Blog: Work

Most of these posts were originally posted somewhere else and link to the originals. While this blog is not set up for comments, the original locations generally are, and I welcome comments there. Sorry for the inconvenience.

Glassdoor updates

Some updates on Glassdoor's privacy violations:

Use https://help.glassdoor.com/s/privacyrequest?language=en_US to request deletion of your data. Deactivating your account doesn't delete data. This might not either (no way to verify), but it's the strongest request you can make.

Media coverage: Ars Technica: Users ditch Glassdoor, stunned by site adding real names without consent, Wired: Glassdoor wants to know your real name. The Ars story is more detailed.

It seems that Glassdoor updated its terms of use on February 17, 2024. I did not receive email notification (my last TOS update from them was December 2022). Some salient bits from the current version:

We may update your Profile with information we obtain from third parties. We may also use personal data you provide to us via your resume(s) or our other services. You can read more about how we collect and process your data in our Privacy Policy.

I never provided a resume. I never typed my name into their site, nor did I use a social-media or Google identity. I created the account with an email address (~10 years ago). That part about "obtain from third parties" means they can try to match you up with LinkedIn, use your email headers if you should ever send them email, try to reconcile your account with Indeed if you're there (the same company owns both Glassdoor and Indeed), and whatever else they come up with.

Also, sometimes the information they add is incorrect. From Ars Technica:

As Monica's blog spread widely online, another Glassdoor user, Josh Simmons, commented to confirm that Glassdoor had "already auto-populated details" on his account, too. But instead of correcting Simmons' information, Glassdoor seemed to be adding mistakes to his profile.

Simmons, who requested to use his real name and share his employer information, is a managing director of Matrix.org Foundation. He discovered that Glassdoor had not only messed up his employer's name but also claimed that he was based in London, while he is actually located in California.

"It was bizarre, because I had never provided that information, and it was a somewhat incoherent mix of details," Simmons told Ars.

Back to the terms of use:

We may attempt to verify your employment history or status through various methods, including third party integrations or services. We may also utilize signals we receive from your current or former employer. Glassdoor is not responsible to you or any third party if we are unable to or inaccurately verify your employment history or status.

I don't know what "we may utilize signals we receive from your employer" means, but it sure sounds like "we might ask your employer if you work there", because your employer knowing you've posted Glassdoor reviews to prompt that question would be a "you" problem, not a "Glassdoor" problem.

(This information is repeated in the privacy policy.)

In order to provide you with access to features across our services, we may create and link different services’ accounts for you.

This is the part about them automatically creating a Fishbowl (social media) account on your behalf, without you explicitly doing anything and apparently without direct notification.

A portion of your Profile on our community and conversation services (e.g., Fishbowl and community and conversation features across our services) is always public. Therefore, your profile picture, company name, title, and other general information (but not including your semi-/anonymous Content submissions) will be visible to the public and available via search.. Content submitted with semi-/anonymous identifiers such as your company name or job title is not associated with the publicly-visible portion of your Profile.

So they added my name to my Glassdoor profile without consent, then propagated that to Fishbowl, and the Fishbowl profile was public?!

Glassdoor responded to Ars:

"We vigorously defend our users’ right to anonymous free speech and will appear in court to oppose and defeat requests for user information," Glassdoor's spokesperson said. "In fact, courts have almost always ruled in favor of Glassdoor and its users when we’ve fought to protect their anonymity. With the addition of Fishbowl’s community features to Glassdoor, our commitment to user privacy remains ironclad, and we will continue to defend our users from employers who seek to unmask their identity."

They "vigorously defend" privacy, yet they collect and store information that violates privacy. Also, note that what they're saying is that they'll defend outside requests for data ("almost" always successfully), but they say nothing about their own proactive use of that data -- like selling it to employers.

That data-deletion link once again: https://help.glassdoor.com/s/privacyrequest?language=en_US.

Time to delete your Glassdoor account

Recently I contacted Glassdoor for an account-related issue. This led to them sending me email that I had to respond to. Big mistake.

