from Hacker News

Vercel employee used customer information to pursue a personal trademark matter

by StanAngeloff on 10/15/23, 5:10 AM with 45 comments

by NicoJuicy on 10/15/23, 9:11 AM
This was only one part of the story?
1. Vercel shipping Indie hackers projects ( their customers) as "app templates" as a host, for marketing purpose
https://twitter.com/nico_jeannen/status/1712749652133683632?...
2. The mentioned infringement of a Vercel employee, mentioned here ( he seems to be fired)
https://twitter.com/nico_jeannen/status/1713139186474406206?...
3. Very broad ToS -> Vercel may delete your app for no reason at all
https://twitter.com/bk_7312/status/1713197808264839479?t=h1T...
by koopuluri on 10/15/23, 6:13 AM
This is really concerning.
This combined with their marketing strategy of copying popular indie products and turning them into NextJS templates creates paranoia in the minds of builders who trust Vercel with their codebases, analytics, and often even their data (via Vercel's storage products).
It seems that an enterprising Vercel employee has a goldmine of data to help inform their next "side project".
by hubraumhugo on 10/15/23, 6:11 AM
> Employees can easily access the user's data and impersonate any account
At every decent sized company I've worked for, topics like production data privileges, data classification (public, sensitive, confidential, etc.), data masking, and data anonymization for testing have been top priorities. And these policies are sometimes a true pain in the ass for developers, but they exist for a good reason.
I guess you shouldn't miss the timing to go from "move fast and break things" to "ok we're now a serious business".
by hipadev23 on 10/15/23, 6:20 AM
Isn't this like the 5th or 6th time Vercel accessed private information from customers to launch a competitive service and/or shutdown the customer?
Is there some tech incubator clause buried in their TOS and this is all okay?
by jlund-molfese on 10/15/23, 5:34 AM
More context: https://twitter.com/nico_jeannen/status/1713139186474406206
by lloydatkinson on 10/15/23, 6:55 AM
Vercel is rapidly turning into a scourge in the open source world. Their strong coupling to React is also worrying, they are already trying to influence future React features for their NextJS framework.
by mdhb on 10/15/23, 6:42 AM
Add it to the long list of evidence that Vercel is a shady af company who shouldn’t be trusted.
by throwaway290 on 10/15/23, 5:30 AM
Tangentially, who else misses the time when React was just a side project by FB? Increasingly it seems to be led by Vercel who makes profit from React-based solutions.
by pc_edwin on 10/15/23, 10:53 AM
> The employee did not have access to any source code, secrets, or the ability to change settings or deployments.
We are talking about an employee who has access to the customers personal information as part of their job doing something unethical.
I would be extremely surprised if Vercel didn't have industry systems and practices in place for security.
This is an edge case which can only be avoided by building Google-esque systems and practices. I don't think you guys really understand what your asking for here.
This will cripple them in so many ways, it makes so much more sense delay it as long as possible. Not because they can save a bit of money, but because they UX will fall of a cliff, feature velocity will ground to a halt and the product will drift further away from stuff we really want.
by osbulbul on 10/15/23, 10:15 AM
Well, I already don't like vercel and just sign up to test couple of things. But after I read this, I am going to delete my test account.
by jatins on 10/15/23, 6:27 AM
In my experience at early stages of a company data ACLs are often the last priority for companies. People are rewarded for shipping things that can get a mention in company's next board deck, and "added ACLs to our Postgres" never got a mention in a board deck.
I am sure a half motivated employee at your favorite cab service could see which addresses you frequently commuted to in first few years of that service's existence