Once had a contract where my client wanted me to do "security work", which was initially meant to be for pentesting their clients, but it turned into me building their wifi auth system.
At some point in the gig, one of their clients went to them asking them if it was possible to de-anonymize someone glassdoor review since someone still-employed worked with them. They then went to me to see if I could do it for them. They didn't clarifywhy they went to me, but I legitimately think they wanted me to "hack" glassdoor. I told them in no uncertain terms that I wouldn't do it and they backed off.
A bit later they fired the employee.. I didn't hear how they found the person, but it really spoke to the lengths that some organizations will go to burn down the lives of those who speak up.
Use this google search to find more companies that do it:
DNS records of your VPN or corporate work station would be pretty easy. You can line then up with when the review was posted. Then investigate their workstation more "thoroughly".
I run a Tor middle relay on one of the 8 IP addresses I have purchased as a block from a certain ISP that allows you to, I have been for around a year. The amount of traffic passing through it is heavy. Obviously, this comes with certain caveats (the middle relay's, or any TOR relay IPs are publicly available and published weekly on GitHub and as you can imagine, some places like to instant ban anything to do with TOR).
Since it is only 1 of the 8 IP addresses; the other 7 remain free from blockages of any kind and the one running the TOR middle relay is setup in a manner in which I can use it normally (for the most part) and my traffic would just "blend in" with the normal tor traffic passing through it.
You might ask, what is the purpose of this? Well, if it is normal for a lot of TOR middle relay traffic to be passing through one of my IP's on a daily basis, plausible deniability becomes a real defense as checking DNS logs becomes a moot point as there are requests being routed 24/7/365.
This is an excellent, detailed, and in-depth guide of the process of going through running a TOR middle relay. The statistics provided and data presented are simply superb, Great read!
Its a nice setup, but you can’t see any DNS data in the TOR middle relay traffic. Middle relays just pass on encrypted data to the next tor node, not “the Internet”. So any DNS requests hitting outside from your 8 IPs are still all attributable to you.
For any activity in which I do not feel safe and threatened for my Identity, I utilize the middle relay as a full on end-to-end Wireguard VPN itself to route all traffic through a VM I've got specifically built for this.
Why would an employer looking to fire you care about plausible deniability? Even if your setup worked technically, if the traffic traced back to you then you'd probably find yourself fired under these circumstances regardless.
I think this talk about tracing traffic could well be missing a bigger point. The last time I left a Glassdoor review I had to provide a company email address to do it. This means, although publicly my review was anonymous, Glassdoor knew (and very likely still know[0]) exactly who left it. If they have to hand over email addresses to the company taking legal action there's no need to get clever with traffic tracing.
[0] Even with GDPR and similar legislation all they need is a valid business reason and they can keep my PII.
This. One cannot post anything on Glassdoor today without first establishing an account. Nearly all companies that create accounts use services to “enrich” your user data via the IP, email address, etc. so they grab and keep that data. It is certainly no longer anonymous if it ever was.
You mean you had to currently be working there, rather than formerly? I thought this lawsuit was about people who had already left Zuru, but I may have misread the article.
I understand why websites would ban Tor exit nodes, but what's the point of banning middle relays? Wouldn't those only communicate with either other relays or exit nodes?
Sites that don't want Tor users should only block exit relays, but some will lazily block all relays. It's unfortunate but that is the current state of affairs right now.
'should' from whose perspective though? 'Sites that don't want Tor users' have no incentive to care do they? If anything it stands to reason such a site would block anything and everything to do with Tor, using it as a search term, usernames containing it, anything?
(I don't know much about Tor, so am I missing something about 'middle relays' that such a site would want to allow them?)
Edit: oh is the point that you're not accessing the site using Tor, just from an IP addociated with Tor use?
Exit nodes are the interface between Tor and the "clearnet" (regular internet), whereas relays just relay traffic between Tor nodes (to make it harder to trace the route). So there wouldn't be any Tor traffic from this person's IP going to websites.
Presumably most folks neither know or care about this distinction and just block all Tor related infrastructure outright, since some of the traffic coming through is malicious.
Frankly, as the OP stated, one reason to use a tor relay for direct traffic is to hide your traffic. A bit like a guy in a trench coat and fedora trying to look inconspicuous.
It's not illegal, but it's also not surprising when such folks are escorted out.
You have plausible deniability but just be careful because the cops can still get a warrant based on IP alone. Also most savvy companies wouldn't say that they're firing you for posting unfavorable reviews, but they'd still terminate you.
If you sign into a personal Google account on a new Chrome profile on a managed laptop, can they get access to your entire Google account (drive, emails, etc.) remotely? Can they use an auth token or something to automate the process of downloading all your data? If so, is this legal?
> If it’s a company provided laptop then it’s a good idea to assume that every keystroke, DNS request, and network packet is fair game.
From an OPSEC perspective, sure. But the question was whether it's legal for an employer to do it.
You might also get a phone call (on your private phone) about a private medical matter while at work, but I would hope your employer couldn't use the CCTV audio they have in the office to decide to fire you based on that information (though I don't know if US laws actually protect workers in this case -- in Australia and basically all of Eastern Europe this would be insanely illegal on several levels).
I don't know if this is the case in the US, but in Australia it's very easy (and relatively cheap) to take your employer to tribunal over violations of employment laws (if it was very clear-cut or severe violation you could even make a complaint to the relevant regulator which could launch an action on your behalf). Something being illegal means if they did do it, you'd be owed compensation.
From the article: The only thing they did wrong was not more explicitly mention the monitoring. So it wasn't illegal to monitor communications, rather it was illegal to fire someone for using their work account for private communication without sufficiently warning them. All they have to do is make you sign some document on day 1 and they're covered. Also they were not awarded any damages or anything, so it's not like you'd get a payday after being fired.
>Commenting on the ruling, Pam Cowburn, the communications director at in London, said: “The European court’s ruling is welcome. In some workplaces, it may be necessary for emails to be monitored, but if employers are going to do so, they should make staff explicitly aware of it.”
>Despite finding that Bărbulescu’s rights under article 8 of the convention had been violated, the court declined to award him any compensation, saying the ruling was “sufficient just satisfaction”.
It's definitely NOT illegal in EU if the user is appropriately informed, usually in your employment contract you sign a clause about that. Even the government does it to their employees.
No, there have been all kinds cases of enforcement action in EU where the user was informed but the employer could not justify the violation of privacy; in general EU law and especially in privacy law it's quite frequent that some explicit "consent" clause in employment contracts (essentially, if it's a standard clause in all agreements and "take it or leave it") is treated as not representing true consent and void.
The largest example probably is the 2020 GDPR fine of 35 million euro for clothing retailer H&M for violating the privacy of their employees, despite the employees being informed of that.
What you're talking about has absolutely nothing to do with tracking usage of workplace computers and networks - H&M kept "excessive" (sic) records of personal data of people who were not their employees at all (family members of their employees) - and the problem wasn't that they had some data because in EU you're required to keep track of families of your employees due to tax reasons, but that they had too much of it.
In most EU countries, tracking company-owned hardware is explicitly okay, and where it's not mentioned in law there are judicates that make it OK.
As I said, even the government and its wholly/partially owned enterprises are doing it, and working as a contractor for the government here requires you to track usage of your employees' workplace computers too, so I can't see how it could be in any way illegal. Same thing with working for banks and insurance, and I bet there are more cases.
In The Netherlands, employees enjoy a reasonable level (much stronger than this scenario) of privacy even on company equipment [1]. That is: the company cannot randomly access an employee's mailbox. Of course, in case of employer-employee dispute, things become hairy - but even then, the company is not allowed to go on a fishing expedition. Though they can go on a confirmation run, looking for specific evidence, e.g. mail from Glassdoor.
Don't know about other EU countries, but at least NL deviates significantly from the sketched scenario.
Disagree, with the money I would be awarded from my employer for their breaking of both employment and privacy laws I think I could easily purchase a new laptop - and also fund a few months of vacation while searching for the next job.
Surprisingly I was at a party in SF with a bunch of Apple employees. Somehow some topic came up and I was like "I don't do anything personal on my company laptop. I especially don't look at porn". All 6 of them said they used their company laptops and phones to look at porn all the time.
I've heard some pretty simultaneously funny and Orwellian stories about this, mostly about people being fired for looking at porn using work laptops and the specific porn they were looking at.
Don't use work computers to look at porn, your employers already know about it.
Lol I nominate the above to the title of most entitled and out of touch comment of the month. How is this "basic human need" if online porn didn't even exist before 1990?
If it's not required to do the job and they pay well, then why not. I can easily survive 8 hours without running water. Geologists (often with masters or even PhDs titles) working in the field have neither, and they like their jobs.
Moreover, seeing the right to be paid for jerking off while at work as fundamental human right is really unhinged.
Correct. Rape, theft, murder, and other actions can be performed along the way of people fulfilling their basic human needs, so the reasoning doesn't really justify all activities.
The way I look at it (and not saying it is the best way, just works for me) is that my public/professional person is my brand that the world sees and thinks of when I interact with them. Regardless whether that is big brother junior analyst in IT or a client CEO, I try to keep that consistent and inviting.
If on the weekend I want to only drink Soylent, trade crypto, and otherwise engage in fun but less inviting behaviors, I'll do that off company property.
I'm as sex positive as they come but even I think it'd be pretty dumb to have pornhub pop up while you're sharing your screen in a meeting or something
We've decided to structure society such that some people starve, and we consider that acceptable. There are even children who are "food insecure".
Apparently nobody cares about anyone else's most basic needs like food (even our most vulnerable), I can't see how they'd care about someone else's need to jerk off.
It's very common. Most IT groups collect this information for HR and don't do anything with it. The truth is the company doesn't care if you look at porn as long as you do your job. Until the day comes that the company wants to fire you. If you claim retaliation/discrimination/etc, company just opens up your file and lists all the violations.
My prior employer was the same, I wouldn't use it to make tooling or do anything that might be for my own business, or open source for that matter, they had been known to strong arm staff into giving over IP that might have ever been on that laptop or was ever created during your employment.
But they were quite frank about allowing us to do what ever we want on the laptops providing we delivered positive outcomes for the business.
