Surely this is illegal
Doesn't the data protection act cover this? you are entitled to a private life. Any company that tries that with me is going to get told to piss off
When I wrote this blog about how a recent research study correlated social network behavior with employee success, I speculated that we’d soon see employers trying to circumvent Facebook’s privacy policies in order to get a good look at your Facebook pages. Well, it turns out that some employers aren’t happy with just seeing …
Almost-as-important: Would you hire someone who freely gives out their usernames and passwords because someone asks for them?
But yeah. Do not ask for my password. Because the reply "Take a hike!" may cause offence.
In fact, if you even ask for it (whether I refuse or not), I will be reporting you to the Department of Work and Pensions and the Data Protection Registrar. Aside from the fact that actually GIVING you that password is a breach of Facebook's policies.
I think my actual, considered, reply in an interview would be:
"I'll do you a deal. You retract that question now, and don't ask any other candidates the same question, and I'll pretend I never heard it."
Should be shocking enough and warning enough for them to stop doing it (unless they are terminally stupid), enough to politely reassure an employer who *WAS* just testing you to see if you're stupid enough to give out logins just by being asked, and clear enough that - actually - I do understand employment law and if you pursue that course there will be trouble, job or not, and I *will* be asking other candidates if they were asked it.
Yeah, the password is the problem.
If my boss (or potential boss) wants to friend me on FB, that's cool. And I'm not stupid enough to post stuff online which I wouldn't IRL. That's why I use my real name in online forums (or often "Grab" as a shorter version thereof dating from uni days, and Google can track that to me very easily), bcos there's nothing I've published that I want to hide. So hit FB and fill yer boots - read my posts, look at pictures of my family and pets, and check links I've shared.
But my password? That gives you access to my *private* messages, as well as access to add/delete stuff and to add/delete friends without permission. And many people will use the same password across multiple accounts, so this could easily also be giving access to email, eBay, online stores, Paypal, online banking, personal website, etc.. So no, you don't ever get my password.
There is a simple answer to this. "I'll give you my FB password if you'll give me your login to your company network..."
While I DON'T use FB. I do understand the reasons compnaies are concerned/interested in how a potential employee will represent the company. NO company want's to deal with PR issue due to an employee's FB posting/photo.
Dumb HR / Interviewers. Just ask the prospect to log in to their FB account during the interview. NO company can/should ask for an individuals personal PWD.
Another solution...have the new hire sign a contact that they accept responsibly and will quite if a FB posting becomes public and damages the companies image/reputation. .
TOO many "sue happy" lawyers....makes for this kind of dumb inquiry necessary. Because the bulk of the General public....are stupid.
Illegal? No, certainly not under the Data Protection Act. The employers are asking their prospective employees to volunteer their facebook account details. If they agree, then it is a private agreement between the individual and a company. This is exactly the same as a loan company asking for copies of your bank statement before offering a loan.
It may be counted as discrimination if it can be proved that the individual did not get the job because they refused to hand over details, but that would be a completely different issue.
I immediately thought that the employers were going to turn an applicant down if they actually DID give their login details over, because that would indicate a lack of understanding about on-line security! Ho hum.
It doesn't just reveal your private data but all that of your friends too, and that is without their consent.
I put very little information into Facebook, basically all public except for the consolidated list of friends but for their protection I would refuse any request to reveal password.
The thing is, you're also interviewing the company - so if I got asked this sort of question it would immediately ring alarm bells for me. I wouldn't want to work for a company that thinks this sort of thing is acceptable, legal or not.
My response after a long pause (trying to work out if it was a joke or not) would be something like
"After careful consideration I have to refuse your request. I just don't think you're the kind of employer I could see myself working for, so I would like to withdraw my application of employment, and please don't contact me again in the future."
I've actually walked out of interviews for less.
Reminds me of a job ad I applied for, it was for a permie job or I wouldn't have minded, but the email went into a black hole.
So I sent another, no response of any kind.
So finally I sent another, with a letter saying, "I'm very busy, so if I'm not suitable, please don't waste my time by contacting me."
So, this lady, the total ignoramus, who shall remain nameless, then rang me up to tell me off for being rude and unprofessional.
Agents eh? Not only was it exactly what she had done, but she ignored my request and rang me anyway. The sooner LinkedIn makes these keyword matchers unemployed the better.
Regardless of whether I have anything to hide or be embarrassed about on my Facebook account (or any other account of any sort) - and I really don't, because I assume that it isn't necessarily as private as some think - my login details are absolutely none of their goddamn business and this *would* be grounds for me terminating the interview and moving on.
You're all just missing the point.
Facebook is a problem in and of itself, you have already surrendered a large part of your privacy by putting anything there.
The fact that an employer asks you to share it with them too (you already shared it w/ facebook inc., facebook DBA's and the US government) is just a little step further.
From my point of view, doing one or the other is completely stupid, and I'm afraid I have to point out that what you're worried about is a mere technicality.
I know that my server host has my root passwords stored somewhere (or root access of some kind). Doesn't mean I'll give it to a job interviewer, or employer.
