> We post a role, get 500 applicants, and nearly all of them are not legitimate. They all look amazing, really great resume, impressive LinkedIn, etc... but when you dig a little deeper, it's not that hard to find a bunch of red flags (LinkedIn profile create < 3 months ago, VOIP number, using VPN to submit job application, etc). You really have to know what signs to look for. They're very convincing fakes.
To me, what you call "red flags" rather looks like a description of often outstanding programmers who are quite privacy-conscious (think into the direction of "somewhat cypherpunky").
On the other hand, consider that in this particular case, if you throw out a false positive, it is very often a really good programmer (though not necessarily the kind of programmer that big tech companies are looking for). :-)
To me, what you call "red flags" rather looks like a description of often outstanding programmers who are quite privacy-conscious (think into the direction of "somewhat cypherpunky").