I don't understand why people complain about being contacted by recruiters on LinkedIn. It's your public CV and professional contacts; recruiting is what LinkedIn was designed for!
LinkedIn's business model is that regular people join for free and recruiters pay for an account that lets them contact those people.
Some skeevy recruiters use the "I already know this person" button when they don't, to avoid paying LinkedIn. Because they're breaking the rules of the site, I think it's correct to call them spammers.
The recruiters who contact without lying to do so aren't spammers, since that's indeed a large part of what the site is for, and you agree to such contact when you join. (And I believe you can turn off such contacts in the preferences, though I can't double-check since I just closed my account.)
I agree with the sentiment - but that's not his central complaint. His central complaint is that LinkedIn is encouraging egregiously bad user actions (i.e., handing over 3rd party login credentials to LinkedIn).
I happen to agree, LinkedIn has a greater responsibility to its user base than maximizing conversion on its invite-a-friend feature.
It's one thing to access Contacts via oAuth, where LinkedIn gets no credentials. It's another thing altogether for them to request credentials and login on your behalf.
Even worse, what they're doing is completely unnecessary and probably more work than it should be. They can just request access to your contacts list using one of Google's APIs. Instead they're probably doing something far more complicated, using your email password to get access instead.
Exactly! I get multiple e-mails a week from recruiters on LinkedIn, and it's not hard at all for me to just kindly decline their offer or ignore it all together. I've never understood the stigma against recruiters, and why you would get mad at someone that wanted to try to place you at a job, that just sounds backwards and unappreciative.
I think the frustration doesn't come from recruiters per se, but rather the shotgun-approach recruiters.
I've received many recruiter contacts where the position being pitched does seem to logically connect with the experience and skills on my CV.
And then you receive recruiter contacts where it's obvious they're just machine-gunning in the dark, where the jobs being pitched have zero relation to your skills and experience.
There's also some pretty bad recruiter behavior where, if you reply to the initial contact, you've automatically signed up for a massive increase in the volume of communications they send you. I've even had one recruitment firm sign me up for their goddamn company mailing list just for replying to their initial contact.
There's plenty to dislike about tech recruiting. Targeted, sensible contacts are really just the tip of the ice berg.
It also doesn't seem like they've made any effort to combat this kind of blind spamming. I can't rate the quality of a blind inbound from someone I don't know (which is almost certainly from one of their paying customers.) And I can't see how others have rated that individual's communications in the past. So there's really little incentive for recruiters to be more judicious, and that's going to hurt LinkedIn eventually. (But obviously, those are also it's paying customers and most of us are just bait to attract them.)
We expect quality ratings when interacting on Ebay... shouldn't we get them on LinkedIn, which is just another type of peer-to-peer marketplace? They've created something similar with endorsements (for job seekers) but is there anything similar in terms of recruiters?
The problem is... They are trying to place you at a job and taking a commission by obfuscating the actual salary paid by the company. I've personally hired developers, salaried under big recruiting firms, who were getting shorted 35% of their potential income just for allowing someone with a marketing degree forward over a resume. With demand as high as it is for skill sets in the tech fields... you are foolish to believe they serve any purpose other than spam. Especially when spending an hour or so shotgun emailing your resume personally with a cover letter would net you nearly double the salary.
Alas the core issue in this blog post has nothing to do with the abundance of recruiter contact. Anyone with a Linkedin has already managed to figure out how to manage the difference between spam recruiters and the good guys.
Your comment doesn't make any sense to me. It's in the recruiter's best interest to maximize the salary they get the candidate, so that they can maximize the %-amount of the fill. They want to get the candidate 150K so that the recruiter's 30% cut is 45K. If they only get the candidate $125K, then there fee would only be 37.5K.
Are you confusing recruiting for a job with someone that does body-shop contracting?
"It's in the recruiter's best interest to maximize the salary they get the candidate"
Actually, it's in the recruiter's best interest to maximize the return he gets over all his candidates. If he can place candidates three times as fast by offering them at 50% off their market rate, he makes a bigger total commission.
I'd buy that argument in a buyer's market. But I'm not aware of too many recruiters with a surplus of sourced tech talent right now. And they have to go through a lot of effort to source someone...so I'm going to still stand by my comment that a good recruiter is going to maximize the candidates value.
Edit: I'd also add what tech talent is going to be so unaware of their market value that they'd take 50% of it?