If this meant the laptops were used to browse porn at home or even during business hours (clearly not on the shop floor if you were in the office) or playing video games, it was fair game.
This employer also had _incredibly_ poor standards and culture for removing misogyny and bigotry, in fact it was one of the worst I've ever seen. Not saying causation = correlation or similar but an interesting data point nonetheless.
Some cynicism on the part of their engineers would be prudent despite that advice. Lots of places encourage you to use the company phone as your only phone, which is convenient, but still not a great idea.
Once when another person in IT was on vacation, I was handed off a manager's laptop to scan for porn. There was no automated tool, so as I recall I did a search for files created or modified since the last check. I found nothing to report.
I think that the periodic checks were set up because a subordinate of the manager's had seen the porn on the machine, and had gone to HR.
Correct me if I'm wrong but if the assumption here is that the EU prevents employers from reading private correspondence of employees then I find nothing to back that up. On the contrary, an employer in the EU explicitly seems to have such rights, given they jump through a few formal hoops first:
It depends on the country in question. In Ireland, for example, any workplace surveillance must be necessary, legitimate, and proportional. The employee also must be informed in advance of who, what, how, and when they may be surveilled.
It is very hard to see the Workplace Relations Commission (WRC - the body which handles workplace disputes) accepting that identifying a user on Glassdoor would meet the test of being necessary, legitimate, or proportional. This is particularly true as the WRC has previously found that monitoring internet usage for example for pornography is not proportionate where the employer has the option instead to block such sites and make a policy against their access.
Of course, an unscrupulous employer could also use surreptitious surveillance and find another reason to let the employee go, although firing an employee in Ireland is notoriously difficult short of gross negligence.
OK thanks interesting, although I would like to add that I did not address trying to identify and punish reviewers on Glassdoor, which may or may not be illegal all over Europe depending on the nature of the review. That point I tried to make was that the GP was exaggerating when painting the US as an outlier regarding the rights of employees of not to be monitored.
The US is more "employer-friendly" if you like, and much less complicated to fire employees (boo!) compared to Europe - yes. But generally not categorically different when it comes to the right of employers to snoop on their employees, which people here might want to be aware of.
IIRC Danish law states that work email may be used for private purposes and that anything clearly labeled as private is to be considered such. For example, by moving email to a folder called “private”.
For the employer to open/read such communication would be highly illegal, akin to opening others private snail mail.
I do believe that this also extends to corporate issued phones and computers. Especially since you’re automatically taxed for “private use” of such equipment when assigned.
In Israel, if you are assigned an employer car, you generally have to prove you don’t make personal use of it to avoid taxation - e.g. prove it isn’t in use almost every weekend (usually done by parking in a managed lot and showing the receipts or stuff like that).
The vast majority of people prefer to also use the car privately, and pay the tax (which is reasonable, if taxation is reasonable).
Cars that keep rotating between drivers are not subject to that (but exact record keeping of driver and trip required to avoid tax)
Similarly, employer provided phone subscription is assumed to be partly private use (50% of monthly subscription cost considered a a taxable benefit iirc), not sure what hoops you need to jump through to prove it is not private use at all. (But phone plans are cheap - excellent domestic plans are $10 or so)
It's up to you if you want to use company provided equipment for personal/private use or not. If you declare that it's only used for work purposes, there is no tax. The tax makes sense, because it's effectively extra salary (eg if the company gave you a leased car).
The thread we are in about companies monitoring people accessing Glassdoor and penalizing them in various ways for using it to say things the company doesn’t consider flattering.
That has nothing to do with putting private email in a private folder on the company mail server, near as I can tell, and nothing in that statement would address the statement about companies monitoring use of company equipment and network etc.
Since they’d need to know even in the private email case what they folder names were, for instance, to know there even WAS private email.
In Germany, you need to document clear and reasonable suspicion of the employee doing something shady before you can monitor them (especially without their consent). It's not fundamentally illegal, but the rights of the employee also weigh in heavily and need to be outweighed before you can start e.g. recording their screen without their consent.
Practically, the company needs to administer and secure their equipment for a number of reasons, including a legal need to keep their customers data safe.
That requires them to use tools which can easily let them know, for instance, what websites someone is visiting, and what executables are executing on the machine, what devices are being accessed and when, etc.
It’s pretty fundamental. An individual looking to secure their machine would need to do the same thing.
If a company abuses that to spy on every waking moment of an employee, that is obviously abusive (barring cases of investigating legitimate suspected abuse by the employee I guess?). But you’d need to somehow codify in law the line, and I haven’t see anyone having any success here so far.
I have seen employees steal massive amounts of trade secrets, secretly steal customers from employers, run porn sites from company equipment, etc.
I’ve also seen employees so creepy stuff like stalking customers, stalking other employees, harassing other employees using this tech too.
Personally, I’ve always kept employer laptops and stuff closed and off when not used, and try to segregate personal and work equipment, but that’s been more to avoid something embarrassing coming up during a presentation or the like.
Just because it is easy and achieves a purpose doesn't make it necessary or right.
People could be making backhanded deals on their phones or they could be having an urgent confidential conversation with their doctor or spouse. Should the company record and review phone calls?
People could be stalking customers/coworkers or making deals in the bathroom. Or they could be using it for more personal purposes. Should the bathrooms have CCTV with audio?
People could be selling company data in the company parking lot, in the mall or at home near/using the company laptop/phone that is permitted to be used for personal reasons, or just mandated to be near them, or they could do the same thing without presence or use of any company equipment. Where do you draw the line, and at what point is it even sufficient to prevent losing information etc.?
Do you trust your employees? All trust can be abused, yet how can the company function if they don't trust their employees at all?
The idea that 'company time' and 'company equipment' gives the company absolute right to record and ownership of recording is almost feudal.
Imagine I were to die in the office in some embarrasing way, on company time, in full view of company CCTV, do they have the right to upload the video to YouTube to make money from it?
What if they record audio of me at home, can they publish it? Can they show it to anyone at the company?
What if audio is recorded outside of compaby time by a company laptop thats had its lid closed? What if it's recording 24/7?
Are they allowed to snoop on traffic of my home network? If I have a home camera thats not password protected, can they help themselves to that Video?
If my network drive has no password, is it okay if they help themselves to those files?
I assume he is trying to establish a dividing line between acceptable and not. For example, I'd consider all mentioned uses to be unacceptable and hopefully illegal, but I think others may be fine with it.
Just about every EU-based company allows for network defense and visibility to include things like SSL inspection and egress monitoring. Some may consider this surveillance, but what needs to be stated from a governance standpoint is that this monitoring is reasonable from a risk mitigation standpoint and the expectation needs to be written within acceptable usage policy.
Even more restrictive countries like Germany are fine with this.
I don't want to work somewhere where this would ever be an issue. More than happy to leave if they pull this kind of personal invasion (yeah, it's their property, but still- basic human decency dictates: don't do it).
>There’s no reason to mix personal and corporate usage.
Exactly! I'm always amazed at people who do ANYTHING personal on corporate resources, especially in this day and age. Even when personal computers were rare and cost thousands of dollars I still didn't do jack shit on work computers, no matter how tempting or "acceptable use" it was.
This is an interesting question post-pandemic where the network the laptop is using may be an employees home network, especially if there is some kind of active scanning involved.
This is a real problem, especially for InfoSec tools. Many EDR tools, such as MS Defender for Endpoint (or whatever it’s called these days) and Crowdstrike Falcon, include functionality that will scan your local network for devices in order to discover unmanaged devices…
It’s a nightmare from a privacy point, but its also a problem for the InfoSec tools… How do they distinguish between an unmanaged private device on a private network or a unmanaged device on a corporate network?
> its also a problem for the InfoSec tools… How do they distinguish between an unmanaged private device on a private network or a unmanaged device on a corporate network?
Trivially, from the simplistic (check IPs and router MACs / SSID in use) to the marginally more advanced (deploy an agent that is only reachable from the corporate network) to determine if the tool should even be running in the first place.
It's really difficult to find solid guidance on how secure that is.
E.g. tag the port on the switch, run a cable to the device so that it doesn't know there's a vlan involved, block routing between vlans. As far as I can tell that's probably good but might not be.
Not specifically through Chrome (managed chrome does not give your employer access to incognito or personal profile data), but if it's a company owned and issued laptop you should assume they have other ways of capturing all activity on the device.
It will depend on your employee handbook, but generally any data you produce on a company laptop belongs to the company. Anything in the browser cache is fair game.
Until the first case when an employee sends death threats from your company laptop and you need to provide the data to the police to help in investigation.
Or the first case when some shared credentials get compromised probably from an infected computer and now you need to find which of the 80 laptops is the infected one.
Or the first time employee converts his laptop into a wifi access point for the office girl upstairs and unknowingly lets her inside your companies private network.
Of course, there are workarounds and better practices for every example. You can solve it without admin access to laptops and network request logging. But company property is not anonymous either with or without full admin access - so why jump trough the hoops to not have it?
Do you mean Chrome has some special support for this, or is this the same as for any other browser (where the adversary could copy the history db file)?
Yes, it's important to separate work you do for your employer from your personal life and everything else basically.
I never understood people who use their work/school machines to do stuff that could hurt their employer/school. Or even just to cause them potential problems.
But of course, the other way around is true imo: I won't use my personal devices for work - but that's mostly to prevent me from giving free extra work time to my employer.
Or cool to give employees an understanding that employers aren't their friends and can and will go to extreme lengths to screw them over if it benefits the corporation. Also just general advice to avoid doing things on your company laptop if you don't want your employer to know about them.
That's all fine and dandy and I agree that employees should be informed of these methods. My issue is more with the framing of the post, which clearly doesn't have a cautionary spirit that informs those who'd potentially affected by a vindictive employer. Instead, it's playful curiosity of how to rat out an employee.
Pretty much everyone is carrying around a pocket computer connected to the internet 24/7 with which they can do all their non work related tasks on, including badmouthing their employer.
If employees cross streams and use the same device on both the employer's network and off, and they post to Glassdoor off-network with the same device, a subpoena could reveal identifying information to the employer. Glassdoor can also choose to just hand over that information when requested, as well.
