My head was still in the place it was when we were developing the feature. I thought it was a communication problem (if I could only communicate how this feature could help a lot of people everyone would understand). Perhaps I'm just slow. But it took some time and repetition for the magnitude of my error to sink in and me to really hear what people were saying.
If you don't already have one, have you considered having a collection of users who you can privately ask about potential features (or run email wording by) to figure out how it would go over? A user of the product could easily have told you, in advance, "some people are looking for a job secretly and this would be a problem".
You could also come up with incentives to encourage job seekers to opt in; for instance, you could temporarily tag such users as "likely to get hired sooner" in reports for prospective employers.
I'm actually surprised that I didn't see this posted in the TripleByte Alum Slack for feedback prior to announcement or even announced there at all. It was the first place I checked after seeing the email/post on HN.
Studies actually show that subordinates generally do not raise concern to their superiors about issues for either fear of reprimand or thinking the superior knows more than you.
If @ammon had said, “this will be a great feature,” the devs would keep quiet because they either (1) don’t want to be fired, or (2) trust he knows better than them.
If you can't reliably release on a Friday, your delivery process is broken. Should you send customers an unsettling policy change, late on a Friday, nah, still a hard NO.
I didn't say don't have a release process good enough to release be able on Friday (obviously you want this for emergencies).
I said don't release on Friday.
No ones release process is perfect and the best time to find holes in it is when you are just ready to have the week be over so you can happy hour on a Friday.
In this case at least part of the release process that was broken was how it was communicated to users. Now they have to spend the whole weekend putting out this fire.
Why take the chance in a non emergency situation? Enjoy your weekend and do it with a fresh mind Monday morning.
I don't know... it's not a great response from a company, but sometimes it's genuinely the case that disagreement comes from a lack of understanding. An impulse to try and explain more clearly is relatable.
Unfortunately, the real fines are nowhere near the theoretically possible ones.
This is egregious enough that it could have actually resulted in a fine as opposed to a "please don't do that", but realistically, I doubt the fine would get near 100k.
I’m curious how that’ll work in practice. The sovereignty of a nation is a big thing. The US isn’t going to just prosecute TripleByte because Europe said they should. Sure, if @ammon visits the EU, he could be arrested, but a nation’s laws (generally) don’t extend past their border.
It’s a total pipe dream. I don’t know what fantasy land people are living in where they think the EU is going to successfully collect a dollar in fines from some random small company elsewhere in the world, no matter how messed up their privacy practices are.
First of all, this isn’t popular with the EU crowd here, but there’s no method of enforcement for GDPR for American companies without a presence in Europe. Good luck trying to collect a fine from some tiny business in the US
Second, you really think GDPR is going to be applied to some tiny American startup because they said they might do something and then didn’t?
Third, my understanding is that if you don’t target EU customers, GDPR doesn’t apply. It’s not enough that an EU customer happens to wander into your store. You have to have some accommodation targeting the EU (like translated pages, international shipping, different currencies, etc)
Your company is service provider based outside the EU. It provides services to customers outside the EU. Its clients can use its services when they travel to other countries, including within the EU. Provided your company doesn't specifically target its services at individuals in the EU, it is not subject to the rules of the GDPR.
> if I could only communicate how this feature could help a lot of people everyone would understand
I don't mean to flog a dead horse, but you seem to be intent on digging a deeper and deeper hole.
It's not for you or anyone else to make someone's data public without their consent, because you think it helps them.
> and me to really hear what people were saying
Nobody should need to tell you any of this. If it truely did, then you clearly don't care a jot about privacy, and simply aren't responsible enough to manage other people's data.
A companies ethos and values cascade down from the top, so your attitude towards privacy is especially concerning.
I think you've missed the point ... that parenthetical comment is what was previously in his mind, he's sharing with us why he was, at that time, still pushing and defending.
I don't see this in any way as still digging the hole.
As for the rest of your comment, you seem purely to be repeating what he says he now knows. Although others have, I haven't downvoted you, but it feels like you're still being angry about what the situation was, and not trying to adapt to what this situation is.
I agree that there are still legitimate causes for concern, but it's worth taking time to think about what they really are.
Yes, I'm repeating what he already claims to know, because my point is he should already have known it. I am casting doubt on his sincerity, given this feature, his arguments on HN the other day, and what he's said now.
I'm not still angry about what the situation was - I believe the only reason this feature was rolled back is because there was a big backlash. I really believe his whole attitude towards other people's data means he isn't responsible enough to store it.
It's exactly irresponsible moves like this that led to the GDPR in the first place (something else contravened by this feature)
I can certainly understand that when you're excited about rolling out a new feature and you encounter some pushback your gut reaction might be to "sell" people on it or try to explain it better rather than listen. The important thing is that he did eventually listen.
I think it's also important to distinguish the idea from the execution. A LinkedIn alternative for developers is a great idea. The problem was the incredibly short opt-out (instead of opt-in) with notice given to users on Friday afternoon of a long holiday weekend.
I totally understand being excited about a new feature, but I don't understand the lax attitude towards privacy, especially not nowadays.
I somewhat agree, in that the important thing for now is that he did eventually relent. But I'm not convinced he actually listened, so much as relented under pressure. I don't think those values bode well for the company going forward. I certainly hope I'm proved wrong on that.
I'm all too surprised when people fall into ambiguity holes and give the benefit of doubt over these situations presuming there's some underlying candid motive or attribute ignorance (Hanlon's razor referenced far too often).
A business saw an opportunity to make more money and took it. A large portion of consumer interests no longer aligned with their interests and we were caught in the crossfire. Fortunately, enough people shared the same concern that the risk for the business (Triplebtye) was now high enough that they had to mitigate fallout.
That's all that happened and all that typically happens. Perhaps Triplebyte management didn't see the risk or misjudged the backlash and expected only a few users to complain. I find it hard to believe this side effect wasn't at least a considered risk brought to to table and ultimately ignored by management looking purely at growth.
Yes, sometimes a shift in a business's goals cease to align with our interests and isn't necessarily meant to be malignant move against us directly, but there is certainly no concern for us in the process unless it is ultimately perceived as more net profitable.
This is why we should be quite careful as to what we allow business ownership over/access to and remember that profit seeking cost optimizations are only useful to us while they're aligned with our interests. Whatever behaviors we allow businesses to pursue without enough repercussion to care, they will pursue seeking profit: a proverbial "cost of doing business."
When a business's profit seeking interests are misaligned with ours or run counter opposite to our interests, we're in for a fight against a resource heavy entity we're likely lose, especially when certain behaviors are allowed to normalize across entire industries and accepted by culture in large segments.
I don't buy it, and I'll be steering clear.