I just received the following email a few minutes ago, reprinted in original below. It's a long one, but for any of this to make sense, you should read it. It's worth it, I promise. :)
Dear Jason C. McDonald,
There’s no other way to put this--I screwed up badly. On Friday evening, I sent an email to you about a new feature called public Triplebyte profiles. We failed to think through the effects of this feature on our community, and made the profiles default public with an option to opt out. Many of you were rightfully angry. I am truly sorry. As CEO, this is my fault. I made this decision. Effective immediately, we are canceling this feature.
You came to us with the goal of landing a great software engineering job. As part of that, you entrusted us with your personal, sensitive information, including both the fact that you are job searching as well as the results of your assessments with us. Launching a profile feature that would automatically make any of that data public betrayed that trust.
Rather than safeguarding the fact that you are or were job searching, we threatened exposure. Current employers might retaliate if they saw that you were job searching. You did not expect that any personal information you’d given us, in the context of a private, secure job search, would be used publicly without your explicit consent. I sincerely apologize. It was my failure.
So, what happened? How did I screw this up? I’ve been asking myself this question a bunch over the past 48 hours. I can point to two factors (which by no means excuse the decision). The first was that the profiles as spec’d were an evolution of a feature we already had (Triplebyte Certificates--these are not default public). I failed to see the significance of “default public” in my head. The second factor was the speed we were trying to move at to respond to the COVID recession. We’re a hiring company and hiring is in crisis. The floor has fallen out on parts of our business, and other parts are under unprecedented growth. We've been in a state of churn as we quickly try various things to adapt. But I let myself get caught in this rush and did not look critically enough at the features we were shipping. Inexcusably, I ignored our users’ very real privacy concerns. This was a breach of trust not only in the decision, but in my actual thought process. The circumstances don’t excuse this. The privacy violation should have been obvious to me from the beginning, and the fact that I did not see this coming was a major failure on my part.
Our mission at Triplebyte has always been to build a background-blind hiring process. I graduated at the height of the financial crisis as most companies were doing layoffs (similar to what many recent-grads are experiencing today). My LinkedIn profile and resume had nothing on them other than the name of a school few people had heard of. I applied to over 100 jobs the summer after I graduated, and I remember just never hearing back. I know that a lot of people are going through the same thing right now. I finally got my first job at a company that had a coding challenge rather than a resume screen. They cared about what I could do, not what was on my resume. This was a foundational insight for me. It's still the case today, though, that companies rely primarily on resume screens that don’t pick up what most candidates can actually do--making the hiring problem much worse than it needs to be. This is the problem we're trying to fix.
We believed that we could do so by building a better Linkedin profile that was focused on your skills, rather than where you went to school, where you worked, or who you knew. I still believe there's a need for something like this. But to release it as a default public feature was not just a major mistake, it was a betrayal. I'm ashamed and I'm sorry.
Triplebyte can’t function without the trust of the engineering community. Last Friday I lost a big chunk of that trust. We’re now going to try to earn it back. I’m not sure that’s fully possible, but we have to try. What I will do now is slow down, take a step back, and learn the lessons I need to avoid repeating this.I understand that cancelling this feature does not undo the harm. It’s only one necessary step. Please let me know any other concerns or questions that I can answer (replies to this email go to me). I am sorry to all of you for letting you down.
Sincerely,
-Ammon
An Issue of Trust
Honestly, when I saw the announcement earlier about Triplebyte profiles going public by default, I didn't think anything of it. I've got too much else going on. But reading this now, I can imagine the shock, horror, and panic of many Triplebyte users. Public-by-default profiles on a hiring platform are a terrible idea.
And yet, despite this obvious misstep,Triplebyte just earned more trust in my eyes from this!
Everyone makes mistakes, sometimes huge ones. We're going to screw up sooner or later. Unfortunately, the trends in business surrounding mistakes is to do at least one of four things:
(1) Ignore the mistake and forge ahead.
(2) Quietly reverse the decision and hope no one notices.
(3) Make excuses for the mistake, or if all else fails, blame someone else.
(4) Do something else to "cover up" the mistake and make everyone forget it happened.
But Triplebyte's response, and specifically Ammon Bartram's response, is notable because he took immediate and total responsibility for the mistake! Triplebyte cancelled the problematic feature at once, and then made a public, no-excuses apology. Although Ammon offered some explanation on how the mistake happened, he refused to use those as excuses.
I'm sure there will be consequences to this mistake. Some users will probably leave Triplebyte and never come back. Yet, this apology has done more to repair the damage than any excuse or cover up ever could. It proves that Triplebyte's leadership, and Ammon Bartram in particular, has integrity, and is willing to assume full responsibility for decisions and mistakes. That's a true leader.
As developers, designers, project managers, and leaders, I think we all can take note.
Elements of a Real Apology
This letter is such a tremendously good example, but I'll break down the essential parts:
Take Ownership. Ammon makes it clear in the first paragraph, this was his mistake before anyone else's. He doesn't look for someone else to blame.
Explain the problem. There's no attempt to cover up or make the mistake seem less serious. Ammon is acknowledging the harm that was done.
Offer answers, not excuses. Ammon is offering insight into how the mistake happened. He's not trying to protect his image in the process.
Outline the path forward. What steps have been taken to mitigate the problem? What's next? In this case, Triplebyte has removed the problem feature, and will focus on earning back trust.
Be genuine. This is perhaps the most important factor to a good apology! I know this was a cover letter send to every Triplebyte user, but it's no less authentic. Ammon is personally apologizing, and that means everything.
Where Do We Go From Here?
This has led me to trust Triplebyte more, not less. Yes, they made a huge mistake, but I recognize that can happen to any company. The important thing is, they owned it, apologized for it, and then made it right at any cost to themselves.
That's someone I can trust with my data.
Let's all try to be a little more like Ammon Bartram. A genuine apology goes a long, long way.
Top comments (8)
I think the apology is fine (at least they apologized rather than the usual corporate non-apology we see) but they will need to take more concrete measures to regain trust. They only went back on this because of the massive backlash on various social networks.
For Triplebyte job applicants are the "products" whereas the companies which pay for the service are the customers. Given such incentives, it is natural to start introducing measures which are hostile to the job applicants.
A mark of Silicon Valley culture has been to ask for forgiveness, not permission especially regarding user data. And most times, the companies get away with it. If the company is big, it can get away with a few days of bad news (looking at you Facebook). I will remain skeptical of Triplebyte for the near future.
While I generally agree on a broad level, I think the critical difference here is twofold:
(1) Triplebyte doesn't have a history of these sorts of mistakes, to my knowledge. (Contrast with, say, Zoom.) Perfection is unattainable; all anyone can ask for is best effort, and appropriate response to mistakes. Yes, this is a big mistake, but it's not a pattern.
(2) It's a plausible mistake to make, not just the usual "ask forgiveness, not permission". When I first saw the feature announced, I (a privacy advocate) overlooked the problem. "Oh, cool, that'll make job searches easier for users," I thought. I'm stressed already, so it wasn't until I saw this email that I realized the problem. I really think they tried to do something for the users, and missed a REALLY BIG facet.
Consider for a moment if you made a mistake like this in one of your projects. You think it's a great feature...until you go on social media (the primary means of getting feedback) and find your users in distress about it. Did you "ask forgiveness, not permission"? No! You merely found out about the mistake because of user feedback that came through the usual channels, of which social media is a primary component. (We don't know if they received direct emails, nor is it wise to assume that their response wasn't triggered that way instead.)
I think it's reasonable to be fair here. They made a mistake — yes, a big mistake, but no bigger than anyone in their position is capable of — and immediately responded in the only correct way. What more could anyone even do once the mistake has been made?
I'm sure it will take time for trust to be regained for many. As Ammon stated in his letter, this is just a first step. They've already made the concrete step of immediately cancelling the feature. Triplebyte doesn't expect that this will make everything better, as many companies would. But it's the only good place to start.
I would agree if the response was immediate. They responded after over 2000 people deleted their accounts. It was more a reaction to extremely overwhelming feedback on Hacker News (the original post has >1500 upvotes).
Here's their CEO defending their plan on that post:
Summing up, a string of red flags for me:
Of course other companies have done worse, not back-tracked and sent out non-apologies. But that is not a very high bar for a company which claims to care for developers. That's why I will be skeptical of Triplebyte for the near future.
Well, I see his thought process behind the feature, which he echoed in his apology letter. I thought much of the same about it at first.
I can't really say I share your assessment though, as there are a lot of assumptions of bad faith inherent. Here's a few thoughts in response:
Developers, as in the team itself? Source if so? Or do you mean "from users"? If so, mistake, but there's also a balance between getting user approval for every idea (bad) and getting their approval for certain things (good).
Agreed, mistake. He didn't disagree.
As opposed to no deadline, the industry standard.
At the weekend, when people would be more likely to check their personal emails, which are the most likely addresses to register with. That's not a bad thing.
As opposed to what? There are always complainers about even the best idea, and it isn't always easy to weed through user feedback. Once it became clear there were a lot of concerns, they reconsidered and immediately backed off. Instead of moving forward anyway, like most of Silicon Valley.
It almost sounds like the bar you're setting is perfection, if I'm honest.
I meant users not the development team
No. All I explained were my reasons why i will not trust Triplebyte more after this controversy.
I can broadly understand where you are coming from - a company pulls a bad move, is widely criticized, rolls it back and apologizes. Hence, you trust it more after the incident.
As for me, trust lost is more difficult to regain as I held Triplebyte to a higher standard compared to the rest of the industry. Let's just agree to disagree here.
Wise words there, my friend. This is indeed the unfortunate reality we live in.
If there is any consolation, at least the apology was genuine, and I find that commendable at the very least.
Wow, what an inspiring email. I remember hearing that restoring a relationship often leads to higher customer satisfaction as opposed to customers who have never had an issue.
I totally agree! Ammon's email was solid, genuine, and heartfelt.