Right, but I'm trying to consider the average user. They likely aren't aware their activity on their phone is being logged on WiFi. My assumption is that once they got it connected to WiFi, it leaves attention and isn't considered
I'm not for it, I'm just saying - it's trivial. I was in your position, kinda - spent many weeks "searching" but "found nothing". They fired them anyway.
Actually, since Glassdoor's protection can obviously be compromized, anyone posting on their site should do so with Tor Browser, which anonymizes access by routing traffic through a minimum of three relays in the "dark web" of the Tor network. It might also be wise to do this on a public WiFi network (not your own ISP or mobile data provider).
Any email provided to Glassdoor should be a burner on a service that is not one of the majors (no gmail) also set up with Tor browser, specifically for Glassdoor (and used for no other purpose).
Finally, the text that is posted should be somewhat disguised if possible, with altered vocabulary, atypical slang, and distinctly different grammar and sentence structure. Any facts that can reveal identity should be removed.
Under no circumstances should a native Android/iOS app be used to post or access any such review.
It sounds like we will have examples soon of what happens without these precautions.
I imagine that many reviews will be coming off Glassdoor's site rather soon.
in any proper corporate IT , the workstation would already have DLP software which you can use to track Glassdoor use or any other activity ,if you wish
This Google shows all the companies listed within Google’s index with the “Glassdoor Alert: Employer Legal Action” flag; just kept removing the companies for the SERPs using the negative search operator until none were left. No idea why Glassdoor doesn’t just have a list of all the companies doing this.
It might be possible to do linguistic analysis (ie. What they did to catch the Unabomber) to compare the language they used in the review vs how someone usually write in things like performance reviews, manager evaluations, emails, etc
This could happen even if the culprit does get fired - as far as I know, there's nothing preventing you from posting reviews despite no longer being employed by the company.
Most of the time they won't need to go that far. The review itself will usually indicate which department a person's from and what their main gripes are. Sure, this won't work for FAANG or a factory where everyone hates "long hours, low pay" though the text analysis probably won't help much either, but if it's someone from an SME's dev team (n=10), the dev team manager is going to have their suspicions as soon as they see the bullet point about rescinded work from home policies or lack of attention paid to testing deployments...
(the non-trivial possibility they'll get the wrong person isn't going to stop fingers being pointed)
Another query you can use for another kind of alert is "Glassdoor Alert: Inflated Reviews site:glassdoor.com" for companies that were caught trying to fake positive reviews to flood out negative ones.
I had a company do this once after they let me go.
The place was a toxic personality cult around the owner/manager, and I left a Glassdoor review saying as much. Someone at the company found it within a couple months, and then overnight several current employees had posted glowing reviews refuting mine. Certainly we wouldn't expect a personality cult to launch an Internet brigade to protect the boss' ego.
If you experience deliberate techniques* used to erode your sanity inside-outside the company, then no matter the cost, you must make sure it gets public. There is an ongoing epidemic at certain companies where individuals who refuse to become a lapdog on all fours, who reject the brainwashing experiments and who reject the pretend you are stupid and should not excel in your job mantra are forced out.
* psyops:
running/scurrying in your periphery
mentioning personal things from your personal/sex life yesterday, but addressed to others
compliment you for bad work, berate for good work
silent treatment
throwing out your performant code and replacing it with trash
employees one after each other, one by one turn against you, trying to give you the impression you are going insane... imagine you talk with someone on a daily basis and then all of a sudden he refuses to interact with you or gives you looks and avoiding you
slamming doors
doing borderline insane things before you, like getting elbow deep in the toilet then smiling at you
pretend face to face that nothing happened
"oldworld" things
etc etc
This oppressive system must be burned down, nuked big time.
Also sounds like they had no idea what they were doing, since instead of missing with the Wi-Fi, SOP would have been to MITM SSL/TLS on the office firewall (trusting company root CA on all company equipment) and log everything.
EDIT: If anyone from Glassdoor is reading this, please advise on a way to either unlink my profile from my identity - or remove my profile and contact information altogether. I believe GDPR may provide some assistance here.
I was hired via a consultancy firm (Ness Technologies) that would have me work in PayPal chennai office back in 2012. A new CEO came and basically reduced work force drastically, the worst mass layoffs I have ever seen. The environment then changed to worse rapidly etc. etc.
I decided to quit the toxic environment. Contractually I was supposed to get 2 months of basic pay, but Ness and Paypal conspired together and concocted a story where I have falsely accused someone of sexual harassasment and since it is false, I can be fired without that 2 months of money. Then they asked my to nicely sign a letter where I forfeit that salary willingly or they will report "this gross misconduct" to future employers.
PayPal wouldn’t open themselves up to that risk. 100% the type of shit I see consultancies pull, especially smaller ones or regional ones. Any with HQ in US wouldn’t risk it.
Unless the 2 contacts from each company had a personal vendetta against you. Then I can see it.
I think you're violating a couple HN guidelines here: assume good faith and "Please don't post shallow dismissals, especially of other people's work. A good critical comment teaches us something."
Reminder that libel vs truth is dependent on where you are. In the US you don’t risk libel when speaking the truth but there are places where this isn’t the case.
To add some specifics, I think the common case outside of the US is one where the published elements must both (a) be true, and; (b) have been published for some "legitimate purpose". The phrase "legitimate purpose" is generally understood to mean "whose primary purpose is not to cause harm or nuisance". An example of legitimate purpose would be governmental transparency. An example in which something true could still be considered libelous might be notifying your ex-spouse's employer of his/her public intoxication charge for the purposes of stunting his/her career.
(I'm basing this general comment on my understanding of French law. I believe it works similarly in many, if not most, European countries. I hope some actual legal experts can weigh in!)
Look at the recent reporting around Shinzo Abe's death in Japan for a really good example of different libel laws. In Japan the burden of proof lies with the entity publishing the information.
A lot of the initial headlines were things like "Abe collapses at rally, shots heard" even though the article itself had a video of him getting shot and then falling down. Others just had a headline that equated to "Abe collapses during rally, currently in critical condition" without even mentioning a shooter.
It would surprise me if it is called libel in those countries. The more likely translation would be defamation.
In Sweden for example there is publisher responsibility which can limit truthful but harmful statement. Anti-doxxing laws has a similar purpose. There are also countries where people have a right to be forgotten, especially once a person has served their time in prison.
> This employer has taken legal action against reviewers and/or Glassdoor for the reviews that have appeared on this profile. Please exercise your best judgment when evaluating this employer. Learn more about Glassdoor Alerts.
i.e. "FFS stop writing reviews, but assume the worst is true and stay the hell away from these clowns"
Yeah. Definitely Streisand effected themselves. Wonder if they can sue their own legal counsel for causing themselves so much monetary loss (given that's the grounds they're using to de-anonymize the reviewers)?
The... remaining reviews may not look that bad. I imagine a scenario may exist where a fired employee has to sign an NDA and take down their review to receive severance or suchlike.
A canary is something which is present when everything is fine and removed when the situation changes. It’s a stealthy technique for when you can’t be explicit. Adding a giant red warning at the top of a page is the opposite of a canary.
Not a good look on the current employees either that their firm sues for bad feedback. Probably good idea to start looking to move on to firms with better practices.
> It appears a few other companies are doing this too, including Kraken (https://www.kraken.com/)
Kraken is still silly for going after them, IMO, but the Kraken case isn't as cut and dry. The person who had left the review on Kraken had accepted a large severance package that was conditional on signing a NDA.
I think the bad PR Kraken got for going after them wasn't worth it (especially as the review wasn't really even that bad) but the ex-employee was also not really in the right there either, having violated their NDA.
It can protect whatever the contract says. Usually, severance packages include a nondisparagement clause. I highly recommend requesting that they amend it to say "mutual nondisparagement" and re-word the terms to apply to both the employer and employee. That way you get paid to shut up, but they are also forced to abstain from making potentially disparaging statements about you. It's a good ask.
It’s a contractual agreement to not air dirty laundry in exchange for money. If you want to bitch about the company publicly, don’t accept a payment not to.
Unfortunately, this is not true. An NDA is not a free pass to being able to censor whatever you want, even if the person signing the NDA took a fee, or received payment.
"NDAs do not prohibit people from reporting suspected corrupt conduct to an appropriate authority. The Crime and Corruption Act 2001 and the Public Interest Disclosure Act 2010 provide safeguards that allow people who have signed an NDA to report suspected wrongdoing, including corrupt conduct, maladministration and the misuse of public resources.
Under no circumstances do they oblige people who have signed them to maintain secrecy about suspected wrongdoing. You can still report suspected wrongdoing despite signing an NDA."
Idk... a lot of companies "secret sauce" seems to be squeezing the life and passion out of employees to make as much money as they can. Sounds like a trade secret they'd need to protect.
Opened the Glassdoor page and content was obscured (including part of the warning banner) with a large unskippable overlay to “Sign up for free to continue using Glassdoor”. In light of these news, perhaps they should reconsider that policy.
> At this time, we do not allow members who have created their accounts with Facebook or Google+ to edit their Account Settings. We apologize for any inconvenience as we work to change this.
This is actually an amazing opportunity for Glassdoor.
Just put a "badge" next to companies known to sue employees who post reviews on Glassdoor.
No reviews are even needed from that point on to signify a shitty company; for all anyone knows all negative reviews may have been taken down through legal action, but the badge stays, signifying that there was at least one review so damaging that they had to get lawyers involved (or that the company climate is of that toxic kind that sues its own disgruntled employees more generally).
In the end suing will end up acting as the ultimate bad review for that company on the site.
> This employer has taken legal action against reviewers and/or Glassdoor for the reviews that have appeared on this profile. Please exercise your best judgment when evaluating this employer. Learn more about Glassdoor Alerts.
Having said that, apart from what you also flagged, it's also a bit bland. Like "there's some legal stuff here, exercise caution".
Instead the badge could have symbolic character, an emotive icon ... something. Something that strongly implies "Danger Will Robinson" without explicitly saying so. Something any company would want to avoid risking that thing showing next to their logo, unless it was absolutely necessary.
As it is now, all I'm getting is a bland "huh, something legal must have happened here".
