and some things you cannot, and circumstance matters.


No, I'm not. I'm responding to the blanket statement to the contrary. I fully expect that it's a case of cased exclusions as I've said in another comment.


If I authorize you to kill someone, you're still on hook for committing the murder.


> he key elements of this offense are that someone else impersonated you in some way, and they derived some benefit from doing so.

Is Facebook usage of their user's profile pic for advertisement purpose a false impersonation too ? (I don't know if it's still in practice or if it was ever implemented)


If Facebook uses your picture for advertisement purposes it generally falls under "using your likeness" and is covered under their terms of service about advertising. They are not impersonating you because they are not claiming to be you, they are instead using your likeness to promote either themselves or their clients.

This is similar to agreements you might sign with an employer, photographer or other third party so they can use your photo in an ad or as part of marketing material. And from what I understand (IANAL) the requirements vary from state to state in the US and obviously outside the US. Although there are blanket terms that cover it from what I have seen.

BTW -- Anytime you have professional photos done, this is something you should always look for and make sure you are comfortable with the terms they lay out in their "Agreement". Many have boiler plate in their agreements that states they can use your likeness without paying you for it and without prior written consent. I just went through this when looking for a professional photographer when we had some family photos done as I don't want anyone using images of my family or kids.


If Facebook used their photos to claim to be them, then maybe it would be impersonation. Using their photos in advertising is not claiming to be them.


[flagged]


Why is this getting down voted?


Because Animats is suggesting that the OP file a police report, not randoms from the internet. He then says if enough people (i.e. customers of AngelList) complain, they may be heard. There's nothing untoward about referring someone who believes they've been victimized to the police.


Probably because it escalated by getting personal. Wrong direction to go.


Hi there,

I’m Dave and I work at AngelList on our Talent platform. Please accept our sincere apologies for what happened here.

Sending an email without giving you a heads-up or control over its content was wrong. Here’s what we’re doing to fix it:

* We’ve made it clearer that tagging a company on a project may notify them by email.

* We’ve revised the project tagging email to clarify that it’s automatically generated by AngelList.

* We’re looking through all emails we send on behalf of our users to make sure that a) it’s clear when an action may generate an email notification, and b) any automatically generated notifications come directly from AngelList.

As long as you keep your profile up-to-date by tagging your current and previous employers, we won't show them you’re looking for a job— they won’t see your name or resume appear when using our recruiting tools.

Again, please accept our apologies. We’re working to make this better. Please let me know if you have any further questions or concerns -- dave@angel.co.

Thanks, dave


Our of curiosity, does AngelList have a chief privacy officer, or even a privacy manager or subject matter expert embedded with the engineers? (Until this moment I wasn't familiar with the service - I mostly get jobs through friends and former coworkers.)

I understand some companies are not large enough to have a dedicated privacy professional, but as someone who knows quite a bit about it, it's really frustrating when the response to something like this is "whoops! here are the steps we are taking to correct this".

Don't get me wrong Dave: This is a great response and you sound like you truly want to avoid incidents in the futures. Kudos for that - many companies would simply quote their privacy policy and offer up a feeble "Sorry you're sorry."

But this is more than a one time bug to be quashed. IMHO all companies (even small startups) should endeavor to move beyond reactive solutions like this, and put processes and controls in place so that these incidents never happen to begin with.

If you or anyone reading this is on the fence, think of it as marketing. Marketing in the sense of providing a quality product that fulfills a need, and makes other people want to buy your product because it's solid and good.


Just want to throw out, I love your comment. Positive, understanding, while directly questioning on a serious issue.


I'm speechless. That's an absolutely terrible idea.

Are you guys trying to sends us all back to LinkedIn?

Any kind of notification is a dead give away you're looking for another job.

I guess this goes to show that AngelList is all about the "Angels" and gives no f*cks about the talent.

Shameful and sad. Time to kiss AngelList goodbye.


Oh Angellist, how I will avoid you now like a plague.

I had such high hopes for you. Sigh...back to face to face networking.


How many upvotes do you have? I think this number could be interesting either way.


20. You can check because they're a green user, and they have one comment, from their profile.


I just upvoted them again. That number is still at 20.

I wonder if they're seeing a higher number? Or maybe my upvotes aren't doing anything? (Except I just upvoted you, and that seemed to increase your karma.)


Pretty sure the upvotes do something, but green accounts take longer to update the karma for. Or something like that - not entirely sure, but I'm pretty sure the 20 is indicative of their karma at some unspecified point in the past. dang, what's causing this?

Also, I just upvoted you, and your karma didn't change (stayed at 35897.) Interesting stuff.


If you have something critical or negative to say, and you have to hide behind a new account in order to say it... 1) sure, that lets you speak as freely as you want, 2) but it means you're still kind of a douche for not personally identifying with your statements.


> We’ve made it clearer that tagging a company on a project may notify them by email.

The correct answer was

> The interface now yells loudly when a change would notify anyone but yourself, with the option not to send that notification.

When doing a thing spams other people, we stop doing the thing.


Exactly.

If this isn't changed... bye-bye AngelList account.


UPDATE: To everyone worried about their privacy on AngelList: We’re sorry. Thanks for all your feedback.

We’ve made more changes:

1) We stopped using the first-person on all emails. We wrote that first-person notification literally 5 years ago when we had a few thousand users, and we never re-visited it. It was pretty stupid. Now they all clearly come from AngelList.

2) We won’t send notifications to companies when you add them to a project. We used to because the project shows up on the company profile too. But it’s not what people expect, so we stopped, and we stopped showing the projects on company profiles too.

Thanks again.

