Tag: soapbox

One Foot in Front of the Other

BobbieLeave a comment

One of the things I do to relax – particularly when I need the hands to be doing something (e.g., knitting project, cross stitch project, etc.) is “watch” YouTube. I have a handful of subscriptions but the ones I’ve enjoyed most of late are History Hit and the “Tech Support” series from Wired. The most recent one I watched was with a polar explorer, and I listened as he answered questions from a wide selection of forums.

In answering one of the questions, he started talking about a time he was on day 4 or 5 of a 50-day solo expedition – this guy legit goes out there with a tent and a stove and assorted gear and no one else — and he lost his iPod. (His white iPod, in the snow and ice, the irony of which was not lost on him). It meant that for 45 days then — if he was to continue — he was alone with his thoughts. No podcasts, no music, etc. This was disheartening and he had to park himself for a bit to work through a mental impasse; he ended up using his satellite phone to call a friend who in turn talked him through how to deal. Then he continued, for the remaining 45 days, with only his thoughts. As he put it: he started by putting one foot in front of the other, for a thousand feet, and just kept doing that.

I will not even pretend that anything I do in life is that hard. There’s not a chance. I can still take a lesson from it.

If you are at this moment a corporate worker bee of some sort, you are watching very likely as coworkers get Reduced in Force, as the job market dries up, as we are increasingly asked to do more with less in the name of Efficiency and Cost Savings. AI, whilst somewhat useful for the basics, hasn’t (yet, knock wood) really replaced human capability (barring the impression it has from some CEO’s). The more load you pile into a machine — think of increasing the number of pages you put through a shredder each time — the more bogged down it gets, the less productive it is, or feels.

It’s review season again where I work, meaning that each person sets aside a nominal period of time (some do this in 20 minutes, some do this over agonizing hours) to identify their *impact* over the last 6-ish months. Not delivery.

You can have a lot of delivery with little impact. If you ship a bunch of code and no one uses it, you had a lot of delivery, and not much impact. If you write a lot of docs and no one reads them, ditto. You can mop the floor six times a day 7 days a week but if no one is walking on it there’s not much impact. I’m not even going to pretend that this is in the sole control of the worker bee: oftentimes we are directed to Do the Thing and if your boss tells you to Do the Thing you Do the Thing because capitalism and rent and groceries.

Whereas you can *feel* like you’ve delivered relatively little but had serious impact. It’s a bit of “proving a negative” but if you are beating your head against a wall with a project and making only the slightest headway, *but still making headway*, that can be impact – because you’ve either found a way to NOT do it again (hey, document that so others can learn) or you’ve blazed the trail and figured out how it was supposed to go, so others can find it easier (and hey document that too). *Someone* had to do it first, and it wasn’t going to be easy. It’s also not what we normally think of when we think impact.

Dollars. Views. Customers. Reduced time to X. We tend to think about impact in objective numbers and quantitative measurement. There is also room for qualitative feedback and the value of pivoting. There is value in slogging through things but, and I want this to be copiously clear, there is no value in slog for slog’s sake, and having to repeat a slog. If you’re the first one to explore and slog, share that out so it’s less of a slog. If you find yourself slogging through the exact same stuff with the exact same people, it’s time to convert that into impact – pull back/up/out and figure out how to break the cycle (if you can).

I am equally not going to pretend that it’s that simple – there are and will be situations in which you’re told to do the thing because you were told to do the thing, in spite of objective evidence that there’s a better/different/impactful way. The best you can hope for there is a workplace that apparently rewards delivery, vs. impact. If you’re very very lucky, you have an environment, resources, and work community that lends itself to impact over delivery.

And in the meantime, you put one foot in front of the other for the next thousand feet.

Privacy

BobbieLeave a comment

Firstly, and this is super depressing to write, understand that you will never be 100% private, and that privacy is also a never ending game. Everything we do online has an electronic trail that leads back to us and relies on the infrastructure of the entities we interact with to keep us private. In most cases – and especially when we are using “free” services – *we* are the product.

DeleteMe

Deleteme is a service you pay for that identifies how much of your personal information is out there for use/abuse, and helps you remove it: search engine results, data brokers (these are the companies that purchase from like Facebook and Amazon all kinds of data about you, and then they marry it up with other data they’ve gathered), and things like public records (e.g., why you can search someone’s name and see them on White Pages, Spokeo, etc.).  Remember the old days when White Pages was a physical book and you picked up your rotary phone to call them to tell them to remove you from the book (okay maybe you don’t but I do)? Those days are gone, and now every site has a different process. Using a service like Deleteme can help streamline that.

That said, there are places where you may want to share information, but only to people you know and like. This could be on Facebook, LinkedIn, whatever. Deleteme won’t delete from what you’ve specified there, and so there are some things you will want to do to make sure that your information only is visible to the people you want to see it.

Social Media

Meta (Facebook, Instagram, Threads)

On Facebook, go to the top right screen, click your avatar, go to Privacy Settings, and there’s a whole menu of things you can do. Here are some recommendations:

  • Identify who can see your profile information (things like your email, birthday, city, who can see your friends, who can see your people and pages, who can see your posts/stories, limiting your past posts, etc.
  • Most of these rely on a curated friend group and someone knowing you’re on Facebook and sending you an invite that you must accept (or direct) before they can see your stuff.
  • The levels are typically: Only Me, Friends, Public, or a curated group

You should then update your Ad topics in account center: this is who gets to advertise to you and what they get for it. Go to “Ad Preferences”, “Manage Info”, which will tell you how your data is used for advertising.

Finally – there is a section where you can view and manage your activities on Meta products. Note that it will have your activities across all Meta products (Facebook, Instagram, Threads) and will give you an idea of what all they track. And if you continue reading, there’s the FBP browser extension that can curb even more.

Instagram and Threads have similar experiences – go to your profile and there is a section that links to your privacy. Remember that unique identifiers are best for people who are trying to invade your privacy: usernames, emails, etc. Keep your email(s) private, and usernames unique, if you want to make it harder (never impossible) for someone to find you.

X/Twitter

X (fka Twitter) has a Privacy & Security section in which you can control your visibility, your post visibility, people’s access to your DM’s, etc.

LinkedIn

Much as with Facebook, on LinkedIn you can lock down to just your network of chosen people, make it so you don’t show up in search results (or only show up for a certain level of “connectedness”, e.g., if you and I know the same person I can see you, but if I know someone who knows someone who knows you, I can’t). You can also specify how LinkedIn uses your data. 

Reddit

One of the very first things that Reddit will tell you in their Privacy Policy is that they are a public platform. Anyone can see your profiles, posts, and comments, meaning that a person with a lot of spare time and access to their API’s could sieve through your post history and look for context clues of who you are (because your username can be blissfully anonymized, like “TigerPanda640” or suchlike. 

Microsoft

Your Microsoft account is likely also tied to your Xbox account or other products, and much as with other providers and platforms you can control some things.

In the Settings & Privacy tab of your Account Overview, and walk through the Privacy “Make sure you’re safe and secure” guide. It will also link you to the different Microsoft product structures (e.g., Xbox, Teams, etc.)

NOTE: much as with Reddit, Xbox handles are public, and so you would want to have a handle that isn’t easily identifiable as you. 

Most Microsoft data visibility is within your organization (so at work, people can see your work email information; at home, only you can see your email information (or your family if you have a family account)). It’s not like there’s a forum in which that information would be scrapable by simple search; for someone to get ahold of this there would have to be an actual security breach of some kind. For that, see “Security” to avoid the impact there.

Apple

Apple is KNOWN for its privacy and security, and much like Microsoft there isn’t a way for someone to get your information *from* Apple unless you shared it out or unless they’ve been breached. Much as with all these other entities, go to your profile, and adjust any privacy/security settings as appropriate.

Google

There are two places to lock down your Google information: one is locking it down from Google (managing your ad settings and activity controls) and the other is locking down your account information (and who can see it, including in product reviews and endorsements. To address that, go to your account, go to Personal Info, and under “choose what others see” select “Go to About Me”. You can see your visibility per information item there and make it private or visible to anyone.

Useful Apps are Useful, but…

Yelp. Open Table, DoorDash. Lyft. Instacart. Any application on your phone that requires you to log in, is getting some kind of data about you and has an account for you. (Even if it doesn’t require a login, that app likely has information about your phone, location, etc. it can get as part of existing on your phone). In your account settings you should be able to update how much is visible to someone (either at the company or as part of an advertiser). 

Other Websites

There will be sites you *want* your image on – a local foundation, board service, etc. – that you cannot lock down (because that would defeat the purpose of visibility). For these, there are a few things you can do, though it would be hard to enforce:

  • Use a unique picture. In the old days someone could take a picture, reverse image search, and find everywhere else that picture is used, to draw a connection to different places a person works/does work. (They can still do this). However, with AI, they could now use that picture to extrapolate similar other pictures so the picture no longer has to be exact to trace you. 
  • See if the information can be behind a log in (e.g., if it’s board information, require membership to log in)
  • Use an avatar instead of a picture (this… can feel unprofessional)
  • Use abbreviations of names (e.g., B. Conti or Bobbie C) – small roadblocks can be useful. 
  • Do not have emails useable on a website. E.g., instead of bobbie.conti@gmail.com, which can be picked up and read by a scraping machine (and useful for creating a spam attack), you can list it as bobbie.conti, on gmail.
  • Website owners can make things a little easier by requiring verification of humanity and actual enrollment for newsletters – e.g., when someone “signs up” for their newsletter, they should send a confirmation request/update to the email address *before* actually signing them into the email service. I love websites that do this because it makes it harder for people to use them in spam attacks.

Nom Nom Nom on your Data: Cookies

Cookies are little trackers that websites drop onto your local machine. If you log in to a website on your PC, and then on your phone, it’s dropped cookies in both places as relates to your log in (if you had one) or any number of other log ins (if they’re affiliated with say, Facebook). This means that when you go back to the site six days later, it can go to your cookies file and read all of the cookies in that file: and it will know things like what other sites you’ve been to, what you looked at, etc.

“Cookies” and your “cookie hygiene” are what comes into play when you go to a website and it gives you that “Accept All”, “Reject All”, and then typically a setting where you can “pick”.  The options are typically:

  • Functional – these you typically cannot opt out of, and they will help convey information to the site owner about issues with their site, performance, etc.
  • Experiential – these are things they track like your preferred products, pages, etc. 
  • Advertising/Marketing  – these are things like tracking what specific things you looked at and marrying it up with other data to either infer what you would like (target advertising to you) or to have other sites use (so they can target advertising to you). 

You can, for example, reject all cookies out of hand. You can also go through and clean out “cookie deposits” on your machines. Because cookies are dropped and used by a browser, the instructions on how to remove them are browser specific:

  • Edge
    • Go to Settings, Privacy, Clear Browsing Data, click Control and Shift and Delete at the same time. 
  • Safari
    • Go to Settings & Preferences, go to your Privacy tab, click Manage Website Data or Clear History and Website Data, select Remove All (or pick which sites), and click Remove Now or Delete to Confirm.
    • You can also select to block all cookies, and prevent cross-site tracking.
  • Chrome
    • On Chrome, at top right, click More (with the vertical 3 dots), and select Delete Browsing Data. Choose a time range (last hour, all time etc.) and specify which information you want to remove. 
    • Click Delete Data.
  • Duck Duck Go
    • Duck Duck Go doesn’t store cookies and cache.
  • FireFox
    • Click on the menu button (the three horizontal lines), select Preferences or Options, go to the Privacy and Security panel, in the Cookies and Site Data section, click “Clear Data”. You can elect to clear cookies, site data, or both.

Shields Up or Shields Breached: Browser Extensions

Browser extensions can help or hurt, depending on which browsers and which extensions. A Browser extension is software that will extend the functionality of your browser: it is supposed to add helpful things. These are things like password managers, social media tools, and ad blockers.

Helpful Extensions

  •  Fluff Busting Purity – this will remove Facebook’s ability to track you and spam you with ads. It hides sponsored posts, suggested posts, newsfeed posts from unknown authors, allows you to give it specific phrases for topics to avoid, etc.
  • Ghostery is a web privacy extension that blocks trackers, ads, and can opt you out of automatic cookie dumping (aka “never consent”)
  • Bitwarden has a browser extension for ease of access to your vault.

Generally speaking, most beneficial/altruistic extensions operate on donations (e.g., FB Purity and Ghostery do), and so it’s nice to slide a few dollars their way (if you can).

Private Messaging

There are a variety of messenger services out there, including iMessage (which comes with an iphone), regular SMS texting, WhatsApp, and Signal. WhatsApp and Signal offer double-ended encryption, meaning that, in theory, there is encryption on your device and encryption on the recipient’s device, and the intermediary (the messenging service) cannot access or decrypt your messages (they’d have to have access to both phones). That said, there is evidence that WhatsApp has a “back door” – the recipient of any message can flag it, and once that message is flagged it is copied and sent to Facebook/Meta for review. This means that there is nothing stopping WhatsApp from “self flagging” a message for perusal).

