It seems as though nobody in this thread actually read the article. They are not revealing user names on the site. The objection here is having the real name as part of your private profile data, in case of a future data breach. It’s a real concern, but orders of magnitude less serious than what everybody is assuming.
Shame on Ars for the misleading clickbait headline.
Agree that it’s misleading, but to add there is another significant concern given how glassdoor is already “pay to win” from the companies perspective: they could just offer identifying the users as a paid service.
It would be digging their own grave if that starts happening, but that doesn’t seem to be stopping many companies…
I’m more concerned that the company decided it was OK to meld the “From:” line of her email (asking for support) into her profile. If they think that’s an appropriate way to handle PII, I don’t trust them.
For a supposedly anonymous site that’s going to be a target from both hackers and companies looking to reveal that data, I’d say it’s not really any better, just delayed. All it takes is someone finding a SQL injection vulnerability on the site to scrape the user database, or a court to rule that they have to turn that data over to a company looking to go after an employee, or even just someone with the right access at the company clicking the wrong link
If you want to be anonymous, the first step is to not give people your name or other PII
It seems as though nobody in this thread actually read the article. They are not revealing user names on the site. The objection here is having the real name as part of your private profile data, in case of a future data breach. It’s a real concern, but orders of magnitude less serious than what everybody is assuming.
Shame on Ars for the misleading clickbait headline.
Agree that it’s misleading, but to add there is another significant concern given how glassdoor is already “pay to win” from the companies perspective: they could just offer identifying the users as a paid service.
It would be digging their own grave if that starts happening, but that doesn’t seem to be stopping many companies…
You mean digging it even deeper than they already did with this?
You mean, “They are not currently revealing user names on the site.” This may easily be the first temperature increment in a frog-boiling process.
(Cynical? Yes, but the world keeps reinforcing that attitude.)
Agreed, but the article title implies that they are in fact currently revealing names, which is just not the case.
I’m more concerned that the company decided it was OK to meld the “From:” line of her email (asking for support) into her profile. If they think that’s an appropriate way to handle PII, I don’t trust them.
What they’re actually doing is super shady, and reason enough to cause concern without exaggerating.
It’s not that, its the risk they could get subpoenaed and then they have to turn over the CSVs that could identify users inadvertently.
Financial institutions who are currently having data breaches. This is the worst time to couple PII data So tightly.
The moment Glassdoor gets hacked, it’ll be absolute shit show for whistleblowers.
This doesn’t really make it any better though, IMO
You really don’t think “we store your username and haven’t revealed it” is any better than “we store your real name and did reveal it”?
I swear some people are just contrary.
No they’re not
For a supposedly anonymous site that’s going to be a target from both hackers and companies looking to reveal that data, I’d say it’s not really any better, just delayed. All it takes is someone finding a SQL injection vulnerability on the site to scrape the user database, or a court to rule that they have to turn that data over to a company looking to go after an employee, or even just someone with the right access at the company clicking the wrong link
If you want to be anonymous, the first step is to not give people your name or other PII