I hear what you're saying, and I think that it would be good to have more clear language, particularly for people new to white-collar employment (which, I imagine, would be a good portion of Glassdoor's audience)(people with more established careers can check Glassdoor AND ask people in their network, whereas people new to the industry may lack/have less of the professional network).
That said, at least here in the US, a carefully-bland legal statement strongly implies what you're looking for. Like, the more bland, the bigger the warning sign :)
I think it should also be below the ZURU logo. Right now it looks like a generic warning for the site (e.g. "Glassdoor goes offline for maintenance in 5 mins")
I imagine Glassdoor is reacting to the situation and is going on the "Better to get out part of the solution now than wait to get everything out perfectly" which I would agree with.
I see no such alert on Glassdoor's Zuru page. Nor do searches of the web page on "alert" "legal" and "action" lead me to an alert. Like it never happened.
What about a badge for companies who unsuccessfully sued for the info? This would both guard against bad companies who are the genuinely litigious jerks we want to see hurt, and give pause to employees to frivolously libel themselves to attack a company without ground (something that would be clear were the company to successfully sue).
Except where’s the money in that for Glassdoor? Glassdoor makes money from job listings and it’s in their interests to have positive reviews of companies as that’s going to get companies to pay for job listings because they’ll get more/better applicants if they have positive reviews.
"Good"companies will continue having positive reviews.
I'd argue that "bad" companies with predominantly positive reviews, were the negative reviews were all effectively sued away, presumably hurt Glassdoor's model more than they help it, so it's in their best interests to flag "bad" companies using other means.
Also, "good" vs "bad" is an oversimplification. In reality the most likely outcome is that this badge will become another point for companies to game. But if the result of that it acts as a disincentive to suing employees that leave bad reviews, to me that's presumably a good outcome.
The thing is, that companies tend to irrationally chase money, damn the consequences. I used to work for eHarmony and despite consistent user complaints, they continued to run ads for paying users because they made money from that. They didn’t care about the reputation hit or the quality of the experience, just the revenue that the ads generated. I don’t think that eHarmony was particularly unique in that respect. Everything gets A/B tested to maximize revenue and that’s all anyone seems to care about.
The foundation of the site's usefulness is that the ratings have some signal. The value of job listings to a Glassdoor user is that they're from companies that Glassdoor rates as positive: an undifferentiated mass of ratings would be a completely useless site. The idea that they have no incentive to improve discriminativity (at the expense of company rating) proves way too much.
Eg by that logic, Yelp would have no incentive to allow bad reviews. Hell, they could just be a listing site that puts "5 stars (10,000 reviews)" next to every listing.
This is true but there is enormous pressure for these businesses to directionally encourage review scores to trend north. Higher reviewed locations and businesses always garner far higher engagement, and this directly impacts top line. As you point out, there is some ephemeral point at which users might begin distrusting the site en masse, but this inflection point is always easy to ignore as "a problem for another day far in the future." In the mean time, tiny but substantial changes occur all the time which nudge that score higher and higher.
In my experience, that macro trust issue is rarely discussed, even though, at some undefined point in the future, it could pose a serious existential threat.
Sure, I agree there's an incentive force pushing scores up. I was responding to a comment asking what possible countervailing force could push scores towards accuracy. The answer is pretty obvious, as the yelp reductio ad absurdum shows.
In 2016 I left a very scathing, and very truthful, of my current employer on Glassdoor a couple of weeks before deciding to quit. Two weeks later, Glassdoor sends me an email notifying me that the employer is pursuing legal action and I have two options: 1) delete the review, or 2) stand by the review if it's true and, when it comes down to it, my identity may need to be revealed in court when necessary. That was my catalyst to quit.
I stood by the review and Glassdoor notified me that the employer pulled back on the legal action. My review is still there. And Glassdoor did their best to not reveal my identity under the threat of legal action -- not until absolutely necessary.
I (somewhat unhealthily) keep an eye on Glassdoor reviews for old jobs. There was one that was both absolutely damning (about the CTO in particular), and almost completely factually accurate - the only inaccuracy I spotted was inconsequential to the overall message.
I took a screenshot, it was gone a week later. To this day I don't know who wrote it, and whether they get scared into taking it down. But i've never trusted the anonymity of Glassdoor, which is why i've never personally left a review.
There are services for reddit that log removed comments and allow you to see what the mods have deleted.
Just replace reddit.com with reveddit.com in the URL. It's not perfect but it allowed me to see that the mods of r/coffee are total weirdos, for example, who will remove any hint of a joke or even the faintest suggestion that someone owns a cafe (even when they don't mention the name).
Why hasn't someone built a similar service for Glassdoor?
Try to register an email address using a host that won't have you flagged as a malicious user should you use an account with that host to sign up for major company's services like Glassdoor. It's virtually impossible to use Tor to register an email address without activating JavaScript, and the email hosts that allow it are very sketchy, and my personal suspicions are that many of them are blatant honeypots.
Sorry what? It's trivial to get an email address from legit email provider, create alias addresses, then sign up to something like Glassdoor using VPN. The only thing Glassdoor will know about you is your email address, which is not easily traced back to your real ID if you don't want it to be. Particularly for low level "crime" like negative reviews.
I said try doing it using Tor with JavaScript disabled, which is the safe way to use the Tor Browser. I said nothing about a VPN. A VPN will not save you from leaking identifying information from your device and browser, while the Tor Browser at least attempts to minimize such identifying information.
> "A VPN will not save you from leaking identifying information"
What identifying information? There is no identifying information other than IP address, email and anything else you volunteered when signing up.
Remember the context here. It's "toy company" grumpy about a negative review, and wanting Glassdoor to hand over what they know.
Have a guess what Glassdoor will hand over? Email address, IP, and whatever else you willingly gave to Glassdoor. They won't have any other information from "javascript" or whatever you are claiming is leaked from normal web browsers.
A company's pettiness can know no bounds, and a toy company is just as capable of hiring firms that specialize in de-anonymization as any other company is. The company itself also has billions of dollars of revenue and can hire experts in the field themselves.
Companies do not just log IP addresses and email addresses, there are billion dollar ad networks that have refined the game of tracking users across browsers and devices, and they certainly do not rely on just IP and email addresses.
Many companies keep extensive logs of analytics data that their customers generate that amount to much more than IP and email addresses. If a company is motivated enough, there really isn't anything stopping them from cross referencing their own logs and employees/users' identifying data with whatever Glassdoor, and any of its partner services they've integrated with, collected from their users.
And it isn't just JavaScript that leaks identifying information, most browsers do it by default. JavaScript just makes it stupidly convenient, more accurate and opens the door for novel methods for collecting identifying information.
How certain are you that in all jurisdictions where an (ex-)employer can get an injunction to force glassdoor to reveal the email address they wouldn't be able to get the legit email provider to reveal your true identity?
IP addresses aren't the only way to identify a user.
I also assume large free hotspot providers collect enough identifying information from their users for the purpose of aiding investigators and courts in identifying abuse of their networks. A subpoena could provide that info, and hotspot providers can choose to just hand over that info when requested.
Do you extend that to the VPN provider used to sign up to the email provider?
How far should companies battle to reveal the sources of mean reviews? Why not simply reply to those reviews with a counterbalancing response? It's not a big deal. I don't condone making fake reviews out of spite, or whatever is claimed in this case, but chasing reviewers through court action is petty.
One of the values on Zuru website is something about "think different" but what is thinking different about suing a negative reviewer?
So much bragging over there on the zurutoys.co/about-us pages, they talk themselves up big time. No environmental statement that I can see btw, just how amazing they are. Should environmental policies start imposing limits on how many plastic fish fidget spinners the world needs? If less quantities are made, their rarity provides value on the used/recycled market. May mean less rooms in mansion for company heads. Better for planet though.
Glassdoor provides the email `ilikebigbutts@gmail.com`, Google only have VPN/Public WiFi IPs for that account because I'm not an idiot who put my real details into the Google Account.
Not sure I see the problem. They gonna subpoena Starbucks to get the (now probably long deleted) security footage for the time the negative review was posted?
Google, Microsoft, etc make you provide a phone number to create an account, at least when you do it through Tor.
It's annoyingly hard to create a truly anonymous email account these days. Even more privacy-respecting providers like ProtonMail make you verify your account using a phone number or email address when signing up through Tor (though at least with ProtonMail they claim to not associate that information with your account, and you can bypass verification by upgrading to a paid account via a Bitcoin payment).
This is interesting but a more accurate title would be "New Zealand law allows corporations to sue Glassdoor for user data." As the article notes:
> statements of “pure opinion” are protected by the First Amendment in America. But New Zealand doesn’t have this. Statements of opinion are not categorically protected.
That said, the warning that Glassdoor adds to the pages of companies that do this has to be the biggest warning not to go work for these companies; definitely a bigger deal than a couple of bad reviews.
US law could and should protect freedom of speech, even when it's not protected in other countries. If you sue a company in the US in an attempt to suppress speech that would be protected by the first amendment, US courts should reject that.
Are such reviews always "pure opinion"? Things like "low salary", "bad manager" etc are always opinions no matter what but what if I am lying and saying "we do overtime every other month" or "it is acceptable and encouraged for people to slap interns"? Why to do in such case?
That law feels very abusable. How do you prove an opinion to be honest/dishonest? That I expressed a different opinion at other times doesn't mean anything, because opinions change all the time. If my opinion is that your company sucks, I may also want to cause damage, so my motives for posting a negative review can't be used to show the option is dishonest. What metric would a court use to decide?
This is the worst kind of publicity for ZURU. They thought it was difficult to hire employees because of a handful of critical reviews on Glassdoor? It's about to get a lot harder. The company should have spent those extra resources researching how to make their employees happier (and hence, more productive).
Contact us page for Zuru Toys. I just sent them a short message explaining that previously I was not aware of their company but now this issue is the only thing that I know about them and it is not a good look.
https://zurutoys.co/contact/
My current company had around 20 or so negative reviews bringing the ratings down to 2. We had a new HR head come in and asked employees to rate 5 stars. Poof. 16 of the negative reviews have vanished. They're now replaced with 5 star reviews. We're currently at 3. HR's goal is to bring it up to 4.
Don't trust anything. I left a truthful, scathing review of where I purchased my vehicle from. I was very unhappy with the experience after making a purchase at a different dealership (Total different experience with my wife).
