I am 99% sure LinkedIN used my IP address to match with my second floor neighbor, despite their claims that they would never use IP address as a connection data point.
I was sharing my wifi for a brief period with my neighbors on the second floor. My neighbor had a new room mate. The guy was from another country. He didn't work in the same industry I do. I didn't have any of his contact information anywhere on any of my devices, and afaik, vice versa. We had no formal contact in any fashion, monetary or electronic communication or any other kind of contact other than passing each other in the hall. I didn't even know his name. He's just one of millions of people who live in my region.
Yet they suggested him as a possible contact.
If they weren't using IP address, they were using black magic.
edit:
to clarify, i forgot to mention that i had no linkedin connection to my neighbor, afaik he didn't have a linkedin account, he definitely doesn't have one currently. He was sort of a luddite, barely used his computer, and i don't believe we ever emailed each other, or even had each other's email, I just searched my mail and have record of any.
And I very much doubt my neighbor had any obviously traceable connection with the roomate anyway, at most a phone number and received rent through cash or check.
That's creepy. Different topic: I think the biggest connection business is whatsapp. If a person does not use whatsapp but a friend of that person does, whatsapp knows the person's phone number anyway. If >= 2 whatsapp users have that person's phone number stored with the same name in the contact list, whatsapp even knows the person's name (and other information). With that information they can accurately identify the person's facebook profile. Horror!
I think it was clever to remove Whastapp from my phone the day facebook acquired them. Sure, they can still connect my number to one of my fake profiles I used to have some years ago.
Are you connected on LinkedIn with your neighbor? Because if your neighbor was connected with him, that could be how it happened. I think it will show if any of your connections know him (up to 3 hops away), but you might need to visit his profile to see that info (I don’t use LinkedIn often but noticed that feature before).
linkedIn was suggesting people that were using the same wifi network as I was. I thought this was spooky — I could see more info about my hotel guests than they probably realized.
LinkedIn definitely uses same IP address to suggest connections. My wife as suggested connection really stood up in this way for many reasons (profile recently created, a few connections from the other side of the world and in a totally different industry).
So it would be even worse, they would need to retrieve a phone number in some way and match that. I don't register email contacts anywhere, and I am not using the LinkedIn app. I would say that I have seen similar things at work/work location (consultant). Seeing people with no shared contacts among the first ones in the suggested list. Until then I though it was related to 2nd or 3rd level of linkage.
I suspect that information can be obtained in ways other than IP addresses. Close enough to be the same thing, but enough distance to state, “we’re not tracking IP addresses”, and have their lawyers approve.
I knew a guy who worked in an industry where using SSNs for identifying people was illegal. Their solution was to prefix the SSN with a leading one. Compliance.
Before it is tested in court, every possible shade of grey looks blazing white to a group of people who mutually reinforce optimism and punish doubt amongst themselves.
It may be more complex than that. If both of you were tied into the Social Graph it's possible software on your devices simply knew the two of you were in proximity and for how long. This could be done via Bluetooth by an app like WhatsApp or Facebook, which is known to have sensors installed in urban businesses. But who's to say they didn't just turn your device into a beacon itself using the Physical Web?
> What we also don’t really know here — the DPC doesn’t really address it — is where LinkedIn obtained those 18 million email addresses, and any other related data, in the first place.
Well, one such source of email addresses was me.
When I joined it more than 10 years ago, I was not as privacy aware as I am today. So, upon joining, I uploaded my address book to connect to people who already had a LinkedIn account.
I shortly after realized that they abused it. They sent an invite email to every person that was not on their platform.
I only got to know about it becasue one of my university professors sent me an email saying that she was not interested in joining yet another network. I had to apologize, because I did not expect that to happen.
To this day, LinkedIn still uses that information to suggest new connections to me and to prompt me to invite people that are still not on their platform.
In retrospect, it was a stupid move to upload my address book, but I'm sure I am not the only one that made that mistake, and probably many people still do nowadays.
Right there with you. I had assumed it would just look for folks on the network and give me the option at that point on who to add. Nope. I had folks replying back to me declining invite. I had people in my address book I never wanted to contact again. I finally got LinkedIn to stop retrying people from my list, but I failed to get them to forget my list apparently because, like you, some of these people/addresses are on my recommendation list.
It's worse than that now. If you sign up with Gmail it will request access to view your contacts in the OAuth dialog (and will periodically keep requesting this access if you deny it). So no uploading is even necessary; it's sufficient to be using a big email provider and then accept the nag notices.
