MANAGER: “hey uh, my friend at a different company said you applied for a job there this week?”
EMPLOYEE: “uhhhhhh…. that was… uhhh… a deepfake who also stole my information?”
MANAGER: “oh okay. yeah of course you would never try to double/triple your salary by taking multiple remote tech jobs with zero oversight. my friend said it seemed so real haha. deepfake are so good now. im gonna report this to the FBI, people need to know.”
EMPLOYEE: “yea haha amazing. anyway i gotta get back to not-my-other-job”
I was surprised that this was a real thing when I stumbled upon the r/overemployed subreddit. Not sure how many of the folks who self-report their success in doing this are LARPers, but it's remarkable that anyone gets away with this.
I have a hard enough time attending all the meetings and completing my work in my actual job, I couldn't imagine taking on another and balancing the two somehow.
Anecdotal, but my wife was doing 2.5 remote jobs simultaneously for a while, and apparently performing above expectation in all of them. However -- meetings were her major complaint, and she eventually burned out and quit the two full time jobs due to excessive and (according to her) pointless meetings.
One of the companies asked her to stay on as a consultant. They ended up hiring someone full time... who spent all their time in meetings, while my wife did the actual work. For significantly less pay, of course.
So yes, overemployed remote workers really exist, but at least in her case it was largely due to incompetent management.
> So yes, overemployed remote workers really exist, but at least in her case it was largely due to incompetent management.
I mean, incompetent management may have allowed the situation to persist. But your wife "working" 2.5 jobs for (presumably) the expected hours of just one of those jobs can't be blamed on management. She chose to accept all 3 of those positions with the knowledge that she wouldn't meet the conditions of employ.
I'm not a "send 'em to jail!" type, and I have little sympathy for large corporations, but let's not pretend it's anything less than time theft.
US employers have worked very hard to make many of their workers "exempt" [1] such that they don't have to pay for overtime and can make people work egregious hours without getting in legal trouble.
If that's not "time theft", then I don't see why an exempt worker who can do the work of two people shouldn't get paid for doing the work of two people. It would be different if they were hourly workers and they were double-billing for the same hour, of course. But I don't think that's what's happening here.
You can still "double-bill" in an exempt position.
Most employment contracts I've seen stipulate an expected work week of 40 hours. If I sign 3 contracts like that, now I would need to work 120 hours to fulfill the obligation. And as long as someone collects the paychecks from all 3 jobs without fulfilling the contractual requirements of those jobs, well, that is sort of the definition of theft. Money gained without performing the work necessary to earn it.
I don't think I've ever seen an employment contract for an exempt position that specifies the number of hours to work. So yes, if somebody is foolish enough to sign that, they might get in trouble. But again, I doubt that's the case here.
I think you're making an unwarranted leap here. The management never complained about or monitored hours worked; the requirements of the job were simply completing tasks. Which she did, as I said, at or above expectations (the company she continued consulting for is still trying to rehire her at "full time", but they really just mean adding more responsibilities and tasks).
Sure, there are lots of jobs where "time theft" is a useful concept, but there are a lot of others where it isn't. I'd go so far as saying that thinking in those terms can be another sign of incompetent management.
That's a bit different than claiming time theft, isn't it? That's more of a suspicion that someone couldn't possibly be doing a good job if their attention is split.
The two full-time companies objected strenuously to her leaving and made various offers to keep her around. Would they have suddenly decided that they were deluded and that she was actually a horrible employee if they knew the truth? Possibly, but that doesn't mean they're in the right.
The real problem here is that a large portion of managers actually have no idea what constitutes a good employee or good job done. So they try to figure it out through second order observations like how many hours are worked, how convincingly the employee acts like they're good at doing their job, or how they report on their progress in meetings; and they get upset when they find out information that makes it seem like the employee should be doing a worse job.
I'm being a bit harsh, since I'm not immune to the same thoughts and uncertainties; I have an employee of my own who has two other part-time jobs and at times I've questioned whether that's OK. When I really examine the work he's doing, though, the answer is always the same: he's doing a good job, and the rest of his time is none of my damn business.
> That's a bit different than claiming time theft, isn't it? That's more of a suspicion that someone couldn't possibly be doing a good job if their attention is split.
The reason employers would not approve isn't because the employee's attention is split, but because the employee would not be meeting the conditions of employment!
40 hours is the commonly accepted definition of "full time" in the US, and this is often written into employment contracts as well. Additionally, employers generally have expected working hours where the employee is available for meetings, mentoring, pair programming, etc.
So, how can you fulfill the expectations of multiple "full time" jobs while only putting in the time for one?
If the expectation is just hours worked, then you can't fulfill 2 (or more) full time jobs. But I'm not sure where that applies, outside of something mind-numbing like a call center.
Realistically, it's a technical field and there are a lot of very, very poor candidates out there who will fill the seat for 40 hours but completely fail on performance. And I think that's why nobody was judging performance based on hours of butt in seat.
But her time is not their property, and so there is nothing illegal about her doing with it as she pleases. You can’t steal something that is already yours.
Either your wife is a massive outlier in skills, or the company just isn’t working her hard as they could be. As remote work opens jobs to the broader world, Americans are quickly going to find out that if they can’t generate the business impact of a Serbian or Chinese developer working 60+ hours a week they are going to find themselves in a very unpleasant situation. Some Jeff Dean sorts could do that in 5 minutes a week but most people can’t.
Sure, you're right. I wouldn't say that the problem is that the companies are not working her as hard as they could be; I'd say that what they think is a full time position should actually be part time. But they've refused to see it that way, for one reason or another.
We (Westerners in general) would indeed be screwed if you could just replace people with cheaper workers from other countries. It's not that simple, though. Language and cultural differences are a massive barrier. I say that as someone who has worked with a lot of East and Southeast Asians who are brilliant, hardworking people -- but it still takes a lot of effort to figure out how to work together, and that's at a startup scale where you can really pay attention to each person. Larger companies tend to have a lot of outsourcing horror stories.
Certainly, today, an on-shore American developer has more ability to generate business impact than an offshore Southeast Asian developer. But I think that's more because of the bias-laden and chummy way that companies are managed, which is an artifact of office-driven culture. Remote work cultures will be more based on written communication and demonstrated results, and then American developers not in the FAANG skill bracket are going to find out that they are not a very attractive buy when someone almost as good is available for 1/5 the cost.
Yeah, I thought so too. Then I started hiring (for my very small startup) in SE Asia. And, well, maybe I'm biased and chummy, but it just wasn't incredibly smooth sailing. This is purely remote, almost all written communication, etc.
I have no regrets and still employ the same people today, but it just wasn't so straightforward as you're making it out to be. I think it's actually easier for a startup to have, let's say, an entirely Indonesian team including the founders, targeting an American market, versus a startup having an American founding team then start hiring in Indonesia. (For big companies I don't know, but I'd imagine it all gets even more complicated.)
Haha, man, I had the same thinking ("Surely I can find some genius programmers in Asia or Eastern Europe willing to do the same work for a fraction of the price") but the reality is very different
I had no luck with it at all myself. I'd get completely useless low-quality crap work out of these guys when I got anything out of them at all.
I think you'd have to hire some local managers and maybe send over some experienced devs from the USA to train up the locals, at which point it'd only be a matter of time until they realize their new worth and jump ship for FAANG or whatever.
I can't see how this wouldn't get caught in the US without significantly more criminal activity on the person's part. If you're salaried then they're going to need an I9, meaning you need a tax ID number. So then are you going to open a bank account in this stolen identity's name or are you going to try and setup direct deposit without a name or just a routing number/account ID and hope tye name mismatch isnt caught?
What about the IRS and employment tax your employer pays going to the wrong tax ID that should be reported to you?
I'm sure in some situations it'd work (1099, physical paycheck, lax process), but it seems like you're just setting yourself up to have to break more laws.
You'd be better off just using your own name and keeping a low profile online.
At least then you'd probably only be in violation of your employment contract.
It's stuff like this that's going to make providing recent bank statements and tax records a more common requirement for hire. :-(
Is it illegal to have multiple employers? I should inform all of the members of the board of every company that I've worked for that they should tender their resignation at their other companies.
