advertisement
advertisement

This startup provides health insurance against online harassment

Leigh Honeywell and Logan Dean have raised a million dollars for a new business, Tall Poppy, that helps companies protect employees against trolls and hackers.

This startup provides health insurance against online harassment
[Images: 13914901/iStock; Suzanne Bainton/iStock]

Anyone who’s spent some time on Twitter knows that vilification and personal attacks–as extreme as threats of rape and murder–are a standard feature of some people’s online lives. And Twitter is peewee league in comparison to virulent hate communities on platforms like 4chan, 8chan, and Kiwi Farms.

advertisement
advertisement

“God damn, asians have soulless lizard eyes,” wrote user “Anonymous,” in, of all things, 4Chan’s Television & Film discussion group in April. Another anonymous comment says, “I propose almost all current ‘problems’ could be solved by chaining all women (including wannabes) to the next stove.”

They are talking about Liz Fong-Jones, one of the Google employees who went public in 2018 with charges of harassment and intimidation from coworkers over diversity advocacy. Even before that, she was a well-known advocate for the transgender community–and the subject of online harassment.

The stakes are much higher than hurt feelings. In June 2018, transgender indie game developer Chloe Sagal, who struggled with mental illness and was a frequent target on the site Kiwi Farms, committed suicide in Portland Oregon.

Security engineer Leigh Honeywell has seen a lot of cruel treatment of friends and colleagues over the years, in both virtual attacks and real-life sexual harassment and assault. While working day jobs at places like Slack, Microsoft, and the ACLU, she also applied her skills on the side to help victims and potential victims “lock down” their online presence from attacks like “doxxing,” in which troves of personal information are posted online.

After years of providing help ad hoc and pro bono, Honeywell decided back in 2014 that she could help a lot more people by turning her efforts into a business, sold as a service that companies can provide as an employee benefit. In April 2018, she and business partner, Logan Dean, put the plan into action by founding a company called Tall Poppy.

“I can’t prevent people from yelling at you on Twitter,” she tells me. “What I do is prevent that yelling from escalating into hacking into your accounts.”

advertisement

That hacking can range from impersonating the victim in social media posts to obtaining and publishing information that points would-be attackers to the victim or their family’s home address. “A lot of my personally-identifying information as far as places I’ve worked, places my partner’s worked, the hobbies that I do [were published online],” says Fong-Jones, “as have a–alongside people deciding, which gun are they going to pick to shoot the tranny.”

Logan Dean (left) and Leigh Honeywell. [Photo: courtesy of Leigh Honeywell]

Honeywell and Dean chose the name Tall Poppy based on a metaphor that dates back to Roman times. “The idea of tall poppy syndrome is that…anyone who becomes prominent in their field or in politics or whatever, they get cut down,” says Honeywell. “So we protect the tall poppies.”

“I specifically asked her like, literally, ‘How much money can I give you? Like how much money can you possibly absorb?'” says Liz Fong-Jones, recalling her response in August 2018 when Honeywell asked her to be an advisor to the company. She ultimately invested $200,000.

Together with funding from other angel investors, including Inner Loop Capital, Tall Poppy has now raised just over a million dollars. And the company had already served about a dozen customers before closing its seed round in May. They include a few prominent companies that Tall Poppy hasn’t been authorized to name publicly.

Rank-and-file harassment

“We had a few employees who were at the brunt of some very aggressive and lewd internet trolling,” says a woman I’ll call “Breanna,” with the title “director of people operations” at a Bay Area tech startup. Breanna asks that I not name her or the company in order to protect the identity of the employees who were harassed in 2018.

“They were being reached out to on their social media profiles. They were being reached out to via anonymous texting applications and harassed on their personal phone numbers,” she says. Company leadership never determined the identity of the harasser but suspected a former employee, “who left on very bad terms.”

advertisement

“We’ve had that situation with a couple of different customers,” says Honeywell. “You’ve got someone who has had privileged access. Maybe they’ve got people’s phone numbers because they carpooled to the company offsite together.”

People in customer-facing roles are also frequent targets, she says, such as trust and safety staffers who alert users of social networks or online forums if they have violated terms of service. “Somebody at the company is having to tell angry people on the internet that they can’t do a thing on their platform,” says Honeywell. “That’s where we’ve seen the most severe workplace-related targeting.”

Forums like 4chan have seen posts calling for violent attacks on employees. “I want to raze every google HQ and line up every employee on the firing line. They all deserve the Waco treatment,” wrote a poster in November. After a disgruntled user shot three employees and killed herself at YouTube headquarters in April 2018, it’s impossible to dismiss such missives as idle threats.


Related: Here’s how to wrangle your passwords without going crazy


In the startup client’s case, the entire team that the former employee had worked with was harassed, but one woman was the primary target. “There were a lot of messages that were sexual in nature, aggressive in nature,” says Breanna, “stream-of-conscious ramblings and pornographic voicemails.” The attacks never came to violence or even a real-life encounter. But the employees and company had no way of knowing whether or not they would.

These aren’t headline-grabbing harassment cases: like the violent threats against professor Christine Blasey Ford, who came forward in 2018 with accounts of sexual assault by then Supreme Court nominee Brett Kavanaugh, or against women game developers like Zoë Quinn in the “Gamergate” controversy of 2014. (Dean cites Gamergate as the event that raised their awareness.)

advertisement

But these attacks on rank-and-file employees demonstrate that anyone, not just tall poppies, can be a victim.

Alongside the moral obligation to employees, it’s also good business practice to protect them, says Breanna. “Given that the line between work and life can sometimes blur together, and how you’re feeling in your life outside of work can definitely affect you inside of work…we want to provide our team with all of the resources possible to ensure that they can work effectively and productively,” she says.

Cyber hygiene

The resources that Tall Poppy offers include group and one-on-one training in what Honeywell calls “cyber hygiene.” “One of the things that I sometimes say about computer security is that we kind of are still in the washing our hands with soap phase,” she says. In other words, we’re still learning the fundamentals.

Washing includes devising more-secure passwords, and a strategy for managing them. It begins with creating passwords for key accounts like email that are hard to guess but easy to remember. The current wisdom is to devise long, nonsensical, even comical phrases like “correcthorsebatterystaple”—as proposed in an installment of web comic XKCD.

Another basic security step is to check what third-party apps have access to social media accounts (think Cambridge Analytica harvesting data from Facebook users), and cut off as many as possible.


Related: Here are the data brokers quietly buying and selling your personal information

advertisement

Tall Poppy also teaches a company’s employees how to scrub personal information off the internet. “We were quite surprised by how easy it was to get a hold of our personal information, especially those of us who have more unique names,” says Breanna. “And Tall Poppy showed us a handful of ways to opt out of having your personal data stored within these platforms, like the ‘people search‘ kind of [services].”

Honeywell and Dean have created a straightforward online tool, called a personal security concierge, that walks employees through steps like upgrading passwords. This includes setting up a password manager app like 1Password or LastPass, which generates, stores, and autofills in web pages and mobile apps those gobbledygook super-secure passwords like “z8M%Ji72!Kw+Vv1#vyfUB” that no one can remember.

Community roots

Tall Poppy has so far picked up clients by word of mouth. Breanna found them because both companies are alumni of Y Combinator, the Bay Area accelerator that’s provided initial seed funding, advice, and support to over 2,000 startups, including unicorns Airbnb, Dropbox, and Stripe.

They now work out of the San Francisco office of StartOut, a nonprofit accelerator for LGBTQ entrepreneurs, with chapters in five other cities.

The link between Tall Poppy’s mission and the LGBTQ community is no coincidence. “Most of the people I know who have this fear [of harassment], it is mostly women or trans people,” says Logan Dean, who identifies as “trans or gender nonconforming.”

“It affects me and other people in what we choose not to say. There are things I just don’t want to wade into [online], like any political discussion,” says Dean.

advertisement

Honeywell, who identifies as a cisgender bisexual woman, has also been active in the feminist tech community–which grappled with harassment and discrimination years before “MeToo” became a cultural touchstone.

“The Geek Feminism Blog and wiki was a really important part of my early tech activist career,” says Honeywell about the pair of sites and their online community that were active from 2008 to 2018. The wiki sought to document issues and arguments in feminism that people could link to in lieu of continually re-explaining their points in online conversations.

Honeywell also took a public and personal role in the controversy over security researcher and journalist Jacob Appelbaum, who faced accusations of sexual misconduct, including rape, from multiple women.

In a 2016 blog post, Honeywell told her own stories of mistreatment by Appelbaum during a period of romantic involvement a decade earlier. “In that time we spent together, he violated boundaries I set as though they were a game,” she claims.

Honeywell delved into electoral politics in 2016, volunteering for the Clinton campaign and spearheading protest against president-elect Trump’s immigration policies at the end of that year with the Never Again Pledge. She led a team of volunteers, including Liz Fong-Jones, in collecting 2,843 verified signatures of tech workers pledging to not build databases of Muslims or other groups that might be targeted by the new administration for surveillance or deportation.

advertisement

Related: Leigh Honeywell, catalyst of today’s tech worker activism


Stereotypes of feminists or political activists as dour or angry melt away in meeting Honeywell. Her nearly always-smiling face is crowned by short hair dyed in an oft-changing assortment of colors (red, orange, pink, green), and she speaks in the cheery, modest tone that definitely reinforces the Canadian stereotype.

Honeywell has a sense of humor about her niche or nerdy interests and affiliations. She chuckles when recalling that she and Dean owe their connection to a feminist science fiction convention in 2011. Honeywell met a friend of Dean’s at the event, which led to their partnership.

Feminist activism earned a subtle shout-out for Tall Poppy’s work on the Netflix supernatural saga The OA, created by the show’s star, Brit Marling. In episode two of its current season, a private investigator (in a parallel-universe San Francisco) calls a friend for help in his research.

“How are you…?” he asks.

“I’m with an author who’s about to publish a feminist text, arming all of her accounts so she doesn’t get hacked, doxxed, terrorized, stalked, you name it,” she replies.

advertisement

Honeywell giggles when I tell her about the scene. “I had lunch with Brit about two years ago,” she says, explaining that feminist writer, historian, and activist Rebecca Solnit introduced them. “We talked about a bunch of computer security stuff, including whistleblower security.”

Tall Poppy also gained national attention during the harassment scandal that triggered the Google Walkout protest of November 2018. Honeywell continues to provide free consultations for people at risk of harassment, including her friend Star Simpson. The hardware engineer was one of the main sources in an October 2018 New York Times expose on sexual harassment by senior Google executives.

Simpson came to Honeywell a few weeks before the story ran, to proactively lock down her online presence–a meeting that was later covered in the press.

“This is the story that spawned 20,000 Googlers walking out” says Honeywell. “Yeah, it felt really good to be able to support people who were speaking truth to power.”

advertisement
advertisement

About the author

Sean Captain is a Bay Area technology, science, and policy journalist. Follow him on Twitter @seancaptain.

More