It only takes one person in your entire contact list to upload their entire contact list, so that your information gets uploaded to Linkedin/Facebook/Google, etc. It's almost impossible to assert that level of control, so my assumption is that my details including my birthday, address, phone number, place of work, etc, has already been uploaded to all of those service. It's infuriating, but it's a reality since I can't stop one of my contacts from uploading my data.
Their app also periodicacally asks you to upload your phone contact list for them. I'm glad Apple have a clear warning message they obviously can't circumvent because the LinkedIn UI makes it really easy to accidentally trigger it in a few places.
I consulted there years back. Helped them relo to a new building. Dolly in one hand, network layouts in the other. After the relo was done, I transitioned to handling trouble tickets along with other consultants.
After a couple of months, our "leader" grabs me and his lieutenant for a special project. We had done a few of those before, I was up for it. We all went for a ride in one of the company vans. Which have only two seats. My job? Make sure the empty rack in the back of the van didn't fall over.
Dude didn't bother to slow down for a number of speedbumps. He let me go that same Friday.
In retrospect, it is always a stupid idea to extend too much trust, when any trust has not first been earned.
It wasn't stupid of you, not your fault LinkedIn literally impersonated you. The mail it sent out all those years ago was written in your name and as though you had actively crafted and sent it. Anyone who knows your name could have impersonated you. Don't worry about doing something wrong.
A quick google suggests linkedin was sued and reached a class action settlement in exchange for the practice.
You can be almost certain that LinkedIn knew it was illegal when they did it, and accurately calculated that the fine they would receive (if any) would be much lower than the value derived from increased membership. In fact they would be stupid not to in winner-takes-all markets like social media.
Silicon Valley has a phrase for such flagrantly unethical practice, it is called "growth hacking".
"It was my job to apply The Formula™. [...] Take the number of vehicles in the field, A. Multiply it by the probable rate of failure, B. Then multiply it by the average out-of-court settlement, C. A times B times C equals X. If X is less than the cost of a recall, we don't do one."
LinkedIn is one of the worse dark-pattern based business out there. Their whole business model is based on making connections between people, however unwanted they are.
They use any means necessary to get your contact list and abuse it to spam your contacts with dubious marketing ploys and unverifiable claims (someone looked you up! you're missing on new jobs opportunities!).
Liars.
I've resisted creating an account so far but the pressure to conform is there as you basically "don't exist" without a profile that lazy HR managers can look up.
Reminds me of that mobile popup I always get that tells me to download their mobile app when I'm viewing Linkedin on a mobile phone and I can't move on unless I press something.
Recently they seem to have started alternating between 2 versions of it - one where you have to tap No and another where you have to tap Yes, so it catches you out if you're used to always using the web site. I really despise this.
Every time I click a link it asks if I want to install the app or continue in the browser and the icon for browser is chrome despite me not even having chrome installed.
> the pressure to conform is there as you basically "don't exist" without a profile that lazy HR managers can look up
I find this is an effective filter for those trying to avoid working for a red-tape-filled, default big corp. The more bureaucracy visible before getting there, the better. For those that explain it away as a bad HR does not make the company bad, if you're good enough to be picky there are good companies that also have good HR.
I got my after graduation job 1 year before graduation through LinkedIn recruiting of a very big engineering corp (100k> employee big), with way better pay than my after internship offer from an American cloud company.
The recruitment process was mostly flawless, very friendly and professional. I never felt so welcomed and on the same level as there. That actually made the tipping point for me going from only startup/midsize companies during studies to big corp. In terms of quality it was way above and beyond of the random headhunter companies offers (I get a few per week, 99% crap).
On the other hand that big corp is not publicly listed, so that might heavily influence their culture.
I feel like they are getting better after the MS acquisition, or maybe I have just dealt with most of their dark pattern dialogues and don't see them anymore
Given that they have been owned by Microsoft for quite some time, how much of their current practice is learned vs inherited? If the latter, why would Microsoft allow this practice to go on?
Much of it certainly inherited, though I haven't used to in years (not because MS bought it) so can't say if it's got worse. When I used it earlier, I'd get so many spam type emails.
They also might have not done due diligence, underestimated what a liability this data would become, or underestimated how long it would take to rewrite it. (E.g. GDPR was only adopted a few months before the announcement of the aquisition, and didn't come into force until two years later.)
What I don't get is why Jeff Weiner and Reid Hoffman are never held accountable for their blatant disregard for user privacy despite many lawsuits over the years. Why is their reputation still so in tact even when Zuck/Sandberg's is hurting over the exact same privacy violations? Why is Reid Hoffman today selling a book on "blitzscaling" which is all about achieving hypergrowth at all cost? Could you imagine how tone deaf it would be if it was Zuckerberg who authored that and not Hoffman?