Dave

AngelList


Why e-mail the employer at all? I'm bewildered. This is terrible. If I add a project to my AngelList profile and it e-mails my employer, it will send one signal and only one signal: I'm looking for another job.

Why the heck does AngelList think this is a good idea? If the choice is between (a) not using AngelList, and (b) having an uncomfortable conversation with my bosses about an e-mail they received, then sorry, I'm going with (a).


Of course, updating your profile after months of inactivity will probably tip them off. IMO any response that isn't "we have turned off this feature and will re-evaluate" is no bueno.


I see the following issues causing grief in the comment thread:

1. (a) AngelList sent out email on [my] (not me) behalf by surprise.

1. (b) AngelList sent out email on [my] behalf as a result of something [I] did on their site.

2. AngelList sent out email that appeared to have been written by [me].

3. AngelList notified [my] employer that [I]'d updated my resume. (The headline complaint, in fact!)

This response addresses (1a) and (2), and it's understandable that you might not want to swear off (1b) entirely (although it does seem to be a source of resentment).

You've completely failed to respond to (3), though, which I find surprising because it was the headline complaint. Adding projects to your resume is sine-qua-non functionality on a job hunting site; pretending that you're not job hunting is more or less required by office decorum. Does AngelList provide a way of listing projects you've done at your current company without notifying your boss that you're looking to leave? It's nice that you don't show candidates on AngelList to employers who are already employing them, but without the ability to update your resume you don't have much.


Here is what you are missing.

When people join a company, that is the last time that most of us think about updating our profile so that we will be ready to leave. When people leave a company, we realize that we have to and do it. And everyone around us knows what that means because that is what they do as well.

You therefore need to create a way to distinguish between verified and unverified positions. And default to making the current job unverified exactly because of this problem.


This is damage control. You clearly want to make people update their profiles or whatever by pretending to be somebody else they know.

You went with an immoral strategy to grow your business and that now it has finally hit you in the face on a very visible website you are here to be all apologetics. It's the "easier to ask for forgiveness rather than permission" strategy and it is deliberate thus I must conclude that your apology is insincere and is only an attempt at limiting the backlash against you.


Giving your email address apparently is useless. People on this thread are saying you don't ever respond to emails. Just search:

> Their support is absolutely non-existent. I heard nothing back from them whatsoever, after sending several emails.


I've asked him directly why he didn't respond to my email, and given him the date (more than a year ago) for him to check on it.

I sent several more emails, because the longer I tried to get my profile the way I wanted it, the more diverse glitches I encountered.

Here is a run-down:

1) Added a company I used to work for. Went to the company's page, and looked at the Jobs section. Saw a button that said "[checkbox] Sent" in a context that meant that AngelList had sent a job application to my former employer on my behalf. In retrospect, it's even worse than I realized at the time: I now know that the email headers claimed it came directly from me, and the text was written in the first person. There was no way to delete a job application, or list all job applications that AngleList randomly decided to send on my behalf.

2) Entering jobs is very difficult and clumsy. Imported jobs from my Facebook history. Only some of them showed up.

3) The ordering of the jobs I imported was random, not sorted by date.

4) I attempted to re-order the jobs myself. I was totally baffled why some of them show up in the large sections at the top, but many others are listed below in a paragraph with just their names. How can I control which jobs appear as larger sections, instead of as a list of names?

5) I entered another job and it appeared at the top of the page, and I went into reorder mode, and I was not able to drag it up or down — it was pinned to the top of the list. And afterwards it actually disappeared from the list!

6) And the first time I was entering jobs it did not allow me to enter a description, but now it is asking for a description, and I don’t know why it suddenly changed.

7) It's impossible to enter the same company name twice. I worked for Sun Microsystems as an intern, and later I was employed full time. I worked for EA full time, and later worked as a contractor. Those should be listed as separate jobs, during separate times. LinkedIn certainly supports that.

8) How do I represent being hired by one company, that's then bought by another company (like EA bought Maxis)? Or that spins off another company (like Sun Microsystem split off SunSoft). This kind of stuff happens all the time in the industry, so it should not be impossible to describe.

9) The triangular "EXIT" corner on company description boxes renders incorrectly, with scrambled text. This is not rocket science. I included a screen dump of the error and Chrome debugger DOM tree to show what was wrong.

10) But the larger problem from a user interface design perspective is that it's terrible to use a call to action verb like "EXIT" in what looks like an orange triangular "EXIT" sign, which falsely affords clicking on it to exit the page.

11) What is so important about a company "exiting" that it deserves such a prominent raggedy orange dog-ear "EXIT" sign on the company listing? What's important is what I did at that company, not the incidental fact that it was bought by another company. That's just buzzword bingo fetishism. Do they hand out green "PIVOT" tags and red "BANKRUPT" tags too?

12) I am listed as both "Employee" and "Past Employee" of one of my former employers. I don't have any control over that, apparently.

I encountered even more problems I didn't have time to write up, but obviously after spending so much time trying to work around those problems, then writing them up, sending them into team@angel.co, then waiting more than a year for a reply, I have not wasted any more time on my AngelList profile, even though I had to leave it in an incorrect, embarrassing state.

I probably should have deleted my AngelList account a long time ago, after not receiving a reply within a week or so. Perhaps some of these problems are already solved, after more than a year since I reported them. And perhaps some of the privacy problems will finally be solved now that many other people have announced they deleted their accounts.