I know HSBC has my bank details and access codes and PIN's stored somewhere. Doesn't mean I'll give them to a job interviewer, or employer.
I know the government has my tax records, passport numbers and medical details stored somewhere. Doesn't mean I'll give them to a job interviewer, or employer.
I know my phone company has my phone number and list of contacts stored somewhere. Doesn't mean I'll give them to a job interviewer, or employer.
You can be a privacy nazi all you like, but the fact is that most of that stuff just doesn't matter. I have nothing on Facebook apart from some family photos and "I crashed my car the other day". There's nothing that I'd be horrified them knowing. Hell, even the password is unique to Facebook. The point is THEY DON'T NEED TO SEE IT (which is why it's set to Friends only for most things). So they don't get it. No matter how nicely they ask. They might *technically* be able to get that data from other sources but I would consider that a gross invasion that would hurt them more than the data ever would be worth.
I could share a Facebook picture with the entire fecking world. It doesn't mean I'll give them, or you, a copy if you ask for it.
Privacy is about choice. If I want to tell my friends about my Facebook account, I can. If I don't want to tell my employer, I won't. With proper controls, they might *never* be able to find out, short of a court order. The Facebook DBA will already have that data and, if they're anything like the database work I do, you really, really, really don't care about what the data is past its ability to be read/written by the right people. And, just as an employer can be up before a tribunal for misusing personal information, the Facebook DBA will be up before a court if they play with it outside the bounds of their contract.
I'm in charge of school databases. That can (depending on the school) include everything from what the kids spend their lunch money on and how many lessons they've missed, up to an including (genuinely) reports of abuse at home, details of staff disciplinary procedures (and in one previous school, I know of a teacher sacked for accessing unsavoury child images during work-time, for instance), details of student's "previous lives" under witness-protection schemes, and all sorts of nasties. You can say "it doesn't matter, because X already knows" all you like - the fact is that they won't be finding out, and won't EVER have found out, from me.
Similarly, my photos and personal data (including what I was doing last night) and especially passwords and usernames are my business and thus, up to me to disseminate to who I see fit. And I won't. Because I've already made that choice. If you weren't on the list, there was a reason for that. Even if everyone if the world could find it if they went looking (like my phone number, for instance) - that's neither here nor there. If I refuse to give it to you, that's MY choice.
Your argument is akin to saying "Hell, the doctors and NHS can see your medical records already, so you might as well print them out and leave them in the pub". Stupid, nonsensical, counter-productive and shows NO CLUE about what privacy is at all.
You don't get it do you ?
The point is :
If something touches the internet, it stops being private.
Anything linked to the internet is hackable and subject to leaks.
Anything stored on the internet is much easier to hack and much more subject to leaks.
Anything SHARED by you over the internet is way easier to hack and to leak out.
Let's just take the fb example :
You put stuff on facebook for all your friends to see and you have say 132 friends (arbitrary number assuming you didn't accept every friend request since you created that account).
Your information can now be accessed by:
any dba @ facebook inc.
the US govt.
Anyone hacking facebook (and that's on the *easy* scale of hacking considering the amount of data transferred and API calls per second)
Anyone hacking any of your 132 non-technical friends's PC (now that's just lol, more than 1/132 of pcs have a trojan somewhere -)
Anyone hacking your computer (duh)
And that list is just a draft.
DO you really really think you have any privacy ?
The only people who think internet and privacy are compatible are those who don't understand either or both concepts.
More lines for no reason below :
Your bank has all your account history, and they share it at the very least with the police, without asking you for it.
Your phone company has your phone history too, including your SMS and a log of all calls, you didn't authorize them to keep it did you ?
What you put on your facebook can show much more than you think it does.
They don't need to see it, true.
Privacy is about choice.
You don't choose who accesses your stuff.
Everything you put on facebook or google or through public SMTP relays or whatever IS scanned and you don't get a say in that.
Everything that is connected to the internet is subject to being hacked and the data leaked, and you don't have a say in the matter.
I'm pretty sure even your school database is not on a secure network and could be hacked if anyone cared about it.
> Facebook is a problem in and of itself, you have already surrendered a large part of your privacy
> by putting anything there.
Fear-mongering nonsense. It is certainly possible to subvert (not "surrender", as the good in question is not exclusive) your privacy by posting information to Facebook. But simply having a Facebook account, and even using it, does not imply a significant privacy loss. The only information that can be leaked via Facebook is the information you put there; if you don't supply the site with anything private, you don't lose any privacy.
In the US, at least, there are various state and federal laws that prohibit interviewers from asking questions about:
If I've added this type of information to my Facebook profile and chosen not to make it public, doesn't them asking for my Facebook credentials effectively amount to them asking me to provide them with the info? At the very least I would politely decline to provide the credentials citing that the contents of my profile are irrelevant to the interview process. If they go so far as to make it a condition of employment, they might earn themselves a legal claim for discrimination.
Interviewer: Give us your Facebook or random social network login....
