Hacker News new | past | comments | ask | show | jobs | submit login

Hey everyone. Happy to answer any questions about this. Basically, we think that LinkedIn profiles don't do a good job of showing engineering skill (especially for self-taught people or people from non-traditional backgrounds). I'm excited to just build better support for showing side projects and GitHub contributions. LinkedIn profiles have become the default engineering resume (despite the fact that most engineers are not particularly happy with their LinkedIn profile). But there's lock-in. I hope that we have enough scale to be able to chip away at this.

What a foolish decision to make. Knowing what you know about HN users, did you expect that this would go well? You can pretty much assume that Triplebyte will be persona non grata henceforth, especially as word spreads that you are publicly exposing people and only giving 1 week to opt out.

Extremely foolish and really shines a bad light on your decision making capabilities. Why would I put my trust in a company that is so shady?

You will change this bad decision and apologize, but you have betrayed the trust of all the people who have used you. Even if you change your policy now, we know you will change it back in the near future. No one will use your services again, because of this betrayal. You just killed your entire company in one fell swoop.

I’m shocked that someone associated with YC could make such a demonstrably poor decision.

A lot of people go through YC and while their filter is better than most I assure you this is hardly the most shockingly stupid thing I've seen someone in YC do, ever heard of Meta? That was a dumpster fire from start to finish.

Yeah, but one of the TripleByte founders used to be a YC partner, so it's a little different.

Actually, he’s a current YC partner again: https://blog.ycombinator.com/welcome-aaron-and-harj/

Oooooh, fair enough, I didn't realize that.

I’m curious on Meta, got a link?


This is the company in question, I'm not sure if there's an online repository for all the ridiculous drama and bad decisions though.

(posting from a throwaway account, but long time HN user).

Well, I was just about to go through your process, since you announced that you are opening to remotes (I'm in the EU), but now I've requested that you delete my profile. No way I want my current employer to know I'm looking, especially in the current climate where job hunting is difficult.

As other people have mentioned, you now have a deeper problem than entering a new market. You just broke your users trust.

And the sad thing is that this was a real opportunity, because linkedin sucks. Unfortunately what you failed to realise is that there is appetite to switch from linkedin to a more honourable company. Not to an equally or more dishonest one.

Most likely your staff were trying to warn you about this from the beginning, and it would be worth your time reflecting on why you didn't take note of that more deeply.

I know you are looking for actionable routes to save your company right now. In my opinion, the loss of trust is so bad that only a pretty costly signal will now cause people to reevaluate. The one that springs to mind is for you, Ammon, to announce that you are stepping down as CEO and starting a search for someone who is committed to privacy to take on the role.

How did you request your profile to be deleted?

In the meantime, I updated my profile data to express that I feel Ammon betrayed us. I'm not trusting them to delete my information cleanly, so it's one step closer to change it beforehand.

Thanks for coming to answer questions here even though you’re likely to get dragged through the mud for this decision.

FWIW, I agree with other commenters that this is a betrayal of trust but I don’t have anything original to add.

Well, sorry that you feel this way. I don't agree right now (clearly). But I'll certainly take this seriously and think more about it/listen to feedback. We're talking about relatively basic profiles, to give us the canvas to launch public achievement badges (that we hope allow us to better help people who don't have traditional credentials). My view, building this, is that we're not displaying anything more private than hundreds of other companies. Stack Overflow has public profiles. Hacker Rank has public profile. AngelList has public profiles. Even HN has public profiles. We are launching public profiles for a product that has not had them in the past, and I get that that's a more sensitive thing to do. What we've focused on to keep that from harming anyone is what data we include in the profiles. I wish we'd include more details about that in the email.

> Stack Overflow has public profiles. Hacker Rank has public profile. AngelList has public profiles. Even HN has public profiles

This seems so obviously disingenuous to me. You know why Triplebyte is different, right? You understand why employees would want to keep the fact that they have a Triplebyte account secret instead of public, right?

