Tell HN: Salary data is for sale
3 years ago
Equifax is selling salary data as part of an "employment verification solution":
You can view a copy of your report here:
https://employees.theworknumber.com/
It will contain:
* Previous annual salary
* Previous paycheck amounts
* Previous addresses
* Who has accessed the report in the past 24 months
From their website, this data may be able to be removed via CCPA:
> Employee data is exempt from the CCPA until January 1, 2022.
https://employees.theworknumber.com/california-consumer-priv...
NOTE: It is possible to freeze access to your employment data here: https://employees.theworknumber.com/employee-data-freeze
That being said, it doesn't stop employers from continuing to hand Equifax your data on a gold platter, and therefore does nothing to protect you from the inevitable data breach that will result in Equifax being required to give everyone affected $0.36 or one year of free credit monitoring.
Wow placing a freeze requires filling out a PDF form, attaching a scan of your ID, and then sending it in over email, mail, or fax. The PDF lacks built in form fields you can type in. The extra friction is probably a feature: https://assets.equifax.com/wfs/theworknumber/assets/twn_Empl... (the exif data on that PDF shows the name of the employee that created it and that they used Word 2010...)
The Equifax CCPA request process on the other hand is very smooth and automated. Though doesn't seem like it's including Work Number information: https://myprivacy.equifax.com/
Shameless plug [1] that hopefully provides value: simplePDF.eu [2] will allow you to fill it in more easily (the fields are already set)
[1] It's a side-project of mine
[2] https://www.simplepdf.eu/editor?open=https://assets.equifax....
8 replies →
>The extra friction is probably a feature: https://assets.equifax.com/wfs/theworknumber/assets/twn_Empl... (the exif data on that PDF shows the name of the employee that created it and that they used Word 2010...)
I don't get it. how is "PDF shows the name of the employee that created it and that they used Word 2010" relevant to the claim that "extra friction is probably a feature"?
4 replies →
And then they have all of that as well ready to be breached!
When I submit the myprivacy.equifax.com validation it hangs at "Processing..." indefinitely. #AbolishCreditAgencies
77 replies →
At least they let you mail or email.
I faxed them 4 times in 6 months to verify my identity because they have me confused with someone else and eventually just gave up.
They said any other alternative was not supported.
1 reply →
With GDPR you could just send them a formless deletion request.
There are good parts in GDPR for sure.
5 replies →
well there's no law that forces them to make it easy.
27 replies →
Hijacking here to say, literally all you need to get access to someones employment + salary history is their SSN and birthdate.
edit: and a past employer that used this system
Birthdays are extremely easy to get (public record), and I seem to recall a specific large organization leaking a bunch of SSN's not too long ago.......
Unless you are very young (read: born after 2011) your SSN can be trivially brute forced if an attacker knows where and when you were born, because those details were (before 2011) mapped onto 5 of the 9 digits in an SSN.
11 replies →
It seems crazy to allow a large organization like that to continue operation after such an egregious error, especially if their business is centered around a bunch of personal information.
51 replies →
SSNs are generated by a not very secret algorithm. They were explicitly designed to be public information.
You don't need a data leak to get someone's SSN.
Also, malicious actors are almost never targeting you specifically. It is enough for them to
1) choose a birthdate
2) generate all SSNs associated with that birthdate
3) get all employment/salary histories accessible with that info.
4) scan the list for interesting tagets
5) ...
6) profit
And you'd need to know a past employer, right? I couldn't seem to find a way to get access to the info without inputting an employer first.
3 replies →
Or send them a CCPA data deletion request: https://yourdigitalrights.org/d/equifax.com. This will generate a request email. You can then change the wordings to indicate that you are interested in deleting your salary history data.
Disclaimer: I'm one of the creators of YourDigitalRights.org.
What are the potential ramifications for submitting a request on your site when you don't have residency in one of the listed areas?
1 reply →
Great site, I just used your service to email "Right to Access Request (Section 110 of the CCPA)" to Equifax.
Question / suggestion -- Have you considered monetizing by allowing lawyers specializing in CCPA / consumer privacy issues to advertise on your site?
1 reply →
Nice site. You should probably update it for Brexit though. There are two GDPRs, for now.
1 reply →
But, I didn't opt in for them to have this information about me to begin with.
>But, I didn't opt in for them to have this information about me to begin with.
Everyone is up in arms about Facebook and Google collecting our information... meanwhile credit bureaus are sitting in the shadows giggling to themselves
9 replies →
You don't need to. Your employer can give this info to whoever they want, and many give this data to Equifax or one of the other credit agencies.
Also, you might give your bank employment details, and your bank will most likely send that info to a credit agency as well.
There's not much of an escape.
21 replies →
theworknumber.com is yet another symptom of a much larger problem in that it is currently impractical for a regular person to enforce their rights via the court system.
According to Peter Thiel “If you’re a single-digit millionaire like Hulk Hogan, you have no effective access to our legal system...” https://theintercept.com/2016/10/31/trump-fan-peter-thiel-sa... So never-mind the non-millionaires.
However it is really nice to see efforts by some regular people out there setting up services such as https://yourdigitalrights.org which is the service I just used to request my information from Equifax. It will be interesting to see what comes of it. I suppose if they do not respond in 45 days I'll file a complaint with the CA Attorney General to put yet another ping regarding Equifax on their radar. https://oag.ca.gov/contact/consumer-complaint-against-busine...
This shows that ultimately it is the regular people who drive progress, while the powerful and the wealthy just take credit for it.
Ultimately United States will transition to European-style privacy laws when it comes to private information like income and these credit agencies will be abolished, but the way to get there is for the regular non-millionaire people to exercise whatever "rights" they kinda have to ultimately get these annoyances shut down.
So a new company you are joining can easily verify your current salary with your ssn & dob. Right? They have your history of employers from your resume already.
2 replies →
Just also want to point out that freezing might result in certain parties that you do want to verify your employment from being able to do so.
If you're in the process of buying a house, you might want to hold off on this freeze until your mortgage has been approved. Might be true if you re refinancing or buying some else that requires a significant loan.
I'm not entirely sure if what I've stated above is true, but I've had to use theworknumber in the past when going through the mortgage process.
What are the consequences of doing this? What conclusion do HR departments draw about a person who freezes their employment information?
Are there other agencies we have to do this for as well?
I checked earlier today and yep, my employer is selling my data and future earnings potential to the company that is infamous for poor data security.
A confounding factor is that as a hiring manager, and at least for all the hiring decisions I have been involved in, I know we did not use this to check candidates. So what's the upside?
EDIT: ADP Workforcenow appears to do this automatically. I'm curious to find out if anyone in our company even knows it is happening. I will find out soon enough, as this is definitely a hill to die on.
I've seen how this works before, and what happens is all the companies submit their data to equifax, equifax then goes and creates a set of "profiles" for example "Junior software engineer", take all the data for employees with software engineer related titles and less than 3 years of experience, remove outliers and sell the result to employers as "salary band information". The result is that your employer gets a number saying "Junior software engineers in X location earn from 80,000 to 110,000" and that's used by your HR team to ensure that you don't drive up salaries by over offering. The role of equifax in this is to act as a level of protection, because the actual resultant behaviour is all the software companies working as a cartel to limit employee wages.
We rarely hear, it has been said, of the combinations of masters, though frequently of those of workmen. But whoever imagines, upon this account, that masters rarely combine, is as ignorant of the world as of the subject. Masters are always and everywhere in a sort of tacit, but constant and uniform combination, not to raise the wages of labour above their actual rate. . . We seldom, indeed, hear of this combination, because it is the usual, and one may say, the natural state of things, which nobody ever hears of.
- Adam Smith, The Wealth of Nations
Pave (https://www.pave.com/) is another startup doing this
I worked in a two person company last year where I ran payroll with ADP.
It's there for me too, and I don't recall opt in permission on this.
Just to add another data point, our startup uses Gusto and my salary isn't in the data. My old salary from Google (which I think used ADP) is though.
"Do you agree to allow your data to be shared with 3rd parties as necessary to provide you with the best service possible?"
[races off to something much worse than you imagined with your data]
Three-person company here. We do our own payroll, using Quickbooks (not their payroll processing service, just Quickbooks the desktop application). We have employees in two states.
2 replies →
you know, I spoke with a company not too long ago and they gave me an offer that was 30% lower than what I currently make. The gap was entirely due to not accounting for public company RSU grants (that I had already mentioned)
In hindsight I wouldn't be surprised if their department used this tool to check my current cash income and automatically generated an offer. I wouldn't trust this data for much, and I can almost guarantee that someone in HR/Finance thinks their clever for using it.
The report tells you in the last 24 months who has looked at this info, so you could check that.
2 replies →
Equifax is the Dow Jones Chemical of the data world. They have a tendency to mess up catastrophically yet they keep surviving by some miracle!
Ask HR how you should verify your employment and salary for a mortgage application. I know my company intentionally shares since they ask you to use the work number to send a verification to the lender.
The whole "verify your salary with employer" process is BS. Lenders can verify income by requesting your tax returns, and N recent pay stubs (source: I own my employer and have verified income this way, since obviously they are not going to call myself up and ask me to verify my own income). This is only about reducing their verification costs. If there needs to be a giant database of everyone's income, the government should run it, and they already have the data.
12 replies →
Yeah, I used the work number thing to verify my salary for my mortgage.
3 replies →
Great idea!
We had some schmuck HR consultant come in to a startup I was previously working for and their primary job duty was implementing ADP.
Glad to know they chose a product that involuntarily sold out my HR information.
Very interesting, I didn't expect the accuracy and detail in this data.
All of my pay from Intel, Google, Facebook is in here. Qualcomm apparently did not report.
Also, Google (my latest employer) pulled the data just before I started working, after giving me an offer. My credit card company pulls the data every month, sometimes 2-3 times per month. Several mortgage originators have also pulled the data even though I have not gotten a mortgage (I probably filled out a form on their website).
I guess I'm okay with credit card companies monitoring this, but I'm not sure I am okay with potential employers having access to this. Is it even legal in California for them to read this information? Maybe it was legal at the time but not any more?
> I'm okay with credit card companies monitoring this
I'm not. If they want to know, they can ask me for a paystub.
Credit card companies do ask for permission to pull financial information from brokers when you sign up.
8 replies →
If they pulled salary info after making an offer, then this is likely qualified as verification of data that prospective employee submitted. They can probably revoke that offer if one provided misleading info during application.
That's some shady behavior though. The whole point of the law is to prevent companies from penalizing employees based on prior salaries. Wouldn't be surprising if Google was finding excuses to retract offers based on seeing that they "overbid" on someone's comp. If anyone has had suspicious stuff like this happen, it sounds like it'd make a great lawsuit.
Would be nice if some journalist(s) made a big stink out of Google finding a loophole in this employee protection law.
4 replies →
Does the system not ask for SSN to pull this data? If yes, how did Google get your SSN?
Disc: Googler.
At the very least you need to provide proof of your SSN before you start employment in the US (as a US citizen at least). This is required for your social security benefits and some tax info. I believe in most states you actually have to physically show your social security card on the first day of employment now too.
8 replies →
Pretty sure Google needs your SSN to be employed at the company. Whole I-9 form, withholding taxes, giving you a W2 and all that jazz...
1 reply →
Google asks for SSN for background checks and whatnot.
3 replies →
IIRC Google requests SSN data for all applicants ahead of interview.
4 replies →
LOL. Google knows your SSN. They know everybody's SSN.
1 reply →
Does the data contain start and end dates for each employer?
Yes it does.
Can confirm it is 100% correct. Employed in Washington and California. All numbers were correct for the ones I cared about - more or less. They missed three jobs and the dates were fucked up for a few - but is pretty upsetting. Definitely should be illegal.
They even had pay period dates and everything for my current job. Including dates I was doing 401k. Like - what the fuck - why is my employer selling that information? It's a big tech company, of course. You could even see when my RSUs were vesting. The hell!
Funny enough - the only ones who have been looking at my data are Credit Karma. Maybe I should delete my account with them - lol. I use them for taxes because they are free.
"It's 100% correct, except for the errors"
Yeah - true. I could’ve corrected it to say - “100% correct about the shit I care about” but I figured someone would get a laugh out of someone replying with this kind of comment. Enjoy your upvotes.
I now better understand how Credit Karma can offer a free product.
Credit Karma's business model isn't somehow secret, they are very much upfront about it - https://support.creditkarma.com/s/article/Is-Credit-Karma-re...
They display ads for credit cards and other financial products on their site. They use your personal information to target specific financial products to you. Your credit karma ads are personalized.
I just wish I got better credit card offers from them; I haven't found any product they've advertised to be particularly enticing.
2 replies →
Employers are outsourcing what should be an internal HR function of employment verification. Except in specific cases regarding government contractors, there is no legal requirement for employers to provide this data to a third party like TWN.
A few years ago there was a startup called Paysa. You searched by employer and it showed you the salaries of each job title. My company was small enough that it made it easy to see the salary of many of my employees. We did not initially understand where that data came from. I did not leak it. We put together that each leaked salary was of someone who had recently applied for a mortgage or auto loan.
Read the fine print next time you attach a paystub to a loan application. They are likely selling your data to aggregators.
What are my options though? I can't opt out of them selling my data, can I?
You might be able to pick a lender who does not sell your data. I have no idea.
I hope Zero Knowledge proofs become widespread over the next decade to prevent having to give companies your data. With them you'll be able to prove you earn over X amount without actually letting them know what you earn.
While I share the hope for such technologies (and hopefully some form of complete digital personal ID system in the same vein), that would require government mandates, which I think will be unlikely considering we can’t even get major investments for climate change, because the companies collecting this data benefit from it, and almost certainly won’t give it up willingly.
What is the impact of this to me personally?
It depends on how you feel about others knowing your income. Many people are very unhappy to have such information leaked.
Salaries are not a secret.
Ergo, as employees... Share your salaries.
Knowledge is power and if the only entities that have power from knowing salaries are your employers then you have no power.
And for people hiring, make hiring decisions that are defensible, equal, and would survive full transparency. Act as if every employee is already sharing salary info, for if they aren't today they will be soon.
Fully agree, but selling information to a for-profit company behind people's backs is not the way to ensure transparency.
Agreed. This information is more dangerous to companies than it is to employees.
If people figured out a way to get this same information for their colleagues to use for salary negotiation, companies would likely stop contributing the data.
Note that QuickBooks will now contribute to this data unless an employer explicitly opts out. I had to bring it to my employer's attention when they first rolled it out. Most small businesses that use QuickBooks won't have heard of it and will be contributing salary data by default.
https://quickbooks.intuit.com/learn-support/en-us/help-artic...
Straight from your link.
"No data is shared unless your employees specifically request it to be shared, usually as part of an application process for loans, credit, or public aid, or in response to a permissible purpose under the Fair Credit Reporting Act (“FCRA”), such as a court order."
I read that the first time as "no data is shared with verifiers", rather than "no data is shared with Equifax", but on a closer reading I believe you're correct: the data stays with QuickBooks until Equifax receives a request and they forward that request to QuickBooks. So they're not shipping data to Equifax en masse.
That somewhat mitigates the concerns of data being lost in another Equifax data breach assuming that Equifax only fulfills requests from verifiers that have received my express consent, and assuming that consent doesn't become mandatory for employment (which is the subject of the larger discussion on this thread).
I've used this before as an employee. While it may also be a bulk dataset of employment information (which any HRS or payroll provider would have), the ostensible use of this solution is, to quote their homepage, "credentialed verifiers with permissible purpose access to income and employment data".
Key words there are credentialed and permissible purpose.
In other words, it's an automated way for me as an employee to have my employer verify my employment and/or salary information—not necessarily both—without having to hunt down someone in HR. This is particularly useful for previous companies where I no longer have access to internal systems.
I have used it most commonly for mortgage applications.
I can log in and generate a one-time or limited-use code to provide access, and select which data I want to provide access to. I then provide that key to the third party, who verifies with Equifax.
I think the issue is - do companies who give them information also get access to it for people outside their org
Others have wrote this in the thread, but anecdotally I once tried to push up what I considered a low ball offer, and lied about my current comp. HR quickly said - no, thats not your current comp
I'm pretty sure they didn't reach out to my current company to ask, so the only other option was abusing a system like this
I very much doubt it. The "Salary data is for sale" title is misleading; There's no way for me to go pay Equifax for access to u/shmatt's data. They might have some aggregate datasets for sale, removing PII.
The same goes for credit data; you (largely) can't run a credit check on me without my permission.
This is an HR service to ease the burden of legitimate requests for employment or salary data that you, as an employee, request.
More logically, employers wouldn't want other companies to be able to access their payroll information for competitive reasons.
I can't explain your previous experience; perhaps you were at a company with firm pay bands, and they knew you were already at the top of your current one?
5 replies →
without having to hunt down someone in HR
When I worked for UPS they specifically told me there was absolutely no way that HR would verify salary/employment over the phone for mortgage applications and the only way to do it was via theworknumber.com. UPS has ~500,000 employees so you can understand why they'd want to offload this work to a third party. I was working with a smaller mortgage company so they grumbled about having to do it this non-traditional way but it all worked out in the end.
How does this work in California given that employers cannot ask for a candidate's salary even through an agent? Does this not qualify?
Effective January 1, 2018, Labor Code section 432.3 prohibits an employer from, either orally or in writing, personally or through an agent, asking any information concerning an applicant’s salary history information, which includes compensation as well as benefits. [1]
[1] https://www.dir.ca.gov/dlse/california_equal_pay_act.htm
It appears to be even more restrictive then that: https://leginfo.legislature.ca.gov/faces/codes_displaySectio...
> An employer shall not rely on the salary history information of an applicant for employment as a factor in determining whether to offer employment to an applicant or what salary to offer an applicant.
That being said, how do you enforce a provision like that in the face of every company having all information on every candidate, seeing that mind reading hasn't been invented yet.
Won’t eqifax tell you if someone requests the data therefore you can tell if the law is violated
4 replies →
Oh, interesting, thanks! And now I wonder if this includes compensation besides salary.
2 replies →
It appears you might be able to have this information deleted if you’re a California resident and the CCPA protects your data rights:
https://myprivacy.equifax.com/personal-info
I’m not a California resident. Can someone who is try and report back? Sounds like a follow up blog post/instructional tutorial is needed if it works, and calls to state and local reps that this should be opt in.
thanks for sharing
Would equifax be the agent in this case?
That's one possibility I'm wondering about, I don't know.
If people are upset their employers are selling this information to Equifax, you know it would be a fantastic thing that an organized bargaining unit of all your fellow coworkers could demand your employer cease. Might be time to start talking to coworkers about this and many other things that upset you about your employer.
Or perhaps since your "private" salary data seems to be getting shared with anyone, why not just embrace it? Start sharing it with all your colleagues?
This. I think as I re-do my website, I'm adding my current salary next to my current position. Seems about the right thing to do.
Employer 1: Salary only. None of my bonuses or RSUs are included. Bonuses were over half my comp. RSUs were higher than salary at least one year.
Employer 2: Salary and bonus only (large tech co; over half my comp is rsus).
Employer 3: totally wrong.
On the plus side, I now understand why I've occasionally been low-balled and then called a liar when I explain why the offer isn't compelling...
That's a feature though. Who wants to work somewhere like that?
Wowwww. I was really reticent to give them the info to log in, and still not sure it was a good idea (although they have it anyway...), but it's interesting -- they have my current TC exact, RSUs and everything...and that little instruction line about how to garnish wages really gives you the feels...
Even better, the mystery of why a mortgage lender randomly asked me about my employment history from over two decades ago (i.e., working for my Mom!) is now solved! I was like, "How do you know I worked for my Mom in the 90s? And of all the jobs to ask about, why this?" Turns out only three employers show up over multiple decades of employment.
Happy to see that the payroll processor I used for awhile for our personal companies until I started doing it myself didn't share our data, but am now really worried about future control of it.
> Happy to see that the payroll processor I used for awhile for our personal companies until I started doing it myself didn't share our data, but am now really worried about future control of it.
Is there a way to find out which payroll processors or large companies report salary information to Equifax? Elsewhere in this thread people have mentioned that ADP, Intel, Google, and Facebook report, Qualcomm apparently does not… I would love to have a more complete list.
Me, too. But I do think, as others have mentioned, Intuit is definitely sharing data — my mother and I used the same payroll processor and my company payroll isn’t there (I don’t use QuickBooks).
For those curious, I requested my Employment Data Report. Here's what was in it:
Pages 1-2:
Pages 3-17:
Snippet about freezing:
When I fill out the form I get:
> We've encountered an error Sorry, this service is not currently offered to residents of your state. If you need further assistance, you can call Customer Care at (866) 295-6801. Customer Care is available 8 a.m. to midnight (ET), 7 days a week.
My state being Georgia.
How did you request the report?
https://myprivacy.equifax.com/personal-info
I find the EU approach so much better. Your personal data (which means anything that can be used to uniquely identify you as a person) is your property, and the default is "no permission to use".
Yeah. Information should be a massive liability. The more they know, the more it should cost them. These companies should be scrambling to forget everything about us before we're even out the door, not amassing information into huge dossiers to sell to the highest bidder. The unapologetic audacity of these people never fails to impress me.
GDPR has a major problem though. It allows use of data for "legitimate" purposes. Of course, all of these businesses think of themselves and everything they're doing as perfectly legitimate. I wouldn't be surprised if some lobbyist worked that loophole in.
> Of course, all of these businesses think of themselves and everything they're doing as perfectly legitimate.
That wouldn't be a major issue if privacy authorities actually a) acted on complaints in a timely manner, b) issued the "effective, proportionate and dissuasive" fines that the law requires.
Most importantly, I believe some DPAs have already stated that "legitimate interest" cannot justify online advertisement. Now they "just" need to take a snapshot of the most popular 10000 websites in their country, then start issuing fines.
That's presumably the default in the US too, but the workaround is for companies to have you agree to some fine print, which nobody reads. When you request a mortgage quote, submit a job application, submit a credit card application, etc., they just bury in there "you're agreeing give us permission to use your SSN to verify the information you've given" and they're golden.
The only way around would be some regulation like GDPR, but then we end up with something like cookie banners that are only annoying and don't give you a reasonable option to opt out. Just like if you want to get a mortgage, you can't opt out if every single lender does it.
In Germany we have our own data kraken though. See Schufa. Even with GDPR you're basically forced to hand data over to them.
That's a view through rose-colored glasses, GDPR isn't that powerful (and it only applies to user-supplied data, not all personal data). As a relevant example, in Sweden your taxable income is public information.
> As a relevant example, in Sweden your taxable income is public information.
Same in Norway. However taxable income does not equal salary. And at least in Norway, you can log in and see who requested the tax data about you, and companies can't mine this data.
The main problem with GDPR is that it is hard to enforce because the enforcing authorities are overworked, focusing on the wrong things, and bogging themselves down in their own bureaucracy.
> only applies to user-supplied data, not all personal data
I don't believe this is correct: https://gdpr-info.eu/art-4-gdpr/
Maybe you're confusing this with the different lawful grounds for processing, and the fact that consent has quite strict requirements but there are other lawful grounds that don't require consent? https://gdpr-info.eu/art-6-gdpr/
> in Sweden your taxable income is public information.
GDPR protects against automated personal data processing, not against publishing of public - by the law - data.
I pulled my own data. Hilariously, it includes my 3 years at reddit with the official title "JavaScript Apologist", which is what I wrote for myself on the about page when I was developing it.
How hard was it to pull your own data? What are they looking for to validate you are you?
Legal name, SSN, birth date, address, phone number, username + password (with like 7 requirements)
Yet again SSN being used as the only real hidden data.
It’s hilarious that companies try to stop you from discussing your salary but at the same time they will give it away for free to a shady company.
Yes, this is completely not okay.
This is not okay.
Meanwhile in Norway, every citizen can check the income, wealth, and taxes statements of other citizens and companies.
https://www.skatteetaten.no/en/forms/search-the-tax-lists/
Which is fine. The problem is asymmetric information. Employers have access to this data, but employees don't.
Interesting to read about the Norway's system! I would guess that "If you search for anyone, they can see that you did" is pretty fair but can hinder one's curiosity for searching the information.
Also interesting that public lists for media is no longer distributed. How have media outlets taken this?
Here in Finland Tax office publishes lists of all over 100k earners to media and they are published as public lists online [0]. In addition to that, anyone's income information can be accessed at tax offices or by phone, so this does not leave a trace [1].
After GDPR, one is allowed to prevent one's information to be released to media by objecting to this. However media can still access and release your data via phone or tax office's computer [2] and in 2021 media outlets won a case in Administrative Court where they can also get a list of those who objected [3]. So basically after tax records go public, journalists just take this list and make the calls.
But yeah, as SP mentioned, this is very different approach than in the link of this thread.
[0]: (in Finnish) https://www.is.fi/verotiedot/
[1]: https://www.vero.fi/en/About-us/finnish-tax-administration/d...
[2]: https://www.vero.fi/en/About-us/finnish-tax-administration/d...
[3]: https://yle.fi/news/3-11893060
In Norway if someone looks up your income you can see who did it since they need to login with an approved ID system linked to your social security number. So i practice most people do not look up other people they know.
2 replies →
> Also interesting that public lists for media is no longer distributed. How have media outlets taken this?
Media is free to write about, and have searchable lists, for parts of the info. Typically something that is of "public interest", e.g the highest earners.
The rules behind this I believe is a bit vague. I read up on the legal text for this now, and it basically states that they can get access to the lists as long as they sign an agreement where they, among other things, need to promise not to publish the full list.
1 reply →
if this is really that - this is clearly evidence of collusion amongst employers with indirect pressure on them to keep salalries at a certain level
Exactly this. There's a reason using past salary history in employment is illegal in California.
Though you should know that doesn’t stop interviewers from asking.
1 reply →
It's a b2b co., this is how they appeal to their clients. This is their product.
Not all commerce should exist
1 reply →
Are there equivalent services that broker data of citizens in other countries? As a non-American, my layperson understanding of American legislation is that it's extremely lax when it comes to protecting individuals from privacy invasions like this. Is anyone aware of laws in the EU/Canada/Australia that would prevent this kind of thing happening?
i've never seen this in Canada but even in the U.S., I don't think it's being misused the way that people are suggesting here.
I have referred thousands of callers to TheWorkNumber (and competitors like 'Thomas and Company') in my years working at a call centre and the reason is always the same: income verification for somebody who needs to get approved for a mortgage loan application or something else like that.
I don't actually see any suggestion that the salary data is being "sold" per se rather than just being used for legitimate income verification purposes
From what I read in EU the pay is considered personal information and is thus is protected by GDPR. If your employer wanted to share it with 3rd party for something like this, he would need your explicit approval for it.
Exactly this, plus you'd have the right at any time to inspect your own data, or withdraw permissions at any time.
I think in Sweden all tax returns are public.
Not just Equifax.
There are any number of consultancies that collect salary (and other compensation/benefits) data from many companies and then share that information with all their clients.
It's used as a method of putting downward pressure on salaries without explicitly colluding.
Isn't distributed collusion just collusion by another name? I keep hearing the argument that you can't trick the law by technological means. This seems to be an attempt at doing that.
For those who are surprised/outraged from a privacy perspective- the employment verification/background check/etc space is very VC hot. YC and its affiliates are surely investors in some players in this space? Maybe https://www.ycombinator.com/companies/checkr ?
> * Who has accessed the report in the past 24 months
so now your current and future employers can see if you've been talking to other companies? that's... wrong.
Wait can other parties see the view count too?
finally got in. that's unclear, it might just be for you. i'll have to ask an hr friend.
1 reply →
It sucks but no company would do a serious background check unless they already gave you an offer (which probably means you are out the door, so it’s irrelevant).
I'm glad to see this here. I found out about this from the employee side when I was asked to interact with the site, and when I dug deeper was shocked with what I saw.
I've been telling friends/colleagues but many didn't honestly believe me.
After I found out about this, I noticed a pattern in new jobs - they always knew exactly what offer to make me that was about 10% higher than my current salary. I mean, the offers were like clockwork. I strongly feel prospective employers were using this information to decide on what offer to make.
I can summarize my feelings about this pretty succinctly.... this is not ok.
How is this even legal? How do we make this no longer possible? It seems like we need a new law to stop this unapproved sharing.
Did we ever agree to this?
Your employer sold the data to equifax. There's no law that makes your income a secret. I agree it's ridiculous.
Hold the phone. Your employer PAID Equifax (Talx) to take this data off their hands.
source: me, having read the contract at megacap tech firm
In India there is National Skills Registry (NSR) by NASSCOM. Member companies require potential candidates to register and provide the registration number. This is then used by HR at member companies to track you around.
The best part is that in this case, it is the employees that pay for this, and that too as an yearly subscription! https://nationalskillsregistry.com/free-structure.htm
Finally, one of the cofounders of NASSCOM is Nandan Nilekani, the same guy who's the mastermind behind India's bio-metric surveillance program (my words) - Aadhar. Not surprising at all.
That last link says that data is exempt from CCPA.
> The Work Number® database is subject to the Fair Credit Reporting Act (FCRA)
> Data that is regulated by the FCRA, as well as data used for employment purposes, is exempt from the CCPA.
Isn't this basically just federal law overriding state law?
That sounds wrong. TWN having this data is not a condition of my employment.
Correct. There's no legal requirement to give salary data or any employment data to a private third party CRA.
Oh wow, this is a total outrage. Details have been shared for about 80% of my previous employment, and many of those employers listed details on a per-pay period basis.
They even include my net pay after voluntary deductions, such as 401k!
In California it’s illegal for a company to use historic salary info for a hiring or salary decision[1], so who is equifax trying to sell to in CA? This seems like a very grey legal area where the obvious use for the data is illegal.
[1]: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...
The law (paraphrased for brevity): It’s illegal to use salary history of an applicant to inform the hiring decision or salary offer of an applicant.
Whether there’s any value to the data depends on whether the “applicant” is the same human under the law. If I’m using the data to understand the market curve for a position, and to use that curve to inform my offer to all applicants, I’d wager that’s okay under the law, even if any specific applicant’s data is among the thousands of data points that went into that curve.
Let’s assume a good faith effort here, rather than a company trying to use tortured logic “we’re just trying to understand the salary curve for an SWE with SSN xxx-xx-xxxx”, that they’re trying to understand their local market and that specific SWE is 1 of 50,000 in the dataset and then happens to apply. I think that’s okay (both legally and morally).
Can you buy a dataset for your entire company and publish it internally as a fuckyou to whoever disclosed it, or is it a b2b thing?
When I looked mine up I could see just about every job I’ve ever had. It also showed who pulled this report over the past 24 months. I see that my credit card companies pulled it, a background check company that my current job used, and also some random “TEST Batch Account” whatever that is.
SSN + DOB and you can find out how much money I made on my w2 for many years of my life. Nice.
I am debating on doing a ccpa delete on this data. I wonder if future employers will give me a hard time when negotiating pay if they can’t verify my salary this way? Also, will I have to delete it every time that an employer sends them this data? Awesome.
I noticed that TEST Batch account and got a little concerned. Credit Karma is also polling my data monthly it seems. I don't like this one bit.
Did something change recently or did someone just notice this? Verification of employment/income is standard practice in many finance-related fields, and is required to get a mortgage in the US, for example. My company integrates with TheWorkNumber to provide that feature through our app. I can see why people are sketched out by not knowing this was happening, but as someone else said your pay rate is not _really_ private info. I care less about this than I do the credit agencies that have a full record of all of your credit activity, despite definitely not wanting them to have that info.
It looks like creditkarma loves, loves, loves to check this data. Except for the bank holding my mortgage only credit karma has checked it. I'm OK with the bank checking, if this system exists clearly bank handing out 1 million should be allowed to access it (my preferred outcome would be the system did not exist, or if it did be run by the government who already have all the data.
It's not just you -- CreditKarma checked my credit monthly for a long time in 2019-2020, until I changed addresses. I have never used a CK product. Obviously it's too late now to do anything about it but the existence of this site and the fact that Equifax is still in business makes me incredibly irritated.
A lot of consumer banking products have CreditKarma integration by default as a perk or for your "convenience". Digging through one of my checking account's apps shows that there are credit score previews with a button to activate CreditKarma and receive detailed credit breakdowns. I'm guessing that credit preview is provided by CK and not my bank, given the CK branding.
"To log in, enter your SSN, date of birth, home address, and" <closes tab>
No way, no how.
Regardless on if you enter it in this web form, Equifax has already lost your SSN in a data breach.
I dutifully entered everything they asked for, because, you know, they're Equifax and they undoubtedly have it already. Then they said I needed a "verification code" and gave me the option of half a dozen phone numbers and email addresses to choose from... none of which remotely resembled anything I've ever had (the email addresses all contained my surname and appeared to be randomly generated).
When I clicked the "none of these work for me" link at the bottom, I was presented with:
"Sorry, We are unable to log you in.
Your account is temporarily disabled. Accounts may be disabled when you attempt to log in with incorrect information or fail to complete a security challenge."
Same here. Great. I wonder what other lies they believe about me.
On the one hand, I'm probably glad the data is shit? But on the other hand, folks consuming the data might not understand that.
2 replies →
This happened to me as well. bunch of random @yahoo addresses (I don't have one of those) and rando phone numbers, none of which were mine. Welp.... who knows wtf they have in there then, I guess.
2 replies →
For me, the domain at the end of the email it wanted to send a verification code to seemed to belong to my company.
You entered data in a pop-up frame - how are you confident it is Equifax that you were providing your SS and birthday ?
Same problem here, really shows how good their security and data gathering is.
Also me with this issue.
They already have that info.
In fact, they already hired a music major CISO who leaked all that data in a stunning display of executive incompetence.
None of that information should be considered private any longer, if it ever really was.
1 reply →
When?
14 replies →
Might as well do it so you can freeze it, they already have the info
Can a prospective employee use this data to gain an advantage in salary negotiations? If not, then this doesn’t seem fair at all.
No, Equifax does not share companies' payroll data with job applicants or employees. Only companies have access to salary and employment data.
Why on earth would employers be motivated to sell this data or provide consent to their payroll processors to disclose it?
What's in it for them? I can't imagine the per-employee revenue it brings in would be anywhere near the same magnitude of order as the FTE cost. So it's a drop in the bucket to their bottom line.
Meanwhile the reputational risk and PR blowback once found out could be severe (I certainly would never work for such a shady or ignorant outfit).
Lots of companies give the information away in return for reliable information about market salary rates. I'm not sure why they'd need to provide such detailed information, and why they'd give it to Equifax.
It saves HR a lot of time when their employees need employment verification for loans, apartment leases, etc.
Wow, this is completely accurate. Has temp working job on college campus, information from when I was at Microsoft and Google. Interesting from Microsoft it just contains my base salary and cash bonus, but Google has base salary, cash bonus, and RSU grants as "Other Income".
I have a distaste for the credit reporting system because of (a) the flagrant security lapses and (b) I still don’t understand why “identity theft” is somehow my problem when I am neither the fraudster nor the defrauded party.
What’s the strongest argument in favor of credit reporting agencies? If we got rid of them would borrowing money become so difficult or expensive that we’d regret what we wished for?
Someone told me they are illegal in many countries and that they are mainly a us/uk thing (may have been a European centric view).. not sure how accurate that is.
Edit: seems lots of places have them but they differ a bit, some only showing missed payments:
https://www.businessinsider.in/slideshows/miscellaneous/many...
The details of how it works and what exactly is legal differ country to country, and I wouldn't be surprised if there are countries where they are not really a thing, but they are not just a US/UK thing. (e.g. here in Germany many landlords will have you submit a score document from the primary credit rating agency with your application for a flat)
> What’s the strongest argument in favor of credit reporting agencies? If we got rid of them would borrowing money become so difficult or expensive that we’d regret what we wished for?
Before Credit Ratings Agencies, most people just couldn't get credit. They could bring a letter from their pastor to the bank and hope for the best. There was also a lot of racial bias in the process: https://www.reddit.com/r/WhitePeopleTwitter/comments/rjn7uf/...
> According to my way older relatives, as in from the 1920s to the 1960s, most people didn't have access to credit. My family comes from the midwest. Poor and middle class white people at least...paid cash for almost everything. If you made enough money and seemed clean enough and had a letter from your pastor you could get a mortgage with 10-15 year term on it. Most of my family that lived in the cities back then were in their 30s-40s when they got their first homes, and lived among people just like them. Banks would not give them enough money to buy a house in the rich neighborhoods, only the middle class union people neighborhoods for white people.
> The ones who lived on the farms? Someone somewhere up the family tree paid cash after working on someone else's farm for awhile and bought their own land, and passed it down, and there was no credit involved. If they needed credit for things they could get on the ledger at the local general store. That was about it.
> People who were not rich did not have credit like people do now. They paid cash for everything. Banks would not lend money to poor or middle class people except for houses, and you had to have like 30% down and the terms were, as mentioned, 10-15 years tops.
> My Boomer parents have told me over and over again, that until the 1990s people didn't use credit like they do now. You just didn't. If you could not afford to pay for something you did without. My parents first car loan, which they only got when my dad re-enlisted in the military, had like an 18% interest rate and my parents had to put 20% down. My dad had to show his papers from the military and his paystubs from the military. And several dealerships turned them down. This was the early 1980s.
Apparently other countries do fine without it, though.
What the fudge. It has the health plan info for me, my wife, and my daughter on the report? This is not okay.
I kinda thought all 3 of my offers during my recent job change were suspiciously close. Now I know why, as all 3 employers requested it. Fuck everything about this.
A few jobs are missing, but the most recent (and therefore most relevant) is correct.
Learning that this website exists, and then finding detailed and accurate information in my record is what convinced me to start sharing my salary data with my peers.
As I see it, this database is a breach of an implicit social contract between me and the companies that I work for. Since my employers apparently have no issues sharing my salary with their peers, I see no reason not to do the same with my peers.
This kind of belies every company's excuse for not having comp transparency - that it's proprietary information they don't want competitors to know. Not only do they share these details on specific employees, they also provide percentile data to HR consultancies that use that to help set salary bands. Ever wonder when a company says they pay X% of market? They know that because everyone is sharing this info and they're doing it too.
No, it doesn't. Because comp transparency is within a company. And this is outside a company. Think about the venn diagram of participants.
1 reply →
So.... how much do you make?
$200/hr as a full time ML consultant.
Contracting is interesting. You make more, but there’s more downside. No sick days.
Though the last 3 month contract was kind enough to calculate the start and end dates to be exactly 12 work weeks (60 work days, skipping holidays) which was a nice Jedi mind trick. I still don’t get paid for Christmas, but somehow it doesn’t feel like I’m losing a day since the end date was extended by a day to compensate. But of course that only makes sense if you don’t think too carefully about it. :)
I dunno. It’s stressful but I like the freedom. But you live with a sword over your head; salaried employees don’t.
Plus now my salary isn’t in a database somewhere since it’s not salary. blows raspberry
8 replies →
I'd be in favor of salary sharing in this sub-thread:
$155k base $145k/year RSUs (2021); $175k RSUs (2022 est)
"Senior" SRE in SF 3.5 YEO, 3.5 years at current company
2 replies →
If all employees share their salary information with each other, it becomes a headache for the employer. Each employee may quote the other person's salary demanding a raise.
This is the reason behind the "keep your data confidential" idea.
I don't disagree with this. My experience though is that a more common reason it is a headache for some managers if their reports are sharing salary information is that they don't know how to have a conversation with someone about their performance. In particular their less than great performance.
So employee B comes in and says, "Hey employee A makes 15% more than I do and we have the same job! I even have more experience!" And the manager rates employee A's performance above employee B's so the salary is "appropriate" considering their relative productivity.
The problem comes in when the manager can't have an honest conversation with B to tell them this, and instead in their review gives them lots of happy talk and makes some sorry excuse for the small raise (or no raise!) saying something like "It has been a tough year and even I didn't get the raise I had hoped for! I really went to bat for you but nothing I could do could move them on available compensation." When, in fact, that is a lie and the employee is just being gaslighted because the employee would be mad and upset if they told them the "truth."
A good manager tells their reports what is expected of them and how it is measured so that when review time comes they are both on the same page when it comes to their pay. It also helps with making actionable plans to improve.
Sadly, there are a LOT of crappy managers out there.
10 replies →
> This is the reason behind the "keep your data confidential" idea.
It's also illegal under the NLRA of 1935. Employees talking about working conditions, like compensation, is a legally protected act whether it's on employer time or not.
4 replies →
As freelancer I was bringing up the discussion with my peers at a company about the amount we were getting paid.
Recruitment kind of worked like the following: the company that we were all employed at just paid a fixed amount per freelance developer. And the developers all got contracted through a preferred supplier. For development jobs the amount per hour for a freelancer was capped at around 90 EUR. The preferred supplier wanted to get at least 10 EUR per hour, so this meant the maximum a dev could earn was around 80 EUR per hour.
However often other recruitment companies would place developers at the preferred supplier, so they wanted a share of the cut as well.
One dev had the preferred supplier and 2 recruitment companies between himself and the company we worked at, so he earned only 55 EUR an hour.
Once we realised that for the employer it didn't really matter how much people earned, as long as it was no more than the hourly rate the company was willing to pay, all of us increased our rates at the next term, at the cost of the middlemen of course.
However, the recruitment company that hired me told me I could get one final raise, but I was forbidden to discuss remuneration in the future with my peers at this company.
Not sharing you salary is only beneficial to your employer.
And yes, the ability for one person say “I am doing the same work as this other person, but am receiving 72c to the dollar” is exactly why employers don’t want you sharing.
They don’t want employees to know what their labour is worth.
If all employers share their salary information with each other, it becomes a headache for the employee. Each employer may quote the other employer's salary refusing a raise.
This is the reason behind the "put all the data in a database" idea.
Rare to hear such a direct, strong argument for a union on HN.
4 replies →
And this is bad for the employees how?
In countries where unions exist for everyone on the building, everyone knows what everyone else is earning.
Additionally, in most European countries we don't have a culture of hidding our salaries from each other.
7 replies →
I'm not sure how these go together. No problem sharing to your peers regardless of what your employer shares.
It's implication logic.
Employer sharing your data means you shouldn't think twice about doing the same.
Employer not sharing your data does not necessarily imply you can't.
Many people have an ethical sense that if something is understood to not be done to them they will not do it to others.
It takes a while for people to learn that, with exceptions, companies have never heard of this rule. But it's understandable that people would still feel bad about doing stuff we've been taught all our lives isn't really a good way to be.
Sure, a company isn't your friend, but that doesn't make "betraying trust" in response a nice feeling.
Both my YC backed previous employers have reported me and checked up on me in there before hiring me. My current employer has not. I was able to increase TC just shy of 150k when I jumped my current employer.
I registered and asked for my "Employment Data Report".
Besides showing all my pay data for the past two years (pay period start, pay period end, pay date, hours, and pay for each pay period) as I expected, it also lists everyone who has "procured your data" in the past 24 months.
The inquiries were interesting. Four organizations inquired. One is entirely as I expected, one is expected but the timing is slightly odd, one is maybe expected except they made a lot more inquiries than I would have expected, and one I have no idea what the heck they are doing.
The entirely expected one is my bank. Last year I applied for a home equity line of credit and there is one inquire near the start of that, and one that looks like it was just before they approved the loan.
The expected but odd one is Capital One. I applied for a new credit card from them. The oddity is the inquiry was about a week after I had received and started using the new card. I'd have expected it to be before they approved the application.
The one that is maybe expected except for the number of inquiries is Credit Karma. There are 8 inquiries, about a month apart, from January 2020 through September 2020. The report only goes back to January 2020 so it seems likely they were also inquiring before that. So once a month up until around the time Intuit bought Credit Karma.
The one I have no idea at all about is from the Centers for Medicare and Medicaid Services dba CMS. That's a federal government agency that runs Medicare and works with the states to run Medicaid. I'm not old enough for Medicare and not poor enough for Medicaid and have not applied for any services CMS deals with as far as I know. The inquiry was in October 2020, and I don't recall doing anything unusual related to health at all around then.
Used to work there as a software developer and was somewhat acquainted with the business model. If you're employed and your employer outsources HR functionality to payroll providers (e.g. PayChex, ADP, etc.), there are contractual agreements to provide it to EWS, whose business model is literally more payroll records = $$$ = stock prices go up.
Salary data should be public anyway. Let’s all share ours. I’m currently contracting for $95/hr. My most recent salary was $140k, my most recent contracts besides my current one were a flat rate $24k contract for up to 80 hours and a short term contract for $100/hr. (I obviously like my current contract quite a lot)
the issue really isn't that it shouldn't be public. The issue is this service allows your new company to request your history so they can see your past salary. So you lose 100% of your negotiating power if they know how much you made and you don't know their ceiling.
At the risk of sounding naive and unrealistic, one could say your negotiating power should be based on the value your abilities add to a company. If we'd all share our income, we might create a union type of construction from which we can deduce a fair price for our services.
1 reply →
So let’s make all our comp public. Don’t let them have that negotiation advantage.
How are you earning only $140k annually with a rate of $95/hr? Is it part-time?
Those are two different jobs.
I can't access my own data.
Someone already signed up using my SSN.
Looks like the same thing happened to me, great!
It's a bit of a side tangent but we seriously need to level the playing field when it comes to compensation. levels.fyi has done a lot for tech but there are tons of fields out there that don't have a hope. Someone needs to build a Glassdoor with a monetization model that isn't dependent on the self-same companies paying to advertise or hide reviews, etc.
I recently got started on something for accountants[0] (fun for me because I got to leverage NocoDB[1]), and I'm considering putting together something for everyone (i.e. every industry -- from gardeners to lawyers). Everyone needs to have a levels.fyi or an uncompromised Glassdoor and I can't find one so far. Even just something like camelcamelcamel for similar positions at the same company would be interesting.
[0]: https://nomorepizzaparties.com/
[1]: https://nocodb.com
This site is also another attack on Google Voice and similar numbers. The sign up mysteriously failed when I provided my Google Voice with no explanation. Suddenly worked when I provided my T-Mobile number. I expect more unblockable spam soon.
I loath sites that 'block voip' category services; as if Google Voice hasn't been proven MORE SECURE than T-mobile already.
Websites aren’t blocking VOIP numbers for security reasons, they’re usually blocking them for spam/trust/abuse reasons.
It is easy for someone on the other side of the planet to get a US VOIP number. It’s much harder for them to get a T-Mobile number.
1 reply →
their CDN is omicroncdn.net - cannot make this stuff up
I don't get culture issue, in many countries I lived in never met anyone that had any issue sharing salary data.
In fact, most of them openely discuss such matters.
Never got why in US it is so "pssst, keep it low" when discussing such matters.
This seems to be a tool aimed at employers, enabling them to compare and verify salary data of potential candidates. It adds to the information imbalance already present and doesn't seem to be empowering or helping employees unless they actively share their numbers - an option they always had.
> an option they always had
No, they didn't. Many contracts explicitly forbid it and not every employee has the knowledge, courage or frankly financial stability to go against their employer.
1 reply →
Not sure why salary data needs to be so secret. I think it is important for potential employer to understand how much an employee is willing to work for . For one thing they not going to approach you with lower salary then they know about. This eliminates a set of employers who cannot afford you and save a lot of time for everybody. Employer will obviously offer as low as they can (what would you do yourself in this case) but if you are unhappy with the offer you just don’t accept. It looks a important however to understand your “market value” but this requires getting multiple offers.
If I remember correctly, Massachusetts has a law that says that potential employers are not permitted to ask candidates what their previous salary was. The intent of this law is to ensure that people who have been discriminated against in the past will not continue to be discriminated against by new employers who "copy" the treatment of previous employers.
(a) Can anyone confirm that I'm remembering this correctly?
(b) Is this behavior by Equifax not a violation of the Massachusetts law (at least as far as it concerns citizens of Massachusetts, and in the spirit if not in the letter of the law)?
That’s an excellent question. Several states ban asking for salary history, but this seems like an easy loophole.
Who is selling the salary data to equifax?
Companies "share" the data with Equifax in order to get some services, such as employee verification outsourced.
https://theworknumber.com/partner-with-us
At least ADP, it would appear
Just curious how you figured that? If my employer uses ADP, how can I verify that ADP is the one giving this data to Equifax?
My understanding is that employers provide this data in exchange for getting access to the database
I’m not sure that’s quite correct. My company doesn’t directly provide this information at all, for example: We use ADP to run payroll, and they’re the ones who have provided my data.
This is (I think) more intended as a replacement for the current process a, say, mortgage underwriter uses to verify employment: (1) send email to a company-wide email account (info@company.com, in our case…) saying “please verify person X is employed as a Y making $Z as soon as possible” (2) hope email is received, (3) hope email is from the borrowers actual employer.
1 reply →
By the sounds of it, they're not selling it... they're paying for it. :O
QuickBooks
We are not, knowingly, providing this data to Equifax; but sure enough, there it is. I'm going to guess it's tied up within the mountain of agreements with our HRIS or payroll provider.
"confirm your identity by providing a phone number or email to receive a one-time passcode"
<slaps forehead>
At least in my case, the number/email they were willing to send a one-time passcode to were the ones I gave to my employer, not the ones I had entered earlier in the form.
In my case, the number was completely unrecognizable to me, and then I was subsequently locked out of the account...
So either the site is broken and leaking information, or someone has already laid claim to my access.
Don’t worry, just wait for the next outdated struts application to be pwned and it will all be public.
Extremely disingenuous comment, there's no public dump of the Equifax data breach - that information was not made public by whoever accessed it.
To be honest I'd strongly prefer salary information to be more public, it would help me out in my salary negotiations.
It’s own disingenuous if you’re dumb enough to take it seriously.
Equifax has to be the epitomy of the most illegal thing that isn't.
In Europe this company could not exist.
I was surprised for about half a minute. Then I remembered, if it's not explicitly illegal and there's money to be made, of course they're doing it.
They know every single paycheck amount and date, so it really looks like it comes from ADP.
ADP is the largest payroll processor in the US. So once they are onboard with the data pipeline process, everyone else will probably follow.
I work at a company that's been in talks with Equifax, Experian and a new player (Blend) to provide employment and income verification data. Selling employee data and then spinning it as anything other than a short-term money grab is one of my least favorite things about my current employer.
That said, those who are worried about Equifax should probably rather be more worried about Experian. In our experience Experian is a) bidding more aggressively and b) has worse security practices. On the other hand, the Equifax talks I've been involved in demonstrate some of the changes Equifax has made to reduce risk of leaking sensitive data.
Equifax won't store any PII in our case. We store the data and provide them with an index file that is both encrypted and only contains internal identifiers and a hashed SSN (shared RSA key). Even if an attacker got their hands on all 3 things (decryption key, file and shared RSA hash key), they'd still only be able to know which SSNs are in our data-set, and nothing about those people. Everything else goes through our API, so the flow goes something like:
1. Equifax checks their hash file to see if we have their ssn 2. If so, Equifax authenticates against our API using their client id and secret and then makes their request for the employment/income information.
There are different calls they can make based on how much data they actually need to fulfill whatever the request is (e.g. if you're trying to verify employment you don't need the income data).
This is in contrast to Experian, who as a first step wanted a plaintext flat file containing a full dump of employment and income information for the last 7 years of everybody in our system...
If you have privacy concerns, you can put fraud alerts and put a free credit freeze your credit reports
Equifax: https://www.equifax.com/personal/credit-report-services/cred...
Experian: https://www.experian.com/freeze/center.html
TransUnion: https://www.transunion.com/credit-freeze
And also freeze a few other reports
NCTUE (utilities and telecom): https://www.nctue.com/consumers
ChexSystems (banking): https://www.chexsystems.com/web/chexsystems/consumerdebit/pa...
Innovis (another CRA): https://www.innovis.com/personal/securityFreeze
LexisNexus (apparently insurance companies pull from them): https://consumer.risk.lexisnexis.com/freeze
Work Number: https://employees.theworknumber.com/employee-data-freeze
You can delete information from Plaid: https://plaid.com/legal/data-protection-request-form/
And usually you can talk to your doctor’s office about putting a flag on your medical records so they have to call you before releasing them to a third party
You can also opt out of Visa, Mastercard, and AmEx sharing information (individual banks may vary). You can also ask banks about additional security for your bank account.
Visa: https://marketingreportoptout.visa.com/OPTOUT/request.do
Mastercard: https://www.mastercard.us/en-us/vision/corp-responsibility/c...
Amex: https://www.americanexpress.com/us/privacy-center/
I also suggest setting up an IRS pin: https://www.irs.gov/identity-theft-fraud-scams/get-an-identi...
I assume this would only work if you want to never get a loan or say a new credit card - or anything of the sort that relies on that history.
Heck - maybe wouldn't even work for renting?
Unfreezing is a relatively easy process. They'll send you a pin where you can do it online, or you can send them a letter. It'll take them about 7 to 10 days to unfreeze things
1 reply →
Salary data is proprietary between an employee and employer. There needs to be a law prohibiting sharing if it with any other parties.
If you don't feel employers should be permitted to circumvent the laws that prohibit them from demanding your current/past salary information by performing an end run through a 3rd party, you should contact your representatives.
Resistbot (https://resist.bot) makes this very easy.
In Israel this is a common practice for many years now, the Zviran Pay & Benefits Data [1] is widely used by employers and is a somewhat hidden secret from employees
[1] https://zviran.co.il/en/salary-surveys/
Yep, all my salary from Stanford University and Apple were sent in, including RSUs.
Apple, the poster-child for user privacy. They even listed me as an “Associate,” when I was doing sensor design. Not surprised, given how management treated us.
I wonder if they do it for all reporting levels, like if they’ll send in a manager’s salary as well.
I got my report but the data was way off. Base salaries reported too high (~2x), bonuses in the ballpark (but wrong), and RSUs reported too low (~2x). There is a lot of detail in the report that gives a false impression that they have the exact figures but they certainly do not appear to in all cases.
You can't share your salary data with co-workers, but we will share it with all your prospective employers.
If you are a resident of WA or CA, your information is not on that platform. I tried to fill out the “do not sell my information” form and I got a page that said this option is not available in your state. I am assuming the obvious. Perhaps my judgment is clouded. Thank you for this information OP.
The use case I have seen for this is not salary negotiation - in fact, that is illegal in a non-zero number of states - but rather employment validation for home mortgages and marketing purposes.
Not saying it's better - but it's probably not being used the way it seems many pre-suppose here.
Just checked and Salesforce (my employer) is not listed. One less element of privacy given away
What's funny about this type of data is how outdated it can be. When I used to have CapitalOne (I think it was them) their app showed a more elaborate credit report which included job history and other things. My job listed was a job I haven't worked at for nearly a decade. I can't imagine how inacurate this is. On the other hand, the data in aggregate might be useful to determine what kinds of jobs people have in different regions or something to that effect. I certainly hope the data is not shared with full doxing information to people like Facebook, that is horrific to think Facebook has your credit score attached to your profile.
Salary data is pretty valuable.
Someone should make a site (like glass door) where existing employees post salary information and other non-nda breaking information, and people who want it pay them for it (with the site taking a cut)
Why are we giving it away for free anyway?
There is already the blind app and also levels.fyi
At the moment, the model is that we put our valuable data into a pool in return for access to the pool. We then get access to semi-aggregate data from the pool which may be profitable for us, and the platform makes money by selling access or ads.
The model I was proposing was more of a market where you can go and anonymously pay the worker next to you to know how much he is paid, where it would be difficult to just ask. i.e. higher resolution more identifying information than people were comfortable to give away for free, sweetened by getting a useful amount of money.
Anyone interested in building a software solution around data harvesting with data dignity can hit me up. I am working on a solution that focuses on users benefitting from this kind of transactions.
twitter: @jonas_kg gmail: jonaskgmoo
How much does it cost to get a list of everyone's salary at my company?
Right now? Probably not possible unless you are also sharing information on your own employees.
In 6 months after the inevitable breach? Free for everyone.
They asked for almost no information to get this data. If you just go find the data leak where everyone's name + SSN is - and then tie it to someone's current address then that's all you'll need.
Only things I noticed you needed to request info was: first + Last, SSN, DOB, current address
Maybe you can register a 1 person company and share your employee details for access to the platform.
Might as well pay yourself $3/min to increase accuracy in their database.
Just search on sharepoint, someone might have just left that lying around.
I wrote software for a company that sold software to Texas hhsc, they use this to look for hidden assets when assessing benefits. This is the only system I know of that contains salary info. We integrated with their apis for a number of products and their data is a mess and often not very accurate. Also their api has a decent error rate. 5 years ago anyway, their api would break with any non unicode characters in a name. There were some foreign companies that we couldn't get data from for example.
It's "nice" that this is the disclaimer above the footer of the search form page:
> The information provided here is an unofficial report, intended for personal use by the employee-recipient only. It is not intended for verification purposes. Using this document for consumer verification purposes could constitute a violation of the Fair Credit Reporting Act. If someone is asking you to provide verification of employment or income, please direct them to www.theworknumber.com.
> NOT INTENDED FOR VERIFICATION PURPOSES.
mkay
what is the work number? is this deliberately a confusingly made up name of company and what they do?
Employers use it to offload employment verification to Equifax (who owns this product and offers automated employment verification based on the data). They also get aggregated salary data in return for providing personal employee compensation information.
It’s one of the most widely used background checking services. At least three of the companies I worked for will simply tell anyone doing the background check their worknumber ID so the background check service can just check on the site. I like the system because it’s a simple way to get your dates of employment reliably without anyone having to literally call up a HR person at a previous company.
But, what the fuck are they doing making this data available beyond that? This has to be illegal.
My first company out of college used it for when you needed employment verification for buying a house. Your bank could call the number and get all the info they needed.
Why wouldn't you just... call the company?
1 reply →
I used it to verify my salary with my mortgage broker to get my loan.
In this day and age with phishing and other impersonation sites running rampant, I wish large corporations would leverage their root domain appropriately and use subdomains. Why isn't this theworknumber.equifax.com to provide legitimacy? Why can't I use my equifax login to check it? And why does it redirect to yet another domain: https://secure.theworknumber.talx.com?
It is a pretty bold offer considering how completely awful their data security turned out to be after their enormous data leak. How are they able to stay away from law suits?
I cant access the form with firefox. I dont see any blocked requests from my dns blocker in the network tab.
Uncaught DOMException: Permission denied to access property "frameElement" on cross-origin object EnterIDAndPIN.ascx:131 postDataToAuthApp https://secure.theworknumber.talx.com/twneeer/Preauthenticat...
I can't even log in because they want to text verification codes to phone numbers that have never been associated with me (maybe they're old work cell numbers?)
Same here. If I try other ways to validate it seems to offer email addresses for people at the company (I'm guessing HR).
Did we hug it to death already? I am getting a server error.
Not hug. Kick. Hard. Repeatedly. While down.
Where is Anonymous when we need them?
1 reply →
I feel like this could be good for some people and very bad for others. Good luck getting a 50% increase with a new job when your salary history is available.
I'm not going to touch this website because I don't want to learn in 6 months that I was actually agreeing to sell off my soul and house but...
The previous addresses thing makes me feel like this will get taken down very soon. Everyone knows that abusers and stalkers can make very dangerous use out of addresses. It's only going to take one terrible incident before this gets investigated by the government.
If they would operate in Europe, they would be fined tens and hundereds of millions USD in each country for publishing such private information...
Just checked it: Amazon and Facebook are both in here.
Actually for me Google and Facebook is there, but Amazon is not.
Interesting. When did you work at Amazon? For me it was summer 2013 to summer 2015.
2 replies →
In Colorado, employers are not allowed to prevent people from discussing compensation with coworkers and they can't retaliate if they do.
I'm working for a DAO and our salaries are public because governance had to approve the budget and all the transactions are on the public blockchain. It's refreshing to that level of transparency not to mention it forces us to have fair compensation.
> In Colorado, employers are not allowed to prevent people from discussing compensation with coworkers and they can't retaliate if they do.
That's the case across the entire US. The National Labor Relations Act of 1935 protects workers' rights to discuss working conditions, including compensation, on company time or off.
Did you know TWN charge ridiculous $$ to their clients for this data which they don’t even ask users the permission to share?
Oh just sharing my PII data such as SSN, DOB, how much I make, earnings, deductions, 401K, my previous sal, where I worked everything without my consent? I mean the f&$k!
Why are employers/ payroll providers sharing this data without users consent? It’s not theirs to share?
There was an article in the New York Times about three years ago that ADP sells everyone's salary information, too.
If your company uses ADP for payroll processing, your company has "agreed" on your behalf to make this information available for sale.
Unless you're in a company of three people, good luck getting the payroll department to move to a more ethical payroll provider.
Would you happen to have a link?
The real question is why should Equifax have my data in the first place. My contract is with my employer not with Equifax. This is a breach of trust by the employer using my information as its product for sale. What is the government role in regulating this ? If government can't regulate this, what is the point of government's existence ?
I don't think Equifax is really the one to be doing this but I do think this type of transparency is good. It will only serve to level the playing field and prevent employers from taking advantage. For that reason though, I don't see many employers sharing these data, especially any who would be on the lower end of the spectrum.
I wonder if most of the info is sent by the payroll / HR software employers use, rather than the employer themselves and without said employers knowledge? I.e. it’s a way for the payroll software companies to earn extra money rather than the original employer.
Just as a reminder, not sharing you salary information with peers only helps one group: employers.
Why does it redirect you to a talx address when you login? I mean I looked it up and it seems talx is appropriate. But these domain names not using equifax.com/redirecting to different domains is freaking stupid because it really smells like phishing
Honest question for people who are concerned about this - why is it troubling? If another company wants to hire you, obviously they'll need to offer stronger compensation than you currently have to convince you to ditch a comfortable position.
The fact that employers want employees to stay quiet about their compensation so they don't have to start handing out raises doesn't seem like a good reason to be concerned about this to me. From an employers perspective, that taboo makes sense to push - I'm not saying it's right, just that it makes sense from a business perspective. Quite frankly, we've all seen proof that some people are just much more proficient at certain tasks than others. Management could spend all day explaining to someone why that person gets paid way more than the next person, but the simple fact that they have been getting paid more for years speaks for itself in my opinion.
Imagine that your new employer knows your past salary. They can offer you 10% above it and this might be sufficient in enough cases. However, if they don't know it, they will be in the fog of war and they will have to guess much more and be ready for a wider salary range. In such scenarios the new offer might not be 10% but something like 30%. Now, imagine the accumulated effect over 2-3 employers over time.
I've had pretty good success being completely honest about my salary requirements. A 10% raise just won't cut for me, because I care about my team. The only way I'm willing to leave is for a <your_number_here>% raise, and comparable benefits.
Edit: I'm probably biased, because I've been shown a lot of love the past few years by my current employer, in the form of money.
7 replies →
a) Lots of people consider their salary quite private/personal. Equifax are, in the eyes of myself and many others, a pretty awful company, AND proven to be terrible at data security. Them hoovering up all sorts of private data that nobody wants them to have, and then selling it off, is gross
b) A potential new employer knowing your current/previous salary is bad for your negotiating position, not good
There have been stories about people who graduated in 2008 who had an awful time finding a job despite getting "useful" degrees because the economy was in shambles. Their salaries _x_ years out of school were notably lower than similar groups a bit older or younger. Many of them took any job they could get.
Now think about someone who got a job in their degree field, but at a 30% reduced salary than typical (because that's the only way a company could justify hiring someone). If each successive company knows the current salary of their future employee and offers 15% more to be compelling, the employee is still far behind an employee following the same path starting 2 years earlier/later. Add in the opaque nature of salary bands that are basically never widely disclosed to employees and a really rough narrative is formed for a group of people.
It's massive collusion by companies on a country wide scale.
> The fact that employers want employees to stay quiet about their compensation so they don't have to start handing out raises doesn't seem like a good reason to be concerned about this to me. From an employers perspective, that taboo makes sense to push
In the US, pushing that taboo can be illegal if employers prevent workers from engaging in legally protected acts, like discussing their compensation while at work, or if employers retaliate against workers for doing so. Congress enshrined those rights into law nearly a century ago, and the National Labor Relations Board exists to protect those rights for workers.
Imagine the scenario where software was made that took this leaked data and sent out personalized emails to every American telling them what their colleagues, boss, and boss’s boss made.
Wonder what this type of psychological software weapon would do politically…
Seems like a site we should all submit to https://safebrowsing.google.com/safebrowsing/report_badware/
Having hopped jobs every 1-2 years for the last decade, I don't think I've ever been honest when asked my current salary. Never bit me. It would be quite shocking (would it be legal?) if an offer was rescinded based on this data.
There's always answers like "I think $X would be fair, it's a little more than I'm making now", or "it's close to what I was making before", etc.
I wouldn't frame it like that because now you're bargaining over what percent Y you deserve over your old salary--they are always going to try to push that down. Frame it as, "an engineer with my skills in this market is worth $Y, let's close this deal now". Remember they have a budget for how much they can spend for a position and you're trying to put yourself into that bucket.
Sure but my philosophy is all companies are lying to me during "negotiations" so fair is fair. I guess you could say that means it's also fair for them to further cheat and buy my info ¯\_(ツ)_/¯
Their hamburger offers an option “my personal data” but when I clicked on it I got a 403
Damn, my entire history is there, down to the cent... base pay, bonuses, everything. I can't even get this old data from my employer's intranet. Such BS.
Can anyone confirm prospective employers actually pull this before making an offer?
Seems to require a US phone number to sign up. I don't live in the US anymore.
More on this here:
https://www.fastcompany.com/40485634/equifax-salary-data-and...
I find it interesting that no employer of mine since 2011 has been reporting data to this.
Also the pages in the report are literally sideways, which made trying to read it on my phone nearly impossible.
Does this website or any other similar ones show your performance, your rehire-ability or if you got fired from a previous job? (outside of what can be inferred from your compensation)
Not exactly. It says active or terminated (we switched payroll providers) on my few.
Interesting, does terminated mean that you got fired or just that you generically don't work there anymore (which is used for both when you quit voluntarily and when you're fired)?
2 replies →
>Who has accessed the report in the past 24 months
That is fucked up.
Edit - looking around, this system that has all of my personal data has a password requirement that looks like it was made in the 1990's.
8-16 characters. FFS
I was just thinking last night that in 2022 we are going to see a lot of pushback against rising salaries and employee bargaining power. I expect more of this crap around the globe
Such information asymmetry shifts market powers towards employers. As as I understand, an employee can't get a similar dataset of salary ranges in a particular company.
just the other day I got a prompt on my Amex (or Chase) account to update my salary info. i wouldn't be surprised if they sell this data to advertisers.
Equifax asking me to input my SSN to see this data... hmm.
Information asymmetry in salary negotiation involves an employer finding out what you earn and using that as leverage over what they will pay you
How is this not considered PII and subject to all of the disclosure and control requirements we all must abide by? May an employer opt out?
Can I pay to see my colleagues’ paychecks?
Stuff like this is why I am pro-union, even when I am not a socialist or whatever.
Employers have all the power over employees, they share data indiscriminately, they have all the information and power. It's only fair that employees have some power back and they can bargain together as a group.
(Ironically in "socialist" countries, the employer has more power, because the employer, the union and the state are all ultimately the same entity, as they are all controlled by the party. But that's a different discussion I guess.)
In Sweden salary information like this is provided by the government for everyone. Just a phone call away.
Jag är glad att jag lämnade Sverige.
This can be manipulated for profit
Does it work only for people that are currently employed? Or does it sell also past data?
Can't bother to register. Waiting for the inevitable leak to satisfy my curiosity
Does anyone else get a "Server Error" when trying to "register?"
This is positively dystopian.
Hilarious watching (tech-literate even) people lose their mind over this. While they use their iPad/Android to generate a million data points about intimate life details, conversations and locations on a daily basis - no problem! It's only an outrage when someone says it is.
Thankfully I wasn't able to find anything from employers in Canada
If this is correct, then it would be risky for someone to lie to a new employer about their former salary in order to receive an offer for a higher pay, because the new employer could use this service to cross check the employee's claims.
Why are you telling prospective employers your former salary? Just because someone asks, you don't have to answer.
You aren't some desperate person begging for work, you are helping them achieve their goals in exchange for payment. It is a trade.
I guess the answer now is "I'm sure you have that information already"
You don't need to lie. There's nothing wrong with saying "My current salary is $xxxxx, but I feel that my employer undervalues my skills so I want $yyyyyy. It's why I'm leaving my current role." There is no reason why your future salary has to be based on your current salary. If the employer you're negotiating with disagrees then walking away is the best option because they undervalue your skills too.
In practice future salaries are heavily based on current ones because that is what the new employer is de facto negotiating against. Very few people, in my experience, are willing to entertain a new job with a salary much lower than their last one. And very few employers are willing to 'leave money on the table' and offer more than they think they need to close the candidate simply because the candidate thinks they have 'mad skillz'.
If you want to actually get paid more, get two competing offers. Or you can try the strategy of not lying and just telling the new employer, 'I'm not going to tell you my previous salary.' The downside is that this clearly signals to the employer that you weren't making very much before and you are fishing for a big raise.
This kind of goes against conventional wisdom, but I actually don't think that switching jobs is the strongest time to ask for more money. I think it's after you have gotten into a role, are killing it, and adding crazy value to the company. That's when you actually have a lot of leverage to say 'hey, I love what I'm doing here and I should be paid a lot more'.
9 replies →
Then they will just offer something in the middle and try to talk you into it.
That being said, at least for the big companies the initial salary is not that important. In some ways you are just setting yourself up for disappointment since if you start at the top of the band there will be no significant raises without a promotion.
For RSUs it has a pretty significant effect for 4 years though.
2 replies →
I'm finding out just in the past two years that the days when you could count on Corp. Entity A in Tallahassee not knowing about a prior transaction with Corp. Entity B in Portland, are pretty much over. Everybody knows everything. Even knowing this, seeing the amount of per-pay-period to-the-penny detail, going back to 1998, that's in this Equifax report, was a little surreal.
Wouldn't this just lead to lower offers all around?
This makes sense from an employer's POV. It's a B2B co., this is how they appeal to their clients.
That's precisely the value proposition for employers.
How can anyone say it’s accurate?
Employers provide it. Obviously they could report incorrectly, but it's not like Equifax is just guessing.
7 replies →
Silver lining is that I don't see any RSU compensation listed in my report! That's the biggest chunk of my earnings anyway, so that should be fair game during negotiations.
Please don't post this sort of shallow attack. If you have a substantive criticism to make, that's of course fine, but please make it respectfully.
https://news.ycombinator.com/newsguidelines.html
1 reply →
At what point did I as a US Citizen opt-in to this sick system?
When you applied for money from someone else, either as credit or in exchange for labor.
Are there any downsides to requesting this data on yourself?
None that I can see.
What can we do to stop privacy invasions like this?
I have no clue. Spread awareness and contact your senator?
Does anyone know what’s the code for Apple?
Any way to log in if currently unemployed?
Anyone know if there is a UK equivalent?
What an amazing world we live in.
Is this just for United States?
It doesn't appear to work for Australian employers, so it does not seem to cover every country, and I would guess it is mostly north american?
Do other countries have similarly scummy services? Is there one for Australia? My gut says "yes". What should we google to find similar things in our locale?
Cue outrage from tons of hypocrites who complain about the GDPR making it harder for companies to use personal information
It’s doubtful it comes from your employer, it more likely comes from credit applications.
I requested my report using the link in the OP. The only place Equifax could have gotten this information, with this granularity, is my employer. It's not just a ballpark number or anything like that; it's detailed salary information for the last 10 years, broken down by category (salary, bonus, equity). For the past year, they have granular information for each pay period, including both gross and net.
It definitely comes from the employer, it has per paycheck info.
My report contains PER PAY PERIOD line items from ~50% of my previous employers.
I can even see where I changed my 401K withholding at one point in time.
Is this for the US only?
Is there any equivalent to this in Europe? Would it not be illegal under GDPR?
Gf
Yes, it's concerning, but let's be realistic about this. I'm surprised HN readers are so surprised by this! On a scale of Room 641A (https://h1bdata.info/index.php?em=Airbnb&job=&city=&year=202....
Third, there are legitimate reasons why this system exists. If you're applying for a mortgage, how do you expect them to verify your salary? You can submit paystubs, but those can be faked. Same with bank statements. The only way for a bank to verify your salary is to actually call your employer. And if a bank calls your employer to verify your salary, and they have your DoB, SSN, and home address, it's pretty likely your employer is going to tell them anyways. Even if your employer only confirmed / denied (as opposed to providing a number), they could just repeatedly call and binary search it. (This probably wouldn't surprise the employer, since you might be getting quotes from multiple mortgage companies at once.) Given that mortgage companies, banks, and other finserv firms need to verify your income and employment history, it's not entirely unreasonable for a centralized database to exist, and for it to be guarded by what should be secret (SSN, DoB, address).
That said, the problem is that the US is too reliant on SSNs. If you prior on (the US treats SSNs as secret), being able to access salary data with it really isn't ridiculous.
> there are legitimate reasons why this system exists.
Not really.
> If you're applying for a mortgage, how do you expect them to verify your salary? You can submit paystubs, but those can be faked. Same with bank statements.
Faking paystubs and bank statements is called "fraud" and most people are pretty reluctant to commit it.
> And if a bank calls your employer to verify your salary, and they have your DoB, SSN, and home address, it's pretty likely your employer is going to tell them anyways.
I find that hard to believe. The person who answers the phones for payroll would be worried about disclosing too much and getting fired, and legal constantly tells managers to keep their mouths shut to avoid saying something that could get them sued
Also there a way less invasive ways of certifying your salary to banks. All places I have worked in the US I could automatically print a letter saying something like "we certify XXX works here with a base salary of YYY".
1 reply →
> If you're applying for a mortgage, how do you expect them to verify your salary? You can submit paystubs, but those can be faked.
Why not keep this, and punish people who submit fake paystubs for committing fraud? I could also take advantage of my employer by faking other documents and signatures, but I (and most people out there) don't do that because that's illegal. If your potential employees are so untrustworthy that you can't trust them not to defraud you, you have bigger issues as a company anyways.
While salary data is available on h1bdata.info - I never found it showing RSUs or any equity of the like. Whereas this clearly shows how much I am getting from RSUs. It didn't show any equity stake but - holy crap - it was disturbing that my RSUs showed up so obviously. Very easy to figure out how much I was awarded.
Do you have access to the employer side? It's not obvious what they need besides money to view your data.
asdfalskdfjlakjsdf
"I can't believe you could ever do this to me, Employer! You - you said we were like Family! I mean, it seems just the other day you, me and the CFO were tipping cheap IPAs and bonding at the foosball table ..."
Taking HN threads into nationalistic and/or ideological flamewar like this is against HN's rules and we ban accounts that do it. Please don't do it again.
If you'd please review https://news.ycombinator.com/newsguidelines.html and stick to the rules when posting here, we'd appreciate it.
I understand thanks, this article bit me the wrong way. I rarely post things like this.
I am neither American nor Chinese, nor live in either country. Their governments both do awful things around the world as well as domestically, but here’s one reason I’d rather live in the former: you can publicly criticize the government, and organise an opposition to it.
You can also talk more publicly about any topic pretty much - being "cancelled" in the US is laughable compared to the Chinese version of cancelled (i.e. deleted from the Internet, publicly humiliated and/or possibly disappeared for weeks on end for even a mild suggestion that the financial system is not optimal in China, something reasonably up for discussion).
Why don't you try searching "tiananmen square" in China and see where that gets you? No country is perfect, the US certainly isn't, but I would still take this over China's social scoring system
I believe that the outcome of searching "tiananmen square" in China is a page of poor quality results and possibly slow internet for some time, but no meaningful consequences beyond that.
You can pick up your baggages and move to one those countries since they are the same or better as you say, but it must be China, Russia, Cuba or equivalent; none of west or northern Europe. That kind of comments show that you have never lived in a dictatorship.
Clearly, you haven't lived under a authoritarian government. I have, and I live in US now. I don't have to think more than one second which one I would prefer between US and China. And I am aware US is plagued with every kind of problem at every level.
Your profile says "I'm not here for politics".
This should be a welcomed critique. While I believe China is worse, the US has many issues that affect the majority on a personal level that should bother the average citizen more than it does. Healthcare insurance, medical debt, credit scores, worker’s rights, privacy data, and the list goes on.
I could whataboutism your point, but I think it’s clear you aren’t saying we should move to China. Instead the point seems to be that our Democracy seems to be back sliding.
Plus critiquing your government makes for a better democracy.
Thank you, as you’re the only one who gets it.
Explain
Mark Begor is the CEO of Equifax since April 2018. The Equifax data breach occurred between May and July 2017.
1 reply →
The information for my limited company earnings is also available online as part of the company accounts and you can probably work out my day rate from it.
Not sure I care that much. Also, I don't think someone who thinks they deserve a big bump and has passed the interview I wouldn't necessarily say it's the most immoral crime to suggest your previous salary was higher than it really was. Surely you have a job that is paying X and the person can either do the job well or not.
Why should I be worried about others knowing what I earn?
This is a good use case for the web3 ecosystem, or at least for those working on the decentralization, personal data ownership and control parts.
It should be obvious that it is important to employers to be able to verify the claims made by people who are applying to them for jobs. Claims of employment or education or credential or skill or whatever. That's what zero trust is all about, isn't it?
That need is the reason that this data is (centrally) collected and then shared. There is a massive mutual benefit incentive on the part of employers- and on the part of the SAAS providers to employers- to share data on the employees and to benefit from data of others being shared.
And yes that may be seen to violate the privacy of the people who had an employment relationship and who received money over the course of that relationship, but employer corporate persons are at least part owners of that data- of what money and what dates and so forth was paid to what human persons by them.
By what means does a web3 protocol based on verifiable credentials enable those who have requirements to perform verification while preventing centralization and preserving the rights of the humans whose data participates in these protocols?
That's the mountaintop goal. What's the path to get there?
There's no need to involve 'web3' (whatever that even means) in this.
Simple crypto is all you'd need to produce a verifiable employment record; each company has a key and signs a document conveying whatever information you want (x person employed for y years etc).
Indeed there is.
This is a mechanism design problem- a behavioral protocol problem- not a technology one. That's what web3 is about.
And downvoting my question is ridiculous.
2 replies →
I think it would depend a lot on who has the power in said product. The business model of the product.
If it's tailored towards workers, it could be as simple as a key that you, the employee, could revoke at any time, making the centralized data void. Something like rainbow.me
For the b2b model... well it could be like equifax I guess? Offer to provide that service to the business to check the data, while allowing the user to revoke it at any time, for a small fee paid in the crypto of your choice perhaps paid by the business for accessing the data.
2030 and Equifax “uses the latest blockchain data” in their composite score sold to HR customers. A blockchain-based system doesn’t have enough centralized database control to appeal to Equifax.