Uber blocks employees at work from chatting on Blind App
businessinsider.comI work at Uber. I was on the wifi yesterday. I was successfully using blind. If business insider would like video evidence, I'm happy to work with their reporters 1:1.
There's a lot of problems at the company and it's been a difficult week for many of us here. Not having access to blind is not one of them.
Hmm I downloaded it just to try yesterday and I was not able to access it from uGuest. Not sure if it's Uber or blind blocking it though.
Gee how did you get HR permission to work with the press so quickly?
This is very much like a sign that Uber again takes an old path of silencing people and problems instead of fixing toxic culture. Makes me think that they also prepare to blackmail Fowler.
Seems like they have probably already started:
https://twitter.com/susanthesquark/status/835193441814392833
This seems to be Uber's modus operandi every single time they're in trouble and it almost always seems to backfire on them, PR wise.
I'm curious though, what tipped her off? While I've worked at tech start-ups before and can believe all the behavior she outlined (because I've seen similar things myself, it's very believable) it still bothers me to continue to take someone's word at face value. I mean I do, I would trust what she says over Uber any day, but I wish more of this type of information was verifiable.
Using a throwaway for obvious reasons.
>This seems to be Uber's modus operandi every single time they're in trouble and it almost always seems to backfire on them, PR wise.
From attending all hands meetings I get the sense TK has a victim mentality and sees himself doing no wrong or Uber doing no wrong.
Since we're clearly not wrong, it has to be the critic, right? /S
To be fair, we do get some BS scandals related to surge (they turned off surge for natural disasters! They're profiting off us! They left it on, they're profiting off our misery!) but almost all of our scandals are self inflicted.
>I'm curious though, what tipped her off?
I'd wager an employee.
Employees are very angry now at leadership, and in our last few all hands / CTO speaking to everyone (something they put together just for this week I think) people questioned publicly what's been questioned in the shadows for a while.
For instance, Uber has a list of stupid "cultural values" that include values like "always be hustling" (yes, it's a direct quote) and I've been in private conversations with people who find these values obnoxious and poorly written. Never raised to management though.
But this all hands people threw these bullshit values at TK and Thuan and pointed out how bad they are, including this specific "always be hustling" value. The questioner even referenced Zootopia ("It's called a hustle, sweetheart") to skewer it.
Also it was pointed out how our perf review process doesn't reward collaboration between teams at all (hence the politicking).
Felt almost like a press conference with ace reporters fighting against an unprepared, incompetent politician. Our CTO even cried, which was a little dramatic for me.
Happy to see I'm not the only angry employee.
Thanks for the insights. Question about the inside view - do people really buy Kalanick's fake apologies/victim act at this point? We've gone through this ruse so many times, from the outside it just seems like a laughable caricature of malignant narcissism. From your comments about the CTO, I'm guessing he surrounds himself with "empathizable cover" after the classic abusive pattern (if you come after me, think about the damage it will do to the nice people around me).
Wait, your CTO cried at the all hands? Like publicly burst into tears in front of the entire meeting? I'm just curious, what did someone say to them that had that effect?
I find it fascinating that on one hand many people call what she described as standard and on the other people still call SV meritocracy. Even if you ignore sexism, the environment seemed to favor political maneuvring over skill and achievement.
In a venture capital-funded world, the primary marketable skill is capturing venture capital. Follow the money.
I don't think a whole region can really be called a meritocracy - that strikes me as a pervasive myth. It would seem that meritocracy is something that a lot of SV companies strive for, but you'll always get companies that operate like Uber where meritocracy takes a back seat to politics and posturing.
While in principle being judged by nothing by your actions is a great, well, principle, in practice "meritocracy" ends up favouring people who were already socially advantaged in some way or another (e.g. male) to elicit the actions that the meritocratic judge is looking for.
The idea sounds nice, but it ends up just reinforcing cronyism. If you belong to the right in-group, usually stratified along some social injustice, you'll display the merits that in-group wants.
the point of a meritocracy is to produce the best possible work and reward good performance, not to right real or perceived injustices. Statistically speaking, if the majority of developers are male then a majority of high-performing developers will also be male. Hiring lower-performing females to attempt to achieve balance does not fix the original issue, and it serves to harm the hiring company by choosing people based on social group rather than skill.
Solving underrepresentation issues is, in my opinion, more about changing the perception of the industry for those poorly represented groups and performing outreach at younger ages, rather than having companies hire disproportionately more women or people of colour so that their employees look more diverse. That doesn't really solve anything.
