"Please put a valid address in the email field, or we won't be able to send you a new password if you forget yours. Your address is only visible to you and us. Crawlers and other users can't see it."
Make sure never to commit to a public git repo either.
(Edit)
In all seriousness though, we're really bummed this happened and wish it hadn't. We do code reviews and try our best to prevent this kind of thing from happening. That said, if you truly want your account here to be anonymous, you're right to remove all personally identifiable information. I'd also recommend using tor (and using it correctly).
You could always ask users for their email address at sign-up, send them a random, single-use, account recovery code, and then never store their address.
I've made statements on HN I'd prefer are anonymous to the general public?
Also, there was no mention they were handing the info over to a 3rd party. If you explicitly state something like that, you should follow it and/or change it when the situation changes.
I don't have that issue with git repos.
I'm kinda amused a yc employee went through the effort of downvoting it after pointing out this situation is caused by y'all not following what you actually have in your notices for things.
>I'm kinda amused a yc employee went through the effort of downvoting it after pointing out this situation is caused by y'all not following what you actually have in your notices for things.
Seriously what is it with HN/Reddit where everyone assumes that any downvotes are from people with an agenda?
I'm not sure how to make it more clear than I did, but this data was not intentionally shared with a third party. Had we known it would happen, we'd obviously have prevented it.
The only data we knowingly send to Firebase is already public and visible to anyone that can speak HTTP.
As far as I know, a person can not downvote top level comments on their own threads (or a reply to their comment). Perhaps employees & mods have the power to do that. But I'm not sure how you can tell it was a yc employee that downvoted you.
It took me a while to figure out what exactly you were objecting to, but I guess you don't like the fact that HN sends its data to Firebase?
I don't think it's fair to criticize the admins for that. For pretty much any web application you want to use, "only visible to you and us" should automatically be understood to include "and our hosting provider too, if they go digging or screw up."
The situation is actually tighter than that. We don't give the "only visible to you and us" data to Firebase (or anyone else), precisely so it won't matter if somebody else goes digging or screws up. You're protected from all of that. What you're not protected from, unfortunately, is us screwing up. We'll try our best not to do that again.
That some people use email addresses that are personally identifiable in the non-visible portion of their profile but have an otherwise anonymous profile whose comments they do not wish to be traced back to the maker. For instance an Apple employee that speaks about Apple internals anonymously might get sacked if they were exposed.
Right, and just so it's 100% clear to everybody: we never did and never would knowingly publish this data. A small amount of it leaked (for 30 seconds on 3 occasions) because of an obscure mistake in our code, and we're deeply sorry about that. We turned off API publishing the instant we found out about it and dropped everything until we were sure it was fixed.
The API design has always been to publish only information that is already public, that anyone could get by scraping the website.
> even if you do win then other companies will mark you as a troublemaker. Getting hired is going to get a lot harder.
This isn't really true. Most businesses don't do thorough background checks and the frequency of people claiming fake degrees w/o getting caught is proof of that.
I've known two people who successfully sued their employer. One had no trouble getting a job after that. It was the second suit that they lost that caused their issues (they looked like they were paranoid and had mental issues based on the company's successful defense). Even tho they are a friend of my parents, my parents and I both agree that they weren't acting all there at the time and that likely came across in interviews.
The other one only had trouble because the area was so small it was literally the only member of that industry within 300 miles. No one wanted to pay for relocation for non-management positions during a recession. Once they relocated with their own money, they had no issues.
I've never heard of an instance of someone being "blacklisted" outside of a failed lawsuit where they were shown to be deceptive and/or mentally unstable.
> This isn't really true. Most businesses don't do thorough background checks and the frequency of people claiming fake degrees w/o getting caught is proof of that.
That depends more on how well the hiring decision makers at the companies you apply to network. Even in a large metro area like Los Angeles chances are that if you are in management at a software company you will have a second degree connection with someone at an applicant's previous employer. You might not get blacklisted from "software," but you might be blacklisted from companies funded by a particular VC firm, or where managers attend the same CTO meetups, etc.
Answering unsolicited reference requests is supposed to be an invitation to defamation lawsuits, but in my experience it's the norm and not the exception.
It was partially sarcastic, partially not. In 2014, its about as relevant as complaining about links between the Mafia & Unions. They used to be connected in places but it was relatively small scale (e.g. local) and not on the scale people like the parent claimed.
> They screwed up the promotion, to the tune of hundreds of thousands of dollars
It's really hard to say from the given context that this was definitely engineering's fault.
You'll note that the various plans for resolving the issue involve updating the Terms & Conditions of the offer. That makes me think that accurate code was implemented against incorrect Terms and Conditions, rather than incorrect code was implemented against accurate Terms and Conditions.
Tbh, this is what scares me about tech illiterate juries. Many of these cases hang on key pieces of evidence that are literally the FBI's word against the defendants.
I'd prefer a better educated populace that realizes the "technical evidence" being submitted in many cases is essentially witness testimony and not physical evidence [e.g. fingerprints on the murder weapon] which I think many people believe.
Witness testimony is perfectly fine as long as it isn't implied to be anything greater than that.
Say the issue is call metadata. They showed that I called the murderer, who then murdered someone I had a grudge against. So this evidence doesn't prove that I did order a hit, but at least proves that I had the opportunity to have done so.
The metadata is technical evidence, not witness testimony. But...
Who wrote the software that collected the metadata? Any bugs in it? Any possibility that I did not, in fact, make that call?