LinkedIn is also less "sexy" to cover for the media than Facebook. Nobody cares about LinkedIn news, especially in middle America, but Facebook is popular everywhere.
As shady as LinkedIn is (and it's damn shady!), its use in mass manipulation and disinformation is far less important. It played a minor role in elections (everywhere, not just in the US), wasn't use as a means of public promotion of genocide as in Myanmar, and it doesn't have a large base of "alt-right" (and local equivalent) groups. The worst you run into on LinkedIn is awkward young professionals asking you out. That's hardly on the same level of nastiness as Facebook, regardless of how much of a threat (!?) it would be to media organizations.
It makes sense to me - public privacy backlash tends to be limited to what they can understand is happening, and for the most part that is only really concerned with what you are actually sharing rather than what they can link to you via metadata and other dark patterns. Hell a lot of that stuff goes over my head too - the general public just isn't aware of how this works behind the scenes.
People put personal stuff on Facebook, and are more guarded about what they put professionally on LinkedIn. People approach LinkedIn as more of more of a two way selling relationship. They have a better feeling they know what they're in for.
It might be because FB is a much more broadly known brand in the world, and regular news outlets like CNN are significantly more likely to go after public faces.
The world knows who Zuck is.
Nobody knows who Weiner is, except in tech.
Even if there were some coverage, it might not get widely picked up, editorial rooms would just think it too narrow.
Also - there needs to be an 'obvious scandal' with legs - like the the Cambridge Scandal literally had that pink-haired guy with many photo ops making a name for himself, it gives a 'face' to the issue.
Maybe this one breaks though, it could get picked up.
Just go to the “people you may know” page and you’ll see dozens of shadow profiles of people who clearly don’t have LinkedIn accounts. Mine shows relatives who I know don’t have accounts — but whose contact info was scraped by LinkedIn during my dumber years when I opted into their “help us connect you by linking your account” bullshit.
Is there a way to request they remove this data? I sure don’t know how.
I brought this up to my mother who has been retired now for about 15 years but somehow still has a linkedin account. She never created one but somehow still had a profile, it freaked me out.
My long dead grandpa has been a recommended connection for many years now. He was a home builder and never signed up for an account. I have no idea how they got his info and connected it to me. Creeps me out...
Some shared connection (a family member, maybe?) probably let LinkedIn scan their mailbox without fully understanding the repercussions.
If that person had a persistent inbox like gmail, and ever been in email contact with the both of you, it probably inferred a connection that way. Or maybe it saw an incoming email where both of you were in the recipient or CC list.
It’s really creepy what they do, and it enables them to learn all kinds of information about somebody. That person doesn’t even need to have ever visited LinkedIn; it can be provided entirely by other people.
Now all LinkedIn has to do is apologize and work with regulators to make sure this never happens again... thus ensuring no future competitor will have it as easy as they did.
I naively installed the app on my phone, which gave them my phone number. Then I started getting cold calls from people who paid to have access to my number through LinkedIn. I never entered my number anywhere, however the cold callers repeatedly told me they got my information from LinkedIn.
To be fair, they could just be saying LinkedIn because it's easier than saying they bought the number from some shady middlemen, and people are less likely to react negatively to it. Unless you used a unique number only for LinkedIn, the number could have been shared by anyone (even your telco).
I repeatedly get spammed on linked in with "job offers". I took the bait the first time and said I might be interested if they give more info and they just asked for my phone number so I ignored them.
As someone who is looking for a new job, I share your experience: all the recruiters that contacted me insisted on doing it by phone. They also won't tell you the name of the company at first, for fear of you bypassing them and going straight to the company's website.
That said, all calls I've had were from actual, honest recruiters who offered me actual jobs that exist and may fit my profile. I'm assuming that asking for phone numbers is how they filter candidates who are not really interested and make them waste their time.
I wish people would remember that LinkedIn is an evil platform created entirely by dark patterns whenever they idolize Reid Hoffman as some sort of business genius.
Of course they did. In an industry full of shady characters, LinkedIn is among the worst. They're proof that dark patterns and other nasty tactics are profitable, and also that if you make enough money, people in the valley will look past how you made it. The fact that Hoffman is enthusiastically welcomed in polite society says something not great about Silicon Valley ethics.
Unrelated but I'd like take this opportunity to write that the "switch to our app" popup on the LinkedIn mobile site is super annoying. It shows up every time I open the site on mobile browser. On several occasions in attempts of closing the popup I've accidentally clicked on advertisements (Promoted posts) or 'liked' someone's post. And then you see more such promoted posts as they think you like them. If anyone from LinkedIn team is reading this - I do not want to install your app. Please store that flag in the cookie.
