💡 (feat planning): how can we stop people from leaking confidential information in slack?

[dotcomnerd]

hey y'all. was reading around in the slack when i saw the thread on resume leaks.

this is a HUGE problem. not just from the security side (data confidentiality being breached) - but also from the trust side (people not trusting ColorStack to host their resumes).

as someone who literally keeps all my information private and locked-down for this reason alone (i've had my fair share of skids, leakers, et al) - i wanted to open up a space here to think about what oyster could do to help. not prescribing one fix, but laying out some directions we could explore:

for a more accountability side:

- invisible or visible watermarking or tagging of resumes so if they leak, we can trace them back to who downloaded/shared
- logging who opens a resume link (vs just dropping the file in slack) - oyster could be the client for #career-resume-reviews

on an access control level:

- instead of raw uploads, oyster could post a managed link where access can expire or be revoked
- possibility of a simple web-based viewer instead of direct file download
- like what proctoring tools do, track screenshots, loss of focus etc.

to facilitate safety and retain trust:

- enforce “privacy mode” that hides emails/phone numbers BEFORE posting
- give members the choice of how much info to expose depending on comfort level
- communicate clearly in the UI what protections are (or aren’t) in place
- set expectations so members know what happens once they share their resume

---

Note

none of these are silver bullets, but i think it’s worth having the convo. colorstack was meant to make resume sharing safer + easier, and right now leaks are undermining that. would love to hear what others think about a direction the team can take and what’s realistic to build....