Summary:
Ex-founder and founding principal engineer shipping products with 100k+ users and millions in funding. I bridge engineering and product to solve real problems. Hands-on technical leader with product sense and a track record of driving measurable business results.
Highlights:
* Led engineering for SafeDose, an AI-powered dosing assistant using computer vision to eliminate syringe and vial measurement errors in clinical and home use.
* Built a public-key-encrypted Chrome extension protecting users from phishing.
* Founded Safe from Upfront Ventures’ residency, securing $1.5M seed.
* Shipped mobile features at Bird that supported rapid scaling from 3 cities to 100+ in under a year.
* Pushed OTA firmware upgrades to a 100k-scooter fleet with zero downtime.
* Reduced firmware update time from 6 min to 2 min via delta patching at Nima Labs.
* Built rider-experience modules at Bird touched by 3M+ trips per month.
If people won't add a cover letter, then why would they submit a customized video? Then, now you have to wonder if the candidates are just the ones willing to jump additional hoops as opposed to who's the most qualified and ready to get to work.
There is no ABOUT page. Going to the site does not reveal any information about the service. Visitors are automatically kicked to a Login/Signup screen. The main page is not a static web page with useful information, but wastes several seconds on a 'Loading' animation that loads nothing. There is no way to find out "How does this thing work?"
Each of these problems needs to go away, ASAP. The site is basically useless for marketing / new-user funnel purposes until you fix ALL of these problems.
Wow. This reminds me of my experience with Coinbase. I find it interesting that they don't see how troublesome all this is. There's a human on the other end of the technology, and shutting them out without a solid reason, or the ability to reasonable appeal is crazy.
As a dev I love seeing these. Makes me feel better about myself when these companies with seemingly infinite resources suck at engineering as much as I do
Yup, but when the age has been (let's say) 23 for an year and becomes 13, the software should smell a mistake.
Of course I have no idea about the actual UI. It's a bad idea to ask for the age because it doesn't update after the birthday. A birth date is much better but it's also personal data and maybe not necessary. If all a site wants to know is if you're 18, just ask it and store a boolean. If you suddenly declare that you're not >= 18 anymore, especially after using the site for a while, smell a misclick on a checkbox, ask for confirmation and explain what's going to happen.
It’s an engineering cost decision. I imagine they get single figure numbers of people making this change each year. The cost of having a developer design and implement a system to catch it, reject the change but save it in a state where it can be applied later, and automatically open either a support ticket or have an automated resolution system is far too high. Much easer to just lock the account and ask the customer to get in touch.
(Assuming there is a save button on the screen and it’s not an auto save on an input change, in which case yes it needs a confirmation dialog)
The software does smell something is off. Typically the policy in this case is that legal told them to deny then access, because they don't want to deal with the legal hassle of serving someone who just told you themselves that they're not 13 yet. (Lawyers are often unreasonably risk-averse.)
>Yup, but when the age has been (let's say) 23 for an year and becomes 13, the software should smell a mistake.
some years ago the Danish electrical company Dong (wonderful name they've since changed for 'reasons') sent me a message - give us a meter reading for your house or we will send someone around to do it and it will cost you some money, so I figured fine I don't have to do anything they do it for me for money!
next year, the same thing.
third year, the same thing. In Christmas of the third year when I was in Berlin I got an email from Dong, you owe us 15 thousand dollars (approx. translating from dkk in head), then later same day you owe us 18 thousand dollars, and finally next morning you owe us 20 thousand dollars.
So naturally I called them up and said I sure would like to know what you all are thinking (which was a lie, I didn't really want to know but I figured I better find out anyhow)
So they said they had sent someone by to read our meter and we had used more electricity and they wanted their money or they were turning it off. So I said you think I used 20 thousand extra dollars in a year?
No, the meter hasn't been read for three years and this is your fault because when we send you a notice to go read the meter you have a moral obligation to do that.
I asked what about their moral obligation to go read the meter when they said they would (which point they did not understand) but anyway since I was supposed to pay 3 thousand dollars a year (which is somewhat high for a Danish family of 3) and paid that it seemed highly unlikely that I had managed to use over two times more than I was estimated to use per year without an increase in population of the house.
It took a lot of arguing to convince them that somehow there was something fishy in the situation and they might have made a mistake, before they would put it to off closing the electricity and do an investigation.
Some months of investigation later, which involved me going to take pictures of my meter etc., it turned out they had read the wrong meter.
tldr: even obvious discrepancies that systems could easily be set to catch will not be caught and you will have to do the work to fix the problems of the organizations providing you services.
Even if it is policy, they can probably have a better lockout page or make it 'disabled' but still let you login to talk to support, get records, etc to fix things. AFAIK it's a complete lockout.
If you work inside these companies, you quickly realize that the amount of work is far greater than the amount of people to do the work, and triage is always happening. The bigger the company gets, the more there is to do.