The TL;DR is: Glassdoor now requires your real name and will add it to older accounts without your consent if they learn it, and your only option is to delete your account. They do not care that this puts people at risk with their employers. They do not care that this seems to run counter to their own data-privacy policies. Read more…

Another bad user experience

My employer got bought (again) about a year ago, so we're being moved onto a new benefits setup as of January 1. This means new health insurance (with new prices, sigh...). We were told we'd get our ID cards in December. I have an appointment in early January that would be a pain to reschedule, so I've been watching for these.

Today I received physical mail, but instead of cards, it contained a piece of paper telling me my plan ID # and a URL where I can request cards or print my own.

They sent me paper to tell me how to request paper, instead of just sending the actual paper I needed.

After creating an account (another set of hoops, elided) I saved PDF copies, but I also asked for physical cards because paper probably won't stay in good shape in a wallet for a year. But this was unnecessarily complicated. I also hit a stupid limit: you can make one request per day, but both my medical and dental insurance are now with this carrier, that's two cards, and there was no way to request all cards. I requested the first, which was apparently successful, and when I requested the second I was told I couldn't.

The letter I got suggested I could use "digital cards", meaning download an image on my phone and skip the paper entirely, to "save space in my wallet" (not a concern, since I'm replacing this year's cards!). But my healthcare providers always want to hold the cards, sometimes keeping them for a while so they can do data entry at their convenience during my visit, and I'm not handing over my phone for that. My phone stays with me or, at worst, within my sight and otherwise locked. So paper it is.

I don't know if I'm abnormal or the insurance provider didn't think through their security model (maybe both). They sure didn't think through their model of what's convenient for users or lower-waste for the planet. By the time this is done they will, it appears, have sent me three separate pieces of physical mail.

Scrum-master hack

"Scaled agile" ("SAFe") scrum-master hack:

Our sprints are numbered within cycles (5.1, 5.2...). I just made a sprint named 5.rest because I need a holding pen for not-yet-scheduled plans in this cycle (versus the "planned eventually" backlog), and I don't care if this is the "SAFe way" because I just need it to work for our team. I'll delete the fake sprint when it's empty, but if something isn't on the dashboard it might as well not exist and this is the only Jira hammer I have. I'm not sorry. It's expedient.

"Scaled agile" (aka "SAFe"; cutesy abbreviations are all the rage) isn't really agile, but it's the process we've been directed to use. I told them when they asked me to be a scrum master that I will be expedient and will prioritize serving the needs of my scrum team over the holy writ from the vendors selling this stuff, and if they have a problem with my approach they should get someone else. They didn't, so...

I'm delighted that several newer scrum masters have come to me for mentoring. Apparently I have a rep for getting stuff done. :-)

Standup meeting

Product manager: this resolved bug needs a severity.

Me (scrum master): would the product owner (that's a scrum role) and the developer who fixed it please handle that?

Developer: I am the product owner.

Me: I know. I assume it won't take the two of you(r roles) long to reach consensus.

Am I doing it right? :-)

Office check-in

Before the pandemic, I went to the office every day, as one does. Our office manager did what he could to make it an ok environment, but it has the usual pathologies. Pandemic-induced working from home has been good for me in oh so many ways. I'm fortunate to be at a point in my career where I am quite comfortable telling my employer "I really do insist". (There's some pressure, mild so far.) I'll go to the office if there's a specific reason to, like the group outing we had a few months ago, but most of the people I work with aren't local, so going to the office is social, not productive.

On the day of that outing, I learned -- via a coworker finding out the hard way -- that corporate security disables badges that haven't been used in 90 days. That makes sense, though doing it silently isn't so great. Fortunately for me, I last changed my domain password around the time of that outing, so the "time to change your password" reminder serves double duty.

A few days ago I changed my password, and today I went to the office to wave a badge at a sensor. While I was there I cleared out the last of my personal belongings; demonstrably, I no longer need to keep an umbrella or a spare USB charging cable in my desk drawer there.

Employers, how many of those vacation days are real?

