←back to thread

Employees Describe an Environment of Paranoia and Fear Inside Automattic

(www.404media.co)
199 points orangeteacups | 1 comments | 17 Oct 24 18:04 UTC | HN request time: 0.201s | source
Show context
lapcat ◴[17 Oct 24 18:32 UTC] No.41872346[source]
> In July, before the latest WP Engine blowup, an Automattic employee wrote in Slack that they received a direct message from Mullenweg sending them an identification code for Blind, an anonymous workplace discussion platform, which was required to complete registration on the site. Blind requires employees to use their official workplace emails to sign up, as a way to authenticate that users actually work for the companies they are discussing. Mullenweg said on Slack that emails sent from Blind’s platform to employees’ email addresses were being forwarded to him. If employees wanted to log in or sign up for Blind, they’d need to ask Mullenweg for the two-factor identification code. The implication was that Automattic—and Mullenweg—could see who was trying to sign up for Blind, which is often a place where people anonymously vent or share criticism about their workplace.

> “We were unaware that Matt redirected sign-up emails until current Automattic employees contacted our support team,” a spokesperson for Blind told me, adding that they’d “never seen a CEO or executive try to limit their employees from signing up for Blind by redirecting emails.”

replies(4): >>41872397 #>>41872717 #>>41873208 #>>41873512 #
ano-ther ◴[17 Oct 24 20:37 UTC] No.41873512[source]
> Blind requires employees to use their official workplace emails to sign up, as a way to authenticate that users actually work for the companies they are discussing.

That’s a pretty bad design decision. It’s also not a good idea to access such forum from you work computer, even when not using the company email.

replies(1): >>41873562 #
romanhn ◴[17 Oct 24 20:43 UTC] No.41873562[source]
> That’s a pretty bad design decision

How would you design it?

replies(2): >>41873621 #>>41874101 #
dboreham ◴[17 Oct 24 21:39 UTC] No.41874101[source]
Not parent but here's a couple of not fully thought out ideas:

1. Have the signer upper send a provided email from their own Gmail account to their own company account. Then show the message's DKIM headers to blind. Now Matt has to find emails from employees personal mailboxes to their corporate mailboxes but he can't tell what the content is about.

2. Employ a graph of email forwarders (humans) selected from existing blind users. Use them to forward challenge email payload to the signer upper. Now Matt has to find emails from anyone to anyone and still doesn't know what the content is about.

replies(1): >>41874385 #
1. delfinom ◴[17 Oct 24 22:20 UTC] No.41874385[source]
>Then show the message's DKIM headers to blind.

You realize that Blind isn't exclusively for software engineers right? Lol