> You'd be better off just using your own name and keeping a low profile online.
At least then you'd probably only be in violation of your employment contract.
Ie, the crime being discussed isn’t having multiple jobs, but taking one job under a fake identity.
I think the original start of this comment thread was about taking on an extra job and then wiggling your way out of it being discovered by saying it was deepfakes, then another poster saying they cannot imagine having several jobs and winging them. Whether that was assumed to be occurring under fake identities wasn't clear.
So, yeah, I'd say maintaining fake identities is hard no matter what and illegal.
But I think even before that folks are wondering how people can maintain several jobs at the same time, regardless of fake identity or not.
I interpreted the comment I was replying to as someone who felt that running multiple jobs was illegal. I have seen coworkers think that before just based on a a manager telling them it was illegal to work for multiple companies at the same time.
Faking your identity in the US for a job is breaking several laws. Explaining this behavior by saying "I was deep faked" probably won't satisfy law enforcement or the IRS.
Taking multiple jobs under your legal identity isn't in and of itself illegal. But you may be in violation of your employment contract. Meaning it's probably, depends on local laws, not illegal but gives cause to terminate you and possibly be sued.
I’m in the US. Ain’t got no contract for shit because companies don’t want to be committed to a deal with workers. The closest I’ve gotten to a contract is “don’t slander us and you can have this severance”
> I’m in the US. Ain’t got no contract for shit because companies don’t want to be committed to a deal with workers.
Your offer letter usually functions as an employment contract. The thing that spells out your start on a specific date, and we will pay you some amount in some given manner.
It really depends on your local labor laws, which vay from state to state.
Employers in yhe US love contracts. They say things like "all your ideas are ours even if you work on them off ours" and "you can't work anywhere else, after us unless its in retail or food service, because we don't want to compete". That holds up in the states faangs are moving to, to reduce COL.
And my state ignores that and restricts those covenants to default settings or tosses them if the companies go too, far. Also lol at the faangs moving to. They are expanding not moving.
They didn’t leave California, mass, or New York which have major provisions protecting workers, and they chose to build in those locations before you saw them seeking out smaller cities and states
well yeah, you don't put your headquarters or leadership roles in Rwanda or Texas, you start with tech support, and slowly migrate anyone who knows what an integral is to the low COL areas. I apologize to Rwanda for the comparison.
Just being generically cynical. Don't mind me. There are decent places left to live and work. Now that outsourcing has moved from impoverished nations on the other side of the globe with poor human rights records to nearby states with poor human rights records it is just a bit sad, thats all.
You verbally agreed on contract pay rate, payment frequency, schedule, assignment of works, how sensitive information will be handled, whether or not you can subcontract a portion of the work, who provides materials and work accommodations, and a bunch of other important details?
All without a written agreement? I'm surprised you could get people to work with you.
There is a thriving ecosystem of scams that uses United States residents as money mules, with the ability to open bank accounts, for ACH deposit, social security numbers, etc.
You might be significantly underestimating the number of extremely gullible people out there.
In some programming roles - especially during the pandemic - the amount of work you can get away with doing is significantly below what you think. You probably overestimate how much attention people pay to what you're doing and underestimate how easy it is to make a ticket sound harder than it is. And, here in Europe, you can be paid multiple months' wages between clearly giving up and being fired.
Perhaps the most important factor: if you have two jobs, you don't care about being fired.
Source: I'm an immoral, lazy, singly-employed person.
I ended up in that situation by accident before the pandemic for a few months. Working one remote job while I was in office working another job. That time period was great for my bank account and it made me really aware of how I had automated a 40/hr a week in person job into something I could perform remotely on a lunch break.
I won't name names but it was a small rural community college that had fired all of their IT except me, and they couldn't let me go until they had a replacement so I worked remotely as I had to move out of state for a family issue.
It's amazing how much work you can get done between multiple jobs when you never actually have to do any of that meeting nonsense in what you do. All of my work with all of the people I work with is conducted over text chats and emails on a basis where we reply when we can, and everyone is happy with seeing a link or screenshot to click on to see the work I've been doing is going well. Everyone I work with is always travelling and often in radically different time zones, so coordinating a meeting MIGHT happen a couple of times a month. Why should I stress waking up early just to get right into the most eye-crossing soporific experience imaginable, or expecting the guy in Africa to stay up late? And also, what the hell is employee surveillance software? You couldn't pay me a million to install some creepy boss spyware on my computer.
Depends a lot on the competence of your manager. If your manager only has taken “management-courses” and have zero information about the domain they are working in how are they supposed to judge efficiency? The glorified babysitter that can only talk about the latest scrum techniques.
I’ve seen IT consultants make quite a lot of money from double dipping and they always seem so stressed which further makes management think they are doing a great job.
This does seem to be more of an EU issue though where management and economics are still among the highest status competences. Working yourself up the ladder here isn’t that common (they don’t earn that much more than the developers).
It can happen mostly when you are working for very big companies, they usually have too many people and projects take a long time to complete because you need to get approval from multiple people. If you already know how things work then you can quickly finish your main job work or sometimes there is no work which gives you time to do your second job.
Yeah, and then the fact that with one tech job, you're already in the top tax bracket, and anything extra you do is taxed at the maximum rate. Diminishing returns on effort...
Be a contractor and bill hourly. Remote work is far better suited to being a contractor… especially if you don’t particularly care about the company (and if you are working multiple gigs… you really don’t care)
I always find this to be a funny point in these conversations. The entire discipline of "agile development" exists because it's so hard to have foresight into the requirements of a software product up-front. By extension, I don't see how we think it's possible to define expectations for employees up-front and then pay them only based on results. If you look at agencies within our industry, for instance, about 0% of them will work on fixed-price contracts - it's always time-and-materials. Knowing what we know about software development, I don't see how individual employment can fundamentally be any different...
MANAGER: "okay, now we need to make sure we never hire a deepfake. all technical interviews are now proctored with identity verification and random shocks of pain. failing to react to a shock appropriately will immediately disqualify someone from the 8th round interview"
I know of one person who does it right now (not in the tech field). It seems possible in certain positions in some fields but requires a lot of planning, some luck, and a lot of work.
As long as it’s a salaried position and you’re getting the job done at/above expectations, the company shouldn’t care as much as some of them seem to.
> While some of the deepfake recordings used are convincing enough, others can be easily detected due to various sync mismatches, mainly spoofing the applicants' voices.
> "Complaints report the use of voice spoofing, or potentially voice deepfakes, during online interviews of the potential applicants," the US federal law enforcement agency added.
Something about this doesn't smell right:
1) Don't video deepfakes require lots of high-quality input video (which is why they were often made of Obama)? Where would an attacker get this for some rando?
2) Why would voice deep-fakes even be necessary, given the interviewee is very unlikely to be known by the interviewer? I suppose it could be used to fake accents, but I don't think that would be an issue for a "remote tech job" -- just steal an identity that could plausibly have your accent.
Regarding 1, you setup a fake company and interview the candidate in multiple rounds. Record the interviews and then use them as input for deep fake.
Edit: you could also approach them as a love interest and get the video through chats.
I'd also be curious to see if there's an overlapping former employer between the candidates. If you found an archive of some employers zoom meetings you have all you need.
In the second year of COVID I was hiring for a dev position and got a really good candidate who came across as a very bright, outgoing young woman, who got "hire" decisions from 4 of 4 interviewers. She worked with us for about 6 months remotely, but never turned her camera on after the interview loop, and in retrospect she seemed like a totally different person than who we interviewed. The conspiracy theorist in me says she used a double to do the interviews. No need to deep fake anyone.
One of my previous leads suspects a contractor did something like this for an in-person role. We only did one or two phone interviews for such roles, and the guy did well enough to get brought on for a 3 month contract or something. The guy who showed up didn't seem to know as much as the interviewee, and was always on the phone. My lead suspected he was getting help from "somewhere else." In retrospect, he suspects the guy who showed up may have had a different foreign-country X regional accent than the person who interviewed, but it's impossible to know for sure.
