Someone is trying to extort our startup for random payment by threatening to post our codebase online or sell it to third parties.
An Iranian developer named Ali Eskandarpour applied to one of the jobs we posted on AngelList. Initially we were going to give him a contract for a test assignment. And we gave him access to two of our private repos to assess the assignment requirement.
But since he is in Iran, after consulting with our legal advisor, we realized that there are legal problems for US companies like us to do business with Iranian entities because the country is under sanction. So we told Ali that we unfortunately couldn't hire him.
He then threatened to post our codebase online for free (which he has downloaded locally), unless we send him $7000 in "wage compensation". Even though we did not hire him and he hasn't written a single line of code for us.
After we refused, he tried to sell our codebase to third parties, even posting a comment on our Product Hunt page asking for buyers (Product Hunt has since deleted his harmful comment from their platform).
Obviously, we are not going to subject ourselves to bullies, and we are not going to pay him anything.
Still, it sucks when things like this happen.
In the grand scheme of things, a product is so much more than the codebase. And the Soundwise codebase without the Soundwise product (including the team, the user community, the brand, the distribution behind it) is not worth much. Still, things like this is a damaging distraction when you know you have a lot more important things to focus on for your startup.
You may say, why didn't you ask him to sign a NDA? Well, we did send him a NDA to sign while we shared the code. That's what we usually do when we work with new team members. But in this case, this person never signed the NDA we sent. Would it have made a difference if we had made sure he signed the NDA before we shared the code? Maybe. But I doubt it. If the person is seriously trying to extort you, a NDA is not going to stop them.
I don't think the answer is to tighten the control, either. The team wants to be trusted and respected. They don't want to be, and shouldn't be treated as potential thieves. That would be very damaging to team morale. And overall we've had amazing experience collaborating with team members from around the world. We don't want to stop trusting people or give people real responsibilities. Still, extreme cases like this do happen. The world is not all enlightened honorable beings, even when you extend people the best intention.
I'm interested to hear everyone's view on this.