The review was gone within 24 hours from Google Reviews. It's a racket and completely paid for. I filter by 1 stars at this point otherwise I'm unsure if I'm reading a purchased review.
I saw the opposite at an employer. A bunch of salty people left and posted scathing reviews that were entirely unfounded. The employer encouraged people to leave honest reviews (they didn't pressure for positive, just honest) on Glassdoor, knowing it'd be nearly universally positive because it was a legitimately good place to work for everyone there (except the people that threw a tantrum and left).
Glassdoor refused to accept any of the new reviews. I assume they have some sort of mechanism in place to prevent a flood of new reviews, assuming it's something directed by the employer. Even years later I only see one or two new reviews despite dozens of them being submitted.
I read 1 and 2 star reviews to check for anything I may need to be cautious about but I generally assume that 5 star reviews are intentional padding.
Do you find yourself leaving 5 star reviews regularly? Leaving reviews at all? Are you more motivated to leave a review if a bad experience or a good experience?
I do the same as you, check for lower ratings to be informed. I have found it helps if I talk to current/ex employees on linkedin. So far that has been transparent and helpful. The usual 5 stars are just generic "awesome team/great culture" which is useless.
I have left both 5 star and 1 star reviews. Unfortunately some of my 1 stars have been removed. I leave 5 stars when it's good (ignoring any usual corporate politics that might exist, these exist anywhere regardless). My 5 stars are usually descriptive enough to make it authentic and not like "good place to work, friendly ppl, awesome culture". I leave 1 star when things get really bad, like really unethical backstabbing sort of bad.
But then again I don't understand how companies are able to get them removed off of glassdoor. Like, my current company has done everything from removing reviews to having good publicity on glassdoor/linkedin/any social media but they have not tackled one single negative review head on to change their culture. Lol.
Glassdoor is different from most other star-ratings because the reviews are really of a bunch of different products. Even in the same department, different bosses can produce wildly different experiences.
For almost everything, I try and be nuanced and avoid 5 or 1 star reviews. This has bit me awkwardly, in one case my barber who I rated 4 stars respinded to the review and asked what they could do to make it 5 stars. I guess that was enough to make it 5 lol.
On Glassdoor it's so obvious when something is HR or marketing. Lots of "people wear many hats and there's a high standard for quality, which isn't for everyone" type speak.
Negatives: "Sometimes we're too ambitious"
I'm considering giving a 1 star to a bar in my neighborhood. Pizza was shit, a side of fries was $8, service was fine, but it really burned spending $18 on just a beer (during happy hour) and fries.
>Zuru hasn't simply alleged that it suffered a loss; Zuru’s cofounders declared, under penalty of perjury, that because of the negative reviews, Zuru had to spend more money to recruit job candidates for a particular position.”
Does Zuru have proof it's because of negative reviews and not other causes?
Their proof (or lack thereof) would generally be evaluated at the trial stage. This is a pre-trial procedure, so it's mostly take at face value.
If another party so moves, they could ask the court to stop the plaintiff, and the judge will make a decision. But that's not automatic--somebody has to specifically ask for it.
I get why it sounds funny to us, but it's mainly a highly jargon-y form of language used for motions in court. When you're writing this stuff, you're expected to phrase yourself in the appropriate fashion.
There are also certain specific legal terms and phrases that work kind of like reserved words or functions in a programming langauge, because they invoke a specific legal effect in how the court needs to handle them. If you don't phrase your motion properly, your motion could be denied because it. Or maybe the judge let's it slide, but you piss them off and wear down their patience.
Anyway... For us, it sounds funny because we're ignorant of it. Just like how programming languages may sound funny to non-programmers: "If X then Y else Z" is similar enough to English, but it'll make the kids giggle if you ask them to read it aloud.
I think your inference may be backwards... Sovereign Citizen types sound like this because they're aping "legalese" in an attempt to sound authoritative to ignorant people.
But this weird, kinda archaic, jargony, overly-specific English is just how regular motions are written, by real lawyers in regular courts.
(And yes, it does sound funny, if you're not used to reading/writing it.)
After verifying that you work for a company, why don't they physically destroy everything that could be used to de-anonymize you, leaving with only some kind of public key and a proof of that you work for company X?
For the legal part I think there were some countries (IIRC Sweden) that doesn't require to keep any logs so that they can move operations there with an owned company and legally anonymize users.
I know it's much easier written here on HN than actually done, but that should be the intention: anonymous by design ground-up.
That's a technologist's typical reaction. However, this is not a technical problem. In reality, if Glassdoor did something like that it's just going to increase the likelyhood of getting targeted directly for libel.
Even if someone actually worked for a company, it doesn't mean their statements about it are true. Someone might be disgruntled for a variety of reasons and slander the company, in which case it would be proper to sue in order for the review to be taken down.
The social issue here seems to be that there probably are more companies doing this for "revenge" purposes than for legitimately taking down slander.
Actually the technical aspect is the implementation details. If this is a social "problem", then the problem is Glassdoor's existence in the first place.
Since it exists (whether such a service itself existing is a problem or not is out of the scope here) technical implementation is just a way of making the service work as intended (e.g. Providing anonymity to the users).
Counterpoint: I use a VPN for anonymity and/or for safety on public wifi. One of the key features of the VPN is they don't keep logs. I'm not personally doing anything illegal or immoral, but the last thing I would want is a VPN company having a log of all my internet activity.
Glassdoor's entire value proposition is anonymity. The best way to respond to a subpoena, IMO, is to make it very clear that they have no way to know. Of course that might mean more legal action directed directly against them, but to me that's a cost of doing business as there is no business if people stop trusting Glassdoor to protect their identity.
I haven't looked at Glassdoor in several years, but if I recall correctly, back then they wanted you to supply information about your employment -- including salary -- in exchange for being able to see information from others. It may be hard to simultaneously provide users with anonymity and collect such personal identifiable information.
Ive never posted on glassdoor because its basically impossible to be anonymous. The date of employment alone probably can narrow down to a handful of people for almost any position.
Any mid or high level job you might as well just post under your name. There simply are too few people that have ever had your job and its only a matter of a bit of work to figure out who you are.
I wonder what the most common job by a single company in the world is? Amazon warehouse worker? Even if a few million people had that job I bet any HN data scientist could deanonomize almost every review.
I'd not heard of Zuru before. Turns out they make tons of cheap plastic crap that makes Happy Meal toys look well made. Their main brands are chinzy collectable toys that combine gambling with too many layers of plastic wrapping, Mini Brandz (because having kids collect mini plastic versions of Heinz and Miracle Whip isn't weird), and Bunch O Balloons (the ultimate in single-use plastic).
Never trusted the fact that reviews on glassdoor AREN'T anonymous...
Oh sure, they hide your name and email, but they have it. A good secret isn't a secret if someone knows it.
I always wondered if they should - and now I wonder if they could - have really anonymous reviews. Just don't tie a review to a user. Sure, ask users to create accounts, validate them, but once they submit a review, it's store without details.
This would make it impossible to respond to subpoenas such as this. And my question now is, could they?
Need to track who said what for libel cases. There are plenty of unfairly scathing Glassdoor reviews. If Glassdoor can’t point to who said it, they’re the one who gets sued.
> If Glassdoor can’t point to who said it, they’re the one who gets sued.
Why? HN doesn't have any information on me. If I say something that's alleged to be libelous, does that mean HN is responsible? That seems a bit out there.
A decent outcome here would be if Glassdoor revealed all employers that attempt to go after former employees with alerts like the current one on the Zuru page.
Semi-related scheisty Glassdoor anecdote: I worked at a company Foo which appeared as 2 separate companies on Glassdoor: Foo, and separately Foo Technology.
Foo Technology unambiguously did not exist as a separate company in any form.
Thing is, Foo was the unlikely company where the line workers were more satisfied than the Technology employees - the company overall was very decent but the technology org was toxic.
Accordingly, Foo Technology had lousy ratings and negative reviews, while Foo has largely positive reviews and a strong rating. The difference was on the order of Foo~=4.0 while Foo Technology~=2.0, both derived from a significant number of employees.
You can imagine the pitfall this could create as a prospective technology employee contemplating a stint at Foo.
As a disgruntled Foo “Technology” employee I contacted Glassdoor to notify them that a nonexistent company was distracting many genuine reviews away from a legitimate company.
Glassdoor notified me that they would not provide any corrective action unless the formal owner of the Glassdoor account for Foo agreed to it.
This told me that accuracy of reviews on Glassdoor comes in a few positions shy of their top priority.
Although in full disclosure, a year or two later the 2 separate “companies” did get merged on Glassdoor. I don’t know what the impetus finally was, but they certainly didn’t give a shit when I notified them of the snafu with their system.
Hmm, that doesn't correlate with what they say[0] on their support site: "No! Employers cannot pay Glassdoor to remove reviews."
That said, it seems like negative reviews can easily end up violating one of the many other terms of use[1] around review content. Specifically that a user will not: "Post Content that is defamatory, libelous, or fraudulent"... and "Act in a manner that is [...] otherwise objectionable (as determined by Glassdoor)". That's really broad, and negative reviews can easily be framed as "defamatory" or "objectionable" even if they are factual...
This is as old as the BBB - you never ever "pay to remove reviews" you just, as a paying member in good standing, have the ability to request review of reviews, and the working ability to make sure things are "accurate and resolved".
> Hmm, that doesn't correlate with what they say[0] on their support site: "No! Employers cannot pay Glassdoor to remove reviews."
They could easily be telling the truth there, but still be effectively selling a good rating. They'd just have to sell a service to help monitor the reviews in some way for violations of ToS. Suddenly ~all of the bad reviews are "spam", "libel", etc. It's amazing how broadly things can be recognized as abusive if your pocketbook depends on it.
I have _no_ idea if they're actually doing this or not, but it's along the lines of the scam many review sites use.
I have worked at several companies that received a lot of poor reviews and often what happens if you keep track of those reviews over several months is that they "mysteriously" disappear. Of course by that point the person who left the review has probably moved on to a new job and can't be bothered writing another review that is sufficiently vague as to avoid potential removal. One company I worked at even had its overall rating significantly messed with (over 0.5 change within a month), as those old reviews disappeared and "mysteriously" a bunch of vapid positive reviews appeared.
All that said, I still check Glassdoor before every job I interview for. You just need to be mindful - especially for larger companies who can afford the time to curate their reviews - that the score is perhaps a little inflated, and that the reviews that remain are as tactfully-worded as possible to avoid deletion.
I’ve noticed what I think is a trick to hide the negative reviews with default filters. When you first go to the reviews page it will say something like “Showing 30 of 35 reviews” and the filters are “English” and “Full Time”. Sometimes reviews don’t have those tags and most people don’t notice they are just being subtly filtered.
presumably you simoly wait for someone from the glassdoor sales team to contact you , the owner.
they will present is as a review optimization strategy.
this is how yelp did it back in the day.
i dont know if glassdor does or did it, just pointing out other review sites did do it and never posted it on their "pricing" or "services" page for employers...
Yelp now just send oven a couple of large men with baseball bats who say “Nice business you got here. Would be a shame if something happened to it…” to cut out the foreplay.
The rumor has long been that they contact you about it. Presumably they figure it based on page views and review volume to determine your hiring rate and churn etc and sentiment analysis of your worst reviews so they aren't just shotgunning these offers at every company that has reviews on their site.
Just passing along rumors I have no particularly informed insight here or verifiable reason to believe this is true, though I do believe it's in the plausible-to-likely range.
I'm surprised no-one has posted the email from Glassdoor suggesting this. You'd think one would get a lot of attention. Maybe they don't contact many companies about it.
Every single review site that you don’t pay to access is funded by shady conflicts of interest and perverted incentives. Yelp, BBB, Amazon, Wirecutter. The whole lot. Yeah some are worse than others. But every one of them is entangled in ways that Consumer Reports or the old Angie’s List aren’t. (Angie’s List later became just another marketing channel. Originally it was a subscription service, though I don’t remember if they were double dipping or not.)
It's a rumor many years old at this point that I have also heard from many different sources. That doesn't make it true of course but it's not like they made it up on the spot today for this HN thread.
Does Glassdoor actually have any business operations or webservers in NZ that would be subject to this order if it was issued from a court in NZ?
Since when does a NZ order apply to a non NZ company. For example, American media regularly publishes the names of persons charged with crimes in Canada where the name may be banned from publication by a Canadian court. It's a first amendment thing.
If US companies start obeying orders like this, how is it any different from getting a court order from a "totally neutral" court in Hong Kong, actually controlled by beijing, to de-anonymize the users of an american-based web service.
Looking at the details, it appears that they were sued in a us court in California, so the order does apply.
Zuru's entity spans multiple regions, a Californian court can compel a US-based entity to hand over records for data held in another region. It's the reason why some organisations refuse to work with any organisations that can be compelled under the PATRIOT Act (about 98% of tech companies).
Also see: Kim DotCom. Broke no laws in New Zealand, will eventually be extradited for a civil matter. He's delayed it a long time though.
I read the ruling. It is apparently because of this law in the US statutes: https://www.law.cornell.edu/uscode/text/28/1782 which authorizes a judge to "order [some person] to produce a document or other thing for use in a proceeding in a foreign or international tribunal ... The order may be made ... upon the application of any interested person"
It is mostly up to the judge's discretion, but case law establishes 4 discretionary factors to consider: 1) whether the request is from a potential lawsuit participant, 2) nature of the tribunal 3) whether discovery can be obtained by other means, and 4)whether compliance is burdensome.
Congress already passed a law to prevent foreign libel judgements (well, ones which wouldn't pass 1st amendment muster), from being enforceable by US courts.
And now we just have US judges deciding they should apply NZ law without applying the 1st Amendment?
I think maybe this is because the user who left the review is a New Zealand national residing outside the U.S., so they do not have any first amendment rights. If the user was American, I think they could assert a first-amendment right to anonymous speech to prevent being identified. (Although such a right is not absolute, there is a balancing test involved: https://storage.courtlistener.com/recap/gov.uscourts.cand.36...)
Please stop with these inane "but can we get away with ignoring the law elsewhere????" comments - it pops up every single time a US corporation is held to account for laws in a country where it violated them and it never stops being tedious.
I'm sorry, no, US corporations and people should not be held accountable to every foreign country's arbitrary laws, unless you want to set a precedent of legal action against the webservers of Human Rights Watch and Amnesty International for publishing information about the state of things in Xinjiang province or Uzbekistan freedom-of-press.
In the past I've been tempted to leave reviews for bad employers I've had. I've always come to the conclusion that the risks of doing so totally outweigh the completely minimal rewards. The risk of being deanonymised, and receiving retaliation from the company is too high. My threat model didn't include the possibility of litigation compelling the company to hand over PII. I was more concerned that I'd inadvertently betray my identity in my review. Not to mention the issues related to Glassdoor as a company, and their lack of objectivity. Why do people use their service in the first place?
I see no reason to leave a review on basically any site for anything; but especially a bad review on something like Glassdoor, except out of some spite or something.
Why you should never leave Glassdoor reviews using;
- Your real name
- Your real email address
- Your real salary and job title
- Your normal vocabulary and idioms
- Any of your devices (as in, go to an internet cafe or something)
They can deanonymize as much as they like all they're going to find is that "dbcooper42069[at]hotmail", using non-region specific language, took a very dim view of company X's management style and pay rates.
I've never used glassdoor myself, but don't you need to use your company email while leaving the review to prove you actually work there, so leaving an anonymous review isn't even possible? Why would anybody use glassdoor if that's the case?
I think you have the option of saying that you're a former employee, and in that case you only need to validate an address not one tied to a specific domain.
In any case the idea of a company email is a little hard to define from the perspective of a 3rd party that deals with millions of companies; different TLD's, domains, sub domains etc make it very hard to nail down exactly which pattern is the definition of any given companies real email addresses.
I think that this one is way harder to avoid than you might think, short of having someone else write the review for you (which might not be a bad idea!).
You might be able to get by with something like throwing it through Google Translate to a different language, then back, and then fix only anything that's _unreadably_ awful. Might be too blunt of a tool though.
The other thing I can think to try to do would just be avoid any complete sentences, just give short bulletpoints or something. Resticting the amount of text should make it harder to get anything like a real match.
Yeah it's not easy, having someone else write it like you said is probably the easiest way.
In a few reviews I've left (using different accounts etc for each one to avoid fingerprinting!) I've written the review myself, changed it to a formal register, thesaurus-ed a few words, and also threw in a few red herrings to make which team I was from appear ambiguous (for example, whine about sales tooling/CRM when you're an engineer that has nothing to do with sales).
Giving a company your real identity and trusting them to keep you anonymous isn’t a good idea. Either keep yourself anonymous online using your own open source toolset, or consider yourself identified when doing anything.
Glassdoor has a paradox at its heart. Yes we all want to have honest reviews of corporate culture, and anonymity is probably the only way to get that. Except that how does anyone trust an anonymous post ?
The only way to get around this is some impossible to imagine global regulatory chnage where companies may never take action against negative non-anonymous postings.
I am not sure how to overcome this massive information asymmetry that corporations have against us
In general, I don't like the idea of breaking the anonymity, and I haven't checked the reviews posted about Zuru, but the tough question is, should you/a company have the right to break anonymity for factually inaccurate statements.
As a publicly elected official, I have had someone lie about me at a public meeting. An accusation which if true, would certainly inhibit my ability to get re-elected. Since it was in public, I could find the person who said it and got a public retraction at the next meeting.
Thankfully these occurrences are few and far between, but doesn't diminish the question about the rights of the target.
But what if this accusation was posted anonymously and I could not find the the accuser? Should I be allowed to get the name from the site?
Every review I have posted on Glassdoor has been with a disposable email address, using my own device and using a public WiFi hotspot. I once had an employer try to get legal on me because I went to work for a rival after they laid me off - so I know some employers can be petty like that.
I trust Glassdoor to keep their promise of not releasing my ID voluntarily, but when courts get involved all bets are off.
I've seen a fair few reviews for companies I used to work at where it was really easy to ID the reviewer as they were too forthcoming with details. Some people just don't see the potential dangers of posting negative reviews without properly hiding their ID.
After two experiences, I no longer use or trust Glassdoor.
1. After turning in my notice to resign, the company I was leaving offered me a written agreement where they would pay me $2500 for leaving a positive review on Glassdoor.
2. Someone I used to work with posted a personal attack on Glassdoor, that was clearly against the policies (along the lines of "The CEO is human garbage"), and yet no amount of flagging or reporting the post resulted in them taking it down.
I’ve never used Glassdoor, so it’s a big surprise that they collect and retain identity information in the first place. I would never, ever provide my real name while talking about my previous employers, even if I was told that I would remain “anonymous”
I think they do try to verify that the person posting the review actually worked at the company they're reviewing. Otherwise it would be filled with spam and competitors trying to badmouth each other.
I live in the US, where people and corporations are notoriously litigious and I’ve worked at some terrible places.
For example, I once had a coworker that would openly crush up and snort various pills between calls while fundraising for one of the two main political parties. This was not an issue for management.
I would never post [name of that employer] from any account that could possibly be attached to my name anywhere.
Yes. A guy railing a line of Concerta right next to me while I was on a call loudly enough for the possible donor to hear and ask about it was a problem for me.
Why would a possible donor ask about a noise that sounds extremely similar to someone blowing their nose? This comes off as moralising for the sake of moralising, nothing actually harmful has happened.
Buddy I don’t know what to tell you here other than the noise a person makes after snorting a pill that was explicitly designed and engineered to be unpleasant to snort is not a normal noise.
Edit: This is the funniest exchange I’ve had on this website, thank you. “Preferring people don’t do lines of apparently excruciating substances right next to me, at work, in an office, while I’m literally on the phone” being “moralizing” is hilarious.
It's also getting a LOT harder to get a totally alter-ego email address that's not connected to you. They want a working phone number now. And hardly any of the "temp SMS" providers work for them - all blocked.
I figure at this point I will need to literally buy a burner phone with cash if I wanted to create some identity not connected to myself online.