Okay, so when I object and say "cronyism" you hear "let's hire idiots just because they're women". It doesn't have to be either of these.
A simple thing you can do is publicly state, "we encourage women and other minorities to apply". And that's all. You encourage them. You don't have to give them any preferential treatment to pad your numbers (and I don't think anyone ever really does that, but a lot of people seem to be afraid that it happens). You just have to explicitly direct your invitation to them. That's enough to increase your hiring pool and give your company culture a nudge in the right direction. If you object to the alleged benefits of having a diverse staff, I can't imagine you would object to attracting more people to apply who otherwise wouldn't.
A further point I want to emphasise: what is merit? Who decides what is merit? If you think being nice to others has no merit (or is not "good performance"), then you may end up hiring toxic employees like Fowler's sexual harasser and then keep him around because of your merit metric. This will end up costing you good employees like Fowler.
I wasn't suggesting you were saying "let's hire idiots just because they're women", I was pointing out a hypothetical scenario in which meritocracy plays second fiddle. There's no need to get defensive.
I agree with your suggestion that encouraging women and minorities to apply, and ensuring that one's company culture is inclusive, is a good start. However, this doesn't really help with the core issue, which is that the number of women and minorities getting into the field in the first place is disproportionately low to their demographic representation. I'm not well-positioned to suggest why that is, being a white man myself, but until the underlying issues are solved, decrying meritocracy as promoting white men over other candidates is not a valid criticism.
Merit is for each company to decide for itself. I'm sure there are many companies, Uber included, that consider themselves a meritocracy but the way they measure individual merit just leads to toxic culture. Fowler made mention of a number of bad actors who were not fired because they were high-performers in the company's eyes - and this is a valid concern for companies that aim to be purely numbers-based in their evaluations. Personally, I'd say that there has to be a baseline of decency for an employee to be valuable at all, and that how someone interacts with others should be considered as a metric for their individual merit. Quantifying that, however, is a whole 'nother question.
> I wasn't suggesting you were saying "let's hire idiots just because they're women", I was pointing out a hypothetical scenario in which meritocracy plays second fiddle.
You suggested "if the majority of developers are mal, then a majority of high-performing developers will also be male". So far so good. Then you made the non sequitur jump to "Hiring lower-performing females to attempt to achieve balance does not fix the original issue". That's a straw man, nobody suggests that. You risk being perceived as creating an absurd hypothetical ("let's hire worse people for social justice reasons") just for the sake of winning the argument, or even believing this is the choice that's posited.
I think this is a recurring problem with these kinds of discussions, people tend to put forward very extreme views of reality where what'd be useful is to seek the middle ground, understand the problem, and then nudge a bit in the right direction.
Additionally, even the basic premise that we currently hire for merit is questionable. Of course everyone tries to hover the best and brightest, but it's easy to see see how a very homogeneous group like SV software devs might mistake group conformity for competence.
> That's a straw man, nobody suggests that.
Not directly, but one of the main attempts to address a lack of diversity in tech seems to be diversity quotas, or companies actively looking to hire more women or POC. Diversity quotas directly cause the exact issue I quoted, where the ratios of allowed hires by social group does not match the ratio of applicants. Statistically speaking, that's equivalent to agreeing to hire less-qualified individuals. Attempts to specifically hire more women or POC through outreach might help an individual company, but it's a zero-sum game of multiple companies competing for the existing small pool of candidates.
> I think this is a recurring problem with these kinds of discussions, people tend to put forward very extreme views of reality where what'd be useful is to seek the middle ground, understand the problem, and then nudge a bit in the right direction.
I think part of the issue is that you immediately devolved into hyperbole about hiring "idiots". Hiring slightly-less-than-the-top-candidate developers is in no way comparable to hiring "idiots" and your suggestion that it is is only muddying the topic further.
> Additionally, even the basic premise that we currently hire for merit is questionable. Of course everyone tries to hover the best and brightest, but it's easy to see see how a very homogeneous group like SV software devs might mistake group conformity for competence.
Of course suggesting that hires are always for merit is questionable - it's more of an ideal to aim for than an actually achievable goal.
> Not directly, but one of the main attempts to address a lack of diversity in tech seems to be diversity quotas, or companies actively looking to hire more women or POC.
[citation required]. I haven't ever seen that.
> I think part of the issue is that you immediately devolved into hyperbole about hiring "idiots".
