Around 2019-05-27 04:12 UTC+10, 5 garbage job ads were posted on We Love Go’s website (https://welovegolang.com) and subsequently on its Twitter account (https://mobile.twitter.com/welovegolang).
One job ad in particular contained hateful language and I apologise to all of We Love Go’s users and Twitter followers for allowing it to occur.
Thank you to a few members of the We Love Go community for bringing the garbage jobs to my attention. I was also aware of them due to the notification email that I receive for each and every job that is posted.
It appears that these garbage jobs were posted by bots using We Love Go’s unauthenticated job posting form as opposed to using the relatively new (at the time of writing) authenticated forms. The unauthenticated job posting form allows for anyone to post a job without first having to authenticate with a valid user account. The reason that an unauthenticated form even exists is that We Love Go started out as a small side-project and user authentication was not a part of the first iteration.
When the authenticated process was introduced, it required users to login with a Google account in order to post a job. I did not want to exclude people and businesses that did not have a Google account and so I decided to leave the unauthenticated form as an option for those users.
The garbage Tweets and jobs were deleted around 2019-05-27 05:13 UTC+10.
Around 2019-05-27 11:00 UTC+10 welovegolang.com was updated with the following changes:
- The unauthenticated form and process was removed. This means that jobs can only be posted by first signing in with a valid Google account and should stop bots from posting on the site. While this will not necessarily stop real users from posting garbage job ads, it should help.
- Content in job ads is now scanned for banned and offensive words.
- Revisit the code that is checking for banned or offensive words and ensure that it is robust and is not returning false negatives that block genuine jobs from being posted.
- Consider whether jobs need to be explicitly approved by admin instead of allowing them to be automatically posted.
- Consider adding other forms of single-sign-on aside in addition to Google.
I love Go and if you’re reading this you probably love it too. I hope that We Love Go will remain a safe place for anyone in the Go community and that it continues to be useful to people and businesses who are using Go.
Sincerely,
Jonathan Ingram | We Love Go