When you're considering a new job, one of the things you'll find out as part of the package is how much vacation (or PTO, "paid time off") the offer includes. The US doesn't do as well in this regard as some other parts of the world. In tech, you can probably expect two to three weeks of vacation days per year plus six or seven designated civil holidays. In some companies, after you've been there several years you earn more days per year. (At my current company, after five full years I started earning one extra day per year.)

Next time I consider a new job, I have to remember to ask not only how much PTO is included but how much of that is actually mine. It's not mine if the company says I get X days but that I have to allocate some of them for Christmas week "because we all need time then to be with our families". That would be patronizing and presumptuous even if Christmas were my holiday! It's not, so that makes it even worse.

It's fine if an employer says "we're closed that week for business reasons". Sometimes companies do that. But in that case, they should either grant those days (as if they were civil holidays) or reduce the PTO claims in their job ads and HR policies. I use several days per year for my holidays, ones they don't grant, plus (in non-pandemic years) actual vacations that I choose. I would like employers to tell me the number of days I really have, the number that are my choice.

When I joined my current company I was told how many PTO days I get per year. Later, they started declaring mandatory shutdowns for Christmas week. I can use my vacation days or take the days unpaid.

Retracting vacation days, which is what they do when they say I can't use them freely any more, is akin to cutting salary (as is saying "then take it unpaid if you didn't save vacation days"). Employers, be honest about that: you're reducing my compensation. Do not pretend you're doing it for my well-being, for my family time, for my holiday -- you're not. How valued am I really, if you reduce my compensation so casually?

I've always found the last week of December to be a great time to get work done; I can focus on things that keep getting pushed off or interrupted, because there are few or no meetings and other interruptions. Meanwhile, I can use those days for my holidays. Everybody wins.

Companies should actually consider giving top employees more vacation days, rather than only the tenure-based allocation. When someone consistently performs above the norm, then not only should you reward that, but you're still ahead of the norm if the person takes that time off! Employers, please start considering PTO increases as part of the mix that includes salary increases, bonuses, and assorted perks that people use inconsistently.

It's 2021 and this still happens

Me: Here's a bug.

Male peer: I don't know why that happens. Not my fault.

Me: One way that can happen is if you do X.

Him: (condescendingly) Of course you could do that, but I didn't.

(Ok then! Done teaching.)

Separately, other male peer: One way that can happen is if you do X.

First male peer: Oh, you're right.

Again. In 2021.

I didn't say he did X; I'm not in his head and wasn't looking over his shoulder, so how would I know? I just offered one (common) way that this particular problem manifests, because we've seen it before. But from me it wasn't worthy of consideration.

This sort of thing happens far too often, even now, even among people who in other regards present as open-minded and inclusive.

2020

Somebody on Twitter asked:

What did you learn in 2020 (besides how to make bread)?

I responded there:

  • To grow food in pots.
  • To cut men's hair.
  • To cook more new things.
  • That my cat loves me being home all the time.
  • More about community-building.
  • How to set up a nonprofit foundation.
  • To cut people w/no morals or human decency out of my life.
  • And yes, sourdough.

I was up against a character limit there, but I'm not here. Read more…

"Blah blah blah."

Today's bit of randomness:

When I was a young programmer I worked for an AI company on a text-categorization project -- for a commercial client, all hush-hush for a while to preserve their competitive advantage and such, apparently really innovative (didn't realize then; I was just writing code to solve a problem, y'know?). Then somebody accidentally published the training dataset. And apparently it's gotten quite a lot of use in the research community, which I was completely unaware of, having never really been that kind of researcher.

For 30+ years there's been a mystery in that dataset that people have noticed, commented on, and apparently never tried to track down...until now. This podcaster got in touch with me and some others last week, and here's the result: Underunderstood: The Case of the Blah Blah Blahs. (36 minutes; has transcript).

It was neat to hear this trip down memory lane, and also to hear other parts of the story I'd never known about before, including the discussion from a researcher from the "other side" of one of the big arguments in AI in the 80s.