[gamegoblin]

I have a feeling that Meta has some kind of internal system for slurping up everyone's contact info, and that some kind of bugs/criteria occasionally cross some streams.

Meta recruiting somehow got a hold of my name@amazon.com employer email -- which I have never posted publicly -- and started sending me recruitment emails to my work email. This struck me as incredibly unprofessional, though I understand it's almost certainly an automated system doing it.

I still don't know how they got the email address (though I guess it's just lastname+first initial, so they could have guessed?). I may have DM'd it to someone in a FB messenger chat? Maybe I used it in an "work email" field during sign up for some industry conference whose data later got hacked? A colleague accidentally merged their work/personal contact list and uploaded it somewhere? Who knows.

[uncletammy]

> I have a feeling that Meta has some kind of internal system for slurping up everyone's contact info

Yes. It's called Facebook Messenger. All your friends have it installed on their phone and it has access to all the data in their phone's contact list, including anyone who might have saved it in the email field of their contact entry for you.

Right? Isn't this the oldest criticism of Facebook Messenger?

[Nextgrid]

Or WhatsApp for that matter, which has access to a lot more people's contacts, even those who might otherwise deny contacts permission to Facebook Messenger.

[nicce]

And people call me still crazy because I haven't given WhatsApp access to my contact list...

While I understant that it helps only a little since all my friends have given.

[Firmwarrior]

I learned my lesson about that the hard way back in the early 00s

I logged into LinkedIn, and it seemed like it was loading, but then the login failed and it prompted me to log in again. I tried and it didn't work, then looked more carefully.. and the second login prompt was actually a "Give us your e-mail login so we can scrape all your contacts and spam them" prompt.

Hoo boy, glad I was using separate passwords for everything

[kjs3]

This struck me as incredibly unprofessional, though I understand it's almost certainly an automated system doing it.

How does "automated system" somehow mitigate it being unprofessional? If you're going to make an automated system, part of professionalism is to make sure it actually works correctly. But then, look at how many people are hiding behind 'it's an algorithm so we can't be held accountable' these days.

[MAGZine]

services like apollo or hunter.io

some bdr signed into an account, gave up an email address book, and that information was given to these companies who do "give me a name and a company, and i'll give you their email" services.

[hinkley]

I don't know when and I don't know how, but at some point we're going to have to start attaching provenance to data instead of building stringly typed systems where we copy data around as snippets of text orphaned from all possible context.

I suspect the biggest problem with that is not languages and frameworks, which are definitely going to be a problem, but databases. There is no way to map any of this into columns in any database I know about, and I don't know whether databases or operating systems evolve more slowly but they're both bottom quartile for sure. If you build provenance into or onto a prominent databases, we could have multiple frameworks and toolchains within a couple of years.

If you squint a little, Rails has a 1-bit provenance facility, in the form of "have I escaped this string for display in HTML yet?" That is one of a number of aspects that make up "where did you get this?". Rails also has a bespoke system that won't log anything stored in a field called 'password', but it would be better if we could tag tokens, passwords, and private communications as privileged information, and carry that around even if someone does something questionably like interpolates a password into an error message, and then someone else prints that error where it can be seen.

Things get a little tricky with interpolation, because now I need some sort of cardinality to say that the union of data of Type X and Type Y results in data of Type Y, or better Type X,Y which we treat more conservatively because of strict rules on Type Y data.

When I was in college I was briefly recruited by a company that made a Unix Window Manager for the Defense and Intelligence communities. The elevator pitch had a sort of simpler version of this idea. You had a different desktop for each security level, and the clipboard only worked from low security to high security windows. You could paste information from a window showing generally available information into a classified document, but you could not paste from a classified window back into an unclassified document. Yes that meant you couldn't paste a quote from a Presidential Speech out of a classified document, but you also couldn't accidentally select the next three lines of text and past those someplace bad.

[kjs3]

When I was in college I was briefly recruited by a company that made a Unix Window Manager for the Defense and Intelligence communities.

Secureware?

[hinkley]

Not them, but I honestly couldn't tell you who they were, or if they're still around. It's been a long time, there was a little hint of nepotism involved, and it would have meant staying locally so I dumped most of the details from my brain.

[Macha]

Inversely, Amazon has also emailed me at my company address

[minraws]

generally most people check company then do,

- firstname@company.email

- firstnamelastname@company.email

- firstname-lastname@company.email

- firstname.lastname@company.email

from the recruitment side, cause I have asked this question to my company's HR... :P

hackers do it as well hence why I am always stressed about phishing, though recruitment mail on professional ids is still rather rare, recruiters also prefer to use personal email if available or so I have heard from a subset of them.

Try checking if it maybe some kind of phishing scam, I have seen those a lot, recruitment phishing is like the most common case of successful phishing.

[gamegoblin]

It was definitely not phishing -- I had a friend of mine who works for Meta reach out to the specific recruiter internally and ask them to not do that. They apologized, but a few months later a different recruiter reached out to the same work email.

They have my personal email, because they send recruitment spam to that one too.

[bryan_w]

Are you sure it's not in LinkedIn system? That's where a lot of recruiters buy data from.

[gamegoblin]

Just verified it's not in any of my LinkedIn settings, also no other company has ever reached out via that employer email, only Meta, so it seems like Meta is the only one who knows about it (or is the only one who uses it, which seems unlikely).