I went in to delete mine. Was forced to put in my real name and current employer without any way to opt out. So for a short brilliant moment I was Bobo Bobolicious of Bob’s Boat Oars

  • Optional@lemmy.world
    link
    fedilink
    arrow-up
    104
    ·
    10 months ago

    So the platform that allows anonymous signup but requires submission of information about your employer or salary to access anything but the very basics is determined to dox you.

    Fuckin’ genius.

  • sugar_in_your_tea@sh.itjust.works
    link
    fedilink
    arrow-up
    68
    arrow-down
    1
    ·
    10 months ago

    I don’t know if I have an account, but this is a good reminder to go through and review all of my accounts (everything’s in my password manager). I have way too many, so I could probably trim them.

    Thanks for the reminder!

    • Churbleyimyam@lemm.ee
      link
      fedilink
      arrow-up
      14
      arrow-down
      2
      ·
      10 months ago

      1 device: Keepass

      2 or more devices Keepass + Syncthing

      2 or more devices & extremely easy for new users: Bitwarden.

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        arrow-up
        5
        ·
        edit-2
        10 months ago

        That works too. I have 4 devices (laptop, desktop, work computer, phone), and sometimes need to login on a device that’s not mine. I use Syncthing for other things, but Bitwarden has some nice features (e.g. organization to share passwords with my wife), so I stick with it.

    • youmaynotknow@lemmy.ml
      link
      fedilink
      arrow-up
      8
      ·
      10 months ago

      Its a long journey, but totally worth it. When I chose to go fully self-hosted, I had around 1,200 accounts and passwords. First I used a temporary fake emailnsite to change my email and all the personal data I could from all the sites I wanted out of my life, then closed each account. Did a checkout wherever I could too. Then went into each account I wanted to keep where I was using a gmail address, changed my email to an alias (proton mail) and created a new random password for each (Bitwarden self-hosted). I’m down to about 100 accounts, including everything in my 2 jobs. The level of freedom I feel is unspeakable.

        • youmaynotknow@lemmy.ml
          link
          fedilink
          arrow-up
          7
          ·
          edit-2
          10 months ago

          https://temp-mail.org/en/ That site, bitwarden (self-hosted preferably, but an account with them works too), and you’ve got all the tools you’ll ever want. If you also want to “change” your phone number on the sites you’re leaving (that’s always a good idea as well), you can try https://quackr.io/ but I’m not sure how good it is. I just found that site, and honestly can’t remember what I used for that. All I remember is that it was a free trial of an app for 7 days, and I made sure to finish that before the trial was over. And I’m no sensei, call me Master “4th run of Horizon Zero Dawn” 🤣🤣. Just kidding, I’m just a guy that, like most of is, got tired of all the BS out there these days. I am, though, on my 4th run of that game. Good luck man, you won’t regret doing this.

    • bobs_monkey@lemm.ee
      link
      fedilink
      arrow-up
      4
      ·
      10 months ago

      What’s a good multiplatform password manager these days? I’ve been meaning to move away from LastPass for forever (and update my passwords in the process), I just haven’t found the time to sort through all of that.

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        arrow-up
        38
        ·
        10 months ago

        I really like BitWarden. Benefits:

        • open source - can even host your own storage server if you want (e.g. vaultwarden)
        • security audited
        • free - has paid tiers, but you probably don’t need them
        • apps - Desktop (Linux, Windows, macOS), browser extension (basically all of them?), mobile, command-line, web app

        It has some neat features and hasn’t annoyed me too much yet.

      • electricprism@lemmy.ml
        link
        fedilink
        arrow-up
        10
        arrow-down
        2
        ·
        10 months ago

        Say what you want about old timers but [ Notebook and Pencil ] has a 100% success rate if the attacker doesn’t have physical access.

        • catloaf@lemm.ee
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          1
          ·
          10 months ago

          Actually, that would make it easier to fall for a phishing page. My browser extension will only offer to fill example.com. If I’m on exarnple.com, it won’t. This makes me say “hmm, why no match for this page? ah! the domain is different”. With a notebook, I’d happily type the password in just the same.

          • electricprism@lemmy.ml
            link
            fedilink
            arrow-up
            2
            arrow-down
            5
            ·
            10 months ago

            PEBKAC isn’t really an argument greater than a Strawman. If you’re saying operators can’t be trusted to be competent you might as well argue that these people shouldn’t own computers or cellphones, or kitchen knifes or other things that require a minimum competence.

        • bobs_monkey@lemm.ee
          link
          fedilink
          arrow-up
          4
          ·
          10 months ago

          Sure, but that’s where the cross platform comes in, because I’d rather not have to lug said notebook around with me.

          • electricprism@lemmy.ml
            link
            fedilink
            arrow-up
            5
            arrow-down
            3
            ·
            10 months ago

            Convenience and Security are different goals. You can either put security before or after convenience.

            • bobs_monkey@lemm.ee
              link
              fedilink
              arrow-up
              1
              ·
              10 months ago

              I’m gonna go for taking reasonable action of fortification and then try my luck.

              And negative, usable security is a delicate balance of security and convenience. It employs various layers of usable redundant security methods that keep things to the best possible and reasonable level of security available, while also maintaining useful defense. If I were doing anything rendering me a target of a malicious actor, that’s a different story. But run of the mill individual passwords for each website/service coupled with 2FA along with password database encryption is enough to keep a nobody like me reasonably comfortable.

        • 4am@lemm.ee
          link
          fedilink
          arrow-up
          3
          arrow-down
          1
          ·
          10 months ago

          I’m not typing a 64-character random string from a notepad everytime I log in somewhere tho

        • GustavoFring@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          10 months ago

          And an encrypted vault probably has a near 100% success rate even if the attacker has access to it given a sufficient vault password.

            • youmaynotknow@lemmy.ml
              link
              fedilink
              arrow-up
              2
              ·
              10 months ago

              I get it, and I’m sorry that I cake across as insensitive to that. Reading my comment again, I can see that I sounded just like an “Arch Master Race” Looney. On the other hand, none of us knew how to self-host, but each of the ones that do it now, learned. It’s about privacy and how much you want to move away from our dependence on big tech (privacy). You could start with something as simple as SyncThing on your computer, and slowly scale from there as you learn. I would even argue that you could use something like sync.com, only to start at least segregating who could potentially have your data, my understanding is that they run a zero-knowledge model, even for the free tier. More importantly, suggesting to others to use Apple, Google, Microsoft or any of the other huge offenders out there, you could be looked down upon as a troll by in these privacy instances. I hope you can get away from Apple’s grasp as much as possible at some point, and feel free to come and ask, many of us have already walked the rockiest roads to that freedom, and we’re more than willing to share and help. Good luck.

              • WhiteHotaru@feddit.de
                link
                fedilink
                arrow-up
                2
                ·
                10 months ago

                Thanks for the advice!

                My Apple devices are from work and we are able to use them privately with admin rights. On my private account I have mostly open source software like Quodlibet for my music collection, Firefox, Inkscape, and so on. My Mailaccount is from a small German privacy by design provider. I have a Synology NAS I run Paperless NGX and Jellyfin on. I switch Operating systems regularly.

                I think I am well set up 😁.

            • fosstulate@iusearchlinux.fyi
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              9 months ago

              I question whether a lot of people even need sync.

              Passwords in general don’t change for long periods of time. Really the only rationale for doing so is confirmed or suspected compromise (two-factor processes make this rarer still). It doesn’t strike me that an almost permanently static input merits regular synchronization.

              The alternative is doing a one-off manual sync (copy and paste) between two local DBs, then locally moving one of them to the target device. Zero online connectivity has to dramatically reduce attack surface. Is five minutes’ maintenance per year an unacceptable convenience penalty to pay?

  • Zachariah@lemmy.world
    link
    fedilink
    arrow-up
    39
    ·
    10 months ago

    I really liked Glassdoor when I first used them to find out salaries. Since “pivoting” and adding the fishbowls or whatever, the site has been unpleasant to use. Reason this users experience makes me sick. I just deleted my account even though I doubt it’ll make a difference. Maybe something decentralized or open source will come along to take its place. Or maybe more laws can be passed to require listing salaries on job listings.

    • tarius@lemmy.ml
      link
      fedilink
      arrow-up
      7
      ·
      10 months ago

      I’ve been using comprehensive.io for salaries. Its not as good as Glassdoor for data but, its free and gets the job done for me. Also, layoffs.fyi when I feel like getting depressed

  • SuperSpruce@lemmy.zip
    link
    fedilink
    arrow-up
    36
    arrow-down
    3
    ·
    10 months ago

    Glassdoor is in my top 10 least favorite companies of all time, right behind Nestle and Big Oil, scoring an overwhelmingly negative opinion by me, meaning that I wish they would crash and burn and I’d be willing to sabotage this sh*thole company wherever possible.

    This business is everything wrong with 21st century tech companies. They do nothing good and everything bad. They hide information from the public by forcing an account. You cannot bypass by using uBlock origin’s features. When you make the account, they force you to give them literally all of your personal information with zero way to stop them from selling it to hundreds of shady data brokers despite them telling you that you can opt out.

    Unfortunately, they got me. I really really wanted to find the salary of a job, and I was forced to make an account. I got irrationally angry, and gave them EVERYTHING, including all cookies. Now they got the loot, I got nothing other than a thousand eyes prying on me.

    The door is certainly glass on the bathroom stalls but made of hard steel to reach what should be a library.

      • Sean@infosec.pub
        link
        fedilink
        English
        arrow-up
        1
        ·
        9 months ago

        Except the person in the linked article contacted Glassdoor and Glassdoor added the name they gave support to their account.

        So, worst they can do is dox you and make things worse. But go off.

  • auth@lemmy.ml
    cake
    link
    fedilink
    arrow-up
    28
    ·
    edit-2
    10 months ago

    I created my Glassdoor account about ten years ago. The only information they required at the time was an email address

    An email address is usually also directly linked to your identity… I wish more companies would not require it to signup… I do have throwaways and email accounts created using Tor though.

    • Tangent5280@lemmy.world
      link
      fedilink
      arrow-up
      11
      ·
      10 months ago

      anonaddy, firefox relay, or something similar might be your solution. Many email providers provide temporary mails and permanent aliases as part of their subscription.

      • auth@lemmy.ml
        cake
        link
        fedilink
        arrow-up
        3
        arrow-down
        4
        ·
        10 months ago

        I’m not going to pay for fake email and 6 email addresses isnt enough (firefox relay)

    • DeadNinja@lemmy.world
      link
      fedilink
      arrow-up
      7
      arrow-down
      1
      ·
      10 months ago

      And if you wsnt a FOSS option for unlimited email aliases - Duckduckgo is a good option.

        • DeadNinja@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          10 months ago

          Not an email service per se, but rather an email-forwarding service, and offers unlimited duck [dot] com aliases with their browser extension and/or mobile app.

          I have used their email forwarding service for a while (it is quite decent) before moving over to Firefox Relay.

      • auth@lemmy.ml
        cake
        link
        fedilink
        arrow-up
        3
        arrow-down
        6
        ·
        10 months ago

        I’m not going to pay for fake email and 6 email addresses isnt enough (firefox relay)

        • can@sh.itjust.works
          link
          fedilink
          arrow-up
          6
          ·
          edit-2
          10 months ago

          Pay? I’m just testing out the service now with one for free.

          ETA: you get 5 free email masks or $1-2/month for unlimited.

      • auth@lemmy.ml
        cake
        link
        fedilink
        arrow-up
        3
        arrow-down
        1
        ·
        10 months ago

        Wakanda

        first time I hear about that, obviously it needs to be a real thing.

  • Midnitte@beehaw.org
    link
    fedilink
    English
    arrow-up
    22
    arrow-down
    1
    ·
    10 months ago

    They also force you to input your current job and wage, despite the fact, that maybe you’re the only person with that job title, so a company would know exactly who reported the wage/review.

    • bl4kers@lemmy.ml
      link
      fedilink
      English
      arrow-up
      4
      ·
      10 months ago

      I was under the impression they only show bands when the number of people with the same title is low

  • MonkderZweite@feddit.ch
    link
    fedilink
    arrow-up
    13
    ·
    10 months ago

    Substitute with “-” or “xyz” if forced. They should know you don’t want to provide that data.

    • llama@midwest.social
      link
      fedilink
      English
      arrow-up
      13
      ·
      10 months ago

      My company blames me when people fill out forms with junk data just to get to what was already a public link, then I have to go in the CRM every morning and delete a dozen “your moms” and “nunyas”.

      • Scrollone@feddit.it
        link
        fedilink
        arrow-up
        5
        ·
        9 months ago

        I filled the form Reddit sent me for their IPO with junk data. I hope many other people will do the same.

  • WarmSoda@lemm.ee
    link
    fedilink
    arrow-up
    8
    arrow-down
    4
    ·
    edit-2
    10 months ago

    Lots of accounts ask for name and other proof. Credit cards, id, etc.

    Sadly it’s the norm now.

    • auth@lemmy.ml
      cake
      link
      fedilink
      arrow-up
      4
      arrow-down
      1
      ·
      10 months ago

      laws need to be created for making this illegal, unless it is absolutely required for providing you the service.