My partner asked me to enter the information more than a year ago, because he was raising money and he assumed investors would want to look at that site. So I put a lot of time and effort into trying to get it right, but was unsuccessful, and left it hanging for more than a year. But now he is afraid that the old boys network will be annoyed because I posted about the problems I had with the AngelList web site. So I sincerely apologize if I've inadvertently offended anyone, because all I wanted to do was to have some control over the information that AngelList was publishing about me and the email that they were sending on my behalf.


Why didn't you respond when I asked team@angel.co why you mistakenly sent one of my former employers an email telling them that I wanted to apply for a job with them, and ignored me when I asked you to cancel that application? I sent the message on 29 January 2015 at 11:09 CET.

And then why didn't you respond to any of my subsequent emails with detailed descriptions and screen snapshots of other problems I encountered?

Is it not enough for one user to report a privacy problem, so you decided not to acknowledge my report, but to wait more than a year until it became a huge public issue that caused hundreds of people to delete their accounts?


Dave: It's been three days since your last comment, an no response. [1]

Well, your lack of response to my and everyone else's questions certainly confirms my impression about AngelList, and says a lot more than your non-apology apology did.

I gave you more than a fair chance to respond, provided you the date and time of my unanswered message from more than a year ago, and even gave you a second chance in case you deleted my year-old email, by sinking even more of my time into summarizing the problems I originally reported to you, and posting them here for you to read again. [2]

But still: no response from you, as more and more people continue to announce they're deleting their AngelList accounts.

You're asleep at the wheel, the lights are on, but nobody's home. If your attention has wandered on to other things, and you no longer have any interest in maintaining your web site or responding to your users for over a year, then you really should shut it down gracefully, and save everyone from wasting their time and having their privacy unexpectedly violated. Old unmaintained web sites running on auto-pilot that collect sensitive private information from their users (and automatically forge first-person email pretending to be from their users in order to virally promote themselves) are a dangerous security threat, which should be shut down for the safety of the internet.

[1] https://www.youtube.com/watch?v=Yd0fBXwDBmo

[2] https://news.ycombinator.com/item?id=11350697


Here's an idea: turn off ALL notifications by default. Make any notifications opt-in only.


praying hands emoji As a side note, I love that Apple enforces this in iOS.


Hi Dave,

I won't go into the merits, or lack of them re: the overall method of handling this issue. Others are covering this well.

> We’ve made it clearer that tagging a company on a project may notify them by email.

This is not good. If your users tag a company and you are planning to "maybe notify that company of activity on your profile" that still shows negative ambiguity, (a) just don't do this, or if you must (b) specifically ask your user to opt in on this activity notification, and state exactly what you will share.

Of course, this quickly enumerates into a list of things the majority of people would opt out of at, so that should be a clue that you are trying to add features to your product, that none of your users want.


... You've just lost a user


"I'm sorry" is an apology. "Please accept our apologies" is a reference to an apology.


Seriously? The whole post is an apology. A guy named Dave is publicly saying he screwed up. He's saying his name, he's wrapping his identity up in this screw up, he's giving reasoning into their decision and what they're doing to fix it, and he's providing ways to give suggestions to fix this. But this isn't good enough to you because literally the words "I'm" and "sorry" weren't next to each other?

If he didn't take the time to respond and explain things, you might have a point. But this seems like a knee-jerk reaction that doesn't fit the response that was given by Dave.


I think people are angry because they consider the impersonation to be dishonest, whereas Dave and Angel list seem to think the grievance is not about being spammy but rather about not being open about the spammy practice.

I think his point was that this is a non-apology in his eyes because it doesn't say "were going to stop this practice, but rather just make it clearer to users what they will do.

In other words, the apology is for the grievance of stabbing you in the back, so now were going to stab you to your face.

Note, I don't share this concern but I certainly get where he is coming from... The semantic argument he made was just a manifestation of the frustration of what he considers a non-apology.


No no --

they're going to put gray text in 4 point font at the bottom of the page saying they're gonna email your ceo. Cool? Cool...


I was slightly miffed once when I said "You're right and I will apologize" and the other person insisted on hearing the words "I'm sorry".

That person, however, was a Chinese high school student, not a native speaker of English. What's your excuse?


"I will apologize" and "please accept our apologies" are ways to distance the speaker from the actual act of apologizing, but are not the act itself. They lessen the pain of actually saying "I'm sorry". I think we only started to accept them as such when the phrasings became so pervasive because of business-speak. It's similar to the difference between "mistakes were made" and "I made a mistake".


> "I will apologize" and "please accept our apologies" are ways to distance the speaker from the actual act of apologizing, but are not the act itself. They lessen the pain of actually saying "I'm sorry".

This is not correct. They are the same speech act, at a higher level of formality.


I think scott_s is right here. Also: being more interested in being correct than in actually maximally conveying regret and penitance is not a good look. You're hearing -- now from more than one person -- that looking someone in the eye and saying "I'm sorry." has a psychological effect that is stronger than the mere semantic meaning of the phrase.


scott_s's heavy downvoting strongly implies that a substantial majority find him to be mistaken. That means it doesn't make sense to act on your suggestion ('looking someone in the eye and saying "I'm sorry." has a psychological effect that is stronger than the mere semantic meaning of the phrase [as compared to more formal ways of apologizing]'), because you are more likely to misstep by sticking to the casual form than by using the formal one.

You can easily offend people by treating them more casually than they feel is warranted. A nonnative speaker who has been taught that English apologies come in the form "I'm sorry" is perfectly justified (though mistaken) in insisting on that form; scott_s just has a chip on his shoulder.


"I'm sorry" is me telling you what I am.

"Please accept my apologies" is me telling you what to do: take what I'm giving you.

I can easily give you my apologies without being remotely sorry. Sorrow is a feeling, but apology is a statement.

