I just received the following email a few minutes ago, reprinted in original below. It's a long one, but for any of this to make sense, you should read it. It's worth it, I promise. :)
Dear Jason C. McDonald,
There’s no other way to put this--I screwed up badly. On Friday evening, I sent an email to you about a new feature called public Triplebyte profiles. We failed to think through the effects of this feature on our community, and made the profiles default public with an option to opt out. Many of you were rightfully angry. I am truly sorry. As CEO, this is my fault. I made this decision. Effective immediately, we are canceling this feature.
You came to us with the goal of landing a great software engineering job. As part of that, you entrusted us with your personal, sensitive information, including both the fact that you are job searching as well as the results of your assessments with us. Launching a profile feature that would automatically make any of that data public betrayed that trust.
Rather than safeguarding the fact that you are or were job searching, we threatened exposure. Current employers might retaliate if they saw that you were job searching. You did not expect that any personal information you’d given us, in the context of a private, secure job search, would be used publicly without your explicit consent. I sincerely apologize. It was my failure.
So, what happened? How did I screw this up? I’ve been asking myself this question a bunch over the past 48 hours. I can point to two factors (which by no means excuse the decision). The first was that the profiles as spec’d were an evolution of a feature we already had (Triplebyte Certificates--these are not default public). I failed to see the significance of “default public” in my head. The second factor was the speed we were trying to move at to respond to the COVID recession. We’re a hiring company and hiring is in crisis. The floor has fallen out on parts of our business, and other parts are under unprecedented growth. We've been in a state of churn as we quickly try various things to adapt. But I let myself get caught in this rush and did not look critically enough at the features we were shipping. Inexcusably, I ignored our users’ very real privacy concerns. This was a breach of trust not only in the decision, but in my actual thought process. The circumstances don’t excuse this. The privacy violation should have been obvious to me from the beginning, and the fact that I did not see this coming was a major failure on my part.
Our mission at Triplebyte has always been to build a background-blind hiring process. I graduated at the height of the financial crisis as most companies were doing layoffs (similar to what many recent-grads are experiencing today). My LinkedIn profile and resume had nothing on them other than the name of a school few people had heard of. I applied to over 100 jobs the summer after I graduated, and I remember just never hearing back. I know that a lot of people are going through the same thing right now. I finally got my first job at a company that had a coding challenge rather than a resume screen. They cared about what I could do, not what was on my resume. This was a foundational insight for me. It's still the case today, though, that companies rely primarily on resume screens that don’t pick up what most candidates can actually do--making the hiring problem much worse than it needs to be. This is the problem we're trying to fix.
We believed that we could do so by building a better Linkedin profile that was focused on your skills, rather than where you went to school, where you worked, or who you knew. I still believe there's a need for something like this. But to release it as a default public feature was not just a major mistake, it was a betrayal. I'm ashamed and I'm sorry.
Triplebyte can’t function without the trust of the engineering community. Last Friday I lost a big chunk of that trust. We’re now going to try to earn it back. I’m not sure that’s fully possible, but we have to try. What I will do now is slow down, take a step back, and learn the lessons I need to avoid repeating this.
I understand that cancelling this feature does not undo the harm. It’s only one necessary step. Please let me know any other concerns or questions that I can answer (replies to this email go to me). I am sorry to all of you for letting you down.
Honestly, when I saw the announcement earlier about Triplebyte profiles going public by default, I didn't think anything of it. I've got too much else going on. But reading this now, I can imagine the shock, horror, and panic of many Triplebyte users. Public-by-default profiles on a hiring platform are a terrible idea.
And yet, despite this obvious misstep,Triplebyte just earned more trust in my eyes from this!
Everyone makes mistakes, sometimes huge ones. We're going to screw up sooner or later. Unfortunately, the trends in business surrounding mistakes is to do at least one of four things:
(1) Ignore the mistake and forge ahead.
(2) Quietly reverse the decision and hope no one notices.
(3) Make excuses for the mistake, or if all else fails, blame someone else.
(4) Do something else to "cover up" the mistake and make everyone forget it happened.
But Triplebyte's response, and specifically Ammon Bartram's response, is notable because he took immediate and total responsibility for the mistake! Triplebyte cancelled the problematic feature at once, and then made a public, no-excuses apology. Although Ammon offered some explanation on how the mistake happened, he refused to use those as excuses.
I'm sure there will be consequences to this mistake. Some users will probably leave Triplebyte and never come back. Yet, this apology has done more to repair the damage than any excuse or cover up ever could. It proves that Triplebyte's leadership, and Ammon Bartram in particular, has integrity, and is willing to assume full responsibility for decisions and mistakes. That's a true leader.
As developers, designers, project managers, and leaders, I think we all can take note.
This letter is such a tremendously good example, but I'll break down the essential parts:
Take Ownership. Ammon makes it clear in the first paragraph, this was his mistake before anyone else's. He doesn't look for someone else to blame.
Explain the problem. There's no attempt to cover up or make the mistake seem less serious. Ammon is acknowledging the harm that was done.
Offer answers, not excuses. Ammon is offering insight into how the mistake happened. He's not trying to protect his image in the process.
Outline the path forward. What steps have been taken to mitigate the problem? What's next? In this case, Triplebyte has removed the problem feature, and will focus on earning back trust.
Be genuine. This is perhaps the most important factor to a good apology! I know this was a cover letter send to every Triplebyte user, but it's no less authentic. Ammon is personally apologizing, and that means everything.
This has led me to trust Triplebyte more, not less. Yes, they made a huge mistake, but I recognize that can happen to any company. The important thing is, they owned it, apologized for it, and then made it right at any cost to themselves.
That's someone I can trust with my data.
Let's all try to be a little more like Ammon Bartram. A genuine apology goes a long, long way.