If you do know that answer, then you should recognize that you're betraying the trust you created with the user. If you do know why Triplebyte is different, then you're lying to us here.

If you do not know why Triplebyte is different why on earth are you the CEO of a recruiting company. That's absolutely unforgivable.

This one sentence gives away that you're either lying to us or willfully ignorant and careless about your users. Either way, I'll never trust you again.

First off, thanks again for taking the time to speak with us on HN.

I think you’re missing/avoiding the issue that people might want to hide the very fact that they have a Triplebyte account at all. It implies that they have job hunted in the last 5 or so years, and someone who’s been at a single company for longer than that might not want that information to be available.

I work at Google, and I can tell you as a fact that our Privacy Working Groups would never let us launch something like this without explicit user consent.

Google did something significantly worse -- and spent ages apologizing for it and never really recovered from the reputation hit, and I suspect that negative impressions Buzz gave people were a contributing factor to G+'s total failure.

> and I suspect that negative impressions Buzz gave people were a contributing factor to G+'s total failure.


Google+ became really nice towards the end, but HN kept hating it, and I guess partly because of Buzz.


> Google Buzz publicly disclosed (on the user's Google profile) a list of the names of Gmail contacts that the user has most frequently emailed or chatted with.

Google Buzz is something you definitely don't want to be similar to.

The disaster that was Google Buzz has left a thick bureaucratic scar tissue designed to prevent something like that from happening again.

Here’s an old article about it: https://money.cnn.com/2012/01/26/technology/google_privacy/i...

I suspect TripleByte is about to learn some similar lessons.

You are not Stack Overflow. You are Ashley Madison.

Outing people who trusted you to help them find a better job in secret will go very badly for you.

I predict lawsuits.

All of these companies have opt-in profiles. When you sign up for the service, you can tell already what you’re getting into and what will be displayed. As far as I’m aware, none of them started as an unrelated service that suddenly announced they were going to make a public site and seed it with information from anyone who’d ever interacted with them.

I've always wondered if people who use corporate doublespeak like this realize how transparent they are.

Why not just say "We think we'll make more money by sharing private information our users trusted us with, without their consent." Then at least I think you'd get points for candor and honesty. As is, no points for either and everyone reading knows what you mean.

By the way, is it true you require a government id to delete your account? If so, why?

> Stack Overflow has public profiles. Hacker Rank has public profile. AngelList has public profiles. Even HN has public profiles.

Come on now, these examples are not even remotely similar to what you are doing here.

Firstly, it's up to me whether or not I even create a profile on those sites.

Secondly, if I choose to create a profile, I have full control over what is shown publicly.

What you are doing here is making information public whether I like it or not. This is not OK, and you trying to defend it here is mind boggling, and demonstrates clearly what little regards you have for privacy. I for one will now never have anything to do with TripleByte.

I've read several of your, "I'm sorry you..."

How about an "I'm sorry I..."

Take responsibility for your own actions.

The difference is that people expected their relationship with Triplebyte to be private, and not a public matter. A lot of people do not even want the fact that they're on the platform to be public. Like it or not there's a cultural expectation of "people have Linkedin all the time even when they're not necessarily job hunting," a level of leniency and acceptance that does not apply to Triplebyte (which is currently viewed as a "I want to get a job now" website)

I have had a really positive experience with Triplebyte so far but hope your team can understand the root of what is bothering people about this decision.

You mentioned Hacker News in passing. HN has public profiles indeed, but most of them don't have much information. Either people don't want to fill them out or they don't care to, possibly because they just want to do other things on HN (like post comments or upvote articles and comments.) The way public profiles work vary from service to service, as does people's expectations regarding those profiles. From what I've read, it sounds like public profiles haven't been Triplebytes focus, but users are now upset that they're being brought into focus or given more exposure than they ever expected before (assuming people are correct in the fears they've been expressing here.)

Also, most HN profiles use pseudonyms. the profile might be public, but the connection to a human being isn’t.

You're exposing job searches publicly that were supposed to be private. You advertise this privacy when users create new accounts, so you can't play dumb and pretend that somehow over years of running a company like Triplebyte it never occurred to you that folks don't want their search made public.