I can appreciate someone who took the time to figure out what my experience adds up to and then share a relevant position they're trying to fill. I've had a few companies first find me on LinkedIn, then they contacted me through email with a more personal message, possibly meaning that they looked around the web to find my email address. This I'm cool with. Depending on how the contact goes, they might follow up on LinkedIn to add to my network.
However, the other 90+% of contact I've received I can't appreciate. I've been involved with the CPython project for a while, and I'm on the Python Software Foundation's board. Seeing that sends some of the shotgun recruiters through the roof, trying to "network" with me by sending me bullshit jobs and asking me to share my local contacts. I used to get plenty of messages like, "hey I have this great Django job that you're a perfect fit for." How is this possible when I've never done more than read the Django tutorial, and nowhere on my profile does it mention Django or any other web frameworks? This is a waste of time.
Recruiters on LinkedIn never want to hire me. They just want to scavenge my connection pool. There's been one exception, Google, and they wanted me to move to California and take a 60% pay cut. LinkedIn lets me see where my coworkers have gone and lets me see what my boss looks like. Otherwise, it's useless.
Recruiters have never once helped me out. In fact, one time a recruiter called me for a job I had quit the previous day! I regard recruiters lower than used car salesmen.
I allowed it to connect to my gmail, hit the uncheck all (for inviting friends) and checked one person. It ended up sending invites to a few hundred people I had only had vague communications with. Apparently "uncheck all" only means for the 10 they're currently showing you. A lot of awkward "do I know you?"'s
Possibly orthogonal to this, but in the context of this site I am much less impressed by LinkedIn having interviewed there about six months ago. Though I thought I did pretty well, I didn't get an offer, but having learned the level of detail and expertise they were asking about and requiring of successful candidates, I can now balance that against what I see on the screen and intuit how bad their project designs are.
Call it sour grapes, but in hindsight it probably would have been a maddening place to work. Each section of the screen you see is built by a separate team with their own attendant functionality, so no matter what team you wind up working with, you're going to be faced with stupid decisions. I just deleted a list of UX problems, but I think we can all come up with our own.
Probably a couple months? They very well may have made it work differently by now, but it wouldn't be much in their benefit to do so (other than to stop people complaining).
Don't most social media sites ask for permission to upload your contacts from elsewhere? The answer (as Nancy Reagan taught us) is to Just Say No.
Yes there is (a lot!) of job-hunting spam on LinkedIn, but when you need a job the spam can help. Even if you don't, it's useful to have a public place with an email address for professional contacts to find you, in case you switch firms.
Yes most sites do ask for permission to upload your contacts, but they do it without needing your password. No need to log in as the user anymore to do this.
Are the similar token-based schemes for non-Gmail services? Seems like OpenID or the like could provide similar functionality to avoid having to provide your actual password to other services so they can look at your inbox.
Being primarily a Gmail user I never realized that LinkedIn will ask for a password directly when it doesn't recognize a service associated with the domain.
The site appears to spend some time trying to do something with the bogus credentials I provided. Now I'm really curious what that something is.
My biggest annoyance with LinkedIn is the Endorsement feature. I have people I barely know endorsing me for skills I barely have. Right now my highest endorsement total is for PostgreSQL. While I'm proficient with Postgres, there's other skills I know way better that only have 1 or 2 endorsements. If a recruiter were to contact me (I'm not looking), I'm assuming it would be for db work. It would be a waste of both their time (to contact me) and mine (to respond and apologize that some of my contacts don't understand my job).
I don't love LinkedIn, but there really isn't any other platform where to keep professional contacts at the moment (at the same level or close). I get their spam from time to time (join groups, free pro-membership for a month) but not a lot of recruiters, which is great.. and I have a lot of professional contacts.
I'm wondering if you might be overlooking the connection gains to bad wording in LinkedIn's part. "Give us your password, it's secure" is pretty dumb language if you tell me. My understanding is that they supply you with the ability to use 3rd party APIs to gather your email contacts from various sources. That is not really giving your password to them -per say-.
No, there was a password input box. Definitely giving them my password per se.
(Someone else noted that Gmail has a contacts API, so if you use Gmail then they can harvest your contacts without actually getting your password. Which is much better, though still kind of rude to your friends.)
Sigh, so LinkedIn is trying to boost their numbers and you didn't fall for it. Good on you! Why the hate? If you want to get a ton of unsolicited links to connect just put 'VP' in your title. Amazing. I've only got two policies on LinkedIn, one I only link to people I actually know and have worked with already, and two I don't allow { recruiters | sourcers | HR } types to link to me after having a bad experience of one of them trolling all my contacts with "Hey I'm working with Chuck and would like information about what you're up to ..." emails.
