• @[email protected]
    link
    fedilink
    English
    1289 months ago

    It seems as though nobody in this thread actually read the article. They are not revealing user names on the site. The objection here is having the real name as part of your private profile data, in case of a future data breach. It’s a real concern, but orders of magnitude less serious than what everybody is assuming.

    Shame on Ars for the misleading clickbait headline.

    • @[email protected]
      link
      fedilink
      English
      529 months ago

      Agree that it’s misleading, but to add there is another significant concern given how glassdoor is already “pay to win” from the companies perspective: they could just offer identifying the users as a paid service.

      It would be digging their own grave if that starts happening, but that doesn’t seem to be stopping many companies…

    • @[email protected]
      link
      fedilink
      English
      449 months ago

      They are not revealing user names on the site.

      You mean, “They are not currently revealing user names on the site.” This may easily be the first temperature increment in a frog-boiling process.

      (Cynical? Yes, but the world keeps reinforcing that attitude.)

      • @[email protected]
        link
        fedilink
        English
        129 months ago

        Agreed, but the article title implies that they are in fact currently revealing names, which is just not the case.

    • FlumPHP
      link
      fedilink
      English
      259 months ago

      I’m more concerned that the company decided it was OK to meld the “From:” line of her email (asking for support) into her profile. If they think that’s an appropriate way to handle PII, I don’t trust them.

      • @[email protected]
        link
        fedilink
        English
        109 months ago

        What they’re actually doing is super shady, and reason enough to cause concern without exaggerating.

    • kingthrillgore
      link
      fedilink
      English
      189 months ago

      It’s not that, its the risk they could get subpoenaed and then they have to turn over the CSVs that could identify users inadvertently.

      • @[email protected]
        link
        fedilink
        English
        219 months ago

        You really don’t think “we store your username and haven’t revealed it” is any better than “we store your real name and did reveal it”?

        • @[email protected]
          link
          fedilink
          English
          119 months ago

          For a supposedly anonymous site that’s going to be a target from both hackers and companies looking to reveal that data, I’d say it’s not really any better, just delayed. All it takes is someone finding a SQL injection vulnerability on the site to scrape the user database, or a court to rule that they have to turn that data over to a company looking to go after an employee, or even just someone with the right access at the company clicking the wrong link

          If you want to be anonymous, the first step is to not give people your name or other PII

    • @[email protected]
      link
      fedilink
      English
      139 months ago

      Financial institutions who are currently having data breaches. This is the worst time to couple PII data So tightly.

      The moment Glassdoor gets hacked, it’ll be absolute shit show for whistleblowers.