But it's still up to you to decide if you want to take the apologies I want to give to you, or disregard my polite command that you should.


When our CEO added me to our angel list account, I recieved this email from them:

  Hi [My Name],

  I'm building an AngelList profile for [our company] and need your help.

  Can you do me a favor and confirm that you're a team member by clicking here:

  https://angel.co/l/[shortlink]
  To prove that you're the real [My Name] you will be asked to create an account if you don't already have one.

  This is important to us; confirming that you're a team member will help us build our profile.

  Thanks,
  [CEO's Name]

  P.S. If you would like to visit our profile first, go here: https://angel.co/[our company]

They're really aggressive about impersonating folks, my CEO didn't write that and was very suprised by the content of the email.


I got that message a while back and up until this moment had genuinely believed that was a message from our CEO.


I did too!

I can understand why they do it, but it seems like a very hill-climby optimization.

This was basically my first interaction with them and it engendered a lack of trust in their product.

I filled out the minimum amount of info in my account and don't intend to use them much going forward, mainly given how creepy I found this interaction.

edit: phrasing


I know almost nothing about law, but that has to be illegal in some way, right?


Perhaps not criminally, as some nugget buried deep in the Terms of Service probably gives them a contractual right to do this with the nominal assent of the users, but even if it's contractually valid it strikes me unconscionable and open to challenge in civil court. It also seems like a spectacularly self-defeating business strategy, but then again I thought the same thing about all those 'one weird trick...' adverts.


This is impersonation using a computer. Surely that's about 3 levels of computer fraud under US law, isn't it?


Wouldn't it have the wrong sender address?

Or are they actually forging it? (and somehow not getting put into spam due to SPF/DKIM failing)


  From:  [CEO Name] <team@angel.co>
  Reply-To: [CEO Name] <ceo's email address>
They're not forging the from address, it was SPF/DKIM signed.


I quit using AngelList when a recruiter confirmed that he'd seen that my profile was actively browsing the site. The old adage about who is the customer and who is the product rang so true with AngelList. I hadn't realized that it was even possible to build a scammier version of LinkedIn until that point.


Want to know something funnier? I am a non-HR and non-recruiter employee at my company and I can see recruiting tab (angel.co/candidates).

On a related note, I try to avoid applying to jobs through AngelList. I'll usually go directly to the company website itself and apply.


I second this and it's arguably scarier than OP. I've seen this tab before - it shows everyone in our industry who has ever expressed interest in our company through AngelList. It lets me CRUD job listings and contact/reject any candidate. Presumably I got this incredibly far-reaching access simply because I was confirmed as one of 50 employees with an AngelList account. As far as I know, there was no intervention or approval from our recruiting lead.

From applicant perspective: as soon as you apply for a job through AngelList, everyone who ever works at that company (now and future) can trivially find you and decide your fate.

This is really uncomfortable from the company's perspective too. I could just as easily have been an employee who isn't expected to recruit / shouldn't be making first contact with candidates / shouldn't be able to touch job listings.


I don't even think you need to be confirmed at the company. I think once you put yourself as an employee of any given company, you can see their applicants, but they may have fixed this issue.

Though overall AngelList seem like a site that's focused on helping startups (and investors), and unlike most sites, they don't even charge for their job listings.


They do something similar (though less creepy) when you add a team member to your own org. I've got replies from people to emails sent out with my name, and my address in the reply-to field. They're deliberately crafted to seem personal, with I/you/me/us peppered throughout the body and "Thanks, [your name]" in the sig.

Ultimately it's a social network with accounts for orgs and people - it's no surprise that people are getting _some_ notification, but the impersonation is a little discomforting. It would be totally find if they just showed it as a template and said "hey, we're about to send this, okay?"


Edit: Oh cool, Hackernews still has this account rank-banned so the comments always stay at the bottom of the page no matter how many upvotes they get.

So happy that I'm not the only one who was extremely surprised and upset about Angel List's impersonation tactics.

In my experience, 100% of the people who received this impersonation email that angel.co sent, thought it was written by me. If the system wants to send a message on my behalf, it must AT LEAST show me what would be sent with my signature on it, and allow me to confirm or cancel any email that's signed with my full name before it's sent. Angel List is sending out emails with your signature and other impersonation tricks, totally behind your back.

I've had people impersonate emails from me in the past as well. Even if the emails aren't offensive, just the idea that someone else now thinks they have my permission to send whatever they want to, while impersonating me behind my back makes me feel extremely uneasy.

Here's the impersonation email they send to cofounders when they're added to a profile. As you can see, signing the email with the user's full name, as if the user had written the letter, is a clear impersonation that the user never consents to.

    FROM: <MY_FULL_NAME> <team@angel.co>

    Hi <RECEIVER_NAME>,

    I'm building an AngelList profile for <PROJECT_NAME> and need your help.

    Can you do me a favor and confirm that you're a founder by clicking here:

    https://angel.co/l/54223434234234583948593475

    This is important to us; confirming that you're a founder will help us build our profile.

    Thanks,
    <MY_FULL_NAME>

    P.S. If you would like to visit our profile first, go here: https://angel.co/<PROJECT_NAME>
Email headers used:

    From: <MY_FULL_NAME> <team@angel.co>
    Reply-To: <MY_FULL_NAME> <MY_EMAIL@gmail.com>


In the past couple of weeks I began signing my emails with PGP. Those who are technically inclined can ensure that I sent it, and those not would be a little more suspicious of an automated looking email without a random string of characters at the end.