Its a typical user engagement trick. If you install the app then you have a constant advert on your home screen and they have the ability to constantly spam you with reengagement notifications
You have to wonder where the ethics are on the ground level. I understand that these decisions are made by management in virtually every case, but you still see these kind of dark patterns from places where every engineer is on $100k+ with plenty of leverage against their employer.
Every UX specialist and software engineer I know would be up in arms if they saw such a story in the backlog. I wonder about the internal dynamics of these work places as well.
People will do just about anything if they are told they are "saving the world". Silicon Valley and its... companies.. fully believe they are God's gift to the planet. Pretty much anything can be subverted to such a point of view.
Strange. I never get this notification. Using Android + Firefox. But there a lot of subtle things missing or broken in the UI, to make the experience annoying.
Having deleted my account months ago, I still keep receiving an email about one particular guy (who I don't know) wanting to become part of my network. I tried their unsubscribe link multiple times, to no avail. First I just didn't want to have an account anymore, now I hate them.
People are talking about how they have a LinkedIn account and how creepy it is when LinkedIn suggests Facebook friends who don’t have LinkedIn accounts, but obscure that information in some way. You think you’re sending a friend (who you mistakenly believe already has a LinkedIn account) a connection request, but really LinkedIn has tricked you into spamming your own friends on LinkedIn’s behalf. This is obviously bad, but I’ve seen much worse.
I first made a LinkedIn account a few years ago because I got an email that my sister wanted to connect on LinkedIn. I’m not into social networks at all, but in the interest of family bonds I clicked the link to make an account and “connect” with her.
So I made the account, and the link in the email must’ve been set up to automatically connect our accounts. But a few days later she emails me that she got my LinkedIn request via email, but she hadn’t yet made an account, and as soon as she made one she’d add me. So this was a tricky spamming strategy in which no one started out with an account, but neither party was aware of that.
TL;DR LinkedIn knew my sister’s email address, my email address, and our connection, and basically tricked both of us into thinking that the other person was already on LinkedIn and wanted to connect. That’s a step beyond what people are talking about here, and is IMO seriously sketchy, unprofessional, and messed up. I don’t think they kept up this practice for very long, but it’s so over the top and beyond the pale that I’m surprised it didn’t result in lawsuits and the entire company being tarnished for decades. Obviously they’ve tarnished their name in plenty of other ways, but the fact that no one talks about this particular practice makes me wonder what other awful stuff they do that most people don’t know about.
LinkedIn's growth, much like Facebook's, can mostly be attributed to the use of its "contact importer," which seems to have been where the 18M email addresses came from. Generally speaking, you should read the fine print when using such "features".
I do see an issue with part of this complaint: storing hashed emails and uploading those to use for targeted advertisements. The general consensus seems to be that even under the draconian rues of the GDPR, a hash of an email is not personally identifiable and therefore that data would not be subject to the GDPR. It appears that the DPC overstepped their bounds on that specific aspect of the investigation.
An email hash can be used to identify an individual and so would very much be in the scope of GDPR, the same as any other number used to identify an individual. Curious why you think that would not be the case. It seems to fall squarely into Article 4’s definition of personal data.
First time I hear about this. This would be very serious. Are you positive there is no other way, the Youtube recommendation algorithm is notoriously weird.
I have very specific interests on YouTube (old cars, etc) that wouldn’t normally appear in the clickbait bucket aka homepage.
When I opened YouTube on my friend’s computer connected to my WiFi (absolutely no way she’d get my YouTube cookies, and if anything she should have her own cookies) the front page had some of the stuff that I watch instead of the usual clickbait.
Now I don’t watch anything that could be compromising but I can see this being an issue if someone is watching “sensitive” subjects and anyone can find out by just requesting the homepage from their IP.
I'm not positive about anything from google because I can't see how it works. All I know is he is on the same network and we see recommendations about stuff the other has watched
I confirm Linkedin is a vector for spam, the way they handle and publish your email address: I use a dedicated, unique email address for my account, and systematically start receiving unsollicited emails and spam a few days after.
I now have the habit to register a new email address every few months on Linkedin, to track the issue. It's clear and easy to prove that the new email address is used by spammers after a short time. One of the main reasons is probably because once you are connected to someone, he/she can access your profile contact details including email and phone number. My guess is there are bots scraping the contacts to populate their spam databases.
I'm sure most, if not all users of Linkedin don't realize this issue, as they generally register using a non-dedicated email address, preventing them to check the origin of the spam leak.
> One of the main reasons is probably because once you are connected to someone, he/she can access your profile contact details including email and phone number. My guess is there are bots scraping the contacts to populate their spam databases.
