How Vouching Works

Frank’s head of technology Zeke Nierenberg explains our new approach to group security and answers top questions about how it works.

Get Frank
5 min readFeb 24, 2021

By: Zeke Nierenberg

At Frank, we firmly believe that workers, not software companies, are the best decision-makers of all organizing efforts, especially when it comes to group admission and security. Since we launched our Beta product in April, we’ve been learning about how our approach to security was working for real workers — and where we had clear opportunities to improve. These opportunities are addressed by our updated approach, Vouching.

When you vouch for a coworker, you are saying you trust them. That you know them. That they should be admitted to your private group. Our goal is to enable Frank — the software — to support this, by putting the control of who can join your group in the hands of verified group members — by having, at minimum, two coworkers vouch for each new member.

In our first beta release, we used a third-party ID verification platform, which included optional facial recognition technology. In testing, we received feedback that ID verification was both too much AND not enough. Too much because it felt threatening and non-inclusive, and not enough because it didn’t accurately capture the nuanced nature of the real security threats workers were facing. Our concerns about the authenticity of applicants were valid — it’s important that workers are who they say they are — but the means of verification didn’t work.

We also learned that we were missing some pieces of the puzzle. It’s not enough that people are who they say they are — they also have to be trustworthy and eligible to use Frank.

So we went back to a fundamental principle here at Frank and designed a new onboarding process to make group admission completely in the control of workers.

When you join Frank, there are three criteria you must meet to be admitted: authenticity, trustworthiness and eligibility. You’ll provide proof of each through a combination of self-certification and group review. If, at any point, a worker is found to have misrepresented themselves, their coworkers can flag and immediately suspend their account.

Let’s go deeper into each step and how we define it:

Eligibility: Frank is only for non-management workers. What does non-management mean to us? It means that anyone with hiring or firing capabilities, managers of other employees, or human resources and legal are not eligible to join Frank. We know some of these people may be sympathetic to your cause, and we believe that allyship has value — but, for now, those employees are not eligible for Frank. Every worker signing up for Frank is required to certify that they are not a member of management. In addition, an existing member of the group can tag a potential group member as management, blocking them from signing up.

Authenticity: You can verify someone is who they say they are by pre-trusting their email before they join. Authenticity can also be verified when a current group member invites them by email. Or, you can enable a passcode option, which requires workers to enter a secret code upon entry to the group. We recommend you share this passcode via a safe non-work messenger tool or even verbally to ensure maximum security.

Trustworthiness: There may be people who are eligible to join Frank but are not a healthy voice in your organizing effort. It may be that you and your peers don’t trust them to not report things to management or they might not be constructive on the issues. All potential members must have sufficient votes of support from existing group members to be allowed to join. If someone joins Frank but hasn’t been voted as trustworthy, Frank will require additional members to screen and vouch for a prospective new member before admitting them into the group. This process follows similar organization mapping efforts in labor organizing.

The result of these three criteria is that anyone who is admitted to your group has to have been vouched for by other trusted group members and verified to be who they say they are via a second verification step of a passcode or trusted email. Finally, every group member is empowered to hold each other accountable. Our transparency tools — including invite tracking and event logging — are helpful in creating a record if any disputes do arise: every invitation is tracked and visible in profiles, vouching votes are displayed in the Coworkers tab, and the notes function within Coworkers allows for members to share information about trusted or untrusted coworkers.

We want to stress one last aspect of our new approach to worker-controlled group security: like in organizing, decisions are made by those who participate. Some decisions are cut and dry — “is this person really who they say they are?” — while others are more nuanced: “can we trust this person to uphold the values we’re fighting for?” Active Frank workers will have more of a say than less active Frank workers. So, make sure you pay attention to the pending member email notifications and participate in pre-trusting coworkers on the Coworkers tab inside Frank. Your participation will make your group stronger, and your efforts to make change in the workplace will be stronger for it.

We know we cannot completely remove the risk workers face when organizing in the workplace and we would never pretend that any feature we build is a silver bullet to making organizing safe. But we believe that by having control over and visibility into who is admitted, you’ll have more confidence that your group is safe and trusted. This is what Frank is all about: giving workers the power to be decision-makers in the workplace.

I’d love to hear from workers, past or present, about what security concerns are top of mind for you — be that technical concerns like encryption, or more product focused ones such as anti-harassment features — my DMs are open on Twitter @ZekeNierenberg.