Thank you for sharing the news. I have just deleted my account. In case someone has problems as well finding out how:

1. Click your profile picture on the top right corner

2. Click settings in the dropdown.

3. Click Delete account

4. ?

5. Profit


Before deleting your account you should edit out and overwrite as much information as possible. Things like your name, e-mail, and any other fields should be falsified before deleting. You have no way of knowing if their "delete" mechanism just flips a deleted bit or if it actually erases your data.

The problem, in this case, is that the company might notify your employer that you're making those changes. Not sure what I'd do in this case. It might be worth creating some dummy accounts to see what actions actually trigger notifications.


It flips a delete bit. But here's the bigger problem: your pages return a 404 error page with status code 200, so Google takes a long time to clear them from their cache (real 404s clear semi-instantly).


I deleted my account but it's still visible


What are the odds that works?


Thanks, just deleted it.


You're giving me cold sweats now thinking that angel list emailed my company


Wow, I'm never going to use AngelList if this turns out to be true. What an unbelievable betrayal of trust.


When you say "pretending to be me" do you mean that they spoofed your email address in the from and/or reply-to fields?

[edit: typo]


Yes, the FROM spoofs your name so that the person will believe it's being sent directly from you in most email clients, and the Reply-to goes directly to your email. These are the email headers:

    From: YOUR_NAME <team@angel.co>
    
    Reply-To: YOUR_NAME <YOUR_EMAIL@gmail.com>


They used my name in the email from and reply-to fields, and to sign my name. I've replied to my original post with the actual email.


Thanks, that spells it out. Damn, that is fairly messed up.

I had a similar experience with F6S sending emails in my name so I know how uncomfortable it feels.

This is a shame and hopefully just a one-off error.


Downvotes? Just looking for some clarification on what actually happened here. It's not exactly clear.


People probably read too much into your comment, hence the down votes. Reason would dictate from the very small amount of info provided that AngelList merely made the email out to look like it was from OP. To say they spoofed them email headers would've gotten 3x the number of up-votes.


UPDATE: To everyone worried about their privacy on AngelList: We’re sorry. Thanks for all your feedback.

We’ve made more changes:

1) We stopped using the first-person on all emails. We wrote that first-person notification literally 5 years ago when we had a few thousand users, and we never re-visited it. It was pretty stupid. Now they all clearly come from AngelList.

2) We won’t send notifications to companies when you add them to a project. We used to because the project shows up on the company profile too. But it’s not what people expect, so we stopped, and we stopped showing the projects on company profiles too.

Thanks again.

Dave

AngelList

(Posting at top-level in case people miss it as a reply)


Thank you for the heads up, I just deleted my account there. How do these companies think for a second that being sleazy like this is OK?


Was the project based off of something you did with your employer? I don't know why this thread is so angry, when this could have been a user error.

Everyone should put down their pitchforks till we get more information. This is something HN REALLY needs to work on imo.


This is the original email. My name is Oliver Sisson and I work at Coursera.

From: Oliver Sisson <team@angel.co> Date: March 20, 2016 at 10:02:25 AM PDT To: staffing@coursera.org Subject: [recruiting] I created a project for Coursera, could you confirm? Reply-To: Oliver Sisson <oliversisson@gmail.com>

Hi Coursera,

I created a project for Coursera: [Project description redacted] Could you please confirm the project, by following this link:

https://angel.co/l/3248d1520e525149b6bf36369d0b519a/MbVzt

Thanks, Oliver Sisson



AFAIK, AL asks confirmation only if an entry is related to -that- company/person/etc. You might add -your- project (i assume not related to your employer) some how as if it is related to your employer.


Just deleted the account. Thanks for the tip, OP!


Same


Depending on the details, it could be a minor felony for fraud.


Clarify? Who would have committed a felony, in what circumstance?



Identity theft/impersonation, the company, ceo


Let's take a more obvious case: Suppose you're running a Bitcoin exchange, and people are dumb enough to sign up for an account on it and give you their banking details. You have a copy of their id, their checking account number, their social security number, etc.

The person puts an order for $100,000 in Dogecoin on the exchange, and you'd like more information before you process it in case its fraudulent. So you call up their bank and pretend to be them, using all the information they've given you to bypass their security questions. Then you ask the representative to have a year's worth of statements sent to you via email. Bank of America will mail them to you for free.

This seems like it should be fraud, even though they didn't steal any money.

There's a couple differences:

* They used a email to trick the target rather than the telephone. Telephone has a history of regulations associated with it.

* They're tricking your employer rather than your bank. Regulations surrounding banks are tighter, so this might only be fraud if it deals with a bank.

* They may have used fewer documents when authenticating themselves. For example, they probably don't have your government id, so they likely only sent publicly available information when identifying themselves.

* They may have used an automated system to send the email rather than having someone manually craft it. I don't think this matters, except to make it a little harder to establish intent.

* They're not using this to gain new information, but rather to validate information already given. So no theft of company secrets, unless they ask for more details in the email.

* AngelList is based in California, so depending on where OP or his previous employer were, it might not cross state lines and so could be immune to federal law.

* It's unclear to me what exactly the contents of these emails are. Are they basically like LinkedIn spam, clearly identifiable as such? Or is someone crafting emails by hand and pretending to have a conversation with the manager to get details about the project? Imagine saying you worked at Valve on a secret game, so they called up your manager pretending to be you and ended up getting the release date for Half Life 3. That's fraud.

* It's unclear how they pretended to be the OP. Did they just forge the from: header on the email? Did they log into his gmail account and send an email authenticated from Google's servers? The latter would escalate the crime.

To answer your question, I was mainly thinking identity theft and that they'd fine the AngelList LLC. Exactly which of these differences matters I'm unsure about.

I don't think anyone would seriously care too much about it even if it were illegal though. The worst that would happen would be them being told to stop if enough people complained. It'd be worse if they were doing it to investors.


AngelList is likely trying to determine whether this is a real company. How is that felony or fraud?


Like if someone charges your credit card to determine if the number is valid?


BOOM


Has anyone tried to determine is AngelList is a real company?

Their web site certainly claims they are, but I've never heard anything back from my repeated emails to team@angel.co, and I don't see them posting anything here. Even Sourceforge has better community outreach and reputation management. How is that not irony?


Yes, of course they are. They are registered and you can look this up using California's online business search, rather than grandstanding on an online forum.

It's dishonest of you to insinuate otherwise.


If it's so easy for me to tell if AngelList is a real by performing an online business search, then why doesn't AngelList determine if companies are real that way, instead of violating my privacy by sending my employers first person email with headers implying it's directly from me, on my behalf, without warning?

Do you also think I'm being dishonest to insinuate that they ignored my repeated emails to team@angel.co reporting the problems I encountered?


Yeah Angel List does this whenever you list an incubator as well.


If this is true, I'm deleting my account immediately.


I'm expecting a response from angel list here. If one does not happen in closing my account.


Just deleted my account, this is unacceptable.


What kind of TOS would allow that 3rd party involvement? If none - then it's grounds for law suit.


You can ask them yourself:

  team@angel.co
Let us know what you find out?


That's fucked up.


account deleted


this doesn't even scratch the surface of what shady people in the funding industry do to put entrepreneurs or wannabe entrepreneurs in terrible positions.


I like user andlarry's characterization: "very hill-climby optimization". The other technical CS term is "greedy".

This is related to a much less bad (but still kinda bad) thing that companies often do, namely sending smarmbot emails: http://blog.beeminder.com/smarmbot

You could call what Angel List sent "nonconsensual smarmbot emails".


Hah. Good to know how this happens. I thought it was an personal insider convo...


Wow.. This is insane. Just deleted my account. How can they be so insensitive.


They do the same impersonation trick to confirm investors and co-founders as well. It gives them cleaner data & is great for growth.


Some call this "impersonation trick" an identity theft.


That's extraordinarily unethical. I doubt I'd need to use them, but if I ever have the opportunity, I won't.


do you see any difference between these two statements:

"John Fraser has just added you as an employer, can you confirm? -Linkedin"

"I'd like to add you as an employer on linkedin, can you confirm! -John Fraser"


Of course I do. I wasn't meaning to condone their behavior, only to share that it's something they do extensively and give some context on their potential motivation for it.

They send these emails from team@angel.co but the name and content definitely gives the impression it came from someone else.


>They do the same impersonation trick to confirm investors and co-founders as well. It gives them cleaner data & is great for growth.

I just started pointing to groups at bars when the bartender asks me if I want to start a tab. It's done wonders for my personal finances! /s


Does anybody else find it strange how this unethical "growth hack" has backfired on this company?

They were steadily becoming THE place for listing your startup and get seen by investors, but then this happened.

I wonder if we will see a trickle down and this gets reported on those popular SV tech sites.

May just be a bump in the road though.

Kudos to the person recommending filling your profile with dummy data before deleting your account. Then again, every company and their dog is doing "big data", so your real info is probably trapped in an AWS server until the end of time.


Instructions on how to delete your AngelList profile: https://angel.co/help/general/delete-user-profile


Thanks, deleted myself.


Wow. Deleting account now.


"We’ve made it clearer that tagging a company on a project may notify them by email."

I had not previously heard of AngelList but I am grateful that this declaration appeared early in these comments as I can now stop reading, knowing with full confidence that AngelList is an organization that I will never, Ever, EVER do any kind of business with. OMFG...


account deleted, thanks!


So what happened as a result? Anything?


Just to erase any doubts, I've deleted my account. I can survive without AngelList


account deleted! later, AngelList


Angel list trying to be shady like linkedin


I had big problems with the "Angel List" web site, because it was extremely flakey and appeared to be a typical piece of garbage that some dime-a-dozen huckster with very little experience had just thrown together after watching the Ruby on Rails Make Your Own Trendy Dot Com Crud Web Site in 10 Minutes screencast.

Major features were totally broken. Many things about the design were devoid of thought and just haphazardly thrown together, as if I was using a mock-up that was nowhere near ready for prime time. Obviously whoever implemented it and runs it had no intention of using it themselves, and puts no time into maintaining the site or supporting the "customers" (who are actually the product). The only "design" apparent was in the most shallow surface details and of the least meaningful kind.

Their support is absolutely non-existent. I heard nothing back from them whatsoever, after sending several emails. Lights are on but nobody's home. It has the feel of yet another ghost town scam web site run by a sociopathic all-talk-no-chops frat boy "idea man" who long ago went on to something else after pissing off and driving away all their developers who worked for free on the promise of equity, and is now letting it run on autopilot. Too many self described "Serial Hacktrepeneurs", not enough programmers.

Because I encountered so many problems that I have no control over but should, it's an embarrassment to be listed with so many glitches that I am unable to work around, which cause investors to see my profile in such a haphazard state. Their carelessness makes it look like I'm the one who's careless.

I hope Silicon Valley does an episode parodying AngelList, or at least somebody writes some fanfic about it. [1]

[1] https://www.fanfiction.net/tv/Silicon-Valley/


Please, no hatchet jobs here, even when a website is annoying.

HN is an experiment in avoiding some of the factors that have brought down internet discussion forums in the past. We depend on users for that, so please use your formidable flamewar powers for good.


I'm sorry if I came off as doing a hatchet job on AngelList. But it pales in comparison to the self inflicted hatchet job they're doing on themselves.

My intention was to make a last ditch effort to get some much needed customer support, before giving up and deleting my account. But even though Dave from AngelList has finally replied to this discussion, he still hasn't replied to any of my email or postings, or acknowledged and addressed the problems I encountered and reported to him more than a year ago.

I've already sunk a lot of time and energy into unsuccessfully trying to get my AngelList profile into an acceptable state, and I also went the extra mile to describe and illustrate many of the numerous problems I had in detail, and report them to team@angel.co.

I have been waiting for a response before sinking any more time into it, and more than a year has passed with no reply. So I took this discussion as an opportunity to try to get an acknowledgement from somebody at AngelList, but so far to no avail.

To prove my good intentions, and give them a chance to fix the problems so I can salvage my profile instead of deleting it, I've just sunk even more time into summarizing the details of the emails I sent to team@angel.co in another message below, because apparently my emails to team@angel.co never seem to get through to anyone who's paying attention.

I've told Dave the date and time of the first message I sent, 29 January 2015 at 11:09 CET, so he can check his support email archives, and see all the problem reports with screen snapshots that I sent him more than a year ago. But so far, I've seen no response from him.

If Dave continues to ignore the issues that I and other people have raised, that just further reinforces my impression that the lights are on but nobody's home, and that I'm just the product, not the customer.


I regularly get messages from startups who are interested in me on AL. Every time I answer, I click the "I'm interested" button, and I add a message saying that there might be something up with the site. I never hear anything back even though the other side initiated the interest.

I also get an email from an AL engineer now and again asking if things are working. Not sure they are getting my responses, because they should have asked more questions given what I replied.

AL itself also interviewed me once, and they sent a socially incompetent guy who couldn't listen properly without reverting to a script. I would answer a question and the guy would literally ask the same thing again, as if he hadn't heard me.

Totally bizarre.


As a counterpoint, I've emailed/responded to emails from AL on a few occasions and received non-automated responses in a reasonable timeframe. I reported a company for posting false salary ranges and previously had some questions about a "top n% of profiles" thing I was apparently bucketed into.


You reply back to the startups that there is something wrong with the AL site?


Pretty sure he meant that he gets messages from two groups of people, startups and engineers, replies to both, receives responses from neither.


Personal insults are poor form, especially when the people you're insulting have added tons of value to this community with their advice. I know this is the internet, but you're talking about real people, man.


Insulting, bordering on abusive hyperbole. You seem to have a major chip on your shoulder. Did Angel List eat your baby or something?

Also, if you hate them so much but seem to have some sort of reliance on their service, why not take yourself off the site and make a competing product?


>>> why not take yourself off the site and make a competing product?

A counter-argument in the form of "if you criticize something, make something better" is just really weak.


I don't make a competing product because I don't have 10 minutes to watch a Ruby on Rails screencast.


The whole, "If it sucks, make a better one," is a terrible argument. I don't want to make something better - I want to use this. It is totally reasonable to expect the people who built this tool/software to deliver with core working functionality.


The poster I responded to literally said he could have done it better. My point is, if he has such harsh criticisms and apparently some idea's about how to fix it, why wouldn't he?


Since you asked "why wouldn't he?", here's why:

I spent quite some time trying to work around the glitches, which I was helpless to do anything about. So then I spent some more time writing up a detailed problem report including screen snapshots of Chrome debugger traces showing where some of the problems were. When I didn't hear back from them, I put even more time into trying to work around the glitches, and found even more, different glitches. So then I spent even more time writing up those problems in detail and sending them in. Then I continued to wait for a reply. And waited. And waited. And so far I have never received any acknowledgement of any of my problem reports. And none of the problems have been fixed. I have much better things to do with my time than to help AngelList debug their web site, and wait for a response before finishing my profile. Now my profile is still in a half-finished inconsistent state, because I went on to more important tasks, and have never heard back from them since then.

The first problem I reported was related to inappropriate unsolicited email that Angel List sent to my former employer on my behalf without my consent, applying for a job at a company I used to work for, presumably with forged headers and first-person pronouns making it seem like it came directly from me:

I added an entry for a company I worked for, XXX, and when looking at that page, I was surprised to see a button that said “[checkbox] Sent” in their Jobs section. I did not mean apply for a job there, and I do not remember doing anything that expressed my intention to apply there — I used to work there, but I’m working somewhere else now. There does not seem to be any way to list all of the jobs that I have applied for (or that AngelList applied for on my behalf without telling me), or DELETE any applications that I may have mistakenly made. Can you please remove my application for a job at the company I used to work at, XXX, or explain to me how I can do that myself.

How am I supposed to fix the problem myself, without access to their source code and servers and databases? Don't you think the ball is in their court to reply to my bug reports, after I've spent so much time unsuccessfully trying to work around it myself and writing up and sending in bug reports?

Or are you suggesting I start my own web site from scratch to compete with AngelList, instead of spending my time reporting problems that I have with AngelList to their team who ignores me, or even spending my time on my real job that I'm trying to describe on AngelList?

Was I wrong to spend so much time trying to work around the problem and writing up bug reports, when I should have instead spent my time watching a Ruby on Rails in 10 Minutes screencast, developing my own competing web site, deploying all the infrastructure required to publish it, hiring people to maintain it, getting the money together to run it, and renting office space? Should I use AngelList to get funding for that, in spite of all its flaws? Or are you offering to fund my AngelList competitor yourself?