He speculated that some unscrupulous but relatively knowledgeable guy was sitting in for the interviews, and then coaching the incompetent applicants day to day for a cut of their pay.
In the end he just let the contract lapse. Not a whole lot you can do since it would be really hard to prove any kind of malfeasance, and to make the accusation would just make you look crazy and paranoid.
There was a place that hired a consultant for a project a friend worked on, and she was... I don't think she could write code at all. Like, had trouble manually inserting fragments into an XML file despite fragments with the same structure already being in the file.
Her productivity skyrocketed at night however, and she generally had working code in the morning, which lead to rumors that her husband or someone in her home country was doing the work (would have been daytime over there). Nobody really complained. She wore a hijab and the company had just hired it’s first “diversity officer” so maybe that’s why. Thankfully they stopped using that vendor not long after. It's a story a friend told me a long time ago. I didn’t and couldn’t fact-check it.
The husband’s theory came from the fact she apparently mentioned her husband was also a software consultant.
That's fine if people helped her after work, it means she is struggling a bit technically and she has to work after-hours to learn. It's ok. It means she is dedicated to her job but lacks some skills and is trying to learn.
The result is also the most important.
I don't think any company would be even slightly 'fine' with unvetted random people having access to any of their systems, and it's almost certainly a breach of contract by the employee to give anyone else that access, whether that involves letting them login and poke around or having them look over your shoulder.
Your experience may vary but for many it's an open secret in IT that developers and sysadmin help each other (at any level).
In practice, when you are a developer you get to know lot of infrastructure and even sometimes customer secrets from Facebook, Apple, Google, PayPal, etc.
This is because the tech people actually speak together, ask feedback and share information.
When a doctor doesn't know, he asks the other doctors for opinion.
There are even websites for that (StackOverflow, GitHub, etc).
It's fine. I trust my employees to use their best judgement when making such choices.
It doesn't mean these 3rd-party guys will get access to your systems.
Even the NSA asks for help, you can see them in the reverse-engineering forums, in MediaWiki conferences, etc.
Experienced developers are not teenagers and act rationally, they don't do 10 years of career to suddenly risk losing all their trust/friends and reputation, all that for 5-minute fame on Twitter for a leak that is likely non-strategic to the outsiders.
>Not a whole lot you can do since it would be really hard to prove any kind of malfeasance, and to make the accusation would just make you look crazy and paranoid.
No no, it's trivial to prove. You just ask them to work from a supervised location for a short period of time and that they can't have their phone at their desk. You just have to care.
> No no, it's trivial to prove. You just ask them to work from a supervised location for a short period of time and that they can't have their phone at their desk. You just have to care.
Something like that would have taken extra time and effort, and the problem took care of itself. He had more important things to focus on.
And I think it would have been more difficult to catch than you think. We don't do pair programming, and it's kind of reasonable to ask for time to figure something out. I think the best he could have determined was the guy wasn't good, not any of the suspicions about the scam of cheating on the interview and getting outside help.
Yeah and how many other employees took themselves out the door because they had to compensate for the nonperformer? I've been in teams with these sandbags and it's infuriating.
> Yeah and how many other employees took themselves out the door because they had to compensate for the nonperformer?
None.
> I've been in teams with these sandbags and it's infuriating.
The guy was on something like a three month contract, and a good chunk of that time was on-boarding then slowly getting suspicious. When we bring on contractors we expect some of them to be duds, the only thing interesting about this guy was his weird behavior.
>The guy was on something like a three month contract, and a good chunk of that time was on-boarding then slowly getting suspicious.
My perception after reading a lot of this thread is that there's so much bloat and checked-outness in the tech sector that it's probably very feasible as an employment strategy to bullshit your way into multiple 3-month contracts, sandbag your way through the onboardings then fail to be renewed (without having done a day's productive work) then rinse and repeat indefinitely.
I don't know how much longer that will persist now that the free money tap has been turned off, though.
It's another world from the startup sector I know where you could tell within a week that a guy wasn't any good and you'd instantly show them the door because you couldn't afford the dead weight for literally another day. shrug
Could they get hired at a tech company and put in level-appropriate work for two years? Without domain-specific knowledge and experience? You're saying 'work hard for two years' presumably by that you mean produce level-appropriate or above-level-appropriate work?
You're basically saying that you think just anybody off the street with a 100+ IQ can 'just get hired' at a tech firm and do dev work, for two years, and then coast?
Well, apparently "she" didn't. She was fired. The thing is, you could potentially make 40-80k(OR MORE!!!) after taxes faking it for six months. I've been thinking about this scam a lot lately. In fact, there's nothing illegal about being a shitty employee for six months which complicates things.
There's definitely an opportunity here to make a bunch of money at least pretending to fix this problem. Or maybe capital just decides to bring everyone back into the office.
I don’t know. I’m not a lawyer. But also what is stopping just any old person from doing this once or twice a year? Is being fireable fraud? I doubt it but again, I’m not a lawyer.
In the UK it's 'obtaining a pecuniary gain by deception' the same as lying on your CV. If you're routinely outsourcing parts of your job (because you can't do it yourself) then you've met the standard for prosecution.
> If you're routinely outsourcing parts of your job (because you can't do it yourself) then you've met the standard for prosecution.
I imagine it would be a problem in the US too, just for other reasons probably. You are essentially giving confidential work info to a third party that has no relationship with your employer.
Not a lawyer, but I don't see a deception charge for "under-performing and getting fired for it (while having 2 jobs)" faring well in courts.
Think about it: if you were performing your work well, despite having 2 jobs, what would the deception be? You promised to deliver work on your own, you deliver it on your own. The other job has no intersection with your other one, they are entirely independent. The only difference between that situation and the same situation but poor performance is literally just your performance. Poor performance doesn't automatically turn that situation into deception.
The deception is implicit, when you take on a full time role it's commonly understood that you're declaring that you're dedicating yourself to that role on a full time basis, i.e. that you don't have another full time job.
The law is interpreted by human beings, you know, it's not a 'code is law' situation. Remember that a jury would make the final decision. I can see a good lawyer using an argument along the lines of 'well, you said agreed to work FULL time. If a bucket is already FULL would a reasonable person expect the bucket to be able to carry any more load?' and winning.
I can't imagine a circumstance where I would compel someone to share a video of themselves when they're apparently not comfortable with it. If she went six months without creating a pull request that would be a different story.
>I can't imagine a circumstance where I would compel someone to share a video of themselves when they're apparently not comfortable with it.
Wow. I can't imagine contracting work from people (and giving them access to commercial-in-confidence data) and yet not knowing with 100% certainty 100% of the time that the people I'm talking to are the people I'm contracting with, you know, the ones I background-checked, the ones I can hold accountable in court.
You know what happened with remote schooling? Teachers didn't demand that pupils turned on their cameras because of the same 'it'll make them uncomfortable' excuse. Result? Kids turned their computers on, their cameras off and played minecraft all day for 18 months.
Don't be odd about this. Nothing at all about face to face contact is uncomfortable for adults. That shouldn't be something that's normalised and it's detrimental to society to allow for it. You are literally reading an article that outlines all the negatives about your 'cameras are uncomfortable' mindset and you still haven't twigged?
Keep doing it your way, but don't be surprised when you've had your entire company's data exfiltrated and sold to a competitor by the 'person' you were too uncomfortable to ask to appear on video.
And don't for one microsecond retain people who mysteriously only produce quality work when 'unsupervised' or 'overnight' or when they're 'on the phone all the time.' Fire them! You have no idea who they're talking to or who's really doing the work. They're not an asset to your company, they're a bullshit artist!
First, the top performers on my team right now are essentially ghosts. One I just went on a business trip outside the country with, and I hadn't seen his face for a year and I might not see it again ever. Another one is my "lieutenant" and in two years I've seen him face to face twice. No video. He's probably leaving the country soon and I don't care, because he'll be in the same longitude.
The other point, since this is FAANG, how is the conversation going to go with HR if I want to terminate someone because they won't turn on their camera?
>The other point, since this is FAANG, how is the conversation going to go with HR if I want to terminate someone because they won't turn on their camera?
Well, I guess going by what you've said they won't care either. I don't know how you can run a company productively over the long term if nobody cares, though.
This is a really overbearing and insecure take. If you know the voice of the people you work with and actually pay attention to their work, do screenshares, etc. it’s really obvious if they know what is going on and if they are doing the work.
If you think looking at a camera view of someone will prevent them from defrauding you, you are an ideal con artist’s mark because you’re taking your cues from the easier parts to fake.
>If you know the voice of the people you work with and actually pay attention to their work, do screenshares, etc. it’s really obvious if they know what is going on and if they are doing the work.
This is also fine. But look at the reply below yours, when the 'team manager' is littering their comments with 'my top performers are ghosts' and 'I don't care.'
Your strategy involves focus and care applied through one perspective. My strategy involves focus and care applied through another perspective. Yours is arguably better, but I don't think mine is insecure, mine is perhaps a reaction to some of the nonsense I'm seeing in this thread in which managers admit they have staff who they think are outsourcing their work or just can't do the job but are 'uncomfortable' dealing with it. I don't think they're uncomfortable, I just think they don't care. I can't stand don't carers. I've had to work on too many teams managed by don't carers and staffed with don't carers and I just don't get the mentality. It annoys me.
I think it's rude to expect me to try to do the same things we do in person, just 100% of the time because I can't tell if you're looking at me at any given time..
I often keep my video off, but there are a few cases where I make sure I am presentable, and have my video on:
1. Meeting someone online for the 1st time. I have a video on to create more of a human connection.
2. When asking for help. I don't want to be a faceless entity asking for help, I feel that if the other person can see me, they are more likely to provide assistance.
3. When there is a conflict. Similar to 2, I feel that it's easier to resolve disagreements when looking at even just a face on a video as compared with a faceless voice.
It might be that I am in a strategy team as opposed to engineering, so I have to collaborate and discuss items with members from other teams almost every meeting, and therefore relationships are much more important.
I have literally never turned on my video despite 2+ years of working remote. None of my team has either. The only people who ever do are director-level and above.
You are out of touch. Not every workplace is your workplace.
Would you be able to recognize your colleagues if you passed them on the street? Or would you treat them like a stranger?
It's not necessary to have the camera on most of the time but there's something a little sad about the lack of human experience in never even seeing who you work with. Vision is our most powerful sense and deeply rooted in our social psychology.
What kind of question is that? We've shipped our deliverables.
It may be surprising to you, but grainy and awkward video of coworkers in zoom shirts looking at their other monitor is not actually required for people to get things done.
Where I work right now, the status quo is to have your camera on in meetings with other managers, but have all cameras off for meetings with individual contributors. To be honest, at this point the idea that we're anything more than just voices in the cloud is a nuisance more than anything else. I have a new intern who apparently keeps coming by my office for meetings expecting me to be there, when I'm actually sitting in the park on my 5G hotspot on the other side of town. I do wonder if this is just the last gasps of a brief moment of freedom, though, or if it's going to be the way we do business long term.
> Why would voice deep-fakes even be necessary, given the interviewee is very unlikely to be known by the interviewer? I suppose it could be used to fake accents,
You have it backwards-- the point is accent elimination. You don't need to sound like someone else, but you do need to not sound like someone of your own locale.
> You don't need to sound like someone else, but you do need to not sound like someone of your own locale.
That doesn't make any sense though, given how many real tech workers are immigrants with accents.
What you say does make sense for someone trying to do certain kinds of fraud (e.g. an Indian scammer pretending to be an IRS agent demanding iTunes gift cards), but not for applying for a tech job.
Immigrants are people you can hold legally accountable for fraud. Someone who catfishes their way into a remote-work job and is untouchable by domestic law, not so much.
There are some ethnic boundaries across which some employers are not willing to entrust remote work, and the response by the impacted demographic appears to be to double down on the fraud that led to the stereotypes to begin with.
He's just pointing out that the concept of "accent elimination" is obviously coming from someone who is in a mindset of, "I sometimes have coworkers who have accents, unlike me, who speaks in the default accent"
I believe that "accent" here refers to "phonetics of a foreign language applied by a non-native English speaker". i.e. German speakers who merge /w/ and /v/ because no such distinction exists in German. That's a different kind of accent from an American, British or Kiwi accent, etc, which are produced by divergent populations of native English speakers.
Regarding 1) and following 2) you only need to make realistic-enough video that it passes as a person and is similar enough to the target person. For example, you can have a pretrained model (e.g., using zero targeted data) and search for some configuration that is closest to the target person. You only need to match a few variables (e.g., ethnicity, gender, hair color, age) before the fake is plausible.
> 1) Don't video deepfakes require lots of high-quality input video (which is why they were often made of Obama)? Where would an attacker get this for some rando?
I imagine that at some point, or even now, we can use transfer learning for deep fakes and just train existing models on a limited data set for "good enough" deep fakes.
I recently had a person using my photo and work experience to get side gigs on Upwork. A customer of theirs contacted me directly for help which is how I found out about it.
Upwork removed the profile after some prodding. I feel like I should report identity theft to the police or something but I don't know if it's worth the bother?
Reporting it is only worth it to have a paper trail in case the identity theft then brings you into legal trouble such as taking out credit in your name, etc. If they’re only using publicly-available info I wouldn’t bother.
Available for anyone to take and utilize. I have a (hidden) suspicion that a greater proportion of LinkedIn's reported "active users" are, in fact, a group of people with these profile images and fraudulent profiles.
I think part of it is Upwork let's you just point a new profile at ANY LinkedIn profile and import it. I suspect they just pointed it at mine and were off to the races.
I know there is a growing movement of people who are doubling up on remote jobs, trying to work two of them (or more!) at the same time to hack the income game. Surely some of these people are using deepfakes to help avoid detection that they are doing those things.
This happened to me, twice, and my company is < 20 people. Of those 20, 2 had multiple jobs. We hired a guy who found us on HN Who's Hiring who turned out to be working 3 (THREE!!) full time jobs, each paying $140k+.
He quit when I started putting deadlines on work when he started falling behind. I got suspicious, reached out to his prior company's CEO to ask if he was still employed, and turns out he was! Then came the discovery of the 3rd company...
For hiring managers out there: make sure candidates have a linkedin profile that lists your current company as their current place of employment (both employees with 2+ jobs had their LinkedIn hidden for obvious reasons), and always run background checks that include employment verification screens.
To play Devil's Advocate: IF the employee is meeting all work expectations, and IF he is not also working for a competitor, and IF he is keeping a good firewall between his work for each of these companies (using company-specific equipment for each job, never crossing the streams), then as a hiring manager, why is this a problem?
For low paid service workers, it's acceptable and sometimes expected to juggle multiple jobs. Why is it unacceptable for office workers?
Because in reality, we have to rely on engineers to be honest about their workload and estimates to determine realistic expectations.
The overemployed game is all about exaggerating how much you're working and how difficult your tasks are. Targets, deadlines, and work scoping aren't chosen in a vacuum. We rely on the team to give us feedback about what they can accomplish in the expected full-time work week.
This goes both ways. If I'm handing out 80 hours of work every week, I need my team to tell me it's too much and I'll scale it down. The problem with overemployed people is that they must lie about their workloads and estimates to avoid being assigned more work than they can handle.
We had an overemployed remote person once. Like the parent comment, we noticed when they weren't performing at the same level as their peers (or even a reasonable level of expectation). They were also frequently unavailable for discussions, half-involved in meetings, and generally unreliable.
> For low paid service workers, it's acceptable and sometimes expected to juggle multiple jobs. Why is it unacceptable for office workers?
Low paid workers with multiple jobs aren't doing them simultaneously, but someone with two remote tech jobs is almost certainly trying to do both at the same time. Honestly if someone had infinite energy and could dedicate 8 hours per day to my job and then another 8 hours per day to another job and not overlap the two or run out of steam, I wouldn't care at all. But in practice, it becomes a constant game of lies and sandbagging that is just incompatible with running a fair and balanced engineering team. (Hint: It's often the coworkers who catch on before the manager because they can see very clearly that their peer is sandbagging)
That’s why the better relationship for remote work is 1099 contract work. Bill by the hour and be upfront about your other gigs because it is to be expected.
You hire a doctor for a few hours, plumbers/lawyers for hours or weeks depending on the task, everything goes fine
but somehow software engineers have to come on board, sit at a company desk, wear a company shirt drinking company coffee every day
It'd be great if coders were organized as individuals and small groups that just took on tasks for fixed bids, like the fantasy world from the book "Developer Hegemony."
I could really go for six months off right now, but I'd have to fight tooth and nail to get it from my job, and it would severely hinder my career. So instead I'm just stuck chugging along until I've got enough saved up to quit and start my own company (or take some time off, then jump through a bunch of hoops to take on another prolonged period of full time servitude)
(Bringing it back to the topic at hand: That doesn't make it morally right to lie to your employer(s) and do a half-assed job. The overemployed people on Reddit/TeamBlind sound like a bunch of lying dirtbags who just say everything is harder than it is to cover for themselves slacking off, and aim to just get fired after a couple of years.)
I think we agree. Sure, if he's sandbagging, distracted, and not meeting expectations, that's unacceptable. But the (maybe theoretical) superhuman who can successfully juggle multiple full-time jobs and perform as any other full time worker would be expected--I don't get why it's taboo. Maybe it's something magical in the "employee" word, since independent contractors can, and many times do, have multiple simultaneous clients, and it's not a problem.
I think the constraining resource is emotional energy, not time. A lot of people are focusing on time but we all know only a tiny amount of our time is really spent working.
At least for me I don't even have enough emotional energy for my current job, I can't imagine doing more than one. The trouble is this is impossible to measure and certainly isn't formally part of employment.
On the surface, I agree. However, tech work usually involves intellectual property and sometimes non-disclosure agreements. Also, many employee contracts will explicitly prohibit other working arrangements (salaried or not). That said, I applaud anyone who can get away with it. The down side seems minimal.
> He quit when I started putting deadlines on work when he started falling behind. I got suspicious, reached out to his prior company's CEO to ask if he was still employed,
Similar story here. Person was clearly falling behind and was unreliable. The "it shouldn't matter if they get their work done" narrative doesn't hold up in practice, at least not with any reasonably utilized engineering team.
Now when I hire remote, I get in contact with the person's former company to confirm their start and end dates match the resume.
I hope you don't call the person's former company before he signed the contract, you should not do that because he may not have resigned and told anyone about it, this could compromise him if he decides to pull out at the last minute. I would be really pissed if someone would do that to me and I would make sure tell everyone this sneaky behaviour on Glassdoor. Also I've resigned once but decided to take a month off in between so dates wouldn't match.
Have you considered your company pays so low as to force people to work multiple jobs? I think we both know that person could get much more than $140k elsewhere.
I have no strong opinion on the working multiple jobs thing, but a single person making $140k is not forced to do anything. That is not a low wage. Fucking hell.
Seriously, a single person making less than that can live comfortably nearly anywhere in the US if they keep expenses reasonable, especially if it's remote and they have no need for a car
The deepfakes and stolen PII discussed in the article are for identity theft: The candidate steals the identity of someone with an impressive LinkedIn background and then presumably hopes that the company takes their background at face value and doesn't ask too many hard questions in the interview. The company then completes reference and background checks on the victim. They might also use this identity theft to qualify for jobs that aren't available in their location due to contractual and/or legal restrictions.
The "overemployed" people generally aren't performing identity theft like this. Having multiple jobs ranges anywhere from legal to fraud depending on contracts they've signed or how they've misrepresented themselves (it's not uncommon to see suggestions to take multiple hourly jobs and then exaggerate the number of hours worked, for example). However, adding identity theft on top would elevate what they're doing to a major crime, which is not something that would help them.
Yeah I got that. My point is there are plenty of people living in USA who are US citizens and who might also be tempted to pull this kind of scam (for want a better term).
Some jobs seem to only want you around for your experience/expertise, like baby-sitting and preventing fires. You could theoretically make everything so stable that when something fails a secondary system kicks in, and all you do is to debug when that happens and make it even more stable. Just make sure you have an excuse to not work on site or they will keep you busy with meetings, admin, and reports. But one day there will be the the perfect storm and all systems on your 15 different full time jobs will go down. You could always call in sick that day, but then they would hire more ppl like you.
I find it amazing how many people in this community don't realize that there is a fairly large number of low income people who work two full time jobs to survive.
Sure they're typically hourly not salaried but that doesn't seem to be too major of a difference.
I don't even see what the issue is at all. If a person can get both jobs done fine, then who cares?
This seems a little bit odd. Working exactly 40 hours a week is stressful enough - is it really worth it to double both your salary and your hours? I think I'd want at least 4x the salary in order to work 80-hour weeks - or is this practice mostly done by workaholics that enjoy long hours?
The people who do this aren't interested in putting in full workweeks and delivering good work.
Their goal is to find jobs and managers with low expectations, then sandbag as much as possible ("Gee, this task is harder than I thought. Going to take a couple weeks longer than we estimated!").
Had a team member try this and an old company. We caught on quickly when they couldn't keep up with their workload and were constantly unavailable during the day. Really sucked for the rest of the team who had to pick up the slack this person created by pretending to work full time.
I think this highlights one of the most important problems with people taking on multiple tech jobs: it’s the fellow employees that suffer the most. Some lost money is a drop in a bucket for most big companies, but other people just trying to do well at a single job really pay the price.
There are companies where the level of expertise is so low, you look like a genius beside them. I did this, I worked several jobs in parallel. The pay was... not really amazing, about 8k/mo when I had 3 projects at the same time. And in most of the cases I was a main player in some important parts of the system. I think _some_ people caught on. But I also think they didn't care that much because I solved their problems, unblocked their people and was always responsive, if push came to shove, I would put in the extra time to make the damn thing work and ship it.
Given your username, how did/do you manage to pass the interview for all those jobs? At least one of your interviewers would likely have asked if you've "finished" working with your "previous" employer or a question alluding to it. Either that or they would have done a background check via Experian or LexisNexis.
It's not necessary for one to have already quit one's job. A question I've received is "What made you want to change jobs?" The question assumes that you are or will be removing yourself from a position at one's current/previous employer upon being accepted for the new job.
It’s actually really hard if you approach this from a well-meaning perspective, because typically you’d still be selecting the jobs based on your normal (when having a single job) criteria.
The key is to turn the thing upside down and seek out the jobs you’d normally reject - shifty companies with lower pay, bad tooling, tons of bureaucracy, etc - basically a place where no sane developer would willingly apply. Then, you’ll be the smartest person in the room without having to do anything special and the extra bureaucracy can be either automated away or come in handy as an excuse when you fall behind, while the lower pay isn’t really a problem if you have 4 of them running concurrently.
Stuff ships because people work hard to make that happen. If one member was dead weight, it’s not fair to simply point to a successful product - other people had to put in the work, probably extra work, to make that happen.
Total. Rates were... not great. They sucked, honestly, at least compared to what I hear on here on HN. Slightly over 45 Eur/h all project rates summed. Somewhere in Eastern Europe. That's great for someone who grew up and went through college on about 150 USD/month, so of course I felt like a king.
The issue is mainly one of false advertising. Companies are looking for very different things in a consultant vs. a ft employee.
If you want to do this “scam” in an ethical way without the reputation risk, just be a consultant, work for multiple companies, and be honest about it.
You won’t get benefits and finding clients will probably be harder, but you can set your own schedule and charge a lot more for your time.
No, consultancies do not double-bill multiple clients for hours worked.
In fact, anyone billing a company in full for time that someone wasn't actually working on their project is committing fraud. Fraud that leaves a paper trail. This story would be brought to light very quickly by a disgruntled employee somewhere.
If you work 3-4+ years in a big company, you would most likely had the social credibility and knowledge of the systems to get your work done in 15-20 hrs a week. So if you get a new job, maybe you work a solid 30 hrs for that company, 50 hrs a week is manageable.
Lots and lots of "average" jobs have FAR less than 40 hours of actual work, but are still 100% positions. This obviously also depends on the individual doing the work - some work very efficiently, while others can be very slow.
People then get the idea that they can juggle two jobs like that - but the trouble is usually not the work itself, but conflicting meetings and such.
I used to think this was possible but simply out of what I consider acceptable. Some time ago I worked for a week while interviewing for a company that required candidates to do paid work for them, and it was the most miserable week of my life. I wouldn't do this for an extended amount of time for any amount of money. It's not worth it.
I employed an Account Execs (sales people) last year who paid for virtual assistants (out of pocket) to do 50% of their daily work. I didn't find out about it until after we let him go due to performance issues. Apparently virtual assistants don't make great sales people.
I've also employed an engineer with multiple jobs (3 total). He's an active HN reader. I (sadly) wish they would have at least tried to outsource their work rather than not do the work at all and miss all their deadlines.
you mean like USA Federal work, outsourced via corporate consulting offices to the UK in turn outsourced to India ? because the insane requirements to sign a contract with the US Federal Agency eliminate almost anyone, even actual business people with staff who have the skills ? like that?
No, I mean "you work remote" as western guy (US, Europa) but you hire a guy in India or China by yourself. Instead you do your work, a guy with a lower salary does the job, you keep the difference and your company thinks you would do the work.
There have been documented cases of that happening. One story I read, the employee only got found out because there was unusual VPN activity. Such as valid logins from (possibly?) Chinese IPs.
>However I think a substantial number of posts are creative writing exercises
A lot of division trolling going on there, trying to foment labor militancy. r/antiwork is the most visible facet of it, endlessly trying to encourage strikes, calling out, sandbagging, etc. This overemployed stuff (people blatantly bragging about how they're getting so much money for barely working and how you're stupid if you don't try and scam the system) is another facet of it.
It's the usual suspects exploiting and widening any and all divisions in society they can find.
It's WallStreetBets-esque. Not sure if it's reached the stage where most of the people on that subreddit are taking ironic advice unironically like we saw with WSB.
Nothing would surprise me in this age of post-irony. Fittingly, there is also apparently a grift component to it because the subreddit’s creator is hawking some service/product he’s selling.
The post-irony age has some amazingly brazen grifts. It's funny to watch from afar, but the last near-decade has shown how close to home these communities and grifts can eventually hit.
You don't need a citation to counter a baseless assertion. My assertion is that most people who apply for remote jobs are fairly honest (by culture) white-collar types who wouldn't think to 'double up on remote jobs' for the same reason they wouldn't think go out at night stealing catalytic converters, which is that they possess a basic sense of right and wrong.
I mean, if you think that the average person is basically a scammer at heart, okay... Maybe you come from a low-trust culture, I don't know. I don't think most people who come from high-trust cultures would behave this way or think that behaving this way is okay.
No one is arguing that the average remote worker is doubling up on jobs.
But many more are now compared to recent history.
Stealing catalytic converters is directly harming another person and also punishable with prison time, it's hardly comparable to working two remote jobs. But sure, some (potentially large) proportion of white collar workers may not be willing to violate trust by working two jobs, but many would.
Beyond that, if you think that all knowledge workers are ethical people, I would remind you about all the horrible software that exists in the world for the sole purpose of scamming or harming people. There's a lot of it. And it's all unquestionably much less ethnical than working two normal white collar jobs.
People outside the US/Canada who might not be otherwise eligible to be hired as a W2 or T4 equivalent employee.
If you have a US resident's stolen PII and can somehow set up a bank account to receive ACH direct deposits, and are a good enough social engineer, can possibly get hired under that name.
Hireright can also be nasty with the background checks, to the point of asking you to correct irrelevant minor typos (say, a space) in you credit file before validating your identity.
What industry? Over in infosec, they seem to just do courtesy interviews to suss out if I did some ecrime the feds are sniffing about, find out they were incorrect, then not even have the common courtesy to drop the act and offer to pay me as a consultant rather than treat job interviews as fishing expeditions.
Oh, I'd have someone connect me with say, an interview with the Software Engineering Institute or RAND. They'd have me speak to between six and twenty people about say, how I would work to secure CERT's vulerability stockpile.
Then they'd refuse to hire me, refuse to address the issues I discussed, and then sometimes one of the interviewers would pass that information to the Russians or Chinese leading to a massive break ala OPM or Solarwinds even after Senator Wyden sent Chris Soghoian or someone of similar skill adjacent to the Omnidynar group to go ask some hard questions.
In parallel, folks with non-US passports would obstruct any applications I made in private industry in favor of those with their same passport.
It was all super frustrating, since my CV had the appearance of someone with a deep commitment to nonprofit work, when it often more than I made decisions like "Being a PhD student pays slightly better than a Papa John's employee and I'll eventually find something more permanent doing the latter".
Lately, looking back, I wonder if I'd have been better off saving up then moving to Thailand like one of my old drinking buddies did. (I don't drink alcohol anymore, and I'm spending the afternoon reading HN as I work on some technical projects I'll probably never put online, since it seems no amount of code publication leads me to a fair interview -- all it does is give tools for others to use in their "work")
Happy to reply again if the above is unclear -- I made sure to not use a nym that doesn't include my legal name, for privacy -- I could have been much more detailed :-)
> Then they'd refuse to hire me, refuse to address the issues I discussed, and then sometimes one of the interviewers would pass that information to the Russians or Chinese leading to a massive break ala OPM or Solarwinds even after Senator Wyden sent Chris Soghoian or someone of similar skill adjacent to the Omnidynar group to go ask some hard questions.
This paragraph is exceedingly unclear and may hint at the reasons why you are struggling to get hired. This reads as some mix of narcissistic personality disorder / conspiratorial thinking. You write like a native (or near-native) English speaker, but your composition is all over the place.
I don't mean this unkindly, but have you ever spoken with a mental health professional? Many technical folks are neuroatypical and this can sometimes be a barrier to traditional stable employment.
I get the impression they are being deliberately obtuse, but that's not uncommon in this field (to be fair, so is schizophrenia/NPD).
This individual claims to be somehow involved in two high-profile national security incidents. It's not beyond plausibility that they are being exploited for information by companies who don't want to be seen associating with them. Snowden would receive the same treatment.
> This individual claims to be somehow involved in two high-profile national security incidents. It's not beyond plausibility...
Hacker news does attract some singular individuals from time to time, but I would suggest the more plausible scenario is that this person has untreated mental health issues.
Deliberately obtuse. Also schitzophrenia and NPD are... not remotely similar. You probably shouldn't risk a slander lawsuit if you're so uneducated on diagnoses, paired with never having met me.
Now, bristly replying aside: I also DO have anxiety, and wrote my comments earlier after too much caffeine.
>This individual claims to be somehow involved in two high-profile national security incidents. It's not beyond plausibility that they are being exploited for information by companies who don't want to be seen associating with them.
To give a real world example: one of the reasons I was pushed out of an NGO is I annoyed the lawyers pushing them to put MFA on their email accounts. Later we were one of the few not to be penetrated by the Russians... digitally... but when I watched that one Mr. Robot plotline where the one agent is increasingly unclear why her supervisor is not taking her concerns seriously, she finds out they are an agent of a foreign power.
Also I did a master's thesis on anonymity technology, so obligatory "it's not paranoia if they're actually out to get you".
>Snowden would receive the same treatment.
Snowden is stuck in Russia, a totalitarian hellhole. I live here, in the Paris of Appalachia, where I wander around sipping cortados and banging hipsters. We are not the same.
What often happens is I get a mix of people who respond in good faith (have no idea who the hell I am), paired with those who do, and say things in bad faith about my mental health.
(Reoccuring income would solve those issues overnight, email if you want a CV. I'm a decent pentester, can code in languages like Python and bash, and have an OSINT certification from Bellingcat.)
But often since my skills are more... qualitative (eg: I cannot write exploits well), people schedule an interview to treat it like a free consulting session (ask the one question an FBI agent would have if they could supoena me slipped in with the rest to clear me as a suspect in some bullshit), then don't actually hire me on... and the cycle repeats in 3-6 months.
Hence my supreme annoyance and occasional trolls.
Oh -- almost forgot -- in addition to the above, years ago, before I was doing brain experiments on undergrads alongside former Israeli snipers, I was in therapy. I found out at that therapist's funeral that he was a member of a motorcycle club. So sometimes... odd people boosted me through my career in civil society, and sometimes it feels like when I hit a wall, it's because someone in the past was supporting me for unsavory reasons, and doesn't have a good explanation for the sudden shift in allegiance.
I'm happy to explain further as needed, but all you really need to know is I ended up at a libertarian NGO despite being anything but, for reasons I don't fully understand, then got stranded in Appalachia by people who never want to admit they're wrong, even as I turn on the TV and see teachers who used to claim I was a menace to society running up on the capital.
TL;DR: I'm anxious because I'm a skinhead, in the antiracist sense, and a leftist, and the people who could assist me in my goal of being independent choose not to. I could join a firm like Mandiant or whatever tomorrow, be assigned some work, and be off HN and happy, but folks make the emotional decision to not allow me to do that, despite very clearly being qualified to, then question the mental health of a first generation PhD student with a dwindling bank account.
Based on the writing, my best career advice to this person would be to take a community college English composition class and/or join the local Toastmasters.
Extra time spent working on communication skills almost always pays off more than extra time spent on technical skills.
Only slightly related, but a Japanese friend of mine has a story of interviewing a few engineering candidates for their remote crypto company. They all applied under Japanese names, claiming they were Japanese citizens in Japan. When the interview came around, they all spoke English with a Korean accent, and when asked if Japanese would be better they admitted they could not speak Japanese. When my friend asked around it sounded like many founders in the space have encountered this profile of applicant, and many suspect these are people working for the North Korean state.
If this is indeed North Koreans trying to get remote jobs, I've been wondering if their game is:
- Getting a job for themselves to bring income to their own household
- Getting a job for themselves to bring income to the North Korean state.
- Getting a job in a crypto company with plans of figuring out vulnerabilities and siphoning funds to themselves/the state.
- Getting a job for others, and selling the service of passing the interview.
It's number 2 - Getting a job for themselves to bring income to the North Korean state and number 3 - Getting a job in a crypto company with plans of figuring out vulnerabilities and siphoning funds to t̶h̶e̶m̶s̶e̶l̶v̶e̶s̶/the state.
Without DeepFakes: I know several people in tech in the bay area who locally interviewed for contracts, got the job, then outsourced all tasks to eastern-eu folks whom they hired as a sub and project managed them.
Basically, hiring an consulting company masked as an individual.
from this point of view -- it says more about the "job market" and forgery-for-pay than the deepfakes .. it was one year ago I saw a video documentary on young men from various places, in the keep of handlers who charged them rent and maintenance while they applied for remote tech jobs. The handlers were show to clean-up or embellish skill sets, claim English skills or write responses for the applicants, and other fraudulent activity. Meanwhile, on the other side of that, investors have put money into hiring companies who want to follow in the Monster dot com path but more specialized skills or particular clients. The work of outsourcing is just never done it seems, and apparently pays investors and handlers well enough to do these things. Deepfakes makes it part show-business, which is not new either, really.
I was recently approached by a firm that it seems does a similar thing to what you've described. As a native english speaking tech professional, they wanted me to assist others in initial video interviews for tech positions. I don't know how any amount of spin or perspective could sell such a thing as anything but fraud. I honestly couldn't even put together how it would work long term, but I suppose with the nature of some remote work, it might be possible by a committed actor or agency. It's creepy as heck, and reminds me of that movie "Gattica."
> I don't know how any amount of spin or perspective could sell such a thing as anything but fraud.
It might be fraud, it might not. This sounds like SOP for literally every "recruitment" outfit I've ever encountered. Every single one encouraged candidates to tailor their credentials to the job requirements.
I was being asked to pretend to be someone I was not, in order to fool a company to which an applicant was applying. I may not have described it well and perhaps this lead to the confusion, but what I was approached for was most definitely fraud.
Tailoring applications certainly makes sense, so long as the output still reflects the skills and qualifications of the applicant.
I think I remember the same one. There were like 4 or 5 guys living in an apartment that the employer had set up. And somehow the guy interviewed for the story saw the resume that had been submitted and it was nothing like his actual experience.
Seems like scant evidence to conclude that you were interviewing a North Korea hacker but I guess many on blockchain twitter are more credulous than I am.
> The "Okay?" is a DEAD FUCKING GIVEAWAY this guy is Korean.
An interviewee speaking quite formal English quite badly, punctuating sentences with question words and having an accent that isn't Korean-American but sounds a bit like it, and interviewing somewhere with lot of background noise because he apparently doesn't have an independent space to work in is actually pretty consistent with him being from Hong Kong like he said he was...
Yes, that statement by itself is a bit extreme, however I believe the person on twitter was combining it with the other aspects.
I did find that, at least for South Koreans, they sometimes use "Okay" in a way that would be considered non-standard by Westerners (I have no experience with North Koreans). Often times they would use "okay" more as a check or confirmation that something was heard, than an agreement. So someone saying "okay" to you could mean that they acknowledge that they heard you, rather than them agreeing with your statement. Thus, it seems like the Twitter poster was pointing out that non-standard usage and correlating it with his Korean experience.
Doesn't sound like any of the techniques used in the article were used in that thread, no deep fake vide, no deep faked voice. Just some Korean person (possibly) trying to gain access via remote working policies, and not very well by the sounds of it.
Or...an example of someone writing a sensational, mostly invented story using classic twitter thread growth hacking techniques (ending each tweet on a cliffhanger, etc. etc).
I'm immediately skeptical of tales written by someone who works in "growth" and has 60k followers from writing twitter threads.
We've been very concerned earlier about what deepfaking a world leader might result in. Still a concern on that, but we can have endless amounts of additional fun with realistic deepfaking B- and C-list celebs and all "influencers" who have left enormous trails of audio and video.
Picture an adversary setting up a large deepfake campaign involving hundreds or thousands of fakes, esp coordinated with their use of the hundreds or thousands of curated social media profiles that have been raised on a media farm.
With social media influencers, you don't even have to worry much about the deepfakes glitching - the usage of filters is rampant enough that glitches have been completely normalized.
Had an influencer make me up crap about a her work. Hundreds of people calling her out on it.
Her fans did not care. Comments all got buried or deleted.
The fans would come up with dumbest possible rebuttals.
Basically they liked her she was pretty therefore she was right about everything. And all the easy to verify facts were not important.
Any halfway competent social media management team has enough bots on standby to be able to sweep anything but an absolute stone cold dead-body-in-the-trunk scandal under the rug in seconds.
Step 1 of managing any celeb's social media profile is to add 15k of bots to their followers so you can 'forum slide' any criticism away at will.
There are entire subreddits devoted to how incredibly fake instagram and TikTok people make themselves look with filters so yes, this is already normal with real people. It would not take much.
You could probably grow a farm of deep fakes on some social media site, talking to each other about peculiar niche things using language models, and once that farm is big enough use it to shift opinions/attack. It's scary how small groups of people, or even an individual could do that.
> You could probably grow a farm of deep fakes on some social media site, talking to each other about peculiar niche things using language models, and once that farm is big enough use it to shift opinions/attack. It's scary how small groups of people, or even an individual could do that.
Wouldn't that be fairly easy to detect because the accounts would belong to an isolated, tightly-connected cluster?
State actors can design societies with lots of different clusters. It's all in the simulator you design. And a large actor could easily require that its humans engage with members of this society to connect them with humanity.
I'm not sure how you would detect those clusters? The language models wouldn't give it away for sure, and getting residential IPs has never been easier than in the present.
> I'm not sure how you would detect those clusters? The language models wouldn't give it away for sure, and getting residential IPs has never been easier than in the present.
Social graph metadata. The GGP said they would all be "talking to each other."
>Social graph metadata. The GGP said they would all be "talking to each other."
I think by 'detect' they mean 'detect by people who might fall for it' not 'detect by national security agencies.'
I don't see any way for the average social media user to detect whether they're engaging with a botfarm unless the social media company exposes their analytics, and they don't, and they aren't likely to start unless forced.
> I think by 'detect' they mean 'detect by people who might fall for it' not 'detect by national security agencies.'
I actually was thinking the people who'd do the detecting would be the social media site operator (e.g. Twitter), who would then shut down the inauthentic activity.
Yeah I mean they'd talk to each other, but they could also interact with other people using empty platitudes or so that are common on social media. So I think it wouldn't be that easy.
>You could probably grow a farm of deep fakes on some social media site, talking to each other about peculiar niche things using language models, and once that farm is big enough use it to shift opinions/attack. It's scary how small groups of people, or even an individual could do that.
I recently read a near-future sci-fi story (linked somewhere on here, I think) about an AI breaking out of its contained environment and taking over the world before we could figure out what happened and stop it (took a couple weeks, IIRC).
The TL;DR is that once it had enough compromised machines to run social media botnets, it was all over. It could use those to confound efforts to coordinate and compare data, to misdirect huge numbers of people and cause all kinds of chaos, and to smear opponents before they could get their message out (fakes or actual stolen information—it hardly mattered, all it needed to do was neutralize certain people for a few days). The story contrived to have a secret project that was able to try to resist it after that (spoiler: didn't help) but otherwise the social media botnets were enough for it to buy several days in which no-one was able to effectively work against it.
That's not a story, that's what's actually happened, only the it wasn't an AI, it was aliens that were discovered in 2018. That's why we're seeing more and more of an open attitude towards UFOs from major governments, in preparation for the big reveal. You will eat the bugs.
well exactly, you wouldn't notice the tricks used to make it completely indistinguishable from reality, you wouldn't notice the pitch perfect voice, you wouldn't notice anything if it's done by a professional
Sure, but we're not talking about professionals spending hours perfecting takes, we're talking about people supposedly manipulating their own voice - probably to represent a completely different accent - in real time whilst being interviewed by someone probably paying an unusual amount of attention to tone of voice, possible hesitation etc. If people have the skills to do that near-flawlessly for 30 minutes, they probably don't need to bid on random non-deepfake work using someone else's ID...
Even if interviewers don't suspect deepfakes, the audio artefacts of deepfakes (odd intonation, mispronunciation and pauses) are going to sound suspiciously like someone who isn't very confident in their answers or is bullshitting. Much easier for poor English speakers just to draft in a person who speaks better English and maybe knows more about the actual work for the interview...
The point they are making is that if you’re hiring a fake person for a job who can’t do the job, some of the screening questions should’ve let you pick up on that. And if you don’t you’re at best a bad interviewer.
Especially with people who speak broken English, this is easy to game though. Multiple people could be sitting behind a voice obfuscator and responding to questions as-needed. Inconsistencies are explained as nervousness. Video and voice desync can be handwaved away by poor connection.
You dismiss people who fall for this as bad interviewers but I don't think you appreciate how sophisticated fraud has become-- with teleconferencing (anything internet-based, really), you never truly know you're interacting with who you think you are. You may not find out until they've collected a few paychecks, made copies of all your IP and disappeared into the night.
They are bad interviewers who should not be interviewing technical candidates if they fall for any such scheme, which is impractical and unrealistic in practice. I don't care about their broken english, I care about their technical competency. I'm sorry, but they aren't going to dupe me out of my expertise, unless they are actual software developers. But even an actual developer with the right experience could steal anything you give them access to. If you have concern about that, then you hire domestic and you require ID verification and you avoid contractors, so you know that you can at least prosecute them if they do.
Any company who is hiring off the internet, internationally, on the basis of a deepfake and a resume and is granting them elevated access to client PII on day one deserves to be exploited and deserves to be sued by their clients.
Who says they can't do the job? It would be easy for a tech-knowledgeable scammer to interview at 100 companies, collect 100 pay-cheques and then dissapear.
I think that's a more realistic possibility. That you have an actual software engineer with tech knowledge doing old fashioned social engineering and doesn't care how many times they get fired. But the AI in this case is just providing a fake profile pic. It's not that deep, as the commenters in this thread are suggesting.
Everything you think you know about a person when remote hiring can be expressed as a series of bits. You aren't above falling for it either. This will become much more difficult to detect.
A series of bits can be enormously complex, so you aren't saying much with that statement. You act as if checking the right bits off is some trivial thing for a sufficiently long chain of bits. Even guessing something as small as 16 bits in a row correctly is non-trivial, but scale it up to 256 bits and you've got yourself state of the art security. I don't care how much AI you have. No AI or assembled team of scammers short of having an outright social engineer who is also a real software engineer is going to pull that off against a technical interviewer with critical thinking and interpersonal skills.
There are a lot of dumb middle managers out there. In some cases, the position and the intelligence are co-dependent, I suspect. It's truly terrifying, if you think about it.
> This is both fascinating and a scary reminder of what the future has in store for us in a deepfake world.
Social engineering has always been a thing, check out this Darknet Diary podcast about the Lazeraus hacking collective group (suspected to be N. Korean digital Army) and how they have try/tried to infiltrate their way into crytocurrency based exchanges--and have succeeded in the past--using all kinds of methods including hijacking CVs from Linkedin.
The truth is that while the advent of deepfakes and even text to image AI/ML based tech has muddled the waters even more, it's always been a challenge to not encounter some level of difficulty when dealing with verification. Fraud is and will always remain a component in daily operations of any organization.
We have a saying in the Bitcoin space that i think applies here: Do not trust, verify.
And this is why I think people need to understand that the usecases for an immutable ledger can and will go beyond just a digital token (it's only the backbone), and these usecases (the limbs and appendages to continue with the body metaphor) will become more imperative in the 21st Century: you can manipulate all you want via social media and many have, but if verified sources with proper validation is stored on an immutable ledger with a cryptographic proof of work blockchain that is impossible to alter then you can essentially have the closest thing to verifiable truth Online.
Jacob Applbaum said it best when he said that to maintain security online you'll likely have to adopt 2 or more identities separate from each other to continue to have some level of assurance that your personas are not traceable to your real ID in a World where Doxxing became 'a thing' Online. I wonder hat he has to say about the OPSEC/INFOSEC space now that we have the ability to mimic people Online so closely with very little resources.
I've had remote candidates in India lip sync an interview, but I don't think it was deep fakes, but rather the audio was coming from someone off screen while the person on screen was trying to mimic them.
My guess is someone was trying to help them get the job, i'm not sure to what end though and regardless, we didn't hire the person.
I get tons of email like "Thanks for the application, you're the kind of person we're looking for, please come interview at such-and-such a time, and bring the following documentation..."
If I was looking for entry-level QA or IT jobs, I'd probably explore one just for laughs. I suspect it's less of a hacker/pii problem, and more my own fault for having the kind of email address that random weirdos are likely to type in when they are doing something hinky on employment websites.
Wherever the FBI announces something you have to ask what political purpose are they trying to scare people? In this case I assume to try to give justification to managers that want to bring people back to the office using the fig leaf of concern over fraud.
With in-person interviews you can check IDs as part of the “sign in through building security” process. And in fact, if you’re flying the candidate in, your travel department can get their passport details.
Remote workers probably should not have access to large amounts of PII/financial data/etc. in the first place!
There seem to be a few separate issues with remote work:
1. Identification of real people (solvable with SSI's Verifiable Credentials or a traditional KYC company)
2. Employee holding multiple remote jobs (solvable by focusing on productive output rather than number of hours worked)
3. If rogue employee gets 20 jobs they only need to 'work' unproductively for a short time before getting fired. (solution? maybe reduced pay for initial months with the following months of employment overpaying until initial underpayment is made up?)
EMPLOYEE: “uhhhhhh…. that was… uhhh… a deepfake who also stole my information?”
MANAGER: “oh okay. yeah of course you would never try to double/triple your salary by taking multiple remote tech jobs with zero oversight. my friend said it seemed so real haha. deepfake are so good now. im gonna report this to the FBI, people need to know.”
EMPLOYEE: “yea haha amazing. anyway i gotta get back to not-my-other-job”