Maybe I should implement this as a weed out question during interviews. If the applicant is willing to download something without questioning it, then the interview can be ended there. Don't need someone working with me that will just blindly install anything just because.

Bad idea.

Competent candidates might also disqualify you as employer right there. Plus you'll be part of normalizing hazardous behavior.

But where does it stop ?

Will there be trap clauses in the NDA and contract to see if they carefully read every line ? Will they be left with no onboarding on day one to see how far they can go by themselves ? etc.

You're starting the relationship on the base of distrust, and they don't know you, they have no idea how far you're willing to go, and assuming the worst would be the safest option.

We can't have green M&Ms for a reason.

That was an innocent canary clause (they were not asking to put the POS on fire)

The equivalent here would be to ask the candidate to have some folded paper showing his name on camera for the interview, not threatening them with malware.

It's also a disingenious shit test which doesn't reflect well on team culture. Pass.

> it's very similar to anti-phishing training/tests

With the crucial difference that the candidate is someone external who never consented to or was informed of this activity.

it's much better than asking why a soap bubble is round

anti phishing tests are stupid in a similar manner, clicking a link should not fail you

why would you click the link? you absolutely should fail.

even some of the submissions on 'who is hiring?' can be sketchy

Name and shame.

Unfortunately there is not much to name. Someone going by Xin Jia reached out to me over email saying they had seen some of my work and that they had something similar they were working on and asked if I'd like to meet to discuss. He sent me a calendly link to schedule a time. The start of the meeting was relatively normal. I introduced my background and some things I am interested in.

It became clear that it was a scam when I started asking about the project. He said they were a software consulting company mostly based out of China and Malaysia that was looking to expand into the US and that they focused on "backend, frontend, and AI development" which made no sense as I have no experience in any of those (my who wants to be hired post was about ML and scientific computing stuff). He said as part of my evaluation they were going to have me work on something for a client and that I would have to install some software so that one of their senior engineers could pair with me. At this point he also sent me their website and very pointedly showed me that his name was on there and this was real.

After that I left. I'll look for the site they sent me but I'd imagine it's probably down. It just looked like a generic corporate website.

> saying they had seen some of my work

No one does this. It's invariably a scammer manipulating by appeal to ego.

I will say that it was good enough that with some improvement I could see that it might be very successful against people like me who are new to the software job market. A combination of being unfamiliar with what is normal for that kind of situation and a strong desire for things to go well is quite dangerous.

Also goes to show that anywhere there is desperation there will be people preying on it.

- people post because they want to be hired

- info is public

- random person reaches out with public info

- ???

- HN harbours fugitive hackers

I think, if you take jacquesm's posting history here, into consideration it was probably a joke. Maybe not his best work but I don't think he was serious.