Wow fail - looks like AngelList is going the way of LinkedIn. Anyone have any suggestions to alternatives before I delete my account?


Unacceptable. You guys fucked up. RIP AngelList


That's abusive, and you can't post like this on HN, regardless of whether someone else made a mistake.

We detached this subthread from https://news.ycombinator.com/item?id=11329246 and marked it off-topic.


wow that escalated.


It's the gist of about 1/4 of the posts on this thread.

It's a little worrying that people will be upset by something that didn't happen to them and throw it all away without a second thought.

There was an op-Ed in the New York Times the other day about a former UN bureaucrat saying the UN is broken and needs reform, and the astounding reader reaction was essentially to burn it down and start fresh.

I don't think many programmers here would seriously advocate the same approach with large systems.


Ummm... This is a forum for people interested in startups, which are defined more as "start fresh, then use it to burn down the old thing." Not exactly the same thing, but offend driven by the same sentiment.


Yes the sentiment is the same, but it takes little historical understanding to see how tearing down is always easier and more exciting than building up.

What works at a startup often can't work at a big company. Or a university. Or a government. You have to work with the system you have. For those that leave angellist without a second thought, what are your alternatives? LinkedIn?


was thinking about this just now. how easy it is to influence people over the internet through mediums like reddit, HN, etc. as soon as something gains enough upvotes, it becomes the truth.


Watch "century of the self" and thank me later.


You recently gave critical information about yourself, including your employer's email address, to some guys with a website. How can you think this is a good idea?


HN users confuse me quite a bit.

How would they confirm if you are lying or Telling the truth? I believe the only wah would be to confirm from the organization owner. Or else, ANYONE can claim to have done any project.

I believe they do the same verification (it's simple verification) for roles in an organization.e.g Adviser, Co founder, Investor etc. And the verification is the other way too. If an employer adds you as an employee, you are to verify it too.

I struggle to find what the issue is. Perhaps they should have told you they were going to verify your project?

Animats / John, when you invite your friend on a social network and they send a message on your behalf, is that criminal too? Remember, OP(Oliver) took an action by claiming he did a project in an organization. It could have been true or false.

Don Hopkins, take a deep breath man. You can pass a message without being mean. Except that's the intention for a reason not stated here. In that case, it's all good.


Employers are necessarily oppressive and may fire employees over this sort of notification if the listed project or the AngelList profile in general is against business interests.

If it wasn't clear already, this sort of move shows exactly who AngelList is serving. After all, as you said, how will the employer, in their contractual fantasies, ever be able to confirm that a potential interviewee is telling the truth?


I don't work for AngelList however I think this is overblown.

If you add yourself to an open site, your employer will see it. It is indexed on Google. It shows up when you search the site for the organization.

Are you saying as an owner of an organization, you are happy for anyone to claim to be an employee and to have done any project at your company without you knowing?

Should I be able to claim I did the Dropbox AWS migration without the folks at Dropbox getting notified I am making the claim?

It would be bizarre for an employer to fire an employee for stating (s)he works at the company and did a project.

But what do I know.


The creepy part to me is that the email pretended to be from the employee, not AL. I am actually curious to know exactly what that email looked like.


Think, when people usually update their profile on angellist, linkedin, etc? Usually, when looking for a new job. And normally, you'd rather not share the fact that you're looking for something with your current company as they might start looking for your replacement before you're ready.

>>> Perhaps they should have told you they were going to verify your project?

That would a huge difference and that's why the frustration - it's not something expected.


It's a semi prison if you are not allowed to update your profile at a job you work.

Remember, the person in question had to chose they were in the said organization and did a certain project.

Anyway, asking Angelist to show any claim will be confirmed is not asking for too much. However, it is not such a scandal as OP makes it out to be.


> It's a semi prison if you are not allowed to update your profile at a job you work.

It's not disallowed, it's just not good. You might not pay attention when your employees are looking for other jobs, but most business owners do, and react rather negatively to it.

> it is not such a scandal as OP makes it out to be

OP posted a one-line "Tell HN" comment, you're actually the one calling it a scandal.


Well, to each organization his to his or her own.

You are right re: the second part. I projected the "WHAT A SCANDAL??!!" comment thread to the OP.

As an aside though. Is there something wring for an employer to know ahead of time if their employee is planning to leave? Of course if an employee updating their profile gets you panicked, then you are not doing something right.

So I am speaking of non paranoid situations.


In the ideal world, you probably should have enough redundancy in terms of human resources so that one person leaving is just slightly inconvenient. Also, as an employer, you should be realistic that it's just a job to most of the people and they will leave whenever a better offer comes, just a matter of time.

So in the ideal world, there's nothing wrong.

However, we don't live in such a world, unfortunately, and should adjust accordingly.

There are many small companies that would struggle horribly if one of the key employees would leave, and eventually they will. Also, some employers expect loyalty and treat it very personally if they know that someone's is definitely looking to jump the ship.

It's right, I agree, but that's how it is usually.


If you're looking for a place to list your projects that doesn't do spammy/scammy stuff like this, check out MakerSlate, a résumé tool I created that's tailored to devs and designers. I built it partly out of frustration with these sorts of practices.

http://makerslate.io


AngelList lists startups, so why are you registering there if you are employed? That's likely a violation of your contract in the first place, and their ToS, and it's public info anyway. AngelList is for companies, not projects. You do realise this info is meant to be public? AngelList is a public register of startups showing the people behind them. If you don't want that info public, don't register there.


There is also a "JOBS" section. If they are not protecting the confidentiality of the potential candidates, well, they are not making any favour to the startups or their business.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: