I almost fell for a very sophisticated phishing attack last December and most of the "verifiable" information was from my LinkedIn account.
For each role I had described some of the tasks and accomplishments and this was used in the phishing message.
Since then, I removed my photo, changed my name only to initials and removed all the role-specific information.
It's a bit of a bummer as I'm currently in the process of looking for a new job and unfortunately having a LinkedIn profile is still required in some places, but once I find it, I'll delete my profile.
I'm routinely shocked how biased people I work with are against individuals without a linkedin page. So many hiring managers across 15 years in my industry won't consider people without pages. One guy goes on rants how people are "sketchy" if they don't have a verified page and a lot of skill endorsements and testimonials! He'll pull up our vendors pages and check them out during meetings, complain if it isn't available or complete. I used to keep mine very minimal and locked down but I felt pressure from peers to flesh is out and keep it public which I hate.
For remote jobs with remote interviews, not having a LinkedIn page or having a LinkedIn page full of generic information that can be disproven by a quick background check are common traits of scam applicants.
A friend’s employer started requiring more verification after they hired a group of remote workers who would some times connect from North Korean IPs when they made a mistake with their VPN.
somewhat off-topic: I had an interview for an Engineering Manager position with the Head of Engineering.
They had some leet code problem prepared and I tried solving it and failed.
During the challenge, I used some python string operand (:-1) (and maybe some other stuff) that they didn't knew.
In the end, I failed the challenge as I didn't do it in the O(n) way...
These kind of stupid challenges exemplify what's wrong with hiring these days: one interviewer, usually some "vp"/"head of" decides what is the "correct" way to write some code, when they (sometimes) themselves couldn't write a line of code (since they've been "managers" for a millennia)
ps. they actually did not know what `:-1` means ...I rest my case
Were they a python engineer? I interview folks all the time in languages I don’t understand, and I ask dumb questions throughout the interview. I’ve been a professional (non-python) programmer for over a decade now and I don’t really know what :-1 means, I can guess it’s something like slicing until the last character but idk for sure.
yes, they were (theoretically) a python developer, should have mentioned this was an ML role (your guess is right, slice just before the last char)
Just to be clear: the main problem is not that they did not know what `:-1` was - there are many weird syntax additions with every version - understandable.
IMHO the problem is that there's usually a single interviewer that decides go/no go.
We all have biases, so leaving such an important decision (like hiring an EM) to one person is, (again IMHO) ...stupid .
Taking something as simple as this as an upfront, genuine experience sharing, and that their data is true.
If this test makes 50% of people fail, it's an amazing test! A nearly free way to cull half the applicants seems great. Honestly not useful for any big company, but feels great for SMEs.
Durov had long claimed he was in exile from Russia and couldn’t return and that he was a UAE/French citizen. then records leaked that showed 120 border crossings from 2016-2021 and that he still held a Russian passport. One such border crossing was a flight from St Petersburg on June 18, 2020 which happens to be the same day that Telegram was unblocked in Russia… Lots and lots of smoke..
I was hit pretty hard when Russia was trying to block telegram; I don’t buy that it was a coverup. And there is only a single (anonymous) source for that whole article.
That said, would be good to rely on no central authority and use Matrix instead; or at least put OTR/Ratchet on top of Telegram with custom clients.
TG does not seem hostile to third party clients the same way Whatsapp/Signal are.
It would otherwise serve the USA for people to prefer Signal over TG (due to jurisdiction).
I think they legitimately blocked Telegram and then Durov made a series of choices to bring it back to Russia.
Basically everything in the KI story has been verified. Durov admitted that he kept his Russian passport, he admitted that he was essentially lying about his Russian exile and regularly and freely traveled there, he hasn’t denied spending the week before Telegram was reinstated in St Petersburg which would be a no-brainer if he wasn’t really there.
As for choice of app — it again depends on your adversary. Telegram’s non-standard and home-brewed protocol has had every crypto expert asking “why? If not to…”
Lookup the name Vladimir Vedeneev and try and figure out why he’s signing Russian contracts as Telegram’s CFO and why his company GlobalNet has bragged about being the first to do DPI on backbone infrastructure while his other company Electrotelecom has FSB contracts for surveillance software.
See my other comment but Durov later admitted to basically all of that (he does travel freely in Russia, he did keep his Russian passport, the border crossing list was accurate). The signal - telegram debate has always come down to some variation of “If you trust Telegram to not allow MitM access to their servers and if the non-standard encryption they choose is secure and if you enabled the secure chat feature, it’s probably fine. Signal uses standard encryption and the messages are always encrypted so there’s no need to trust anyone.”
Which is likely why Signal is banned in Russia and Telegram is freely available.
For each role I had described some of the tasks and accomplishments and this was used in the phishing message.
Since then, I removed my photo, changed my name only to initials and removed all the role-specific information.
It's a bit of a bummer as I'm currently in the process of looking for a new job and unfortunately having a LinkedIn profile is still required in some places, but once I find it, I'll delete my profile.
reply