13 votes

At Blind, a security lapse revealed private complaints from Silicon Valley employees

4 comments

  1. [3]
    rkcr
    Link
    Anonymity - with the caveat that your account is tied to your work email - always struck me as a dangerous security hole. I'm still on the fence as to whether or not I'd want to sign up just to...

    Anonymity - with the caveat that your account is tied to your work email - always struck me as a dangerous security hole.

    I'm still on the fence as to whether or not I'd want to sign up just to read what other people write, but I'm definitely not going to write anything I wouldn't say in public on it, either.

    5 votes
    1. hoytschermerhorn
      Link Parent
      I’m a blind member and think it’s a great way to stay informed of deep company gossip: reorgs, execs leaving, etc. before those events are officially announced. I would never leak information /...

      I’m a blind member and think it’s a great way to stay informed of deep company gossip: reorgs, execs leaving, etc. before those events are officially announced. I would never leak information / talk negatively about my employer for fear of being caught though.

      4 votes
    2. SourceContribute
      Link Parent
      Most companies blocked any and all emails from Blind because they sent invitation and confirmation emails to the work email address. Very easy for IT to see this, label it as spam, and look at...

      Most companies blocked any and all emails from Blind because they sent invitation and confirmation emails to the work email address. Very easy for IT to see this, label it as spam, and look at that, legit complaints about the workplace have to go on to other platforms (like Glassdoor).

      This is like a pro-union tech org like Game Workers Unite or Tech Workers Coalition sending emails to work email addresses. Very easy to block and fucks up any organizational capability for workers.

      3 votes
  2. Deimos
    Link
    The most damning part of this whole story to me is not that they accidentally exposed a server. That's definitely still bad, but it happens. Things get missed, security issues appear. The part...

    The most damning part of this whole story to me is not that they accidentally exposed a server. That's definitely still bad, but it happens. Things get missed, security issues appear.

    The part that really worries me is how little they seemed to care, and how many details indicate that they're not thinking very hard about privacy and security. Primarily that they were informed about the server, but didn't even do anything until a journalist asked about it. A company that truly cared about privacy would have fixed that as quickly as possible after being notified, and then it took even more prodding to get them to notify users.

    5 votes