I'd expect this is the case; I have a LinkedIn account with a dedicated email for name reservations purposes, but do not accept any connections, and have yet to receive any spam.
I'm constantly alarmed by the recommended matches on LinkedIn. I'm also torn by the business community's insistence that this site is a necessary part of networking and any of its practices are therefore beyond scrutiny.
And no, you did not match me to my second cousin "based on my profile." Unless you mean "based on your email address, which is already included in the massive social graph of all address book connections we've harvested from people who know you."
If you have to mislead your users about how you're finding potential connections, maybe you shouldn't be doing that thing in the background, or maybe you shouldn't be so focused on aggressively pushing those connections.
This doesn't surprise me. They went out of their way uploading my contacts without my permission even after declining multiple times, over multiple phone and app versions, as well as adding my connections to my phone contacts... I can't tell if they're stupid or evil.
I wonder how long they can do these sneaky things that they've been accused of before someone (or more appropriately, something) brings the long arm of the law into this.
Litigation could be a possible avenue. Cut off the serpant's head and all that.
Funny because on their home landing page, there is a gallery of people. The one at top, second from left, is a dead ringer for Blake Lively. I wonder if that spawned the question.
I thought US had discovered and was thinking, here come the "crippling 1.2 million fine" :) but maybe EU will make them think twice. 2%-4% of their revenue does send a message.
Not sure but if I had to guess, not. They are incorporated on their own so that corp suffers the fine. Linkedin must be making over $1 billion a year...so it will bite and EU can repeat on future violations
wob: (waste of bandwidth) in the final analysis very, very few people really care. me included. however, too many folks want to bust amazon's chops because of what alexa might hear while awaiting the wake word. you don't even want to think about what your cell phone carrier [and to a great extent your phone manufacturer] knows about you. p.s. i personally believe this behavior has gotten much worse under linkedin's new owner.
we also identified one further area where we could improve data privacy for non-members
And what about members? It's utterly horrifying that a professional has to sell themselves on glorified social media and all its nefarious practices just to give themselves a change on the job market.
> It's utterly horrifying that a professional has to sell themselves on glorified social media and all its nefarious practices just to give themselves a change on the job market.
Arguably, you have no choice in a lot of such matters, so any agreement is by submission. If "the" popular platform is X, and you're not using it, you're missing out. And it isn't far fetched to consider instances where choice of any kind isn't applicable.
> I would say that's a gravely mistaken belief.
Plenty of companies appear to use third-party recruitment services, which entails you giving your personal, identifiable information to a third-party instead of going directly to said company. LinkedIn being one of such third-parties, indirectly or otherwise. The observation that trends like LinkedIn are a imposed reality is in no way a mistake.
> If "the" popular platform is X, and you're not using it, you're missing out.
Missing out on what? What good opportunity comes through LinkedIn? By my account, nobody actually likes LinkedIn and nobody takes it serious. Nobody will hold not using it against you.
> Plenty of companies appear to use third-party recruitment services, which entails you giving your personal, identifiable information to a third-party instead of going directly to said company. LinkedIn being one of such third-parties, indirectly or otherwise. The observation that trends like LinkedIn are a imposed reality is in no way a mistake.
That's not what I replied to. You said "It's utterly horrifying that a professional has to sell themselves on glorified social media". You don't have to do that. Believing that is a mistake and only helps LinkedIn achieve more dominance.
> If "the" popular platform is X, and you're not using it, you're missing out.
This is directly out of the marketing playbook of most social media sites. If you really believe this, then they got you! They spend a fortune trying to convince people they can’t have a social life or find a job without their services, and people are starting to believe it!
Please rest assured: you can get a job without LinkedIn and you can keep up with friends, family, and events without Facebook. We did it long before these services ever existed.
I was sharing my wifi for a brief period with my neighbors on the second floor. My neighbor had a new room mate. The guy was from another country. He didn't work in the same industry I do. I didn't have any of his contact information anywhere on any of my devices, and afaik, vice versa. We had no formal contact in any fashion, monetary or electronic communication or any other kind of contact other than passing each other in the hall. I didn't even know his name. He's just one of millions of people who live in my region.
Yet they suggested him as a possible contact.
If they weren't using IP address, they were using black magic.
edit: to clarify, i forgot to mention that i had no linkedin connection to my neighbor, afaik he didn't have a linkedin account, he definitely doesn't have one currently. He was sort of a luddite, barely used his computer, and i don't believe we ever emailed each other, or even had each other's email, I just searched my mail and have record of any.
And I very much doubt my neighbor had any obviously traceable connection with the roomate anyway, at most a phone number and received rent through cash or check.