Another falsehood programmers believe about dates. ))
When immigrants move across borders, often if there is no record of date of birth the date used is the first of January on a best-guess year, and sometimes even the year is wrong. Later this information could be updated. I know of a case of a man whose birthday (immigrant from China) went from January 1st, 1900 to some date in the late 1890s upon documentation being found, just slightly before his 100th (living) birthday.
There are, of course, also reasons for deliberately falsifying a birth date. Accessing an online service is one, false claim of benefits (e.g. pension) may be another, avoiding or enlisting in armed forces, purchasing age-restricted material, renting a hotel or vehicle, the list goes on. A robust system must account for these possibilities.
While there are relatively few people in this specific situation still alive, my grandmother was born in a country that still used the Julian calendar at the time.
Not at all. Just last week my government approved a plan to bring in thousands (I think 3000 or 9000) of immigrants from Ethiopia, a large portion of whom do not have personal documentation.
Yes, but you are designing a system based on a once in 100,000 edge case. There is no reason why such odd and rare requests can't be handled in a customer support request.
...If your customer service team are sufficiently well staffed, trained and have escalation points. In the article the customer service team couldn't even read a decision made by 'The Back End Team'.
A more realistic case for you: People make far more mistakes than you think. Having done genealogy recently, the number of documents with people messing up their own birthdate or name is staggering. On top of the much larger number of registers where someone else have taken the information down wrong.
You're seriously underestimating gow much this happens with current rates of immigration. 1 in 1000 to 1 in 5000 seems to be the correct rate in my country.
Besides, Even with 1 in 100k, with the US population of 330 million, you've created trouble for 3 300 people based on this edge case alone.
Modern example: my father, who is still living, driving, and traveling internationally.
When he was 15, his parents decided it was time for him to start driving his mother around, who never learned how to drive. They wrote down his birth year to make him appear 16. The Texas Department of Public Safety in the 60s wasn’t quite as strict about proof of identity as it is now.
Fast forward to the late 90s, and digitized driver’s licenses. Fortunately, my mother had an inkling that life for my dad might get a bit complicated with a driver's license that didn’t match his birth certificate, so she pushed him to get it corrected.
I imagine there are at least several thousand US citizens who have never lived elsewhere whose primary ID (driver’s license) shows a different birth year from the one on their birth certificates for similar reasons, and it’s a toss-up on which date they use for various purposes.
My grandmother "altered" her date of birth on her birth certificate so her husband wouldn't know she was older than he was.
That date ended up on their marriage certificate.
And then, after her husband passed away and she was approaching pension age, she realised she would only be eligible for the pension a few years later...
So DOB is not immutable.
(and another common source of DOB errors, mixing up the US MM-DD-YYYY versus the normal DD-MM-YYYY format used almost everywhere else...)
The US legal code doesn't give them a ton of flexibility here.
Coinbase has to push the boundaries of US legal code interpretation in plenty of other places... picking "letting pre-teens manage accounts" would be a dumb hill to die on.
Going into your profile on a trading app and saying "i am 12 and what is this", no matter the reason, seems like a reasonable signal that maybe you're not a customer I'm hugely concerned about retaining.
Quite common. On Discord, there are NSFW channels and before joining them, you have to provide your birth date (only once). If you set it to below 13, your account gets suspended/locked immediately.
Commonly the 1 unhappy customer might tell his story to ten of their friends or thousands+ of readers online. Fixing customer problems (especially drastic ones) carries large incentives, because those single stories will actually be observed, while the 1000 happy customers won‘t be mentioned.
The depressing bit is that they can make a rational decision to weigh that cost against the amount of money it takes to keep people happy (vs doing nothing). Not that I support it, but they might be following the financially superior option. There's a lot of incentive to get that answer "correct", so I suspect it's currently working out in their favour, even though it sucks for those of us caught on the shitty side of that equation.
While true that economies in their various forms can form unsympathetic relationships between producers and consumers, it seems that, broadly speaking, producers who align more strongly with consumer satisfaction tend to ‘win’ and those who broadly speaking don’t tend to ‘lose’ on a long-term basis.
To their credit, Apple seems to get this mostly right.
I was banned from Coinbase 4 years ago, and I am still unable, to this day, to create an account without it being banned within 5 minutes of creation and no one is able to give a reason as to why.
From having been behind the scenes of a web hosting company a while back: They almost certainly have decided that you're a scammer, and that any account you ever try to open is just an attempt to get around being banned for being a scammer.
The complete non-answers from support are almost certainly because they have that as a standard policy with people they've decided are scammers, because the genuine scammers out there are extremely good at manipulating literally any kind of even vaguely permissive support policy into enabling further fraud.
The bigger issue here is that when a company is actually good at this stuff (like that web hosting company I once worked for), there's a department specialized in handling these cases with knowledge of how to properly verify legal identities and filter out the scammers... but quite a few companies today both big and small have decided (possibly correctly, given how they're treated) that it's easier and more profitable to just skip that entirely and instead leave false positives locked out of the system permanently.
If it's in finance then unfortunately this is really just how it works in the US. If a bank has the slightest inkling that you're someone on a sanctions list (or that you have a connection to some "bad" country like Venezuela, Iran or Cuba) they'll drop you like a stone.
So yeah I agree it sucks, but the issue is not that every company which complies with OFAC is an incompetent loser. It's that the USA has declared a few countries as enemies and has some tough laws to enforce this both domestically and within its sphere of influence (foreign transactions with a "US nexus"[0] fall under OFAC). If I recall there's no upper bound on the fines for contravening OFAC and there's no leniency for accidentally breaking it even though you demonstrably tried to identify people, or were tricked. So these companies are incentivized to err on the side of extreme caution.
[0] - this is a fun one, iirc this can mean obvious things like "a company has a subsidiary or office in the USA", or "a transaction was conducted in USD" or even "an American citizen was in the room when the transaction was performed".
Traditional banks will cut you off as well. Move lots of money through your account, bounce it between a few accounts and back into your account. They'll cut you off.
In the UK I can raise this with my bank and if they don't resolve it I can raise it with the regulator, who has real teeth. Getting back on topic, who regulates Apple?
There are bank regulators in the US, it is heavily regulated. Businesses are still free to choose who they want to do business with. Banks will get smacked down by regulators if they helped laundered money so they error on the side of caution. The fact that is heavily regulated is the root cause.
That is correct. Yet it doesn't make it good. Customer focused communication even though some indicator tell you to terminate the account should avoid a "The process" situation. This is 2021, we have many amazing communication tools available.
At least in the UK, there are "tipping off" offences that make it very legally risky to tell people why they're suspended. Banks just tell their employees not to do it to avoid risk
It doesn't matter if they lose one customer by mistake if they screen out multiple fraudulent accounts this way. It's simply more profitable to do this in an automated way than to actually consider the human in the equation.
I'm not mad, I've still got my keys from 2014-ish. I only made a Coinbase account after a finance teacher in high school heard that I dabbled in crypto, and bet that he could build a better-yielding portfolio than I could. I logged onto Coinbase, spun up an account with $20 in it, and invested in Chainlink and Ether. Nowadays it's worth ~350 dollarydoos, which isn't absolutely necessary to retrieve. Honestly, it was worth it just to watch his enthusiasm crumble when his 30% APR high-risk portfolio paled in comparison to some dumbass high-schooler's prediction.
File a complaint with your state’s Attorney General, FINRA, the SEC, and NYDFS. Should help Coinbase along in recovering your account. Should take no more than an hour or two to file with all regulators I mentioned.
I'm surprised OP mentioned New York State Department of Financial Services (NYFDS), but this might be the local regulator if Coinbase's home state is New York.
I would still file with them, they can still escalate on your behalf since they are the regulator, or refer you to the agency you should file a complaint with.
Coinbase, Venmo, and others are not enabling censorship resistant crypto payments. Coinbase does track who and where you send your crypto to, so in theory they can control what you do with it. The workaround would be to send your crypto to wallets not associated with them, even still.
Coinbase and Venmo's role is analogous to a bank that offers account holders debit cards that can access CC networks, not the organizations in control of the CC networks themselves.
You could say the same about, say, Amex or Discover being de facto not as censored as Visa and Mastercard. The pressure is on Visa and Mastercard because they're where the vast majority of the money flow comes from.
If it was illegal to pay the hackers back, and the Colonial Pipeline ransomware attack still happened, what would the options be? We'd have to turn the systems back on some way right?
They'd restore from backups, which is already what they did even after paying the ransom. More importantly, would the hack have happened in first place if they knew there was no chance of being paid?
Every ransom paid just funds and encourages the next hack. The social damage is deserving of a large fine (i.e. 10x the ransom).
Apparently they ended up having to do just that even after paying the ransom:
"The decryption software provided by the hacking group DarkSide, notes Bloomberg, was reportedly 'so slow' that Colonial Pipeline 'continued using its own backups to help restore the system.'"
I mean if you have backups then sure, don't pay. Every case won't be that simple. It also seems a bit odd that they'd pay if they truly had all the backups they needed.
Theoretically, no, the hack wouldn't happen if they knew there was no chance.
Realistically, yes, the hack would still happen. Because there will never be a world where people don't pay ransoms, especially if they have no other options / backups.
If they restored from backup, how do they know the attack wouldn't hit again immediately? The ransom wasn't just to decrypt the data, but to halt the attack.
> More importantly, would the hack have happened in first place if they knew there was no chance of being paid?
Why wouldn't it? They could easily been paid by another group to perform the hack, used the hack to manipulate stock prices, sold the stolen financial data, or, most likely, the ransom would have been paid indirectly though some other means, like hiring a "cyber security consultant."
reply