I'm less concerned than everyone else about this, but I do think it's ridiculous that we have one week to opt out and we can't even preview what you're going to make public right now.

I’m having a similar gut reaction. I just got the email and had I missed it (which is entirely possible since Triplebyte has been bombarding me with erroneous newsletters), I’d have a by default publicly visible profile. Just went in and turned the visibility off.

The roll out of this needs to be handled better, with extra care given to privacy settings, and verbiage on the profiles.

For example, Triplebyte has the following language - ‘I am currently open to new opportunities’, heh, yeah, please, show that on my public profile while I have an existing job.

A robust technical assessment site focused on tech is good, especially if it is nuanced in assessing people (not hard cut offs, finding strengths and weaknesses on a spectrum, etc), but please, take good care of privacy and clear communication.

Right! How can you share anything about your desire to find a new job without recruiters seeing it? And then, how do you make sure that the platform somehow excludes your current employer's recruiters? As with Ashley Madison, where you might find your spouse looking for you. So the privacy concern is a bit overdone, but nonetheless, the company's behavior is a bit shocking. If the CEO thought the users' profiles were as good as public, why not communicate that well to the users to begin with and later float the idea of making profiles truly public?

A public stackoverflow/github/angellist profile does not leak information to my employer that I'm seeking new opportunities.

Tripebyte is fundamentally different and dangerous there.

It make no difference whether you're sorry that people feel that way. It's the wrong thing to do - you're going to hurt people doing this.

It make no difference that it's a fantastic opportunity for you and Tripebyte. It's not what you told people when they signed up and entrusted you their names and jobseeking. It's the wrong thing to do - and only lawyers are going to end up benefiting.

It's so disappointing that you cannot see how blatantly wrong what you're doing is.

Dude, the default for profiles should be private. Allow users to opt-in to a public setting, if they prefer.

You are making a huge mistake and going to drive your company to ruins. Change it now.

An employer wouldn’t fire me for having an HN or AngelList account.

An honorable employer wouldn't. Even honorable employers can have HR staff who are not.

> Even honorable employers can have HR staff who are not.

I disagree. HR reports to the CEO, just like everyone else. If the CEO tolerates HR (or any department of the company) being dishonorable, the entire company is dishonorable.

The difference between what you are doing here and the other public profiles you mention is consent.

When a user creates a profile on Stack Overflow or Hacker News, they are consenting to share whatever data they give on that particular platform.

When a user created a profile on Triplebyte, up until now, they were consenting to that data being used in a private profile for the purpose of connecting them with job opportunities, privately. Now, you've emailed all of your users on a Friday evening to say "by the way, if you don't opt-out in the next week, we will take this data that you gave to us under the assumption that it would be private, and make it public (and potentially searchable)."

By saying "we'll do it unless you say no", you are not getting consent.

If you're familiar with the tea analogy of consent, a la https://www.youtube.com/watch?v=oQbei5JGiT8, this would be like you saying "well, other users (not necessarily every user, or you, the user in question right now) have had tea (not necessarily the same type of tea) from other platforms. This is just like that. So, if you don't say no to our tea in the next week, we're going to drop the tea on you. We hope you enjoy!"

You are not just "launching public profiles for a product that has not had them in the past", you are launching public profiles and on them you are _sharing data that was given to you under the agreement that it was private_. You are using data that folks gave you in a very, very different way than for the purpose they gave it.

Finally, just to really drive this home, you say "What we've focused on to keep that from harming anyone is what data we include in the profiles."

And, what data is that? What personal data, given under the agreement that it would stay private, won't harm someone if made public?

Full (presumably legal, or at least professional) name, coupled with profile picture (presumably a clear photo of their face) and, I'm guessing, also the locations they said they were looking for a job in? Although, fine, in most cases sharing that data is mainly annoying and trust-breaching, that combination of information can be devastating if leaked. Consider a person who has escaped an abusive ex-partner, and has managed to keep private about what new city they've moved to, now popping up in a Google search for their name that has their picture and the fact that they're looking for a job in Los Angeles. This person probably isn't your core user-base, but stories like this are real, they happen, and if you get enough users, they will be among your real life user stories. You have to consider user stories like this when you are trusted with personal information.