Instead, I advocate Signal. Signal is end to end encrypted, there is no evidence of a back door, and Signal has stated *in court* that it has no way of decrypting messages (nor will it build a back door to support that). Signal is also supported via donation.

App Hygiene

When you download an app to your phone, especially an iPhone, it runs you through a bunch of questions and may include Terms and Conditions. The biggest things it will ask you, though is:

  • Is it allowed access to your camera and microphone?
  • Is it allowed access to your photo library?
  • Is it allowed access to your contacts?
  • Is it allowed access to your location?

iPhones

Each of the privacy settings above are available in the individual app menu: go to Settings, scroll down to Apps, select which app you’re interested in.

You can: 

  • Set location usage to “always”, “while using”, and “never” (and if an app is using your location it will have the little location arrow showing purple or outlined). Some also have “Ask next time or when I share”.
  • Set access to photos (None, limited access (where you select which ones), Full access)
  • Microphone and Camera are typically toggles.
  • Contacts offer None, Limited (select users), Full access.

Android

To review the privacy settings on an Android Phone, go to Settings, App, the specific app, and then Permissions. Mostly you can toggle between allow and don’t allow. 

Sniff Sniff

Let’s say you’ve done the above – you’ve locked down your socials, you’ve used deleteme – the barn doors are closed! Except there’s a window, and that window is you out in the world with your computer – let’s close that window.

  • “Free Wifi” isn’t free, and it could be problematic. When you use your machine to connect to free wifi, you are giving up some measure of information about your machine and also what you are doing – they can get your IP address/MAC address (basically, they have an identifier for that machine/you), they can see what sites you go to (yes even in incognito mode), etc. They don’t see your passwords, but they would be able to infer from the collection of data over time (and marrying it up with that broker data) who you are and what you do and where you go. 
  • Use a VPN on your machines if you’re in public – yes, this is a pain and yes, you have to pay for it. A good one is Nord VPN. This establishes a secure network and so while you would be able to join the “free” wifi, the sharing of your IP address, visibility into what sites you go to, etc. is gone. 
  • Do not plug into public USB ports to charge your phones or any device. Instead, get a USB Condom (yes it’s called that). A USB condom looks like a little USB “bridge” that has one end you stick YOUR USB into, and the other end you stick into the “free” power port.  USB condoms work by shorting the data pins and only allowing the power pins to work on a USB connection.

Doxing

Doxing is rooted in the phrase “dox” which in turn is a bastardization of “docs” which is essentially the idea that someone has all your docs/documentation. In practical terms, if someone says they have been “doxed” or “doxxed”, or will “dox” you, what they are doing/have done is assembled enough information about you that they can blab to the world that User123 is in fact Princess Buttercup who lives at 642 Florin Way, Fire Swamp, Guilder, Fantasyland, and her phone number is 555-867-5309 and her IP is (insert rando ip address here). Someone “doxing” you means they know where you are and who you are and can publish that information, and it is an actual threat to your safety.

Here’s the thing to understand about doxing:

  1. Some people can actually do it, 
  2. Most people threaten to do it but don’t actually do it,
  3. Once you have been doxed it is very hard to get private again.

If you have set your stuff to private, used pseudonyms where you can, avoided posting anything publicly, used deleteme, etc. etc., it should be very hard to dox you. Doxing takes a lot of effort for a hobbyist and practically none for a hacker, but most hackers do not want to dox you they just want your money – so lock down your passwords and use at least 2 factor authentication on your bank accounts and rotate your credentials regularly.

Avoiding Doxxing

The person who wants to dox you on a public forum is a sad pathetic cretin who has nothing better to do in their life than make other people miserable because then maybe they can feel something. Doxers get off on the power trip of “I know who you are” and so there are two ways to combat this:

  • Yea, and??
    • This method (the it’s okay if you know who I am) is only good if you are reasonably sure of your physical security and circumstances – if you are living off the grid in remote Montana and surrounded by security cameras and a moat with sharks with laser beams attached to their heads, well, then that works just fine.
      • Alternatively, if you’re reasonably sure that someone would not have a real-world grudge against you then the likelihood that anyone would do anything with that data is small. But. That relies on rational actors, and we have precious few of those these days.
      • This is not “Come at me, Bro”. This is “all of the information you have/had is publicly available anyway and I am reasonably sure of my physical security”.
  • Locking down your stuff to make it hard.
    • See all of the stuff above. Use pseudonyms, don’t share your email address (or have a “spamhole” email address – I use my gmail for this – and then a separate one that is your “real people use this” and maybe a third for “this is my banking stuff email”), post privately, curate your audience.
    • Do Not Engage with Trolls.
      • Don’t get into online pissing contests in forums with people who are clearly escalating and/or not hearing it.
      • Leave the Chat

If you have been Doxed or are Threatened with Doxing

First, Don’t panic. Panic will not serve you now… force that panic down, get a cold glass of water, and if it helps to think about you leaping into action to help a friend, then do that. 

  • Document – screenshot the discourse, save emails, identify what was said, who said it, their username/handle, any identifying information you have about them, what they did or did not say they had done or would do, and how much information they have disclosed already.
  • Go back and clean your stuff – if you missed something or if there is any indication of where they got that information from, go back and see if you can further lock it down.
    • If you can, it will prevent others from using it.
    • If you can’t, it’s something to inform the site owners in terms of a privacy/ security hole.
  • Report the incident to whichever platform the doxing occurred on (e.g., if on Reddit someone says they’re going to dox you, report it to Reddit) and occurred from (e.g., if that Redditor says they found your info on Facebook, also report it to Facebook). Keep copies of your reports, date and time sent, and any replies you get.
  • Call in the law. Depending on the nature of the doxing you may want to involve your local police, sheriff, and or the FBI.  This has twofold purpose: one, is you may need their help for this (especially if this includes any sort of physical threat), but secondly, a popular pastime of some doxers is to “swat” your house (this is where they anonymously call in an incident at your house and the SWAT team shows up earnestly; if you’ve been doxed and you let them know you’ve been doxed they will be prepared to address it.
  • Get legal help. Doxing is also a form of harassment, and because it can lead to physical consequences (Even if the person *doing the doxing* wasn’t the one threatening physical harm – usually there’s one troll to share the information and one or more trolls to do something with that information), you want legal help in pursuing the doxer (if you can).

Other Things to Think About

How People Can Find You

  • Do you have a personalized plate? Does your car have lots of identifying stickers (e.g., “proud parent of a child at XYZ School”)
  • Do you have a blog?
  • Do you have a business *in your name*? Registered to your home address?
  • Are you prominently featured on one or more public websites?
  • Do you own property in your name (most public assessor’s sites are linked from Zillow, for example, and so addresses can be “backed in” to people’s names).
  • Google yourself. You’d be surprised. I’m on a registry for my son’s high school PTA from four years ago.
  • If you share photos, understand that every photo is by default encoded with metadata about where and when it was taken. That metadata can travel with the photo: in your iPhone, select any photo, and then slowly scroll up while touching the photo: you will see the date, time, what camera took it, what size the photo was, and so forth. If you share a photo, you’re going to share that metadata too. You can strip it from the photo before sharing it, and you can set your photo app on your phone to not include information like location data.

Perspective

You may find yourself – as I do, writing this – trying to do the risk assessment on privacy. After all, I have a personalized plate, I have property in my name, all of my social media handles (with the exception of Reddit and Xbox) are essentially my name and I have 15 years of blogging under my name with a personalized domain. Detaching myself from all of that would be a huge pain if not impossible. There are still things I do though: I secure my stuff, have a spamhole email, use Bitwarden, use USB condoms, etc. If a hacker is going to read through 15 years of posting history to glean information about me what they will find is that I am too hung up on work, I’m neurotic, I have an internet addiction that is useful, and occasionally I “enjoy” testing my physical capabilities. 

Risk has three elements:

  • What could go wrong?
  • How bad would it be if it did?
  • How likely is it to happen?

(Benefit also has the same calculation and so to illustrate that I will use a positive example):

  • What could go right? I could win the lottery.
  • How good would it be if I did? Pretty darned good!
  • How likely is it to happen? Extremely unlikely as I don’t often buy tickets.

Therefore, preparing for a lottery win, while it sounds like a fun distraction, is probably not useful.

Now the less fun side:

  • What could go wrong? I could get doxed on Reddit.
  • How bad would it be if it did? Not sure. Most of what I’ve posted are comments about sewing techniques or gardening. But they could find my reddit handle and attribute it to me, and maybe have my name and address and personal email to share. That said:
    • My address is already available by a property records search and/or white pages.I have four emails (active, two dormant) and depending on which one they share I make that one the spam hole one (if it isn’t already) and have to spend a tedious afternoon rewiring things.
    • If they show up at my house (or threaten to show up at my house) things would be problematic and for that I would engage law enforcement and probably an attorney.
  • How likely is it to happen? Also not sure. Most of what I post is banal, but I am associated with things that would make a certain factor in our society upset (love that for them), and so… I don’t know. I’m a mere Board Member, but one cannot plumb the depths of stupid mixed with malice. So to address a *potential* likelihood, I do some of the prudent things.

There is no foolproof way to avoid privacy/security/doxing issues, but there are steps you can take. 

Security

Bobbie1 Comment

It’s important to understand that the personal security space – that is, how you lock down your stuff – is a constant game of whack a mole. “For each fine cat, a fine rat” – as you close down some things, enterprising bad actors will find new ways in. Your very best option is to approach it as defense in depth by using multiple interventions to make it harder for them. Think of it like Swiss cheese slices: a single slice of Swiss cheese has many holes. Putting one slice of Swiss cheese on another limits the visibility of some holes but not others. Stacking a bunch of pieces of Swiss cheese will further close more holes.

This is a compilation of what I recommend for individuals and their (mostly cyber) security. A second post on Privacy is forthwith.

First, let’s get some terminology straight:

  • Security is the ability to ensure that we have Authentication and Authorization (AuthN and AuthZ). 
    • Authentication = we can verify you are really you. Examples are when you use a password and then get a code to your phone you have to enter, or have a PIN code to use, or a passphrase.
    • Authorization = once we know you are you, are you even allowed to be here and what are you allowed to do? For example, you can authenticate into your bank website as you, but you are not authorized to see anyone else’s stuff.
  • Privacy is the ability to ensure that ONLY authorized people get to see personal information (also known as PII, or Personal Identifying Information), and the person doing that authorization is the owner of the data (namely, you). 

Security Basics

The reality is there are a variety of different ways to secure things, and they are not employed consistently – so for example some sites have you authenticate in using your email, others require you to create a username. Some will send your second factor of authentication ONLY to a phone text, others will do email, still others will require or support an authentication app on your phone (and yet others will allow you to use a physical USB key you carry around with you). There are also “passkeys”, which are where a unique encryption is stored half on your machine and half on the server for the site you’re using, so unless someone has you, your machine, and that website, they can’t get in as you.

That said, there are some standardized ways to keep your stuff secure (or more secure):

  • Do not re-use passwords. I know, it’s tempting. But all it takes is someone getting ahold of one email/password combination, and they can feed that into a program and have it try a million different places to see what else they can get in to. There are password vaults that will create unique strong passwords for your sites, or you can use a pattern (a friend of mine uses album names and song names).
  • Regularly update your passwords. Passwords get leaked and stolen and bought.
  • Use a Password vault. I use Bitwarden.  Much like Apple’s Passwords, it will securely house your passwords, passkeys, etc. and will also tell you if that password is reused anywhere, and if it has been found on the dark web (where passwords are bought and sold). 
  • If you can use an authentication app, do so. It gets rid of the vulnerability that may happen if someone has access to your texts or emails.
  • Especially for banking stuff: you can set your communication preferences to tell you if a transaction more than $x has happened, or if someone has logged into your account.
  • Don’t click links in a text and be equally careful of links in email. If you get a “text” from GoodToGo, or your bank, or whatever, instead go directly to the website you know is theirs, and log in as you. If you don’t recognize the number, or if when you hover over the email “name” it’s an entirely different address (or the formatting is off, or there are misspellings, wonky grammar, or an inflated sense of urgency), do not click.
  • Have a separate email account for your banking/super important stuff, and your “shopping/etc” stuff. Online retailers can and often do sell your data and/or exploit cookie allowance for that purpose, so separate your concerns.
  • Do your security updates regularly: most of the iPhone updates you get (iPad, MAC, Windows, etc.) include a poop-ton of security patches and fixes and the longer you take to do your updates the longer you are leaving your barn doors open.
  • If you get a “here’s your code for logging in” *and you didn’t log in*, go to the website (open a fresh browser page and go there, don’t click on any links in the mail just in case), log in, see if anything has been messed with (especially for a bank account), *change the password immediately*, and notify the site owner via the site or the phone number on the site that you got a 2FA notification you did not ask for. Work with the site’s fraud department to address anything weird.

Secure your Credit and Identity

There are other things you should do to secure your credit and your information:

  • Freeze your credit with all three agencies (prevents anyone from using your data to open new credit lines/cards). Those three are Equifax, Experian, and TransUnion.
  • If you suspect your identity has been compromised and that someone is trying to or has used your social security information fraudulently, go to identitytheft.gov to report it and further lock down your information.

There are also subscription services you can use to monitor your credit and your identity for potential theft: oftentimes when you are notified of a data breach, the legal requirement is, at minimum, the breached party offer you this monitoring for one year for free. 

Securing your Networks and Devices

As we all know by now, all incognito mode spares you is someone identifying which pages you’ve visited when you lend them your browser — it doesn’t shield your internet provider from seeing them, or even your router. You’ll want to lock down who can see what.

  • Use a VPN where you can – VPN stands for Virtual Private Network and it means that from your machine to the machine your machine is talking to (‘cos the internet’s a series of tubes), the “tube” is locked on either end. More to the point, your cellular service, internet service provider, etc. do not get to see what you’re looking at or what you’re doing.
  • Avoid using Free Wifi, or make sure to use a VPN if/when you do. Remember that if something is “free”, you are the product.
  • Use USB condoms wherever you can. Those “free chargers” are not really free and can be infected with junk; USB condoms short the two data pins in a USB connection to allow for “just power”. You’re better off bringing your own charging block tho.
  • Secure your Router – change the default password to a strong one (the Admin password and the access password, each). Enable encryption (WPA2 or WPA3), and make sure you do your security patches for the router firmware.
  • If you have “Smart anything” in your home: put it on a separate network from your computers/phones that you bank/do business on; make sure all the Smart gadgets have *separate passwords* (your Smart TV and your Smart Fridge should have different passwords, for example).

Next Up: Privacy.

Engineering

BobbieLeave a comment

It’s not often that I’m struck by something on LinkedIn that makes me think. That sounds bad; let me rephrase: it’s not often that I’m struck by something on LinkedIn that leaves an impression that lingers in the back of my brain after I leave the page. Usually, it’s a celebration of folks getting new jobs, folks leaving old jobs, folks looking for jobs, and a smattering of posts recapping job-like events. Sometimes there are adages and platitudes and we can all resonate with that image of the bent tree that ultimately succeeded or whatever.

It’s Boxing Day, or the Day After Christmas, and I’m poking around corners of the internet while waiting for the Nth load of laundry and figuring out how I’ll keep myself occupied for the next few days (yes, privilege). And so I found myself scrolling on LinkedIn, for this post by Nick Costentino. I don’t know Nick, we are “once removed” via a connection I have (or perhaps more than one, that’s the nature of LinkedIn), but this title, and this post, stick in my brain: “As a Software Engineer, you don’t need to know everything.”

Nick goes on to illustrate that good software engineering is not about having all the answers and/or “just knowing”, it’s about problem solving and being resourceful. It’s about having the *framework* (not in the software sense but in the “I can wire my approach to this” sense) to identify and solve problems. And my off the cuff reaction (which I commented) was: this isn’t just for software engineering; this is for life.

Depending on your geography, family affluence, and other circumstances, you got an education in your formative years. That education may have had you learning cursive and doing geometric proofs and diagramming sentences and such, but for anywhere from 10 to 15 years you were formally trained in Things Society Felt You Should Know. A *good* education didn’t just leave it at that, a good education taught you how to work with circumstances that were not solvable by rote memory: what is the scientific method, after all, if not “f*ck around and find out”? The idea being that instead of churning you out at the end of high school or college/uni with everything in your brain and it being 100% “full”, you were instead armed with concepts, ideas, and a method of approach to solve problems and self-manage.

I am not saying that that is the way it is for everyone — “No child left behind” left a *lot* of kids behind, and the current systems in place are highly differential depending on socioeconomic factors. Broadly speaking, however, people come out of high school and/or further education with the impression that they should *already* know everything and it’s just a matter of grinding your way to the “top” (whatever top that may be). And that the path is set for one’s career, and intransigent.

Careers are fungible things, and so are brains.

You will not, ever, ever, ever know all the things. There will be edge cases, there will be corner cases, there will be So Many Times you are working with Not All the Information and frequently it will be because either someone you were relying on for it didn’t know or because some process or person thinks you didn’t need it. Or the systems in place were developed by someone who left five years ago, and no one can read their notes/handwriting (if indeed any were left). This isn’t just in the software engineering world: I have had the luxury of having a few different “careers” in the last 30 years, and in every one of them I can point to a circumstance in which the person who should have known everything (the Vet, the Pharmacist, the Travel Agent, the Manager, etc.) did not know everything and what we all had to work with were some clues and guidelines and our very best efforts. Anyone who has been handed the curveball of an unexpected medical expense, your car breaking down, mystery crumbs on your kitchen floor, or any myriad of things in Being an Adult in the World has experience with the “I don’t have all the information, but I have to deal with this” scenario.

Education is *a* foundation, from which your brain gets wired (with experience) on how to approach the crazy that life throws at you. May your frameworks be resilient and resourceful.

Controlled Ascent

BobbieLeave a comment

Decompression stops can be needfully boring.

When scuba diving, if you go past a certain depth, you have to “stage” your ascent every so many feet for a period of time, so you don’t get the bends when you surface. I have a high regard for my own skin so I don’t quibble with this and will sit at a decompression stop for however long it needs be; and sometimes just a bit longer.

In the mid-2000’s (somewhere in there, the memory is fuzzy) I was on a dive trip with friends in Mexico, and the order of the day was to dive with Hammerhead Sharks. I love sharks; I think they’re graceful, efficient, and I enjoy their variety of size and shape and color. Shark diving? Sign me up. (Just none of that “let’s chum the water and put you in a cage” stuff). To dive with the Hammerheads, you have to go deep-ish. If I recall correctly, we were clocking in somewhere between 120 and 160 feet. For reference, a Basic Open Water certification will get you certified for 60′, and part of that certification requires you do a “free ascent” – meaning you take one breath at 60′ down, and then ascend (carefully exhaling the whole way) for 60′ without taking another. So we were a little deep.

I remember the decompression stop had me holding on to a guideline from the boat, probably the anchor line. My dive buddy was slightly below me on the wire and in the open water, the only view was the vast blue of the ocean; all the sharks were at depth. It was quiet, it was peaceful, it was … utterly boring.

For however long of a decompression stop I had to be at that place, I was staring out at blue nothingness, literally forced by physics and physiology to stay in one place and do essentially nothing but breathe. I was still “on the job” — the dive was not complete, it’s not like I could nap or anything, but I was, at least a little bit, removed from the “work” of the dive. In 20 years of diving, this is the only decompression stop I remember.

I write this from Arizona, visiting my parents, and it is NOT boring, but it is a decompression stop, for me, from work. I’m not 100% off, but I’m not 100% on, either.

Inasmuch as I would like to be 100% off, I need this decompression stop, before surfacing and heading into a real vacation; I have a hard time letting go of work things, and need to double check multiple times for my own sanity: did I finish this thing? Did I pick up this ball? Did I put this to rest, or at least to rest enough to wait for the New Year?

Somewhere along the way to now, I started taking the day off before a trip and the day off after, to allow for a similar staged decompression: it’s not like you’re still on vacation those days, rather, those are the days you set things “to rights” so you’re ready for the next stage. Piles of laundry and an empty fridge and hundreds (if not thousands) of emails feels rather like the bends otherwise.

My advice, therefore, is this: do your decompression stops. They can be boring, you may feel afloat, you may not have the ability to immediately communicate to your buddy and you may be eyeballing your air, but they are needful.

Now What

Bobbie4 Comments

I work for a major tech company, one that is/was recently in the news for layoffs, and I get that that doesn’t narrow things down much. I’m not immediately impacted. Many are.

This is my best effort at a salient list of what to do if you found/find yourself on the receiving end of a difficult conversation, a last-minute scheduled meeting with HR, or a sterile email. (I am glad to be working at a place where it wasn’t the latter).

  1. Read Everything – I mean really read it. Don’t gloss over the letter/notice/information you’re given, read everything and make sure you read everything before you sign anything. You should be given time to read it and review it with someone else if needed.
  2. Get answers to the questions you will have after reading everything:
    • What happens with your health benefits? How long are you covered, is there COBRA?
    • Can you claim unemployment insurance? (in some states you can after a layoff, and in some if you take a package, you can’t. Your state may vary, check the state site. Here’s that page for Washington State.
    • What happens with your stock, specifically your unvested stock?
    • What happens with your ESPP (if you participate)?
    • What happens with your 401k?
    • Are they offering employment assistance (e.g., helping you find another job)?

If it’s all happening NOW

  • You’re going to feel overwhelmed, but you’ll need to do steps 1 and 2 above to the best of your ability. Don’t *sign anything* until you have to. Let the person who notified you know that you need time to review the notice with your SO, parent, roommate, whatever.
  • Take a walk or scream into a pillow or take a hot shower or do something, anything to give yourself some space. Breathe.
  • If you have a budget, revise it based on what your package will be (if you get one) and what your unemployment will be (if you get it).
    • You can work with most companies (energy, mobile, etc.) to create payment plans and/or assistance depending on your circumstances. The reality is that some people live paycheck to paycheck and so if that’s you, start communicating early. This includes you credit card companies.

If you have time between now and D-Day

  • Use your benefits. That means:
    • Get your doctor’s appointments in, eyeglasses, dental, etc. *Same for any dependents*.
    • If you have other perks, use them.
  • Establish *how much time* you really have and what “normally” happens in that time:
    • Do you have stock that vests? Do you contribute to your 401(k)? Do you participate in an ESPP (Employee Stock Purchase Program)?
  • Do you have enough time to look for another role in the same company (large company layoffs are usually strategic and around projects, your skill set may work in another project).
  • Should you start changing automatic deductions/drafts *now* to accommodate an uncertain future?

And then

  • Brush up your resume. This includes:
    • Updating your work history
    • Looking at current job listings at other companies/your companies and identifying how skill sets are being labeled/displayed “these days”
    • Updating your LinkedIn profile
  • Consider working with a contract or temporary agency – not glamorous, but it keeps you out there, it gets you exposure in companies, you get additional skill sets, and most importantly, it helps pay bills.

Your mileage may vary, and some may be in a better position than others. There is this perception that if you work in the tech sector, you have scads of cash just lying about for just such an occasion, and whilst there are those that do, there are those that do not. Not all tech sector jobs are high-income engineering, and things are tightening up.

We’ll get through it. It’s going to be rocky, but we’ll get through it.

Change Management

BobbieLeave a comment

Author’s note: I had to go back and read through this blog a bit because I was certain I had already talked about this, but it turns out I’ve only dallied around the edges. Time to hit it head on.

I’ve been at my current company for about 8 years, meaning that if I stick around for another year (likely) it will be the longest time I’ve ever been at one company (and, should I stick around another year after that, the longest time I’ve been consecutively in the same approximate management chain/position). We just underwent the largest reorganization I’ve ever been through.

When a reorg happens, one or more of at least three things can happen:

  1. Your manager changes.
  2. Your reporting chain changes.
  3. Your charter changes.

Any one of these can be disruptive and when they happen it’s a good idea to go through and do that risk assessment, “Do I want to be here/Do I want to do this”. I advocate doing that assessment on a twice annual basis (or however often you have formalized reviews/checkpoints of your career at your company) anyway, so in my case, this assessment was about a two-minute exercise.

Once you’ve picked your stance, you then have to pick how you’ll approach it. As a manager, my first responsibility is to my team to make sure they have what they need to 1. do that risk assessment and 2. act on their plans outbound from their risk assessment. It’s also to make sure they get the answers they need to the questions they have, and to make sure they are supported. My second responsibility is to my charter: I am here to do a job (and it is not volunteer work, I am well paid) so let me focus on that job.

Which is why when a major reorg happens, I am probably not the best person to ask about “how I am feeling right now”. I put that in quotes not because I don’t feel anything, but because any emotional reaction I am going to have about the change will not hit until all of the change is managed and is *complete* — meaning, until we are all comfortably in our new place doing our new things as defined the new way, I am still in “change management” mode and my focus is to *get things done*. One of the defining criteria of leadership at this company is the ability to manage through ambiguity and my ability for that is to work consistently until there isn’t any.

This is all well and good until you work with someone who expects you to want to talk about the emotional reaction to the reorg, to have sentimental lookbacks, to “wallow” in the unknown a bit, or (and this is the one that grates the most) you have to work with someone who is “ostriching” — ignoring the change and hoping that things will just “stay the same”. That last shows up in things like being willfully obtuse, or pretending like the decision today will not make a larger impact four weeks from today; it’s the opposite from “I see the vision of the future and I want that future right now” (which to be fair is also pretty annoying — you have to traverse the interim between the two, you have to *do the work* to close out the old world and prepare for the new one).

Unfortunately, the way many folks deal with change are to either ostrich or to do that “assumptive time jump”, and so when you are the person who points out you can’t really do either and you must traverse the A, B, C, and D between the two, it can be perceived as unfriendly or adversarial. Which sucks, because the intent is to get through that sludge as quickly and efficiently as possible, not to reinforce the discomfort people are feeling with that change.

The problem is even though I’m aware of it I can’t really turn it off, for two reasons: 1. I’m literally paid to make sure we actually do the things we’re supposed to do, and 2. I’m fundamentally wired this way. Case in point: when my mom died. My mom died of vascular dementia and acute arteriosclerosis in April 2020. We found out she had this in December 2019, her having hid the dementia (and associated health issues) behind an alcohol problem and a refusal to share any health information with us. By the time she got through the first of two surgeries it was clear that we were in the end of the book, and by the time we had to engage Hospice there wasn’t any pretending anymore. This is change and that change bridges between the old world (Mom is “fine”) and the new world (Mom will not be here). And in that world, I felt helpless, because unlike this in-between space I have at my job, I couldn’t do anything. I wasn’t a doctor, a nurse, a hospice person; I had no job to do in this space except sit and wait. I could bring blankets and chocolates and have nonsensical discussions and on the side work through the endless paperwork; but these were things I could manufacture for myself to do to at least feel like somehow, I was contributing.

It’s a pretty stark comparison to take a major life event and compare it to something so trivial as a job; I draw it only to reinforce that this is a “me” thing and not a “me at work” thing and it’s a thing I have to balance.

I’m therefore in this weird space between Old World and New World where I want to focus on the steps to get from A to Z but I’m dealing with folks who want to pretend we’re in “A” for ‘just a little longer’ and folks who want to get to Z ‘right now’ and I’m the shit bird who has to point out there’s 25 steps to do first and the more time people insist on wallowing the less time there is to do those effectively.

In terms of energy expense, I think the main difference is that for these other folks, their mental energy expenditure is the stress surrounding the change and what that could mean for them/their charter/their vision; for me, the mental energy expenditure is the practical approach to get it done. Which is why on my Insights profile I get things like “Bobbie needs to be reminded of the humanity in others.”

So really, I have to manage myself through this change.

Unplug

BobbieLeave a comment

TL;DR: Use your paid time off if you’ve got it.

There’s kind of a lot going on in my world right now, a conflux of “things we should have known better” and “things we had no idea would happen”; as my job is professional Anvil Spotter these things touch me in one way or another. (Typically: “Yes we saw that anvil, here’s proof we saw that anvil, here’s how we will duck out of the way of said anvil”, or, “Nope, didn’t see that anvil, but here’s how we dealt with a similar anvil, and here’s how we’ll keep from being under this anvil next time”.) So far none of the anvils have landed but there’ve been some close calls.

What this means in a dynamic, hybrid work environment is a finely controlled chaos. In a meeting talking about interpersonal dynamics the other day a graph popped up to show all the interaction capabilities in a group of say, six people — and it’s factorial. Which means that if you have six people then Person A can have a “group” with all 5 other people, or 4, or 3, or 2, or 1, and as you whittle down the numbers the combinations increase as to which people they can be interacting with. Which in turn means that a group of “six” people is actually something like 720 “groups”. Which is why at the end of the day you and I and everyone are exhausted when working on a “small group” project (never mind 3 or 4).

The privileged luxury I have is to be able to take a break. This break has been like a few others where I’m actually not completely removing myself (even though that is/was the stated purpose) from work, but it is a departure from my normal work habits and a drastic reduction in the amount of mental involvement and time spent in front of a machine (for work). It’s that last that gets to the crux of it – the same machine I would log in to for fun or just routine access to docs and such, is aligned with my work. I can remove work notifications from my phone relatively easily (without having to remove the apps) but removing those from my Outlook, for example, is a bit more of a project. Thusly I’ll log in to say, update my grocery list or check in on something outside of work and I’ll see the little red bubble and it will entice me to go pay attention to that Teams chat or email. These sporadic check ins are not as tiring as a full day of work but are, as you can imagine, not as relaxing as one completely departed from it.

The fact that I *also* stacked this “break” with my to-do list of non-work stuff makes it feel like less of a break — car maintenance, catching up on house stuff, etc. means that my eternal fantasy of sitting on the couch systematically eating the marshmallows out of a box of Lucky Charms while watching Jaws and Aliens still eludes me.

That said, this “break” still provides respite and is necessary to ensuring that when I do officially return, I’m a sane, practical, rational person, whose job it is to identify anvils as they hover. The takeaway here for you, is to use your paid time off.

FOMO (Fear of Missing Out) is a thing – and probably drives some amount of “nah I’ll just take a break later”. It’s not necessarily fear of missing out on the fun stuff, though, but rather fear of missing out on crucial information to a given project, or the nuance in a meeting, or having the time to catch up on XYZ technology, or getting your administratea done. The objective horror of coming back to literally hundreds (thousands) of emails can also be a deterrent. Much as lying down without sleeping can offer an incomplete yet still valid rest, so too can be the “break” with a teeny check in here and there. In my case, the little red bubble will not be too scary when I return.

Does this sort of “semi break” take the place of a real, honest to goodness, vacation? Heck no – no more than that 20 minute beanbag loll takes the place of 8 hours of sleep. But it can give you the respite you need to keep going until you can get to the *real* break. Just remember to actually take that real break. I’m scheduling mine shortly… you know, while on this one.

To Link or Not to Link, That…

BobbieLeave a comment

… is really a decision that gets made on an individual basis, if I’m being honest.

Having ranted about What LinkedIn Is Not For, let’s talk about what LinkedIn *is* for, at least as I understand it:

  • To create connections between yourself and people you have worked with,
  • To create (potentially) connections between yourself and people you have worked withs’ connections, to expand your network (e.g., in order to reconnoiter on employment prospects, places of work, specific candidates, etc.),
  • To identify potential candidates for your open role (if you’re a recruiter or hiring manager),
  • To share your work/discipline achievements with your peers and potential recruiters/hiring managers,
  • To share news/media/thought leadership/anecdotes around your area of occupation or expertise,
  • To find candidates or indicate interest in candidacy for nonprofit or volunteer positions (board or otherwise),
  • To vet skills and/or educational achievements

It also gets used by consultants and service providers to find potential provide-ees, which I find questionable, but I’d totally roll with (if there were an option to opt out, see previous). With that, here’s my criteria for linkage.

  • We worked together, either in the same group or in the same company on a given project or product
  • We served board or volunteer time together (yes even PTSA)
  • You have provided goods/services in a professional capacity (the very best traffic lawyer in Washington is one of my links, you’re welcome)
  • You reach out and identify how we are linked (“I see you worked with Princess Buttercup, I did too back before she started working at Dread Pirate, Inc.”) AND you identify how a link would help either or both of us (“I’m looking to transition into program management from engineering; do you have time to talk about your experience?”/”I see there’s an open role in your organization that I think would be a perfect fit for me…”)
  • You reach out and do not identify how we are linked and/or aren’t really specific about why we should be linked (e.g., I can see from the tooling that you’re linked to Inigo Montoya, and I remember working with Inigo Montoya on that project for Vizzini, so I can infer that that’s how you found me; but I’m not really sure if you’re just clicking “link” to have a bigger network count or because you want something from me or what.)
  • You are “cold mailing” me out of nowhere (as part of your mail you don’t share how you found me/why you think the linkage is worthwhile),
  • You are using InMail to sell me stuff, and want to link me so you can sell my links stuff,
  • You are one of those aforementioned service providers with whom I haven’t actually transacted any business,
  • You are just trying to expand your network via searching for keywords/key organizations and clicking “link all”
  • You do things that make me question your judgement, either on LinkedIn or at work. This includes conspiracy theories, derogatory comments about others, grind shaming, self-care shaming, or just generally being a d*ck.

Linked Out

Bobbie1 Comment

I have, as of right this moment, reached my tipping point with some Bad Behavior on LinkedIn — from “professionals”. I’m not talking about your coworker who posts political stuff or that link from 3 jobs ago who posts pictures of their kids’ graduation — spare me the “LinkedIn is not Facebook” drama; I understand that but can scroll by those posts just fine on the “let people live” principle.

I’m talking about proactive outreach that is ostensibly about opportunities, that is not in fact about opportunities. These actually really waste time, and not just the recipients’ time. They waste your time, recruiters and business opportunists. They make me think less of your organization. They make me less likely to consider your company and/or “opportunity”, ever.

I’ve grouped these broadly into four categories. If you’re thinking about doing any of these, please count me out.

The “Come Apply for This Completely Irrelevant Role” In Mail

In this one, you get the semi-form letter that says “Dear [your name here], I was looking across your resume/LinkedIn profile and think you’d be perfect for [their job title here]…” and then goes on to list the benefits of their organization and how to get in touch with them. So far, so good. Here’s where the red flags come in:

  1. You are pitching me for a level that I have exceeded by at least 3 stages and/or haven’t been at in 7 years.
  2. You are focusing on a skill set or keyword that is not in the last 10 years of my job history.
  3. You sent me this same mail 30 days ago, 60 days ago, 90 days ago, etc. and at that time I sent you a polite, “thank you, love where I’m at right now, might consider new options *next year*”.
  4. You are identifying a role or a skill set that appears nowhere, not anywhere, and in no way in my history. Like ever.

Looking at you, Major Seattle Tech Company, Major California Banking Company, Major Seattle Tech Company, Major Seattle Tech Company, and Major Silicon Valley Tech Company.

When I get these, they tell me either your algorithm is borked and coming from a tech company that’s probably not a good sign, or that you aren’t using an algo and your recruiters are so desperate they’re legit just looking for any name whatsoever to send a mail and make some sort of number/incentive, which is also not a good sign.

The “Come Join Our Advisory Board as a Way to Give Us Cash” Opportunity

Admittedly I fell for that this morning, and it wasted 30 precious minutes of my life and also probably someone else’s. Here’s how this one happened: I have, on my LinkedIn, that I’m looking for opportunities in the nonprofit sector specifically in board support – either as member of a board or of committees (as I already am and have). Life is precious, time is precious and so I’d like to spend my ephemeral existence trying to help improve things. In this case, I got a mail for an advisory board role opportunity linked to a local educational endeavor, one I’m actually close to. I accepted the 7:30am call (because sure!) and the day before the call I got a link to “more information”.

Cue the red flags.

The first three pages of “more information” is/was the usual stuff around board support — this is what we do, this is what we need, these are the kinds of support. Then it got into phrasing like, “Work with the design team to select the format best suited for your organization and budget. Each activity and discussion will focus on your industry and company needs. Start your corporate program with as few as 30 employees…” which… somehow read as a sales pitch? For a board role? I responded to the invitation asking for clarity and, got none.

Here’s where I made my mistake: I attended the call. I should have taken the non-response as “we don’t want to answer that right now”, either because it would mess up people’s target call numbers or perhaps the plan is to get people emotionally invested in the first five minutes. Regardless, I attended the call. The inviter was five minutes late (fine) and after some initial small talk when I brought up my question about the “hey what kind of board role is this”, after some very scripted speech the ask was to start talking more about me and what I’m interested in. I was frank, “That’s another red flag for me; you shouldn’t need to know more about me or what I do in order to let me know how the board advisory opportunity squares with the language around organization and budget.” After some initial clarification, what came out is that prospective board members are expected to actually participate in the program the board advises on, to the tune of $5k (oh! but for special people it’s only $2.5k).

I have no problem donating money to nonprofit organizations and do so, on the regular, for ones that I do and do not participate in directly as a board member or advisor or committee member. This bait and switch, however, means that I would re-think any fiscal donation to the educational institution whose name shares this “opportunity” because this “invitation” feels like a scam, and frankly if anyone comes asking me about it, I will share with them my concerns and experience. I mean, if you’re looking to drum up cash just say so, don’t obfuscate it with a theoretical opportunity to actually advise or help.

The Come Use Our Irrelevant or Superfluous “This As A Service” Service

I work for a Very Large Company. There are a few Very Large Companies on my resume and that’s normal as I like the stability of Very Large Companies – you can move around within them without having to renegotiate health insurance sign ups, for example. When I get a LinkedIn email asking me if I want to consider using your HR services to administrate my HR needs, though, it sounds really tone deaf. Like somehow, I’d have the power or the inclination to bypass my existing company Human Resources organization (which is pretty darned great) and just– somehow use your company for my team? I understand when people offer contracting services — that makes sense, I’ve hired contract services before so that is normal — but when I get solicited for things like payroll services it is just a time waster — the precious minutes of life gone, reading that email.

The “Here Let Me Help You Even Though You Didn’t Ask for it and I Don’t Know You or Anyone You’re Linked To” Service

Executive Coaching. Financial Management and Estate Planning. I do not know or understand what the algo is here but I get one about once a month of someone offering to be my coach or manage my money. On one hand, good for you! Go get ’em. On the other hand, I wish LinkedIn offered us the ability to flag that we are not open to business opportunities. We have for example the ability to say we are “Open To Work” (for recruiters — which is not the case for me and I still get the pings), it would be great to opt out of “business opportunities” or better yet opt in to the ones we are looking for.