I did not, please check who you're quoting. Regardless, I think that's overphrasing it, but it's essentially the straw man you put out.
Are you aware of Ms Fowler's allegations?
https://www.susanjfowler.com/blog/2017/2/19/reflecting-on-on...
Nothing to do (directly) with underrepresentation or "hiring lower-performing females".
I'm not suggesting it is. This discussion has kind of branched out from the issues Ms Fowler faced into a general one around diversity.
Likely an ex-colleague she kept in touch with, who tipped her that s/he had been tapped. I know I would react that way, if anyone started asking pointed questions about a friend.
True. In most such cases there is always an another side that we totally forget when looking at the victim's story.
I would give Uber a fair 50% chance unless there is strong evidence on the table.
She says in her next tweet that she doesn't know who it is or what their aims are. I doubt Uber is attempting to smear her. I don't think the people involved are that evil, but I'm pretty confident they aren't that stupid.
They previously (and probably illegally) hired a private intelligence firm to dig up dirt on their opponents in a court battle:
http://www.theverge.com/2016/7/10/12127638/uber-ergo-investi...
They did the same to intimidate journalists:
http://fortune.com/2014/11/18/uber-rides-into-new-pr-storm-o...
To be clear, in this case I think it's quite unlikely, specifically, that Uber is looking for information with an intent to discredit, disparage, or defame Susan Fowler.
> They previously (and probably illegally) hired a private intelligence firm to dig up dirt on their opponents in a court battle
What was done there seems obviously inappropriate. It's unclear to what degree the intent was (I certainly understand wanting context). The situation was obviously very different.
> They did the same to intimidate journalists
Maybe. On the other hand: http://www.huffingtonpost.com/nicole-campbell/what-was-said-... And even in the Ben Smith's account they didn't actually do it.
Why is it unlikely, given that they've done this exact thing in the past? You're entitled to think whatever you want, but you can't in good faith argue that this isn't their pattern of behavior. You're right that the circumstances are different, but the only constant is Uber underhandedly going after anyone who criticizes them.
And an editorial in HuffPo from someone who pals around with the person engaging in the abusive behaviour is a pretty weak defense. Especially since they did a similar thing before:
https://www.theguardian.com/technology/2014/nov/19/uber-inve...
> Why is it unlikely, given that they've done this exact thing in the past?
They've dug up dirt on ex employees making public accusations like this? I haven't seen any claims to that effect. As I said, I think it's unlikely because I don't think the people involved are that evil, and I am confident that they are not that stupid. If I'm proven wrong, I'll be loud about it and I'll be working some place else.
> And an editorial in HuffPo from someone who pals around with the person engaging in the abusive behaviour is a pretty weak defense.
It's not decisive. I didn't present it as such. It's still the case that even the original source describes someone in a role that doesn't deal with the press ranting about how Uber could do something. Even if we take it on face value that's a far cry from establishing that they did it, as was your assertion.
> Especially since they did a similar thing before:
This is the first I've heard of that event. Obviously, that's an inappropriate use of PII, at least. It's entirely unclear from the article whether the list "sent to make a point" was meant as a threat of disclosure or to point at some specific discrepancy between the data and the reporting. The former would be similar. The latter, a different issue.
So despite having spied on anyone who caught their fancy in the past-
https://www.theguardian.com/technology/2016/dec/13/uber-empl...
-your bar for skepticism/reproach is only cleared with proof that they've done the exact same thing before, telegraphing their intentions along the way?
Ok.
That article alleges poor controls around customer data, not coordinated action. It seems unrelated to what we were discussing, which was likelihood of Uber to - reusing my earlier phrasing - try to discredit, disparage, or defame Susan Fowler.
Well, you should still probably quit because they already send thugs to intimidate women/former employees in the way you said was unacceptable:
https://www.buzzfeed.com/charliewarzel/former-uber-worker-cl...
There's some clear differences, and it's alleged not confirmed. That said, I'll look into it.
Huffington said this time all problems will be fixed. I trust her, can we give them some time before saying 'takes an old path '.
It's fun to listen to what people say, but you really need to watch what they do.
> "Our activity at Uber has gone up 3x since they blocked us on their WiFi," Shin says.
Streisand Effect in 3... 2... 1...
It's 2017. Have we really not learned this lesson yet?
It's really not more surprising than the thought there are still new, well-funded and high profile companies that have seriously misguided ways of dealing with sexual harassment complaints.
For the same reason where even in countries where the death penalty exist, people still commit murder.
Sounds like there's a pretty simple work around, just use mobile Internet not wifi.
(You shouldn't use corporate wifi for a personal phone anyway)
Yeah, this move is just stupid. It's 2017 California, there are umpteen connectivity options.
It's literally an admission that what is written on Blind is actually true and leadership is in panic mode. The right response was to dismiss it all as gossip and act nonchalant; moving from the "laugh at you" step to the "fight you" step means they're on their way to defeat.
First time hearing of Blind, can anyone share their experiences?
(working at a startup so can't just sign up and see it myself...)
I'm on the Microsoft Blind forum as a former FTE as they don't (yet) revalidate accounts.
MS was amongst the first, or perhaps the first, Blind forum. It started off as a successor to MiniMSFT so people used it to compare comp (salaries, raises, bonuses, stock awards) since then it's massively expanded into other companies all with their own private forums, there are also forums visible to everyone.
The most popular thread in the shared Tech industry forum is "What is your age and base salary?" and it makes for some soul-crushing reading (e.g. late-20s kids at Uber SF with $200k base, $400k stock).
Back on the MS forum, it's usually layoff rumours (one regular poster who comments on layoff rumour threads claims to be in HR), people asking how to get VSA severance, and people complaining about why Skype, OneDrive and SharePoint are so terrible.
> and people complaining about why Skype, OneDrive and SharePoint are so terrible.
I'm glad that people at MS themselves complain about how awful Skype has become. This proves that there are still sane people over there, for a moment I thought that me and my colleagues who still rely on Skype (Slack has never caught on with us) are not paranoid when we complain among ourselves about it.
Pretty much everyone at the IC-level at Microsoft is well-aware of the systemic issues plaguing many products - lower management too - but these issues don't get fixed because of whatever decisions being made at the Director level (mostly of the "evil" kind, like how improving UI responsiveness won't raise profitability but adding video ads will, or how no-one will switch to OneDrive-for-Business simply because the desktop client actually works - it'll be because the sales team drove a hard bargain with an enterprise customer and now their poor users are stuck with it).
I like to think I did my part - I made small UI/UX improvements that I snuck into my official feature work (it all passed peer-review and testing, don't worry) - things like bad margins/padding around controls, something with the wrong color scheme, etc.
Can you please also fix the "escape key closes chat without any warning" feature too?
The only source of the story seems to be Blind's founder.
Can I somehow register to be an Uber employee on the app without actually being one? Would love to read all the crap employees are going through as lessons learned when I start my own company (one day). Any ideas? The blind app requires an uber.com email address. Any employees want to help out a fellow HN'er?
WTF how stupid is that? You use a company address to sign up, leaving trails within an internal mail service...
Just got the app. Apparently you just need to add your work email as your primary email on LinkedIn.
Yeah, I wondered the same thing. Verification by company email reduces spam/noise, so I understand why it's done. Probably useful to have non-employees filtered out. But there's no way I'd trust the service enough to use it. Not to mention my latent fear of a data breach/leak ruining my career.
Aren't there any company mailing list addresses someone can provide? Someone inside uber needs to have some connections with IT - could be done easily I think. No email will be sent I am assuming? Or is there a verification step where one has to click on a link? Someone who has the app should verify.
You could try spoofing your email address with the correct reply-to?
(if you do find any vulnerabilities you should of course report them responsibly)
Even in 2017, we are still not understanding that if you block something it becomes more exciting just for the fact that it was banned, ignore it and it'll die.
China's a counterexample. Their censorship efforts are pretty damn effective.
China's government has a degree of ubiquitous control that no Western company can hope to match.
What's "Blind"? Never heard of it. So far I have never encountered anything blocked internally at Uber. Nor is anyone is talking over anything secret at Uber. People normally talk in person, but there isn't even much of that going on.
This is really saavy marketing by Blind App
Well, until people awake from their righteous fervor and ask why the anonymous Blind app knows there are 2000 Uber employees using it
And god beware they start asking what Blinds business model is going to be!
Because you are required to sign up with a company email. It's anonymous for the users, not for blind.
So employees are trying to chat "anonymously" on a tech company's wifi network? Seems remarkably dumb for tech employees.
It should be assumed as a given that any company or hotel wifi network is monitored and HTTPS is quite possibly is MITMed.
An employee's personal phone wouldn't accept the certificate if HTTPS was MITMed.
If the employer uses an MDM as a precondition for email access, it might.
That's a hard stop for me; no employer may have that degree of control over anything I own. I won't even configure an account with Exchange's protocol, because that enables remote device wipe.
If an employer wants to issue me a company phone, that's fine. If an employer wants to enable IMAP, that's fine. Otherwise, I won't have mobile access to email, because the risk is unacceptable. And if that's not fine - well, it's been great talking with you, and I appreciate your time, but I'm afraid this position doesn't seem like a good fit after all.
I like seeing more awareness of this! It's always depressing to hear people say that they don't care or that it's not a big deal.
There are various third party applications that will allow you to use Exchange protocols without the OS integration: they'll let the Exchange server admins wipe the application's container/data rather than the entire phone. I think it's a much fairer implementation.
The requirement to agree to honor the remote wipe request is optional at the server. That is to say, you can use the EAS protocol and not also require remote wipe, if you want to. In theory you could also interpose an EAS proxy between your device and the server that pretended to honor the remote wipe request but not not pass it on to the device (unless the server is setup to check client certs).
Source : I have implemented this protocol.
These days the risk of an accidental wipe seems so trivial to me, since every app (photos, music, notes, docs, podcasts etc) I use is of the local-sync-backed-by-cloud variety.
So I guess I can understand not trusting the IT department but I worry very little about losing the data on the device.
Of course if you're not sold on the cloud-backed model because of privacy concerns and you prefer treating your device itself as a source of truth and a secure store then I can understand the attitude.
You don't really have to MITM, you could just check the logs of the DNS server that the network DHCPs to the WiFi clients for queries to Blind's IP addresses.
This doesn't tell you the content but if an employee uses the app. Make of this what you want but given Uber's previous actions I don't think they would just ignore this.
I don't use the app, but messages appear to be timestamped, that's probably enough to deanonymize many conversations.
> This doesn't tell you the content but if an employee uses the app
It appears that one has to register using a corporate email address, so it's trivial to figure out which employees are using this service.
This will definitely help fix things.
What makes Uber uniquely asshole-like?
This is hopefully a prelude to a Streisand effect type situation here, but my biggest reaction to this came in the ad below the piece: an "article" describing the reason behind the F and J bumps on any keyboard. Does there really need to be an article about that? It seems like common sense, or something you might learn in any typing exercise ever.
There are probably enough younger people around who've rare even used a physical keyboard, let alone have formal touch-typing training. I imagine mentioning the 'home row' would usually just get you a blank stare.
Do they no longer teach typing as a mandatory class in ~6th grade? It seems even more relevant now than 16 years ago.
Would you teach typing on a physical keyboard, or on a virtual phone keyboard? A lot of young people don't use laptops/desktops.
They didn't when I was in 6th grade, and that's now quite a few more than 16 years ago.
They would have to be pretty young. I learned touch typing in public school ~20 years ago.
>Many do on an anonymous chat app called Blind.
...
>And over 2,000 Uber employees in total use Blind, says Blind's head of operations Alex Shin.
Jebediah O. Springfield! As the "head of operations" at an "anonymous chat app" you have ONE JOB, Alex Shin! And you just blew it.
(To be explicit, I am saying Alex is way out of line for disclosing this information. An anonymous app should not have such information revealed even in the aggregrate - you can see what just happened as a result. Instead his public, and private, statements should have been "We do not disclose - confirm or deny - any users who may or may not use Blind, their affiliations or locations.")
In point of fact I do agree with sharing this news, however it should be presented disclosing as little information about employees as possible. Plus the app isn't doing a very good job if its traffic is easily distinguishable from other apps' traffic (technically making it possible for Uber to take the actions we've just read about, or directly monitor based on telephone MAC addresses, the exact employees using the app and the timing of their doing so).
But there's not so much that can be done about that. However, revealing the number of users at a company is not information that should be given out, in my opinion.
This really stood out to me as well. A company that, say, runs a non-anonymous social network for businesses shouldn't give out numbers like that (at least, not without their customers' permission)... a company running a supposedly-anonymous place for employees to chat giving out that info is a serious breach of trust. I was curious about Blind (though certainly not curious enough to give it my LinkedIn credentials), but after reading that line, I wouldn't even remotely consider using this product.
What if Alex was bluffing? An average Uber employee reading this would think that some massive congregation of his/her peers is happening on Blind and would rush to install it.
Very interesting, though as an officer I'm not sure if he's allowed to make specific numerical misstatements like that. :)