This ain't it.

You can’t unilaterally decide to give me a public profile; that is a trust ruining decision that you’ve made.

If you gave me the option to make one, we could talk. But by making that decision for me, I now have to view you as a fundamentally un-trustworthy party.

Others have addressed the obvious privacy issues, so let me address your logic on the business side of things. I apologize in advance for the tone, but your move with exposing profiles made me angry. Good thing my TB profile is fake (and performs worse than my actual, real life resume despite all the embellishments)

1) There is no lock in - I can move on and off LI whenever I want, and have. I've exported my data and used it to create my own resume site with analytics that I send out to companies. I can see who viewed my CV, when, and whether or not they actually read through it or bounced immediately.

I've also learned to track the progression of my candidacy through the organization using this trick (recruiters tend to view my CV on their Windows desktop during work hours, hiring managers tend to check out resumes in the evening on their iPhones or Macbooks, engineers/tech leads tend to use Macbooks, desktop Macs or Android phones in the morning or during lunch time. Usually when I've hit the engineering lead I tend to get invited to interview).

It's extremely easy to create your own CV website for free (github/lab pages) that's versioned by git and deployed automatically using a CI script.

2) You're attacking the tech hiring problem from the wrong angle, like everyone else. There is no issue with discovery of candidates and employers. LI and stackoverflow, etc do a great job of approximating this O(N^2) exposure process, the filtering and sifting. The ACTUAL problem is on the hiring end - companies won't take a chance on non-traditional candidates (not talking about race and gender here, more about credentials).

You have to start by chipping away at the costs of showing competence for a candidate (the traditional way to do this is to get a three- or four-year degree that's either expensive in terms of time and money, or useless, and if you get a degree with a low score, doubly so, even though you might be a better programmer than the people who scored over 90%).

This will only happen by convincing hiring orgs to hire non-traditional candidates, and this requires establishing a very strong signal/noise ratio for candidates coming from your hiring channel. Before you start PRing me about how great TB is at this - no it isn't. Not any better than leetcode etc, and those are terrible at predicting engineering competence.

"used it to create my own resume site with analytics that I send out to companies. I can see who viewed my CV, when, and whether or not they actually read through it or bounced immediately"

I'd be super interested to learn more about how you did that.

Google Analytics

The objection seems to be that this is automatic, with opt out, instead of with opt in. Another commenter makes the point that the opt out button is difficult to find. Those are the issues you should address.

I have a hard time not believing that the opt out button is hard to find on purpose.

Anybody know where the fuck the opt out button is? I literally can't find it on mobile

Edit: For anyone else struggling to find it, look for the box with the heading "Profile URL". There's a link in the upper right corner of the box that says "Visibility Settings". It's light grey text and kinda hard to notice that's a link.

Just for anyone else, if you're forcing users to opt out of something like this it should be a BIG BUTTON AT THE TOP OF THE PAGE.

I can appreciate that it's an exciting opportunity for your business, but your failure to read the room here seems spectacular. My jaw dropped at each of your responses failing to understand why people were concerned and react appropriately. Hopefully there's something in the explanation of new functionality that's been missed and it's a misunderstanding?!

If I opt-out and make my profile non-public, what kind of information in the profile will still be public?

Because, in the "Visibility" link in the profile builder says: Your public profile will be invisible and will not appear in public search engines. This simplified version of your Triplebyte profile showcases your technical achievements based on actual skills, not pedigree (it does not contain your score details, job status, or preferences). Turn your visibility “ON” in order to share your unique Triplebyte profile URL on job applications, LinkedIn, GitHub, and other platforms.

However, "Learn More" says the URL will be inaccessible when not Public. So, which is it?

This should absolutely be opt-in, not opt-out.

Were people that originally interviewed aware before their interview that their profile would become public at a later date?

I interviewed with them last year, and just got this email. There may have been some of the usual boilerplate about “publish, disseminate, or publicly perform your content in order to provide our services” somewhere (actually, I recall a surprising lack of legalese) but there was absolutely not any attention drawn to the possibility that my profile would be shown to anyone other than the companies looking at the round of candidates I was included in.

I didn't even "interview", just took one of their tests out of curiosity to see how I did. The announcement was especially unwelcome news given that I'm not even looking for another job.

I'm interested in knowing whether you surveyed at least some of your users (random ones, who aren't coworkers or acquaintances) what they thought about the change you just announced. I can understand that as a company you may wish for secrecy before you make a strategic move such as this one, but this sounds like the kind of change that'd be good to ask users about before doing it. Or maybe this didn't seem like a controversial move to you guys? (If so, bummer, but I hope you can still prevent or fix a potentially serious mistake.)

FWIW, I hadn't heard of TripleByte before, but this is not a good way of hearing about it, nor would it encourage me to become a user, if people's fears match what you're actually planning to do. If they're correct, it sounds like you're about to intentionally or accidentally implement a dark pattern. I hope that's not the case.

How do you justify opt-out versus opt-in for publicizing this info? Do you not see the potential harm in "ammon is looking for a job" showing up to someone you work with?

They did, but they weighed this against launching with X thousand “active” profiles and decided it was worth the outrage. $GROWTH

You just lost any trust and goodwill that Triplebyte built up with myself or any of my engineer friends.

Here is that problem: people gave you their data because you told them that you would make it available to companies that were NOT our current employers or the general public. None of us agreed to let you post the fact that we were actively seeking employment.

You betrayed our trust and are using data none of us agreed you could use in the way you are using it.

Please do not turn it into another Rolodex and competition for connections. It’s bad enough to know that connections could be mined through inference, but I’ll be leaving the second I find out you are turning into a social network.

A nicely styled resume and showcase should do the trick nicely.

Lock-in to your platform sounds even worse than LinkedIn.

How long before we all get an apology email, "Upon careful reconsideration...", 72 hours?

It'll be "We heard our community's feedback.". "Many of you responded passionately to our announcement.".

God damn corporate spin pretending nothing bad ever happens..

Geeks don’t dislike LinkedIn because the formatting isn’t right, they dislike it because of the dark patterns. If that’s the measure with which you’re trying to compete with LinkedIn, it’s safe to call this one a win.

What’s the next step from here? Public profiles themselves aren’t very useful in of themselves.

Asking as someone who has been on the platform for a while but has not found any success through it. I have other thoughts but would like to hear your plans before adding.

We plan to add more engineering-specific sections to the profiles. I think there's a lot of room to just display what matters to engineers/eng hiring managers better. Then we want to use the profiles to push the industry to look beyond traditional credentials (school, work at top companies). Recruiters say that they want to do this, but we need to get them off of LinkedIn where everything is designed around the traditional credentials.

You know what, it's clear that you've put a lot of thought into this from the product & strategy side, and these are genuinely great ideas with significant potential social impact that are worth exploring further.

But it really is a shame that from this incident, myself and many others will no longer be willing to trust you and your team with the data needed to execute on these ideas.

At the end of the day, we entrusted you with extremely sensitive data in order to use your service that could threaten our very livelihoods if exposed. Your choosing to expose this data without explicit opt-in shows an alarming lack of empathy for your users and that you were never deserving of this trust.

> I think there's a lot of room to just display what matters to engineers/eng hiring managers better.

There's no doubt a lot of truth there.

What matters a lot to engineering managers are the answers to questions like "What other roles is this candidate interviewing for?" "How well did this candidate do in their Triplebyte interviews for our competitors?" "What are the salary ranges of other roles this candidate has clicked on or applied for?"

Will that also form part of every user's public profile, with the same "1 week to opt out, 30 days to enable opt out" process? Or will that data only be available to hiring managers with Triplebyte Premium accounts?

