The Facebook job test: Now interviewers want your logins When I wrote this blog about how a recent research study correlated social network behavior with employee success, I speculated that we’d soon see employers trying to circumvent Facebook’s privacy policies in order to get a good look at your Facebook pages. Well, it turns out that some employers aren’t happy with just seeing …
Almost-as-important: Would you hire someone who freely gives out their usernames and passwords because someone asks for them?
But yeah. Do not ask for my password. Because the reply "Take a hike!" may cause offence.
In fact, if you even ask for it (whether I refuse or not), I will be reporting you to the Department of Work and Pensions and the Data Protection Registrar. Aside from the fact that actually GIVING you that password is a breach of Facebook's policies.
I think my actual, considered, reply in an interview would be:
"I'll do you a deal. You retract that question now, and don't ask any other candidates the same question, and I'll pretend I never heard it."
Should be shocking enough and warning enough for them to stop doing it (unless they are terminally stupid), enough to politely reassure an employer who *WAS* just testing you to see if you're stupid enough to give out logins just by being asked, and clear enough that - actually - I do understand employment law and if you pursue that course there will be trouble, job or not, and I *will* be asking other candidates if they were asked it.
Yeah, the password is the problem.
If my boss (or potential boss) wants to friend me on FB, that's cool. And I'm not stupid enough to post stuff online which I wouldn't IRL. That's why I use my real name in online forums (or often "Grab" as a shorter version thereof dating from uni days, and Google can track that to me very easily), bcos there's nothing I've published that I want to hide. So hit FB and fill yer boots - read my posts, look at pictures of my family and pets, and check links I've shared.
But my password? That gives you access to my *private* messages, as well as access to add/delete stuff and to add/delete friends without permission. And many people will use the same password across multiple accounts, so this could easily also be giving access to email, eBay, online stores, Paypal, online banking, personal website, etc.. So no, you don't ever get my password.
There is a simple answer to this. "I'll give you my FB password if you'll give me your login to your company network..."
While I DON'T use FB. I do understand the reasons compnaies are concerned/interested in how a potential employee will represent the company. NO company want's to deal with PR issue due to an employee's FB posting/photo.
Dumb HR / Interviewers. Just ask the prospect to log in to their FB account during the interview. NO company can/should ask for an individuals personal PWD.
Another solution...have the new hire sign a contact that they accept responsibly and will quite if a FB posting becomes public and damages the companies image/reputation. .
TOO many "sue happy" lawyers....makes for this kind of dumb inquiry necessary. Because the bulk of the General public....are stupid.
Illegal? No, certainly not under the Data Protection Act. The employers are asking their prospective employees to volunteer their facebook account details. If they agree, then it is a private agreement between the individual and a company. This is exactly the same as a loan company asking for copies of your bank statement before offering a loan.
It may be counted as discrimination if it can be proved that the individual did not get the job because they refused to hand over details, but that would be a completely different issue.
I immediately thought that the employers were going to turn an applicant down if they actually DID give their login details over, because that would indicate a lack of understanding about on-line security! Ho hum.
It doesn't just reveal your private data but all that of your friends too, and that is without their consent.
I put very little information into Facebook, basically all public except for the consolidated list of friends but for their protection I would refuse any request to reveal password.
The thing is, you're also interviewing the company - so if I got asked this sort of question it would immediately ring alarm bells for me. I wouldn't want to work for a company that thinks this sort of thing is acceptable, legal or not.
My response after a long pause (trying to work out if it was a joke or not) would be something like
"After careful consideration I have to refuse your request. I just don't think you're the kind of employer I could see myself working for, so I would like to withdraw my application of employment, and please don't contact me again in the future."
I've actually walked out of interviews for less.
Reminds me of a job ad I applied for, it was for a permie job or I wouldn't have minded, but the email went into a black hole.
So I sent another, no response of any kind.
So finally I sent another, with a letter saying, "I'm very busy, so if I'm not suitable, please don't waste my time by contacting me."
So, this lady, the total ignoramus, who shall remain nameless, then rang me up to tell me off for being rude and unprofessional.
Agents eh? Not only was it exactly what she had done, but she ignored my request and rang me anyway. The sooner LinkedIn makes these keyword matchers unemployed the better.
Precisely.
Regardless of whether I have anything to hide or be embarrassed about on my Facebook account (or any other account of any sort) - and I really don't, because I assume that it isn't necessarily as private as some think - my login details are absolutely none of their goddamn business and this *would* be grounds for me terminating the interview and moving on.
You're all just missing the point.
Facebook is a problem in and of itself, you have already surrendered a large part of your privacy by putting anything there.
The fact that an employer asks you to share it with them too (you already shared it w/ facebook inc., facebook DBA's and the US government) is just a little step further.
From my point of view, doing one or the other is completely stupid, and I'm afraid I have to point out that what you're worried about is a mere technicality.
I know that my server host has my root passwords stored somewhere (or root access of some kind). Doesn't mean I'll give it to a job interviewer, or employer.
I know HSBC has my bank details and access codes and PIN's stored somewhere. Doesn't mean I'll give them to a job interviewer, or employer.
I know the government has my tax records, passport numbers and medical details stored somewhere. Doesn't mean I'll give them to a job interviewer, or employer.
I know my phone company has my phone number and list of contacts stored somewhere. Doesn't mean I'll give them to a job interviewer, or employer.
You can be a privacy nazi all you like, but the fact is that most of that stuff just doesn't matter. I have nothing on Facebook apart from some family photos and "I crashed my car the other day". There's nothing that I'd be horrified them knowing. Hell, even the password is unique to Facebook. The point is THEY DON'T NEED TO SEE IT (which is why it's set to Friends only for most things). So they don't get it. No matter how nicely they ask. They might *technically* be able to get that data from other sources but I would consider that a gross invasion that would hurt them more than the data ever would be worth.
I could share a Facebook picture with the entire fecking world. It doesn't mean I'll give them, or you, a copy if you ask for it.
Privacy is about choice. If I want to tell my friends about my Facebook account, I can. If I don't want to tell my employer, I won't. With proper controls, they might *never* be able to find out, short of a court order. The Facebook DBA will already have that data and, if they're anything like the database work I do, you really, really, really don't care about what the data is past its ability to be read/written by the right people. And, just as an employer can be up before a tribunal for misusing personal information, the Facebook DBA will be up before a court if they play with it outside the bounds of their contract.
I'm in charge of school databases. That can (depending on the school) include everything from what the kids spend their lunch money on and how many lessons they've missed, up to an including (genuinely) reports of abuse at home, details of staff disciplinary procedures (and in one previous school, I know of a teacher sacked for accessing unsavoury child images during work-time, for instance), details of student's "previous lives" under witness-protection schemes, and all sorts of nasties. You can say "it doesn't matter, because X already knows" all you like - the fact is that they won't be finding out, and won't EVER have found out, from me.
Similarly, my photos and personal data (including what I was doing last night) and especially passwords and usernames are my business and thus, up to me to disseminate to who I see fit. And I won't. Because I've already made that choice. If you weren't on the list, there was a reason for that. Even if everyone if the world could find it if they went looking (like my phone number, for instance) - that's neither here nor there. If I refuse to give it to you, that's MY choice.
Your argument is akin to saying "Hell, the doctors and NHS can see your medical records already, so you might as well print them out and leave them in the pub". Stupid, nonsensical, counter-productive and shows NO CLUE about what privacy is at all.
You don't get it do you ?
The point is :
If something touches the internet, it stops being private.
Anything linked to the internet is hackable and subject to leaks.
Anything stored on the internet is much easier to hack and much more subject to leaks.
Anything SHARED by you over the internet is way easier to hack and to leak out.
Let's just take the fb example :
You put stuff on facebook for all your friends to see and you have say 132 friends (arbitrary number assuming you didn't accept every friend request since you created that account).
Your information can now be accessed by:
facebook inc.
any dba @ facebook inc.
the US govt.
Anyone hacking facebook (and that's on the *easy* scale of hacking considering the amount of data transferred and API calls per second)
Anyone hacking any of your 132 non-technical friends's PC (now that's just lol, more than 1/132 of pcs have a trojan somewhere -)
Anyone hacking your computer (duh)
And that list is just a draft.
DO you really really think you have any privacy ?
The only people who think internet and privacy are compatible are those who don't understand either or both concepts.
More lines for no reason below :
Your bank has all your account history, and they share it at the very least with the police, without asking you for it.
Your phone company has your phone history too, including your SMS and a log of all calls, you didn't authorize them to keep it did you ?
What you put on your facebook can show much more than you think it does.
They don't need to see it, true.
Privacy is about choice.
You don't choose who accesses your stuff.
Everything you put on facebook or google or through public SMTP relays or whatever IS scanned and you don't get a say in that.
Everything that is connected to the internet is subject to being hacked and the data leaked, and you don't have a say in the matter.
I'm pretty sure even your school database is not on a secure network and could be hacked if anyone cared about it.
> Facebook is a problem in and of itself, you have already surrendered a large part of your privacy
> by putting anything there.
Fear-mongering nonsense. It is certainly possible to subvert (not "surrender", as the good in question is not exclusive) your privacy by posting information to Facebook. But simply having a Facebook account, and even using it, does not imply a significant privacy loss. The only information that can be leaked via Facebook is the information you put there; if you don't supply the site with anything private, you don't lose any privacy.
In the US, at least, there are various state and federal laws that prohibit interviewers from asking questions about:
Race
Color
Sex
Religion
National origin
Birthplace
Age
Disability
Marital/family status
If I've added this type of information to my Facebook profile and chosen not to make it public, doesn't them asking for my Facebook credentials effectively amount to them asking me to provide them with the info? At the very least I would politely decline to provide the credentials citing that the contents of my profile are irrelevant to the interview process. If they go so far as to make it a condition of employment, they might earn themselves a legal claim for discrimination.
Interviewer: Give us your Facebook or random social network login....
Me: You must be kidding, this is work, Facebook is not work therefore it is not relevant to this process. Do you want to come round my flat, rifle through my mail, read my SMS, chat with the mrs and ring my parents as well, perhaps you want me to strip off so you can check I haven't had an insulting tattoo on my nuts? I wouldn't work for a company that seriously asks this, so unless I just passed some kind of reverse psychology test then this interview is over, goodbye and consider my middle finger raised in a solitary salute to your quite frankly disturbing HR policy.
*slams door on way out*
> "this is work, Facebook is not work therefore it is not relevant to this process"
Really? This is an IT forum, on an IT news site. I'm betting that for quite a few of us, it *is* directly relevant. I myself work for a large entertainment organisation which has just released a major (and very popular) app onto Facebook. There are others with various apps, services, and plug-ins. Facebook and the use (and knowledge) thereof is quite valuable to us. Say what you like about idiots who use it, but hey, they're helping to pay my bills.
That said, I would create a testing account and not use my *real* profile, whether for an interview or a production app...
I just picked you to reply to, don't take it personally. It's not the point.
For the sake of argument :
You are a professional and good in your chosen field. You make 50K a year. You are headhunted by another company. They are offering you 100K a year. The caveat is yoou have to hand over your Facebook account. You have such an account, but yu only use it to discuss the finer points of elementary particle physics with peers, so you KNOW you're clean as a whistle.
Do you actually tell them to take a hike and blow of a 50K a year payrise on principle ?
It's just a question. You can change the numbers to whatever you like.
Thanks,
Pete
The answer would be no. It puts a price on my fundamental rights of £50k, and for that they can have the interview questions printed on thick, sharp edged cardboard and shoved where the sun doesn't shine.
If they do not trust me as an employee to have a clue about public presentation, than they are not the company I would consider working for. I have 100% understanding for the need to underwrite a non-disclosure clause (which I would not need, it's a simple matter of principle to keep your face shut about your work), but there would be no access to my profile.
As a matter of fact, the question is becoming academic in a few weeks any way as I plan to zap the profile and only keep the account to bar the name - but the principle remains the same.
No, no and no. It's time to stop this sort of crap.
no no and no ?
Stop acting like a kid, and let me give you a sweet sweet realistic example.
Your newborn has leukemia, it's going to cost a shitton of money to give him the best chances to make it through.
Now you have that privacy-less job @ 100k that could fix all that . still saying no like a kid ?
Thought so.
No, I tell them I don't have one.
Almost none of my details (including my picture) are public, so they'd have a hard time proving that I have an account, especially given the number of people who share my name.
If I thought there was a real risk I could even just change the name so I don't match any likely search results.
The answer is, indeed "take a hike".
After long enough in employment some of us have figured out that the level of salary offered isn't always the most important factor in deciding whether a job is "good" or not. There are some jobs and employers where there isn't enough money in existence to make it attractive.
The question misses an important point.
The sort of person who's being headhunted for a six-figure job is likely the sort of person who has skills and/or abilities that the employer really, really, really wants (or thinks it does--whether or not the person is worth six figures is another story).
That person isn't likely to be asked for her Facebook password. It's the midlevel managers, the grunts, the junior sales associate second class folks--in other words, the expendable, replaceable, interchangeable commodity worker bees--who are going to be asked to hand over their passwords.
You don't really think a company is going to ask this of its new CEO or the superstar programmer they just stole away from Google, do you? Hell, no. It's the people who are desperate for work and who have fifteen applicants lined up behind them who're going to get shafted.
No, it doesn't liss an important point. It doesn't miss any point. The question is simply to ascertain if the readers of this here facility put a price on their priacy, and if they would deviate from the principle in favor of bettering themselves professionally.
I admire the people who categorically refuse the 'you don't have anything to fear if you haven'r done anything wrong' argument.
But I confess that I can at least imagine selling out the principle of the financial gain is large enough.
Thanks to the people who replied. To the people who downvoted : I'm sad to say I do not understand why you would downvote someone for asking a question. I'm baffled.
Isn't it against Facebook's terms of service to allow a third party access to your account? (I'm 99.99% certain, but can't check as the link to the Terms is at the bottom of the Facebook "endless scroll" page so I can't actually reach it). If so, a good question back to them is "No - as I tend to follow contracts I agreed to - such as Facebook's TOS. Do you want to employ somebody who breaks agreements on a whim, if so can I ask if you've got any 'no-physical violence' sections in the contract?" Also ask if you can check _their_ Facebook profiles (and the CEO's) so you know what sort of people you will be working for.
I've found a couple of (past) employers being impressed when they've been "stood up to" (hey, this guy has ethics/understands things).
Yup.
Section 4, point 8 :
"You will not share your password, (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account."
So the request can be denied with easy justification, if you'd rather not just tell them to f-off.
This post has been deleted by its author
Possibly - and another reason to work for yourself :)
On a more serious note, I "deleted" my FB account a while back - far too many corporates wanting you to 'like' their product on FB, meaning they see loads of your personal data..
Years ago, I read a book (or saw a movie) wherein the lead baddy said something like: "It's not the money, it's he who controls the information" - prophetic, IMO
"...far too many corporates wanting you to 'like' their product on FB, meaning they see loads of your personal data..."
I've found that what's helped for me in that regard is that all the fields which ask for stuff like what kind of music/bands/books/movies/etc. I like, and my education level/schools I went to/where I work have been left totally blank, on top of the fake name, fake birthdate, fake place of residence.
Works pretty well. Of course, as FB thinks I'm a 28-year-old woman living in Tripoli and originally from Cairo, some of the right-column "targeted" ads are a riot: vacation in North Africa! Study in Algeria! ...not to mention that at least half of it is in Arabic. B'wahh ha ha hah.
Anyone work where you need higher security clearance?
Part of the clearance process is you need to hand over your entire life, that includes home visits, online accounts, etc. This has been going on for years -- just why is anyone surprised?
Facebook et al is going to be the ruin of so many people.
AC for a good reason
Indeed... my house mate Mike was a nuclear engineer. An old school friend of his, Bob, was going for a higher security clearance job. Bob gave his potential employers permission to contact any of his past acquaintances. So Mike was contacted and asked such things as "Back in school, was Bob ever... was he ever strange in the showers?"
Not that they minded gay men, they just wanted to find any ways in Bob might be blackmailed by third parties.
FB login details seem the least of it.
"AC for a good reason"
UK provider, thus subject to RIPA. Anon is thus no help whatsoever :-).
However, on the clearance process. The first sensible level just does a check for criminal records and is a go/no go approach. The higher levels are more risk assessments, having an FB account is no crime - it depends on what you do with it (and yes, they'll take a look at it). FB exposure can in this context be either good (sensible use, no indiscretions, clearly able to handle public exposure without becoming an idiot) or bad (lots of insider data etc etc - you can see what I mean).
I enjoy having a profile. No better tool for misdirection than a presence which everyone assumes to be the real you..
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