Where was the metadata stored? Who had access to it? Could anybody have altered it, perhaps even to cover their own tracks?
Who had custody of the data after the records got pulled from the database? Any chance that they could have altered it? Maybe they knew that the prosecution's case was weak, and they wanted to make it look better?
In this way, technical evidence does in fact depend on witness testimony.
I think it has to. The only way it could not is if you had a piece of physical evidence, and you were going to extract the technical evidence from it there in the courtroom in front of the jury. But even then, you have to worry about the chain of custody of the physical evidence, and about the tool you're going to use to extract the technical evidence in the courtroom...
Perhaps it does but I'm not convinced without evidence it happens and I can't find any that shows it happens the majority of the time let alone all the time :/
Well, I think what happens in an actual court case is, you check out the chain of custody if you suspect that anything is actually fishy, or if you can make the prosecution's case look weak. If there's nothing there that you can use in your defense, then it never comes up in court.
Why would a tech-savvy jury be more inclined to discount testimony or non-technical evidence from the prosecution? It seems that the word of law enforcement has an advantage in the courtroom regardless of someone's literacy in any field.
In any case, I think a bigger problem isn't juries, but the huge amount of cases that never see a jury, via absurd overcharges leading to plea bargains. Only a judge is involved, and judges are much more "reliable" than a jury ...
Besides, when would an incident like this ever get in front of a jury? I can't think of a single case where the FBI was in the dock for COINTELPRO shenanigans like this.
He tries to obscure it a little with things like "pink sheets" and acronyms but I don't think that is intentional. I'm guessing people just don't read the original article he is defending.
> If you can be sure you are profitable in say a month (or a year), you are multiplying money, so using leverage or loans you should be able to basically have any amount of money you want (and what about trades in that case?).
Its not that simple, sadly.
You can't buy $InfinteMoney$ worth of stock X in a single transaction, you end up moving the stock price as you buy/sell. This allows others to respond to your activity. At small scales, a system that appears to work will break down at large scales.
> You can't buy $InfinteMoney$ worth of stock X in a single transaction, you end up moving the stock price as you buy/sell. This allows others to respond to your activity. At small scales, a system that appears to work will break down at large scales.
OK, true it doesn't work up to infinity, but given how much money there is on the Wall Street, I would imagine that when your activities are big enough to move the market, you are way past the point of wondering what you can and what you cannot afford (say $1B+ not to be too vague). Especially given how many instruments there are out there.
Warren Buffet said the same thing. That he just couldn't take advantage of the same situations now that he moves a lot of money that he used to get to the top.
Yes, but he is talking about trading penny stocks/pink sheets. He is on par with the people the "armchair economists" unless he is super wealthy and can prove it.
You sure you want to act like he is a financial guru?
"If you've been following penny stock trading circles on twitter for awhile, you'll know certain tales of legend were born on that day. One particular trader profited $1.2 million in a day. When that many traders produce their largest gains on one particular trade, you know it doesn't require some crazy genius, It's the stock that does all the work and makes life easy.
My day was just peanuts in comparison but it was still my personal best, as I made $33,000 (with no profit split! which felt amazing). The trader across from me, who I will affectionately nickname El Chango, had seen enough. El Chango was branch B's head trader. It killed him to see easy money slip away due to inaccessibility. He pulled CCG's principle owner aside and pleaded for him to enable access to the OTC."
His method?
"Simple. Look for the extreme volatile moves on massive volume. If the direction was down, find the first held bid. Buy. If the direction was up, find the first major seller. Short."
If it was really how that worked in the real world, it'd have been eaten up by HFT.
Yeah, I was once considering building an OTCBB trader that would trade all the pennystock promo bullshit and see which (if any) lists actually worked and just trade the spam. The amount of degenerate gamblers in that industry is insane.
Almost built a claim jumping / claim expiry bot for mineral titles. Claim expires tomorrow? Grab it at 9 AM? Claims made today? Stake the blocks around them.
I think anyone with half a brain would clean up on OTCBB with a little automation.
You'd think so but the problem is volume. When it's time to buy you can't get enough shares at the price you want and when it's time to sell, there's no buyers.
I used to trade pennies for fun, because maybe I was one of those degenerate gamblers. Options trading can be just as much fun.
Are you sure that is true for all retailers of those products?
I deal with a high return rate industry [specialty products many customers can't size correctly] and I only see return rates of 3-7% depending on the product. 40% seems very high.
It's very true for higher end goods. These goods typically are sold with free/cheap shipping and so customers will order 3 sizes of an item and return all but the one that fits.
This is strongly correlated with brand values they push in certain marketing campaigns and both returns as well as excellent service are promoted.
Flipping it you could say they attract people that do returns more than avg.
Its explicitly designed into Zappo's business model and an intentional side effect. They have a 1 year return policy + free returns specifically to encourage people to send more returns so they are more likely to risk buying things that might not work out.
For the same products, I have a ~9% return rate. :/
I interviewed for a data position at a major internet clothing store last year and they said their return rate was in that ballpark. (I don't fully remember the number)
Clothing has higher than average return rates because people can't anticipate sizing or look. I worked for a food ecommerce site and our return rate was low single digits.
I prefer being publicly anonymous and if I answered your question there is literally only 1 person I could be. I suppose that makes me paranoid but I'd rather not create drama.
For the sake of example, Amazon.com would be sufficiently equivalent as we do sell products via Amazon. And the fact I complain about Amazon in places gives away that we do do that. :P
Welp, I'm taking my email out.