Thursday, 16 June 2022

New best story on Hacker News: Tell HN: Triplebyte is, yet again, making user profiles public without consent?

Tell HN: Triplebyte is, yet again, making user profiles public without consent?
551 by teraflop | 107 comments on Hacker News.
Triplebyte (YC S15) is a tech recruiting company that operates by getting developers to take skill tests, and then using the results to match them with employers. Back in 2020, they got in a lot of hot water by suddenly announcing that user profiles -- which had been collected with assurances that the data wouldn't be shared without consent -- would be made public, unless you opted out within a week[1]. This provoked a lot of backlash, especially since the CEO seemed totally oblivious to the privacy concerns[2]. After a lot of angry comments, he publicly apologized and reversed course[3]. Then in 2021, some users started once again being notified that their profiles were automatically being made public[4]. This time, it was explained away as an "oversight" related to the fact that previously, opt-outs weren't permanent but had a hidden expiration time. Triplebyte once again apologized and promised that it wouldn't happen again, and many people seemed satisfied with the "transparency and candidness" of their response. Now it's 2022, and yesterday I got a recruiting email from a company that found me via the Triplebyte account I created back in 2019. When I logged in to check, sure enough, my profile was set to "publicly visible" and "open to new opportunities". I was pretty sure I had never made those changes, but just in case I was misremembering, I contacted Triplebyte support to find out what was going on. Today I got this response: "I was able to do some digging on to why this must have happened, It looks like before we did our last update to the platform you did not have the profile visibility set to indefinitely so the profile was turned on. Since then we have made a privacy chance once you set the profile to off there is not reset time frame it will remain off until you turn it on." (Unlike the user in [4], I never got any kind of notification that this automatic change was being made.) So despite their explicit promises, Triplebyte did not actually go back and fix the privacy settings for users who had them silently changed by the previous "dark pattern". This is a heads-up to anyone else who has a Triplebyte account and might be affected by the same issue. [1]: https://ift.tt/LcxtFpI [2]: https://ift.tt/0IQyN9e [3]: https://ift.tt/ZSABipu [4]: https://ift.tt/0U5lQFA