>Glassdoor’s FAQ goes into a little more detail about how they will defend user anonymity. They know this is vital their success:
If glassdoor cares so much about anonymity, why didn't they engineer their site in such a way that prevents them from being able to deanonymize reviewers? For instance, not keeping identifying user details after they have been verified?
Probably because doing so is hard. You not only have to verify that a review is coming from an actual current or former employee, but then you have to ensure that the same employee cannot write multiple reviews. If you discard all links between a reviewer account and a review, how do you do that?
I imagine there's some sort of zero-knowledge magic cryptographic thing you can do (or maybe something simpler, like a... Bloom filter?), but perhaps Glassdoor didn't want to go for the effort and expense to implement it.
Just goes to show you, unless you can prove anonymity client-side, never assume you're anonymous on the internet, anywhere.
"The same employee cannot write multiple reviews" - they can create new accounts.
But even if you want one account to not write multiple reviews, you can flag that an account wrote a review for a company without tying it to -what- review.
You can even disassociate that; hash usernames with the company and store that to track who has written a review. Then, you can only confirm that a given user account has written a review for a company, but not which review is theirs, and given a company you can't determine what users wrote those reviews without attempting to hash every username against it.
And that's if you -absolutely- have to try and prevent an account writing more than one review (again, noting that you can just create another account).
Certainly, but it moves it from a "we just have some legally-should-be inactionable data laying around" to "we don't even have that data laying around".
The fact that it's impossible to comply with "who wrote -this- review" is probably sufficient, but "and we don't even readily have access to who wrote -a- review" can help prevent fishing expeditions, since presumably a judge will be less amenable to such fishing expeditions if you can show it will have negative material effect to comply, while still not providing any legal path forward to sue for the prosecution.
But that also makes assumptions both of user counts, and rounds of hashing. 50 million users (seems reasonable with Glassdoor), with a sufficiently slow hash that takes a second to compute (easily done) means you'll have to wait a year and a half for results for a given company, or start to parallelize things, and, oh, look, now you have dev time and CPU resources and, well, this has a materially adverse effect on our business, and we'll be left with usernames we still can't release since this discovery order only is valid for this -one- review, and we have no way of knowing which it is.
Glassdoor makes no attempt to verify employment ever took place. In fact, they don't even allow making an account without an employer, so the unemployed have to lie if they want to read reviews.
> You not only have to verify that a review is coming from an actual current or former employee, but then you have to ensure that the same employee cannot write multiple reviews. If you discard all links between a reviewer account and a review, how do you do that?
Just FYI, Glassdoor does NOT try to prove that reviewers are current or former employees. Anybody can post claiming to be an employee, and Glassdoor will accept their review.
> Probably because doing so is hard. You not only have to verify that a review is coming from an actual current or former employee, but then you have to ensure that the same employee cannot write multiple reviews. If you discard all links between a reviewer account and a review, how do you do that?
It doesn't seem hard to me.
1. when making a review, send a verification link to the email on file
2. after the email is verified, post the review, but delink the email from the actual review.
3. to prevent the same email from being used to spam reviews, add a coarse grained timestamp (eg. rounded to the nearest month, depending on how much activity the company gets) of when it was last used.
4. if you want users to be able to update reviews afterwards, display a secret key to them and keep a hashed version on file. The user must present the secret key if he wants to update his review
Can’t you hash the email and then store only the hash? If your hashing alghorithm is heavy enough you could easily figure out that a review is already posted, but brute forcing the original value would be impractical.
Email addresses aren’t usually secret though. If an employer happens to know the personal emails of a large fraction of its workers, it isn’t going to be meaningfully slowed down by a hash. 1M addresses * 1 second/address = ~12 days (and in practice a lot less since hashing is nearly trivial to parallelize)
Why would Glassdoor keep this information? And why would they say they kept it rather than saying they had already deleted it?
Regardless, they need to just delete it now and say they lost the information, and risk the wrath of the NZ legal system rather than risking never getting a review again.
Would these companies have a case if an employee left refusing to sign the paper work agreeing to not talk shit? One company I left tied their severance package to a signature on that kind of agreement.
They aren't planning on suing for a breach of NDA. They're planning on suing under defamation law, which alone will cost the former employees tens of thousands, if not hundreds, to defend; if they can't defend their case - and as the article says, opinion is not automatically protected under New Zealand law - it appears that they will be suing for "increased recruitment costs", which sounds like it could be construed to run to arbitarily large numbers.
The point is to terrorise anyone out of criticising them, ever.
They have 5000+ employees. I don't think their recruiting efforts have been hindered. The CEO's decision to pursue this has a larger negative effect than the comments on Glassdoor. I'm evidence as I had never heard of this company, do not peruse Glassdoor, but now I know this company's name and that the CEO is a tosser.
It’s amazing that companies with billions of dollars of revenue make such poor moves. All I think when I see a story like this is “well I guess there isn’t much competition in NZ toy companies”.
> As for their first point, statements of “pure opinion” are protected by the First Amendment in America. But New Zealand doesn’t have this. Statements of opinion are not categorically protected. Instead, it all comes down to “the honest-opinion defense”.
This is the most surprising part of this article to me. Not the NZ one, but the US one.
Does this mean you can say whatever you want in the US without risking be labeled libel? What if you're a victim of it (NOT saying in this case, but in general like personally)?
First amendment rights are pretty sacred here. Generally, yes, you can say whatever you want without LEGAL consequences.
For a defamation case to succeed in the US, the accuser has to prove that a statement was made that a reasonable person would interpret as a statement of fact. That means that something like "zuru is the worst place to work in the world!" would not put the person at risk of losing a defamation case, because "worst place in the world" is subjective, and no reasonable person would think it is an objective fact.
If they said something like "zuru management ate my babies!".... well, that still wouldn't get them in trouble because it is so obviously not true that no reasonable person would think it was a statement of fact.
If they said, "zuru didn't pay me my last paycheck," well then you might be at risk for defamation if it turns out they did actually pay you (the truth is always an absolute defense in the US, so you can't get in trouble for saying something that is true)
Now, even if it wasn't true, the accuser still has to prove that the person either KNEW it wasn't true, or completely disregarded whether it was true or not when they made the statement.
It is hard to get someone in trouble for what they write or say in the US.
> Does this mean you can say whatever you want in the US without risking be labeled libel?
No. The question of whether a claim is of opinion or fact is itself an objective question of fact. “Donald Trump is an evil man” is a opinion claim, and cannot be libel.
“Donald Trump murdered his bastard son” is a fact claim and could (potentially) be libel.
Something to note is that the standard for defamation is higher in the US if you're a public figure such as a politician and requires you to prove actual malice. So if someone truly believed that Hillary Clinton was part of a satanic pedophile ring and told others as such, it would be almost impossible to successfully sue them.
Maybe this is a foolish statement coming from my never having used Glassdoor, but why the fuck would an anonymous review website even keep PII in the first place?
I think the workplace/company review aspect is how they market themselves, but really that’s just a small part of it. Companies are their customers, people interested in jobs are their product, so naturally they need to get as many people as possible to give them their personal information.
Edit: One of the “services” they provide is the ability to add your resume. Presumably that would provide some kind of job matching benefit, but I’m not familiar with it. But, that would be one source of users’ info.
Can't believe they'd try to sue over that. For one, it's pretty much only critical of the Mowbrays themselves and I can't see anything in there that wouldn't be an honest opinion so safeguarded by NZ law.
So it comes across to me like the Mowbrays personally trying to stomp someone into the ground with legal fees knowing they have no case. Hopefully the legal system can protect them from that exploitative use.
Seems on song with that basis of the comment, doesn't it?
Somewhat unfortunately, yes. Those patterns are annoying and dark, but they still have some good data. Which is probably the only reason they get away with it.
Nothing on the Internet these days (especially on review sites) are anonymous any more. Putting opinions on the internet is a risky business if untrue, there are legal consequences. Fun fact: I had received cease or decease letters from the lawyers representing a business that I left negative reviews on Yelp many years ago.
As long as your reviews are true and factual based, they don't have much of a case against you (libel or defamation), with exceptions of course like Depp v. Heard which wasn't trialed in the court of Virginia but really trialed in the court of public opinions and lots of lawyers thought Depp would loose.
Another exception to the high bar of winning libel/defamation case is Bollea v. Gawker - which Peter Thiel has enough deep pocket to literally bankrupted Gawker media.
Otherwise, stay truth state facts in reviews, you should be fine for the most scenarios.
Reminds me of the Penet remailer scandal[1] - which lead to chilling-effects over 'anonymous' user information being disclosed and its eventual shutdown.
Now wait for Blind app to get ordered to reveal the same, or it gets leaked in general.
Blind is more fun as they have a habit of forcing you to use your work email for "verification". They let other people on Blind too, but conveniently use that as a reason to kick them off if they say anything controversial.
Very uncool. I’m going to comment on the mentality of using glassdoor instead.
I’ve used it to gauge the industry many times, research companies a few times. I think I’ve only ever left feedback myself once, and it was positive.
But I never had an actual expectation of total privacy. I figure you could piece identities together based on the posting date alone, especially if it is negative
If you’re an engineer worth hiring, you know that this layer of anonymity is just to prevent it from showing up on your grandma’s linkedin feed; or in a more paranoid way, your vengeful ex-boss easily googling your comments.
If someone really wants to find you, of course they will. I take a bit of a riskier tack. I’m usually just me… we’ll see how it goes in the end
I don't understand why people ever trust the anonymity of Glassdoor. They have neither technical guarantees (e.g. zero knowledge cryptography) nor contractual guarantees (e.g. you can sue for damages if they fail to protect your identity).
My learning is that we should never trust any site that says a form is anonymous. Use TOR and a disposable email alias to create account. If they have anything that blocks using either, don't participate if you want to be anonymous.
Question- how does a company like Zuru think this is a good idea? Suing a former employee because they left a negative review doesn’t exactly give me warm fuzzies. Is this just a case of C level megalomania?
Blind promises that "all email addresses are hashed, salted and then encrypted. Blind accounts are stored separately from the hashed email addresses. This means that a user’s activity cannot be traced to an email. As an added measure, we do not collect real names. We also discourage users from sharing too much personal information in their posts and messages, which others could potentially use to identify them."[1]
In a previous employment, when I logged into the internal HR portal on my first day, there was a 'performance target' already set on my profile, which said:
Create account on Glassdoor, and leave a review.