1/2 of the triplebyte recruiters that reach out to me don't even reply

That’s an interesting thought, but I haven’t seen any change in both attitude and the interviewing process from companies on TripleByte. Do you have any hard numbers showing that companies are willing to walk the walk instead of just talk?

why ignore the legal precedent? it's more than personal opinion in every sense of the word, it's an already hashed-out question that had a very clear consequence. "Recruiters say" doesn't even come into the conversation -- this has been tried before. do you have a legal team? do you pay them more than pocket change? god help you, but at a certain point you chose to ignore the book

I absolutely would have used TB for my next job search, when the time was right.

Now I absolutely would not. Dead simple.

Employees require discretion and privacy when they are searching for a new job. Do you need us to enumerate the reasons for this? This new approach is unethical and completely tone-deaf, at best.

I think it would make more sense to make this opt-in. For instance, I set my profile not to be displayed a while back, but when I checked on this new thing, it was set to make at least some part of the profile public by default.

Keep in mind that Triplebyte profiles have no reason to exist except people looking for work, and that most people have a reason to want to be sure that a current employer does not have an easy way to find out that they're looking for work. I can have a HN account and it doesn't make anyone think I'm looking for work, but if an employer sees my profile on Triplebyte, it tells them at the very least that I was at some point looking for work. If they see it on Triplebyte after having previously not seen it, it tells them that something changed recently.

I would definitely think this should be an opt-in thing.

Please make this opt-in and not opt-out.

well if they have European users they basically have to make it opt-in

Not really. Depending on what you mean by European users, GDPR may not apply here (if GDPR was what you were alluding to).

Gdpr 100% applies here to any user residing in the EU, and as one I find it appalling that this is opt-out. Further, I couldn't find an option to delete my account, which is another clear violation of GDPR. I wonder how long before they get hit with a juicy fine.

Yeah, my understanding is that if they did not make an attempt to block EU citizens from using the site then GDPR does apply. The problem is that IIRC, when I was singing up they were explicitly serving only few cities in the US. Might be misremembering though, it was a while back.

Do you think American anti-hacking/DMCA/etc laws do not apply to people living overseas? (like Gary Mckinnon for example).

Corporations don't get to choose, either laws apply or they don't apply internationally.

If I recall correctly, the corporations that explicitly do not aim to serve EU citizens (and make reasonable attempts to block them) do not need to follow GDPR. Then there's a matter of enforcement - I don't think EU can do anything to a company that does not have any presence in the EU. IANAL, but I am an EU citizen living in the US so it would be great if I'm mistaken here. :-)

You're missing the point by focusing on the job search information specifically.

Any information provided without a clear understanding that it would be made public should not now be made public by default, even if it is just a name and some badges.

I have a triplebyte account and would love for you to take on LinkedIn, but it absolutely needs to be opt-in. Sorry if that makes things inconvenient for you, but I’m going to delete my account if you go through with this.

When are you going to be available outside the US? If you were going to offer the service how much would it cost to have you do the interview/skills assessment as a service if you’re not going for other markets any time soon?

No one asked you to broadcast our progress on your platform or participation in it. I made sure to not only make my account not look it's mine, I used every control to lower its impact on my footprint and pushed my peers to.

From today onward Triplebyte has established its place in the lexicon as a ghetto self-serving linkedin wannabe. Good job.

>"Basically, we think that LinkedIn profiles don't do a good job of showing engineering skill...:"

So that's your bar, a growth-hacking dumpster fire?

>"LinkedIn profiles have become the default engineering resume (despite the fact that most engineers are not particularly happy with their LinkedIn profile)."

No they haven't. You know what the default engineering resume is? The one you have on your hard drive that you share at your discretion.

I'm quite surprised at how oblivious you seem to be of the issue of user trust.

It would have been more productive to say nothing and just plow on, than attempt these comments.

Isn't this basically a GDPR violation as you didn't acquire consent for sharing data with such purpose(public display of a profile)?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact