On the Internet, the Walls Have Ears

Meta, Professiona-Development
Page content

I received a sobering reminder this week of a lesson we all have learned or should have learned long ago. Something I said online came back around months later in a completely unexpected way.

That lesson? No matter how careful you think you are online, no matter how private you think an online place is, someone is watching.

A few weeks ago, I received an unsolicited email at work selling a software product. It was a pretty vague message, saying “hey, you should try our product to solve this problem.” Thought nothing of it, I get that sort of thing at work on occasion. I marked the email as spam and figured that was the end of it. A few hours later the same message arrived via LinkedIn from the same person. They really want to make a sale, I guess.

Strange Spam Sequel

A couple weeks later, I received another email to my work account from the same person, but longer this time. I jumped over to LinkedIn and someone from that company had looked at my profile again. They’re persistent, I’ll give them that.

Then I read the email, and it got weirder.

Most of the message sounded really familiar. So much so that I thought it was written in my voice. And that’s when it hit me - it sounded familiar because I had written it. I checked the SQL Community Slack and sure enough, I’d said those things a few months ago. Even creepier, it was two statements made three hours apart.

Nothing in my Slack profile points to my employer. This person saw/collected this message on Slack, looked me up on LinkedIn, then guessed my work email address based on my name and profile information.

Louder, for the folks in the back: I received an unsolicited email at work from a salesperson trying to book a call by quoting my exact words from a Slack conversation over two months prior.

This. Is. Gross.

Moreover, it gives me a very negative impression of this company and its business practices. They’ve come right out and told me that they’re tracking and snooping on me.

Community Concern

SQLSlack is like any other sizeable community (there are over 21,000 members as I write this). We have the occasional spammer in the main channels, or person who’s just posting irrelevant junk, selling services, or asking to engage in sketchy activity. Sometimes they private message individual members for this, more often it happens in public channels. But it somehow felt “safe” and maybe I shouldn’t have let myself get lulled into complacency. I guess it shouldn’t come as a surprise to learn that there are bots silently hanging out in Slack, just watching and collecting public messages.

Now we know that we either have people or bots watching for specific topics/conversations, or the conversation history is being made accessible to other entities (neither the name nor email address is registered as a member of SQLSlack). If they never make themselves seen, there’s no way to identify and deactivate those accounts. What are they doing with this information? No way to know. But apparently one of those applications is to source sales leads.

I have to wonder if this same person is contacting other people at my company saying “hey, I’ve heard that people in your company are unhappy with this thing and I can sell you this other thing to make it better”.

One thing I do know - I’ll be thinking twice before speaking in seemingly “safe” online venues like Slack going forward.

Call to Inaction

If you’re doing this or considering doing this, stop. It does not project a good image of you or your organization. I will be sure to not do business with the company that reached out and inspired this post in the future.

Final Thought

Since originally writing this, I’ve encountered another situation where someone (not me) has been carelessly speaking online without thinking about who may be watching or the consequences. In that context, their conduct is more concerning but there’s little I can do about it.