On. My. First. Day.
It did not bode well for the rest of my employment there.
Some companies do ask current employees (albeit informally a select trusted few) to leave glowing reviews in order to bury bad ones and to give a PR boost during hiring sprees.
"Zuru hasn't simply alleged that it suffered a loss; Zuru’s cofounders declared, under penalty of perjury, that because of the negative reviews, Zuru had to spend more money to recruit job candidates for a particular position."
I don't understand the logic of the judge here. If even the most true-to-fact negative review may result in spending more for recruiting. Did not they have to demonstrate that they had monetary losses specifically attributed to dishonest negative review?
Sad New Zealand doesn’t have freedom of speech. Especially odd as our western media fawns over their police state and tyrannical government. This was never mentioned though.
Australia and New Zealand are near the top on that list. Libel and defamation is a very commonly sought after legal means of silencing an organisation, entity or person.
Yes, both countries are places you can raise a family, start a business, walk down the street without getting shot (at least it's very, very unlikely) - you can watch anything (provided it hasn't been censored which has laxed over the years), but you really, really can't say what you want about anyone.
There's a very well-known security specialist who's sued multiple boutique, small-time consultancies and individuals for defamation of his character. He was called a charlatan. This is what it's like on a small-scale, you can't even talk about an individual at local conferences in case they're recorded, because you'll be taken to court (and have to spend 10's of thousands of dollars defending yourself).
Wouldn’t this ruling destroy Glassdoor’s business model? And wouldn’t Zuru actually shoot themselves in the foot with this move? I’d certainly stay away from a company that is this litigious for such a thing. I think it would have been a better option for Zuru to have hired a new management (or reshuffle the old one at least) and do some PR to clean their name. At least they’ll learn about the Streissand effect
>Wouldn't they have to prove the allegations are false?
That's mostly a US thing. England and many former english colony countries have quite liberal (illiberal?) libel laws that puts the onus of the person making the claim to prove it's true.
>defamatory statement is presumed to be false, unless the defendant can prove its truth
Not only this but internal surveys as well. One particular company (100+ startup) in Vancouver was well known for this. The CEO would tell workers that the survey was anonymous but then would immediately try to identify track down humiliate them. It was posted on Glassdoor a couple of times but pretty sure they were taken down like this.
Hopefully Glassdoor is still pursuing protection of the reviewers. This was a rejected motion to squash the whole case without a hearing. That doesn't mean after a hearing there will be a decision in Zuru's favor, just that there is enough for a hearing. At least that's the way I read it, but I'm not a lawyer.
Does Glassdoor give a way for companies to do something about fake reviews that are done in bad faith? I doubt they check validity of any reviews, even if a company claims that it is fake.
I am not saying this is an example to such case but I don't see any other option. Other than perhaps suing glassdoor instead, would that do any good?
I long ago deleted my Glassdoor account and refuse to use it.
This got me to thinking, though. If Glassdoor and similar websites are unreliable, what are some other tactics for learning about the internal culture of a potential workplace? Play the long game and make friends at every company you might be interested in in the future?
Who tells us that these negative reviews are always true and not posted by some disgruntled or mentally ill employee or even someone who never worked there? I know it’s easy to side on the negative reviewer side on glassdoor but it’s an anonymous place and the employer has almost no chance of fighting back.
Because a billion-dollar toy company headquartered in Shenzhen, China that has yacht parties needs the legal justice system to protect its good name by doxxing job reviews is pretty transparent on the face of it.
If a formal legal-entity organization keeps your personal data, non-anonymized, then the those world states it operates in can be assumed to have access to the data. And then it is a question of what private corporations can get the state to provide them with - officially or unofficially.
a fatal double-bind for glassdoor’s prospects for continued existence imo.
competitors are surely celebrating this ruling. especially those who physically cannot put anonymous commenters at risk while somehow still turning a profit without being able to traffic in tracking data.
Would a blockchain based Glassdoor alternative make sense? You can't sue a blockchain, and if they do somehow, they're not going to ban the entire blockchain in the whole country just because it provides anonymous reviews.
The issue is not that Glassdoor is being sued, the issue is that there is a company who wants to obtain the identities of those using Glassdoor to make comments about the company.
Most people use Blockchain through established services such as Coinbase -- Coinbase, and most other legitimate services like this must comply with KYC rules. So instead of suing "a blockchain", they'd demand the identity of the wallet holder from Coinbase.
I can't see how going to a blockchain resolves any of these issues, but perhaps you could elaborate?
Glassdoor makes you fill out your own company review in order to view others. However you actually don’t know how anonymous they are and if there is a way to find who wrote it as it can present legal risks to employees
Glassdoor is now a tainted site unless they are active about anonymity. Meaning, they don't even have identifying information in their database. I will tell everyone I know to stay away from this website.
Where is glassdor located? If it’s not in New Zealand, what are the consequences of giving them the middle finger and saying “No, we will not comply; feel free to block us in your insignificant country”?
Glassdoor has systematically taken down negative reviews for companies for years. I can’t say I love any of the “board” sites who engage in this type of product, and that includes Yelp, Google Places, etc
The greatest thing I ever saw on Glassdoor was our company's Chief People Officer arguing with anonymous people in their reviews. It wasn't a response they were aggressively going them.
A site that promises anonymity without ensuring that compelling identifying data is technically impossible is unfortunate. They are one good breach away from ruining many lives.
If I were the Glassdoor IT admin, I would give out silly names with false IPs.
The best solution is to have zero knowledge (delete all info that can identify a user), but the second best thing is to have double logs. A real one (internal use only) and a false one (for legal usage only). I know it goes against the moral/legal sense, but hey we're living in strange times and the best thing is not to go against multi bilion companies that can force you to do anything they want.
Who from the court or Zuru (or any other "bad" company) can say if the reviews by bill brown with IP 123.124.125.126 or john james with IP 132.133.134.135 are real or not ;-)
Man, apparently these founders have never heard of the Streisand effect. Very dumb move by them. I would never work for a company that sues whistle blowers like this.
This is the reality of "anonymity" on the internet. Whatever promises to be anonymous today will invariably, inevitably, become reconstituted in the long-term.
dang, can Nick Mowbray and Anna Mowbray, the founders of ZURU, compel News.YC to hand over my information if I wrote a poor review of their company in a scathing Tell HN?
This is where web3 might finally have some use. Truely anonymous decentralised network for reviewing companies. No entity to subpoena and no server logs or user data anyway if they could.
It will be useless due to spam, unreasonably disgruntled employees posting lies, forced or fraudulent positive reviews, and even outright scams ("pay up or we will post a negative review every week"), etc.
I wish it weren't so, but I'm afraid that will be the reality of it.
I thought a little about this. While onchain you cannot censor it, the “view” created for convenience on web2 could just ignore sufficiently flagged responses.
This would still generally allow anonymity.
Of course you could also have anonymity on a traditional platform by not requiring people to sign in with usernames but use a private key instead. So just use that part of web3 but no blockchain storage.
How will you prevent a company flagging unflattering reviews in an effort to get them hidden (companies will pop up offering these kind of services, employing multiple computers, botnets, etc.)?
Does Glassdoor even have a legal presence in NZ? If so, why? If not, why are they even bothered by this?
Could they theoretically not just play hardball, ignore the NZ courts entirely on the basis that they have no legal entity within NZ, and see what happens? Are there cross-border legal agreements that give the NZ courts any teeth? Or would it come down to NZ having to mandate that all ISPs block Glassdoor within NZ?
IANAL - you instinct is good generally but you missed a key point.
Zuru is suing in CA to compel glassdoor to produce information.
Zuru is not suing glassdoor for breaking NZ law in CA. That would make this case go away very quickly.
Instead, Zuru is saying they intend to sue NZ individuals in NZ, but in order to sue, they need info from US based glassdoor.
there may be some kind of cross border agreement to facilitate information between NZ and US. Politics aside, i dont know if a US company could be compelled by a US court to produce information to sue chinese or russian citizens, under those respective laws/jurisdictions?
Aha, thanks for that key point, that does change it a lot. I missed that this was in CA and for whatever reason assumed it was all going through the NZ courts.
I am sure there is some form of cross-border agreement between NZ and the US, but I don't know any details about it.
Someone wrote something very shitty, and damaging about (it wasn’t 100% clear - i suspect on purpose) me or some of the people i worked with. It was categorically false for me to be included in these allegations (i believe the entire claim was untrue but i guess i only really know my truth), and i had no way to even ask the person to omit me or why they felt i should be bundled in. At one point this became such a stress i was having panic attacks. I had zero recourse. I hated the job but stayed longer just to prove me leaving wasn’t related to that review which became the topic of the company all hands when they hired an investigative lawyer to look into the allegations.
So yeah…Screw that person but also screw glassdoor for facilitating their narrative.
This doesn't mean they should de-anonymize reviews, but have some moderation to stop any kind of personal attacks or information from being posted on the platform.
Where did i say it should be de-anonymize? I’m just saying they assisted in perpetuating a very damaging narrative against my person.
I agree moderation is key. They were so restrictive on amending the review in any way that it STILL exists. It’s been toned down somewhat, but the current moderation is a joke.
I mean if the reviews violate NDAs why shouldn't they be able to?
If they don't violate NDAs and the allegations aren't true, why shouldn't they be able to?
Finally, if Glassdoor is anonymous, why would they have any records of anyone who posts a review? If you want to claim some content has an anonymous author, you, the company hosting the content, cannot have any ability to identify the author. Otherwise all this "anonymous" info is a hack, malicious employee, or lawsuit away from no longer being anonymous.
At some point in the gig, one of their clients went to them asking them if it was possible to de-anonymize someone glassdoor review since someone still-employed worked with them. They then went to me to see if I could do it for them. They didn't clarifywhy they went to me, but I legitimately think they wanted me to "hack" glassdoor. I told them in no uncertain terms that I wouldn't do it and they backed off.
A bit later they fired the employee.. I didn't hear how they found the person, but it really spoke to the lengths that some organizations will go to burn down the lives of those who speak up.
Use this google search to find more companies that do it: