You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
hey y'all. was reading around in the slack when i saw the thread on resume leaks.
this is a HUGE problem. not just from the security side (data confidentiality being breached) - but also from the trust side (people not trusting ColorStack to host their resumes).
as someone who literally keeps all my information private and locked-down for this reason alone (i've had my fair share of skids, leakers, et al) - i wanted to open up a space here to think about what oyster could do to help. not prescribing one fix, but laying out some directions we could explore:
for a more accountability side:
- invisible or visible watermarking or tagging of resumes so if they leak, we can trace them back to who downloaded/shared
- logging who opens a resume link (vs just dropping the file in slack) - oyster could be the client for #career-resume-reviews
on an access control level:
- instead of raw uploads, oyster could post a managed link where access can expire or be revoked
- possibility of a simple web-based viewer instead of direct file download
- like what proctoring tools do, track screenshots, loss of focus etc.
to facilitate safety and retain trust:
- enforce “privacy mode” that hides emails/phone numbers BEFORE posting
- give members the choice of how much info to expose depending on comfort level
- communicate clearly in the UI what protections are (or aren’t) in place
- set expectations so members know what happens once they share their resume
Note
none of these are silver bullets, but i think it’s worth having the convo. colorstack was meant to make resume sharing safer + easier, and right now leaks are undermining that. would love to hear what others think about a direction the team can take and what’s realistic to build....
hey y'all. was reading around in the slack when i saw the thread on resume leaks.
this is a HUGE problem. not just from the security side (data confidentiality being breached) - but also from the trust side (people not trusting ColorStack to host their resumes).
as someone who literally keeps all my information private and locked-down for this reason alone (i've had my fair share of skids, leakers, et al) - i wanted to open up a space here to think about what oyster could do to help. not prescribing one fix, but laying out some directions we could explore:
for a more accountability side:
- invisible or visible watermarking or tagging of resumes so if they leak, we can trace them back to who downloaded/shared
- logging who opens a resume link (vs just dropping the file in slack) - oyster could be the client for
#career-resume-reviewson an access control level:
- instead of raw uploads, oyster could post a managed link where access can expire or be revoked
- possibility of a simple web-based viewer instead of direct file download
- like what proctoring tools do, track screenshots, loss of focus etc.
to facilitate safety and retain trust:
- enforce “privacy mode” that hides emails/phone numbers BEFORE posting
- give members the choice of how much info to expose depending on comfort level
- communicate clearly in the UI what protections are (or aren’t) in place
- set expectations so members know what happens once they share their resume
Note
none of these are silver bullets, but i think it’s worth having the convo. colorstack was meant to make resume sharing safer + easier, and right now leaks are undermining that. would love to hear what others think about a direction the team can take and what’s realistic to build....