Me: You must be kidding, this is work, Facebook is not work therefore it is not relevant to this process. Do you want to come round my flat, rifle through my mail, read my SMS, chat with the mrs and ring my parents as well, perhaps you want me to strip off so you can check I haven't had an insulting tattoo on my nuts? I wouldn't work for a company that seriously asks this, so unless I just passed some kind of reverse psychology test then this interview is over, goodbye and consider my middle finger raised in a solitary salute to your quite frankly disturbing HR policy.
*slams door on way out*
> "this is work, Facebook is not work therefore it is not relevant to this process"
Really? This is an IT forum, on an IT news site. I'm betting that for quite a few of us, it *is* directly relevant. I myself work for a large entertainment organisation which has just released a major (and very popular) app onto Facebook. There are others with various apps, services, and plug-ins. Facebook and the use (and knowledge) thereof is quite valuable to us. Say what you like about idiots who use it, but hey, they're helping to pay my bills.
That said, I would create a testing account and not use my *real* profile, whether for an interview or a production app...
I just picked you to reply to, don't take it personally. It's not the point.
For the sake of argument :
You are a professional and good in your chosen field. You make 50K a year. You are headhunted by another company. They are offering you 100K a year. The caveat is yoou have to hand over your Facebook account. You have such an account, but yu only use it to discuss the finer points of elementary particle physics with peers, so you KNOW you're clean as a whistle.
Do you actually tell them to take a hike and blow of a 50K a year payrise on principle ?
It's just a question. You can change the numbers to whatever you like.
The answer would be no. It puts a price on my fundamental rights of £50k, and for that they can have the interview questions printed on thick, sharp edged cardboard and shoved where the sun doesn't shine.
If they do not trust me as an employee to have a clue about public presentation, than they are not the company I would consider working for. I have 100% understanding for the need to underwrite a non-disclosure clause (which I would not need, it's a simple matter of principle to keep your face shut about your work), but there would be no access to my profile.
As a matter of fact, the question is becoming academic in a few weeks any way as I plan to zap the profile and only keep the account to bar the name - but the principle remains the same.
No, no and no. It's time to stop this sort of crap.
no no and no ?
Stop acting like a kid, and let me give you a sweet sweet realistic example.
Your newborn has leukemia, it's going to cost a shitton of money to give him the best chances to make it through.
Now you have that privacy-less job @ 100k that could fix all that . still saying no like a kid ?
No, I tell them I don't have one.
Almost none of my details (including my picture) are public, so they'd have a hard time proving that I have an account, especially given the number of people who share my name.
If I thought there was a real risk I could even just change the name so I don't match any likely search results.
The answer is, indeed "take a hike".
After long enough in employment some of us have figured out that the level of salary offered isn't always the most important factor in deciding whether a job is "good" or not. There are some jobs and employers where there isn't enough money in existence to make it attractive.
The question misses an important point.
The sort of person who's being headhunted for a six-figure job is likely the sort of person who has skills and/or abilities that the employer really, really, really wants (or thinks it does--whether or not the person is worth six figures is another story).
That person isn't likely to be asked for her Facebook password. It's the midlevel managers, the grunts, the junior sales associate second class folks--in other words, the expendable, replaceable, interchangeable commodity worker bees--who are going to be asked to hand over their passwords.
You don't really think a company is going to ask this of its new CEO or the superstar programmer they just stole away from Google, do you? Hell, no. It's the people who are desperate for work and who have fifteen applicants lined up behind them who're going to get shafted.
No, it doesn't liss an important point. It doesn't miss any point. The question is simply to ascertain if the readers of this here facility put a price on their priacy, and if they would deviate from the principle in favor of bettering themselves professionally.
I admire the people who categorically refuse the 'you don't have anything to fear if you haven'r done anything wrong' argument.
But I confess that I can at least imagine selling out the principle of the financial gain is large enough.
Thanks to the people who replied. To the people who downvoted : I'm sad to say I do not understand why you would downvote someone for asking a question. I'm baffled.
Isn't it against Facebook's terms of service to allow a third party access to your account? (I'm 99.99% certain, but can't check as the link to the Terms is at the bottom of the Facebook "endless scroll" page so I can't actually reach it). If so, a good question back to them is "No - as I tend to follow contracts I agreed to - such as Facebook's TOS. Do you want to employ somebody who breaks agreements on a whim, if so can I ask if you've got any 'no-physical violence' sections in the contract?" Also ask if you can check _their_ Facebook profiles (and the CEO's) so you know what sort of people you will be working for.
I've found a couple of (past) employers being impressed when they've been "stood up to" (hey, this guy has ethics/understands things).
Section 4, point 8 :
"You will not share your password, (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account."
So the request can be denied with easy justification, if you'd rather not just tell them to f-off.
Which did take a few hours but now I feel all clean and squeeky and can highly recommend this, you will suddenly be less worried of some "friend" going through your timeline and see a dodgy post from 4 years ago or "facebook" just knowing everything you about.
I did use a combination of this scrip and manually deleting every single post (not just hide) on my facebook that I posted on my wall, photos and on other peoples wall.
My current rule is I keep 5 previous post and then if I post something new I delete the last past.
Possibly - and another reason to work for yourself :)
On a more serious note, I "deleted" my FB account a while back - far too many corporates wanting you to 'like' their product on FB, meaning they see loads of your personal data..
Years ago, I read a book (or saw a movie) wherein the lead baddy said something like: "It's not the money, it's he who controls the information" - prophetic, IMO
"...far too many corporates wanting you to 'like' their product on FB, meaning they see loads of your personal data..."
I've found that what's helped for me in that regard is that all the fields which ask for stuff like what kind of music/bands/books/movies/etc. I like, and my education level/schools I went to/where I work have been left totally blank, on top of the fake name, fake birthdate, fake place of residence.
Works pretty well. Of course, as FB thinks I'm a 28-year-old woman living in Tripoli and originally from Cairo, some of the right-column "targeted" ads are a riot: vacation in North Africa! Study in Algeria! ...not to mention that at least half of it is in Arabic. B'wahh ha ha hah.
Anyone work where you need higher security clearance?
Part of the clearance process is you need to hand over your entire life, that includes home visits, online accounts, etc. This has been going on for years -- just why is anyone surprised?
Facebook et al is going to be the ruin of so many people.
AC for a good reason
Indeed... my house mate Mike was a nuclear engineer. An old school friend of his, Bob, was going for a higher security clearance job. Bob gave his potential employers permission to contact any of his past acquaintances. So Mike was contacted and asked such things as "Back in school, was Bob ever... was he ever strange in the showers?"
Not that they minded gay men, they just wanted to find any ways in Bob might be blackmailed by third parties.
FB login details seem the least of it.
"AC for a good reason"
UK provider, thus subject to RIPA. Anon is thus no help whatsoever :-).
However, on the clearance process. The first sensible level just does a check for criminal records and is a go/no go approach. The higher levels are more risk assessments, having an FB account is no crime - it depends on what you do with it (and yes, they'll take a look at it). FB exposure can in this context be either good (sensible use, no indiscretions, clearly able to handle public exposure without becoming an idiot) or bad (lots of insider data etc etc - you can see what I mean).
I enjoy having a profile. No better tool for misdirection than a presence which everyone assumes to be the real you..
Especially if the co-worker could be tapped to "friend" a "target" employee.
But, that damned facebook cloaking issue means that for now, it's hard to stop someone from coming and going, doing random drive-by snapshots.
So, I guess the workaround is to re-limit all old posts, but that can be very damned tedious.
Maybe facebook needs to get off its ass and allow people to have a shadowed account where friends see one aspect of the subscriber, and others see the "cleaner" side. This means that all friends are not just on a "friend" list, but that "friend" has to supply an expirable password to see more than others see. This would act as a 2nd level of protection. It can be as simple as the two friends going to the chat box, then sending each other a mutual code and clicking on an action button. It should require them to get on the phone or start the process in another off-channel route so they can feel reasonably comfortable they are not being spoofed.
No, fb, you cannot patent this: THIS IS PRIOR ART NOW AS OF MY WRITING IT. Or it is obvious extension of what should be possible by security-minded subscribers wanting more protection.
"Sorry but if companies are getting this petty I won't "friend" co-workers on facebook. More trouble than its worth."
The only "friends" I have on FB are people who I'm actually _friends_ with -- work "friends" don't count -- who I actually know personally and spend time with personally on a regular basis. That's one thing that really keeps the signal-to-noise ratio down.
I haven't "friended" my wife, though; that just sounds stupid. She finally quit begging me after a while. I told her, "jeezus, why do I need to 'friend' you? We're frickin' MARRIED, f'cripesake!"
I read a similar article a few days ago. This HAS happened, but it's at places like security/prisons in the US. The US has few protections for (prospective) employees, and working for places like that is even worse. Also, if you're applying for a job like that, you are likely unskilled or semi-skilled, and so won't have a lot of options.
Apparently of the 500 or so people screened by one prison, several had photos on Facebook showing gang tattoos or gang signs, and were ditched from the employment process.
Sorry, really can't remember where I saw the article.
One persons rights ends, where another persons rights begins.
Rights apply to people, not corporations (no matter what the dumb ass supreme dunsel court says). But even if rights applies to corporations, then their individual rights of free speech does not trump your own.
Their attempts to even look at a persons faceboo page is used as a way to manipulate applicants and employees into saying what the employer likes, or they are retaliated against, and that goes too far.
Now, asking for the actual login, goes WAY too far; next they will be asking for the password to your bank account. You need to make a stand and tell them no. If you don't, then you are only contributing to the problem.
On the other hand, turn about is fair play. You can "leak" their passwords if you can find the access to it, and you can go to the facebook and get lots of information on lots of employees officers, and owners. and do whatever you like with it.
Turn about is fair play. They impact your job and ability to make money, so you impact their business, and ability to make money.
Last night I was thinking the VERY same words.
However, right now, despite the rage in my words I posted today on this topic, an alternate though I have is this:
Suppose the interviewer really IS ONLY looking to filter out DIMWITS. The moment you supply a "password" (verified or not), you're out of the running.
But, really, they should stick to asking "Why are manhole covers round?" That question got me hired since I paused, reflected, and supplied the correct answer in about 3 seconds. My interviewer smiled immediately and she said, "You won't believe how many people could not give me the correct answer. When can you start."
Kinda shakes your faith in the average human "bean".... lol!
As someone who doesn't have a Facebook account, I wonder what the interviewer would say...
1) are you serious? Everyone has a Facebook account, you must be lying.
(so then I guess if you are going to accuse me of being a liar, I must not be a suitable candidate.)
2) so you are refusing to give me your Facebook password then? Ok we'll be in touch.
(works for me)
3) you must be joking. How else do you keep in touch w family and friends?
(Hmmm I don't know, I use the phone or email? And of course actual face time at the local brew pub?)
4) you don't have a FB account and you're in high tech? Then you must not be very technical and hip to the new technology.
(No, I am very technical and hip to the new technology. That's why I don't have one.)
Facebook isn't the worse of it; it seems some employers are demanding passwords to email accounts as well.
When the HR drone expects you to hand over passwords, and won't give you the job if you refuse, what is an applicant meant to do? It's all well and good having high moral principles when comfortably employed but a different matter when desperate for a job.
Some of those asking for passwords seem to be involved in law enforcement and the like and are just the sort of people who will flag you up as suspicious if you won't hand passwords over. Not having a Facebook or Twitter account seems to be suspicious enough in some people's eyes.
On the plus side, telling them to go fuck themselves isn't likely to make things much worse and HR drones always suggest being honest in interviews :-)
Simply ask if asking for passwords is tantamount to breach of the Regulation of Investigative Powers Act 1998 RIPA for short) if you're in the UK, substitute for any intercept law in your country. If it's a law enforcement type, this statement alone will make him/her reconsider their options because it makes it appear you know the law and are at least polite enough to gently question the demand instead of going postal in a sandals-and-beard wearing fashion.
If it's a HR droid they will quickly try to talk over the fact that they were heading down an alley which could be construed as the above, but don't count on it. I have heard of a consultancy where someone resigning was not allowed out of the room until he signed some sort of paper. The droid in question was taken in for questioning when the leaver calmly called the police station around the corner and reported unlawful imprisonment - that he used his corporate mobile for that was in my opinion a nice touch :).
Personally, if they insist I'd get it in writing and then have a brief chat with the head honcho. If he/she/it takes one look at my CV they will know they just stepped in a huge bear trap - and it's unlikely I'd ever work for them if they didn't come up with a sensible explanation.
"Some of those asking for passwords seem to be involved in law enforcement and the like and are just the sort of people who will flag you up as suspicious if you won't hand passwords over."
I've worked for the police: they'd never ask for passwords or friend via facebook coz they'd be far too scared the story would make it's way to the press.
The scariest thing to a Chief Constable is criticism in the Daily Mail. Even though, to any normal sentient being, it would undoubtedly be the highest form of flattery (they've never really gotten over their 1930s crush for the facists).
I don't and won't have a Facebook or Twitter account. Would a prospective employer actually believe that?
And surely you didn't fall for the "How do I program the DVD player to record Antiques Roadshow tomorrow?" trick? Had nobody told you that your relatives feign IT & tech ignorance in order to elicit a personal visit from their beloved kin? They'll deliberately wind you up to the point that you screech that it's OK, you'll drive the 180 miles to deepest, darkest Mid-Kentshirewold and set it up for them, to which they'll reply "Oh thank you, deary. And you'll stop for dinner too? You can bring that new girlfriend* of yours along." You'll know you've been had if they use the phrase "It'll be lovely to see you."
*This tactic is specifically used against male-kin as women are simply not so cruel as to ignore their relative like that. Also, they'll even call your boyfriend your girlfriend on the phone if you're of that persuasion, hastily rectified to your (120ms pause)"friend"(um) once you are physically there.
that the arms race is up and that people should run two profiles, at least, one for the hr and one private? And then, the business will generate demand for "vendors" try to match those two, and the other side witll generate demand for "Hide you real profile for dummies", and "Make your official FB profile realistic" webinars, etc.
btw, what's "facebook"? I must speak to one of my friends, perhaps they'll know.
What is facebook?
facebook is the hugest, most insidious, most pervasive intelligence coup ever devised and implemented. Hell, Zuckerberg is probably the first unwitting inductee to every global intelligence agencies' Hall of Fame, hahhaha.
Hell, ever sophisticated cracker out there too probably mastu*&#tes and salivates to the exploitable parts of social sites such as fb.
Or, how about this: "facebook allows you to connect with your friends, and occasionally, randomly, and reliably, your frenemies to you.
To be honest it's bullshit that these people want access to a persons Facebook account to help vet the candidate.
I've read about people losing their jobs through Facebook Status updates. As someone in their 40's, I am not connected to anyone I currently work with in my current position. I never Facebook from the office systems or on my personal devices whilst at work. Why? I prefer to keep my social and work life firewalled off.
If a prospective employer were to ask me for my Facebook login, my answer would be "Sorry, I don't use Facebook at all" but then again at my age, I could probably get away with that bullshit reply
If I were younger (20's-30's) most prospective employers and their agencies would "assume" I have a Facebook profile and if I said I didn't, would they believe me? Probably not.
My response if ever pushed into a corner over a job I "really want or need" depending on my Facebook profile, I'd ask the person requesting my login details to send me a "Friend request"
I would allow them to "be my FB Friend" for an agreed period, then I'd remove them
How would the recruiter like it if I asked "Can I have a look into your handbag / wallet as this will be a key factor on whether I accept the position or not" They'd probably tell me to take a hike..
At least these kind of 'companies' still require your consent in giving them your social media credentials. Because the other scenario could be that they demand access from the social network site itself and thus access your data without you knowing.
I know, I know..."Impossible" because of "privacy concerns" and who knows what... Keep in mind though that money can do strange things to people. That is also assuming that we got all the details on what is going on.
We have the option to tell these bozo's to take a hike and hopefully that will be the end of it.
Not too worried about El Reg - I've had nearly three times as many likes as dislikes so I don't look like a total pratt. But if they asked for my DigitalSpy name they'd find out what I was really like. Not that I'm ashamed of anything I've posted there but when it comes to work I prefer to filter my opinions a little bit :)
So I would assume that asking for my FB/email/whatevr login details was a test of my anti-social-engineering skills, to which I was supposed to reply "no, I don't give out passwords."
If I were interviewing, answering anything other than the above would get you removed from the list of potential candidates sharpish.
But, the PROBLEM is is that this sets up a dangerous precedent.
Once the floodgates open, there's going to be too much momentum to reverse the damage. Once a company with no legitimate need to ask it even as a "test question" succeeds, others will attempt it. Eventually, it'll be so common that people will have had it inculcated in them and plenty will not be savvy enough to have an "alternate" account.
Besides, officially (well, last time I read the Ts&Cs), facebook prohibits an individual from registering multiple accounts. Not that people don't, and not that fb cannot handily do proper counts to not inflate redundant, hijack-recoveree, or business/personal accounts.....
We block access to facebook.
But on a more serious note:
Let them know my Facebook page, or twitter tag so they can see that what the outside sees; that I'm a clean-living family type with ordinary interests - maybe.
Add them to my friend list so they can see how I am around my nearest and dearest - don't think so.
Let them peer over my shoulder when I login so they can see the personal messages between me and friends - Never.
At the very least the last is an invasion of the privacy of my friend's messages, and I could not sanction that without their say-so.
1) Sorry but Facebook does not allow people to share accounts under there terms and do you wish to employ somebody who will in all effect break your rules!
2) Sure, in return for your's and a bottle of cianti...
3) Sorry but I don't do facebook.
4) *click* I have just recorded you trying to break the law by blackmailing me into handing over personal information via the use of a unauthorised computer login which is located in AMERICA. Something that will get you extridited from the UK apparently. So tell me more about the perks with this job offer :).
5) Yes my password is "you are a stupid mother plucking moron that plebs in the face of life itself", allow me to repeat it for you again!
6) same as (5) but that is the wrong password and you have lots more fun getting your password wrong many many times.
7) Hand them the login details to there account you hacked prior to the interview, for a security firm this is the only answear you should be giving to such questions.
My employer recently fired a contractor for a pretty innocuous tweet, which just said he hadn't heard of some alleged celebrity who had been in the office for a PR event. This despite the fact that the guy was competent (a miracle in this day and age where contractors seem to be uniformly crap) and we really needed the extra resource to complete a mountain of work.
That said, I'm being interviewed for a new role and it's been made clear the employer want a full security check on all successful applicants. Not sure what this entails, but I'd be surprised if it didn't include a trawl around the Intertubes.
In the early nineties, when I and my college mates were trying to blag ourselves industrial placements, a certain well-known company demanded all applicants supply details of their drinking habits. A lot of us decided not to bother with them on the grounds it wasn't any of their business.
Unfortunately most big companies regard their employees as chattel and always have done. Don't encourage them.
This would be illegal anywhere in the EU. you have a right to a private life even at work. Employers cant just randomly go through your email even if its on their servers never mind your home ones (they need to provide a plausible reason to look at 'your'/their company email, ie suspect you of doing something illegal or not in the company interest)
Would definitely be a no, this would give them access to your data and other peoples data which you could end up being liable for i.e. they know someone who messages you something and then go on to reveal that information you would be the one in trouble.
Although alternatively you could always say yes I'll give you access to mine if i can view yours.... you want to know who your potential employing and I want to know who i might be working for and who I can blackmail later. for knocking off his secretary.
This is no different from a prospective employer asking for my private email login, or indeed, my house keys. If anyone asked me for my facebook login during an interview I would laugh at them. If I realised they were serious I would just walk out. I suspect that the vast majority of smart, talented people would do likewise.
Companies with this sort of hiring policy will simply go bust, because they will not be able to hire any talented employees.
Any company which asks for this sort of information is setting themselves up to be gamed by any sufficiently savvy employee. The first step is to set up another Facebook account, then populate it with a nice array of phoney sockpuppet friends. Next, sort out some Perl which automagically posts anodyne and extremely safe comments from all these sockpuppets, and for the phoney Facebook account. Let the system run for a month or so before you apply to Illegal Snoopers Inc. and there you go, nice safe Facebook account for them to snoop about in and dribble over.
Let's face it, any outfit that is idiotic enough to ask for this sort of information is easily gullible enough to fall for a set-up like this.
AC for very obvious reasons.
I am SC cleared and have been for many years. Many of you will know the level of detail required for that. For those that don't... let's just say it's "fairly thorough". I'm also FSA Enhanced screened. A previous employer also conducted initial and random drug screening too.
For anyone not capable of reading between the lines... I'm squeaky clean (and v boring!).
I was once offered a job at Oracle (here in the UK). The job came with a nice pay rise, which I was quite keen on. Along with the job offer, came a previously undisclosed demand, not only for a full background check (performed by Kroll, which I thought was OTT anyway), but also a _credit check_.
They're paying me _and_ I'm extending them a line of credit for my travel expenses. WTF do they want to do a credit check on me for? It should be the other way around - only I decided that Larry was good for the money. My credit history is NONE of their damn business.
Before anyone jumps in... the job was pretty ordinary and did not entail any kind of access to sensitive or financial data or indeed anything else out of the ordinary.
When I politely declined the job offer and explained why (the credit check, specifically), the response was... "oh, is there some kind of problem then?". Of course there wasn't, but the fact that they immediately jumped to conclusion told me that this wasn't a company I wanted to work for. I didn't say that directly, but they took offence anyway.
They're probably asking for Facebook passwords by now.
This kind of ridiculous carry-on needs to be stopped. Now.
PS - Kroll processes your data outside the EU. They got rather shirty when I asked about the safeguards for my personal data. In short - they weren't able to guarantee that my data was protected to the same standards that it would be under EU laws.
To an extent, the need to look at the credit history of an employee or candidate/applicant is mostly legit if the data is destroyed after finding the answers needed.
If the company sends employees on travel with company cards and valuable equipment, it needs to at least have a "baseline" of financial responsibility and to decide whether to take or continue with the risk of retaining or hiring someone as an employee.
But, aside from that, the company should pay up front for the big expenses (airfare, vehicle rentals, per diem, hotel, and known/anticipated equipment/consumables) up front for company activities. Smaller stuff could be set up as reimbursable items. If a company has cashflow issues, then how can it expect to repay employees.
OTOH, in exchange for not running credit reports, employers could judge an employee's trustworthiness and loyalty (if sufficiently compensated and not in financial straits) by requiring the employee to front the expenses and take reimbursement within 2 weeks.
Not taking a credit report for certain positions of employment could legally be seen as a failure to conduct due diligence. It also means a time-biding, shady character could be promoted without any opportunity for red flags to be found.
Then again, lots of well-compensated people derailed or bilked billions out of unsuspecting, overly-trusting people.
I found it more worrying that my misses got asked for full access to her medical records with a job offer a few months back. She's an accountant FFS and it was one of the conditions of the offer.
She didn't want / need the job so we didn't get to the point of telling them no, but simply the fact that they had the audacity to ask was scary!
I work in the railway industry. Our random booze/dope test policy applies to all - even desk-bound Mac artists like me. This is because :-
a) Can you imagine the conniptions saintly Brother Crow would have, if Drivers/Conductors/Platform staff were tested, but admin/management weren't?
b) In times of need or emergency, any office-dweller can be temporarily re-assigned to 'the front line' - obviously not where specific training is required - so booze-free & dope-free brains throughout the working day are essential.
It ain't no hardship, honest.
No employer i can think of would have a sufficient benefits package over and above anyone else to make me think about giving up my personal life to that extent. Its not just naming the company and discussing confidential info etc, sometimes you might never mention who you work for, but just use facebook as a way to vent after a particularly frustrating day.
Several years ago, before world+dog had a blog, I used a blog on my own domain as a way to generally just rant about various aspects of my life, work included. A select few friends would read and comment on each post. The company name, nor the name of any employee, nor indeed my own name was mentioned anywhere on the site. On my final day i made the mistake of quickly checking the comments from a different pc and didnt remove it from the history. The boss found the blog that afternoon and about half an hour before i was due to leave he "confronted me" about it in front of the entire staff. Shortly after defending myself by way of telling him a few home truths mentioned on the blog in more detail, i was escorted from the premises. Lucky it was my last day anyway.
I would never be foolish enough to let any employer, or prospective employer see my personal musings ever again. And i would suggest everyone else considers the same.
Here are my papers:
Actually, that's quite a niftly little hard to crack password, scoring 100% on the password meter.
And 'How secure is my password' says: It would take a desktop PC About 374 trillion years to hack your password. I wonder if they could crack it in the same amount of time.
Actually, I would just say:
Name: Doilookl Ike Acunt (but you can call me Ike)
F***, that's an even better password - About 121 quattuordecillion years to 'crack' according to the 'How secure is my password' site. Not even I know how long that is, but it sounds like a bleedin' long time.
Sorry for the bad language, but passwords, for some reason, bring out the latent copropraxic tendencies in me. ****.
Job interviewers also. ****.
My response to this would be that, as an IT professional, I take security too seriously to be giving out my password. No one, not even my wife, has my Facebook password. I sure as heck am not going to give it to someone I just met just because they're interviewing me for a job. And, were I in the situation of an employer hiring an IT professional, I would have serious second thoughts about hiring anyone who would.
Also, if I were refused a position based on those grounds, I'd be in touch with a lawyer. I don't like the idea of suing because I wasn't hired, but this kind of hiring practice simply can not be tolerated. Only when someone sues will the courts step in and put a stop to it, and I have severe doubts about getting the politicians to do so at all.
well, I'm a little surprised to note that so many of the ubertecherati have even considered joining a movement that was set up by a youth on the specious, puerile grounds that he wished to 'vid the groobs' on his fellow (female) students. see 'The Facebook Effect' Kirkpatrick. Good luck for the facefuture.
"IMO, having a FB account shows a (minor) lack of judgement. Not having a FB account shows greater maturity and perhaps a better understanding of privacy concepts."
Not necessarily. I have a FB account because it's a good way to stay in touch with my family and with some friends from high school who have scattered from Florida to Arizona. As far as the privacy concerns on it go, I just don't have anything on my FB account that I'm not willing to share with the world.
This is yet another example of HR drones trying to justify their existence. I used to have a colleague who claimed that HR stands for "human remains", but I think he was being flattering.
And don't get me started on the fatuous compulsory computer-based training sessions. I've just had to do several of these in quick succession to complete my quota for the quarter. You page your way through sixty screens full of tedious verbiage, where the real challenge is to stay awake, then you complete an assessment that tests nothing but short-term memory and guesswork. Ask me anything related to the training I completed yesterday and you'll find I have retained nothing.
AC because you can't afford to rile HR.
It used to be de rigeur for anyone not interested in sci-fi (roughly most of the literate human race) to laughingly dismiss anything vaguely futurey and dystopian as wank fodder for paranoid propeller heads. It's vaguely pleasing that those who were at the front of the queue to dismiss it as paranoid fantasy are probably now the ones at the front of a very different (and rather less amusing) queue to have their personal peccadilloes and sexual quirks microscopically examined at the whim of someone who probably looks disturbingly like their least favourite schoolteacher.
Nevertheless it would be very wise to put the kybosh on this kind of thing sharpish, or we really will end up in a world even less pleasant than the great writers of the last hundred years could possibly have imagined.
I accept the right of companies to vet staff (especially at the executive as I've witnessed first hand what a minefield that can be) but I see a huge problem for myself in handing over my Facebook password.
In simple terms, all of my Facebook friends have locked down accounts and me handing over my password would be a massive breach of their privacy. Would this not put me substantially in breach of British and European data protection laws and liable for a hefty fine (or even some time at Her Maj's leisure)?
"You want my password? I'm going to assume that's a trick question, because if it isn't I will take you to court under Article 6 ECHR. I will also ring Facebook UK before I leave the building to inform them you're in breach of their T&Cs. Oh, and the Information Commissioner. I assume you've already looked me up: could you give me the name of your data controller? I'll need their CRB check, which will have to be enhanced as some of my FB friends are minors. While I'm here, might I also remark that I've been taking notes, which I intend to statutorily declare before a Commissioner for Oaths.
Good day to you."
Here is some thing else to think about. Lets say your current employer is nuts and demands that you hand over the password to all websites you go to that has forums. Lets say your only site that fits that criteria is a model rail road model RR site. Rather harmless right ? Nut you are an admin on that site. Now your employer can see deleted post or things that was never meant to be seen by the public. What if your employee deiced by all of the deleted post that you must have some whack jobs on that board. Worse yet your employer has access to the email list. Your employer does a search on the email address and finds out that a lot of them visit sites dedicate to people drinking animal blood doing pagan rituals and then having a giant shag party afterwards. I know it might sound far fetched but and ridiculous but then so is employers asking for FB log ins. I been five years ago if you said that employers were going to ask for this stuff I would of called you a paranoid loon.
Okay ... So whilst asking for your Facebook credentials is not illegal ... In the UK, you're not allowed to ask any of the following questions:
How old are you?
Are you married?
Are you gay?
What are your childcare arrangements?
Are you planning to start a family soon?
Are you a member of a trade union?
What political party do you support?
All of the above can be derived from your Facebook logins and are covered under the Sex Discrimination Act, the Race Relations Act, the Employment Equality Regulations and the Disability Discrimination Act.
The punishment for asking any of the above in a job interview and then discriminating the potential employee? The prospective employer can be taked to an employment tribunal and face unlimited fines.
The old spy adage, which I'm going to mutilate, applies here: The spy of your enemy is only theirs so long as you aren't aware of them, then they are yours.
Employers want to play this game, that's fine, I'm better at it then they are. Whereas many people have facebook accounts for their own private use, mine was built for the sole purpose of my ( or future employers pursuing it ). Everything I post on there is designed to promote the image of a conscientious employee and caring individual that faces the issues that everyone does, but rises to meet any challenge ( you might call that my facebook page's mission statement ).
Sure, that makes me a manipulative bastard...but then that's a compliment in my book.
Biting the hand that feeds IT © 1998–2019