But a lot of people really dislike the service and I completely support that choice of theirs, but so far I haven't seen a lot of discussion about the service the people wanted when they joined but didn't get. Is it
'view only' (as in I want to view other people but no one
can view me!) or maybe (no contact) as in only my contacts
can email me?
The complaint wasn't about marketing tactics, or about LinkedIn's quality of service. The complaint was specifically about LinkedIn asking for the passwords to their users' email accounts.
As the author points out, LinkedIn doesn't have a very good track record on security, plus giving out your email password isn't a very good practice in any situation. Unfortunately, because of LinkedIn's clout among professionals, many people are unwittingly putting their online identities at risk.
In the end, the author doesn't close his LinkedIn account because of recruiters, but rather as a protest against this bad practice.
I still have to do a double-take when LinkedIn asks me to "login" with my email address and password. I'm already logged in; they mean my email provider's password.
"The complaint was specifically about LinkedIn asking for the passwords to their users' email accounts."
Fair enough. He didn't enter his password, it isn't required to use the service. It is only useful for discovering more people via your contacts (and perhaps to spam them as you, that would be bad).
So they implement a feature poorly. Why the hate? The automatic climate control on my Subaru sucks dead gophers through a hose, but I don't translate the fact that Subaru let an crappy design get of an auxiliary feature get into production with "the car sucks, I'm selling it." Especially if my use of it doesn't require a lot of climate management (which it doesn't in California). I might think differently if the car wouldn't start unless the windows were up and the climate control engaged on automatic, that would cause me to sell it.
You and I are educated enough about web security that we know not to type one site's password into another site.
Many people aren't. Phishing is a real problem.
When "legitimate" sites start doing slimy, insecure things like asking for third-party passwords, three things happen. One, those "legitimate" sites have the power to do things that most users don't really want them to, like spam their entire contact list as them. Two, it becomes harder for unsophisticated users to distinguish legitimate sites from phishing sites. Three, it means that if a criminal breaks into a "legitimate" site, there's more valuable information there for him to steal.
Completely agree, the confusing bit then is the call to action, instead of "Help me educate LinkedIn" its "I'm deleting my account."
Does the author want to fix LinkedIn? Do they want a different service (or the same service done differently?) or a nearly the same service? It is easy to be dismissive of this form of rant, and sometimes that is actually the best response. But if there is something to learn here[1] that would be good too.
I suspect I'm overthinking it and the author was just venting.
[1] I get the 'here is another exemplar of stupid design' thought as well.
He says pretty explicitly why he deleted his account:
> They should know better than to put their marketing plans ahead of their users' security. They're not going to learn about security until it costs them users. So, scratch one user.
I think this is a reasonable justification, and I imagine the point was to get others to do the same.
I've given up on LinkedIn. They had a high-profile breach less than a year ago and they're still doing insecure things like this. Either they don't know or they don't care. So I'm setting the permanent bozo bit on their company.
Do I expect this to accomplish much? Not really. But I'm no longer part of the problem.
LinkedIn is everything I would expect from a social network created by and for enterprise software business types. I don't know anybody who actually likes LinkedIn other than recruiters.
"wouldn't they HAVE to store your email password in plain text?"
No, they would only need to have the plain text for the brief period when they're using your password to log in to your e-mail. So they could store it encrypted in their database and decrypt it when needed.
So why not just send them an email instead of posting a blog post with a link-bait title like "Why I'm leaving X" and then posting it yourself to HN? Am I supposed to help with this cause? Is there a petition? Should I leave linked in immediately because there is a box that you can voluntarily put your password into? Well I guess I'll just add it to the list of "things I need to be outraged about today".
I'm sure they know that what they are doing is slimey. Asking them to change won't have any effect. Hitting them in the wallet is the only influence he has.
I was about to post the same thing. I can't believe they get away with having this feature. If I click a Linkedin link on Google, oops I'm logged in, my viewing history is for sale.
I don't know if anyone noticed this, but LinkedIn didn't store their passwords in plain text. they were stored in SHA1, with no salt, which is as close to plain text as you can get without being plain text, but there is a difference :)
I haven't seen the "Enter password box" and I have a hard time imagining why it would exist. Why would they choose to deal with logging into your email, scraping for email addresses(spawning parallel processes etc), risk blacklisting and (more)user hatred (not to mention trying to prove to google you're not a robot)when there is a perfectly good OAuth(2) protocol/spec that along with good google apis to retrieve this data securely (well: http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell...). I agree its still cheap and tacky but not really nefarious.
I believe this password box is something you only see if they don't recognize your email address as something that they can interact with via OAuth (i.e. Gmail).
I'm very impressed that you actually managed to close your account. Every time I've tried to do that I was sent into some bizarre redirect hell that seemed downright malicious.
LinkedIn seems like a prime example of what happens when you substitute good product design for a series of A/B tested micro-optimisations. The net effect is a shitty product that gets worse and worse...
It's really not practical to stop doing business with every large company with whom you have a disagreement, especially when they are the dominant player in their industry. I'm sure most of us could find a nit to pick with both Apple and Microsoft, not to mention Google.
If you will never need LinkedIn, that's fine. If you might, then you're only hurting yourself.
Because what you consider bad isn't necessarily bad.
Let's take your post at heart, and we'll ignore the part about phishing (ironic, considering your own site's setup).
Your assertion is mostly paranoia, what could happen, and what LinkedIn shouldn't do. LinkedIn should not ask for your email password, despite that being a way to access email. Now, I'm not suggesting you hand over your email password without thought, but you do hand out your email password.
You hand out your email password to any email client you choose to use, with the hope that it doesn't share out that password to anyone else. After all, just as a LinkedIn employee could steal your password, so could a Google or Apple employee as well. I mean, Google even asks for the password to other email accounts if you want to use Gmail for non-Gmail accounts. And let's hope that no browser is tracking anything. It might be open source, but have you checked the source code?
Sounds crazy.
So leave LinkedIn. But really, it's a rant, and not even a good rant at that. And we didn't even talk about glass houses.
It's your assertion that LinkedIn is trying to phish people, when phishing has a very real meaning. If that is phishing, then what you have displayed when someone goes to comment could be considered just as phishy. You have to remember, WordPress is not just an app that you can install, but it's also a hosted service. Your page has the WordPress logo on it, and it's asking to log in. Is someone supposed to use your site's u/p or the WordPress's hosted services credentials.
You don't intend to steal anything, but you could, making you just as guilty as LinkedIn. That is to say, not guilty of anything.
Breaking off the business relationship is another thing altogether - it hurts you much more than it hurts the monopoly provider, and it weakens your ability to influence.
Honestly, LinkedIn wasn't providing me much utility anyway. Recruiter spam plus the occasional question from an ex-cow-orker who could find me with a Google search anyway.
It would be a harder choice if the business in question were providing a more valuable service. If I were a recruiter, or a freelancer who was constantly looking for jobs, then it would be harder to dump LinkedIn. I'd like to think I'd do it anyway on principle, though.
If you use it, and a few in your network use it too, it can be very useful, both to find opportunities and to see who might be available. Most people change jobs every few years, and this is just another data point used to stay informed. If you are a "lifer" somewhere, it is of no use. The level of spam I receive does not seem excessive. The service is free.
I have found it very easy to avoid doing business with LinkedIn. I deleted my account years ago and set up a mail rule such that anything coming from linkedin.com is junk. So far so good.
I have successfully avoided purchasing Apple products for a long time, and aside from a gift, haven't bought Microsoft software for a good decade. Google's not on my boycott list yet, but I won't hesitate to stop using all of their services (beyond that required for work) if I find it morally reprehensible to do otherwise.
Your laziness is not our laziness, and your apathy is not our apathy.
Why I never had LinkedIn. Back in the good old days the only way to prevent it from spamming you on behalf of your friends was creating an account and then unsubscribing from emails.
I had to contact costumer support twice to remove two email addresses from their databases.
Fortunately mass emails or notifications without a single-click unsubscribe button are forbidden now.
If you've used this particular contact system before, you'll know that your e-mail login information won't pass through LinkedIn's servers. A popup from your e-mail provider's server asks you to grant LinkedIn access to your contacts via that provider's APIs.
Facebook also asks for permission to import your email contacts from other providers. For GMX, Skype, mail.ru and "other email service", you need to provide a password. It really depends on whether the target site implemented OAuth, OpenID or etc.
All platforms are like hookers - they are generally offering some in-demand service, you might get a nasty bug, you get what you paid for (or not paid for) and they are not obligated to please you.
So use platform for what it's good for, but do not rely your business on it.
LinkedIn has a new service where they offer to centralize your contact management by importing all your contacts from wherever and giving you one central place to keep track of them.
It may or may not be a good idea, but it isn't phishing.
It may be phishing for a less nefarious cause, but how's the average enduser supposed to know the difference? We need to plant the meme that any site asking for another site's password is always wrong.
You might not like it, but if they're not doing it under false pretenses, it isn't phishing. Now, if they pretended to be gmail and asked for your password, that would be phishing.
Note that I'm not saying it's a good practice, but you need to come up with another name for it than "phishing", because that one's already taken.
Cancel all your social network accounts. Everyone does it. They say they don't store email addresses, technically true but they store a hash of it. They use this data to recommend friends/connections. It can also be used to recommend friends/connections when a new user signups during the signup flow.
I have cancelled two out of two accounts that have tried to phish my email password. (Udacity and now LinkedIn.) "Everyone" certainly does not do it. (I know Facebook does it, but just because the slimiest big company on the web does something doesn't mean it's okay.)
You probably don't. But it's unbelievably narcissistic of you to defend the idea that "regular users" should cancel their accounts just because of an ancillary feature offered by a website.
That's not all they do with your contacts. Were you aware that they use your emails to detect people to send connection requests to? Haven't you wondered where some of those "You may know..." come from?
The main problem with LinkedIn, especially for the HN crowd, is that it’s essentially just go-go-gadget arm for recruiters, who themselves represent a very broken system (http://bit.ly/14gMFnB). Modern recruiting is a horrible mess (http://bit.ly/11Jnnez), so a social network that encourages and magnifies their actions is of course going to produce pretty terrible results.
LinkedIn is a _great_ business development tool. Want to know the name of the person at company X who could use your product? LinkedIn is awesome for that.
But time and time again, the main thing one hears about LinkedIn is the (systemically encouraged) abuse of the system by spammy recruiters, not the ‘business networking’ it should be a haven for.
A significant move away from the traditional recruitment paradigm as a whole is the only thing that will make LinkedIn enjoyable to use. When traditional recruiters aren’t the best way to find talent, LinkedIn will be free to grow and prosper as a business networking community.
We’re trying to solve this problem at Mighty Spring (https://www.mightyspring.com). Whereas on LinkedIn your information is public and ripe for recruiter abuse, Mighty Spring profiles are only visible to the public in a cleansed, anonymous form. Behind the safe walls of our system, our users are free to indicate their career aspirations, explore new opportunities, and accept incoming interview requests (from first party companies only, not agency recruiters). Externally, the profiles are anonymous, so no one even knows you are a member of the community unless you choose to reveal your information specifically to them and accept an interview.
We’re in private beta now, but are already successfully connecting our users with great companies -- all at each user's discretion, of course! We’d love to help all of you solve your problems with LinkedIn, so we’ll live-monitor signups coming from Hacker News and expedite beta invites to all you guys. Definitely let us know if you have feedback or questions. My email is in my profile.
Yes, the URLs were long and unruly to the blog posts, and my natural reaction is to de-clutter. With the down votes, however, sufficient negative feedback has been received to alter this behavior :) That said, it's too late to edit the offending post, unfortunately.
Wow, offering to log into an account that holds contact information in order to retrieve those contacts and automatically invite them to connect with you. I'm glad the innovation will both start and stop here – it's a good thing MySpace never did this. Or Facebook. Or any one of a million other services. I'm not trying to detract from the potential severity of anyone actually going ahead and doing it, but OP, is this seriously the first time you've seen something like this? I'm very surprised.
I think the issue was with it actually asking for the password itself. If it were an OAuth screen he probably wouldn't have blinked. Would I have shaken my head and even MAYBE deleted my account if I were having a bad day? Maybe.
Would I write a blog post about it even if I did? No.
I've seen it once before. Udacity did it to me a few years ago when I signed up for a course, and I closed that account too.
I'm not surprised that MySpace or Facebook does it, but those sites are so transparently bad that I never considered joining them, so it didn't affect me personally.
The only things I supply to LinkedIn are things I would put on a resume and send to strangers. It is a useful service if you can be disciplined about what you share.
LinkedIn sent me an email saying I had a new contact. When I clicked the link in the email, it put me on the LinkedIn site. As an afterthought on the "we added your new connection" page, they tried to phish my email password.
Interestingly, I have received lots of great contacts and work through various sites I use, but never anything through LinkedIn. Different communities gravitate to different channels. For me, I wouldn't miss my LinkedIn account. Though maybe I'm just not trying hard enough.
Can't you do what LinkedIn does with your contacts through some kind of Google universal auth API? Why does LinkedIn actually need my freaking password to view my contacts?
