I am 99% sure LinkedIN used my IP address to match with my second floor neighbor, despite their claims that they would never use IP address as a connection data point.
I was sharing my wifi for a brief period with my neighbors on the second floor. My neighbor had a new room mate. The guy was from another country. He didn't work in the same industry I do. I didn't have any of his contact information anywhere on any of my devices, and afaik, vice versa. We had no formal contact in any fashion, monetary or electronic communication or any other kind of contact other than passing each other in the hall. I didn't even know his name. He's just one of millions of people who live in my region.
Yet they suggested him as a possible contact.
If they weren't using IP address, they were using black magic.
edit:
to clarify, i forgot to mention that i had no linkedin connection to my neighbor, afaik he didn't have a linkedin account, he definitely doesn't have one currently. He was sort of a luddite, barely used his computer, and i don't believe we ever emailed each other, or even had each other's email, I just searched my mail and have record of any.
And I very much doubt my neighbor had any obviously traceable connection with the roomate anyway, at most a phone number and received rent through cash or check.
That's creepy. Different topic: I think the biggest connection business is whatsapp. If a person does not use whatsapp but a friend of that person does, whatsapp knows the person's phone number anyway. If >= 2 whatsapp users have that person's phone number stored with the same name in the contact list, whatsapp even knows the person's name (and other information). With that information they can accurately identify the person's facebook profile. Horror!
Are you connected on LinkedIn with your neighbor? Because if your neighbor was connected with him, that could be how it happened. I think it will show if any of your connections know him (up to 3 hops away), but you might need to visit his profile to see that info (I don’t use LinkedIn often but noticed that feature before).
linkedIn was suggesting people that were using the same wifi network as I was. I thought this was spooky — I could see more info about my hotel guests than they probably realized.
I suspect that information can be obtained in ways other than IP addresses. Close enough to be the same thing, but enough distance to state, “we’re not tracking IP addresses”, and have their lawyers approve.
It may be more complex than that. If both of you were tied into the Social Graph it's possible software on your devices simply knew the two of you were in proximity and for how long. This could be done via Bluetooth by an app like WhatsApp or Facebook, which is known to have sensors installed in urban businesses. But who's to say they didn't just turn your device into a beacon itself using the Physical Web?
> What we also don’t really know here — the DPC doesn’t really address it — is where LinkedIn obtained those 18 million email addresses, and any other related data, in the first place.
Well, one such source of email addresses was me.
When I joined it more than 10 years ago, I was not as privacy aware as I am today. So, upon joining, I uploaded my address book to connect to people who already had a LinkedIn account.
I shortly after realized that they abused it. They sent an invite email to every person that was not on their platform.
I only got to know about it becasue one of my university professors sent me an email saying that she was not interested in joining yet another network. I had to apologize, because I did not expect that to happen.
To this day, LinkedIn still uses that information to suggest new connections to me and to prompt me to invite people that are still not on their platform.
In retrospect, it was a stupid move to upload my address book, but I'm sure I am not the only one that made that mistake, and probably many people still do nowadays.
Right there with you. I had assumed it would just look for folks on the network and give me the option at that point on who to add. Nope. I had folks replying back to me declining invite. I had people in my address book I never wanted to contact again. I finally got LinkedIn to stop retrying people from my list, but I failed to get them to forget my list apparently because, like you, some of these people/addresses are on my recommendation list.
It's worse than that now. If you sign up with Gmail it will request access to view your contacts in the OAuth dialog (and will periodically keep requesting this access if you deny it). So no uploading is even necessary; it's sufficient to be using a big email provider and then accept the nag notices.
It only takes one person in your entire contact list to upload their entire contact list, so that your information gets uploaded to Linkedin/Facebook/Google, etc. It's almost impossible to assert that level of control, so my assumption is that my details including my birthday, address, phone number, place of work, etc, has already been uploaded to all of those service. It's infuriating, but it's a reality since I can't stop one of my contacts from uploading my data.
Their app also periodicacally asks you to upload your phone contact list for them. I'm glad Apple have a clear warning message they obviously can't circumvent because the LinkedIn UI makes it really easy to accidentally trigger it in a few places.
I consulted there years back. Helped them relo to a new building. Dolly in one hand, network layouts in the other. After the relo was done, I transitioned to handling trouble tickets along with other consultants.
After a couple of months, our "leader" grabs me and his lieutenant for a special project. We had done a few of those before, I was up for it. We all went for a ride in one of the company vans. Which have only two seats. My job? Make sure the empty rack in the back of the van didn't fall over.
Dude didn't bother to slow down for a number of speedbumps. He let me go that same Friday.
In retrospect, it is always a stupid idea to extend too much trust, when any trust has not first been earned.
It wasn't stupid of you, not your fault LinkedIn literally impersonated you. The mail it sent out all those years ago was written in your name and as though you had actively crafted and sent it. Anyone who knows your name could have impersonated you. Don't worry about doing something wrong.
A quick google suggests linkedin was sued and reached a class action settlement in exchange for the practice.
LinkedIn is one of the worse dark-pattern based business out there. Their whole business model is based on making connections between people, however unwanted they are.
They use any means necessary to get your contact list and abuse it to spam your contacts with dubious marketing ploys and unverifiable claims (someone looked you up! you're missing on new jobs opportunities!).
Liars.
I've resisted creating an account so far but the pressure to conform is there as you basically "don't exist" without a profile that lazy HR managers can look up.
Reminds me of that mobile popup I always get that tells me to download their mobile app when I'm viewing Linkedin on a mobile phone and I can't move on unless I press something.
> the pressure to conform is there as you basically "don't exist" without a profile that lazy HR managers can look up
I find this is an effective filter for those trying to avoid working for a red-tape-filled, default big corp. The more bureaucracy visible before getting there, the better. For those that explain it away as a bad HR does not make the company bad, if you're good enough to be picky there are good companies that also have good HR.
I feel like they are getting better after the MS acquisition, or maybe I have just dealt with most of their dark pattern dialogues and don't see them anymore
Given that they have been owned by Microsoft for quite some time, how much of their current practice is learned vs inherited? If the latter, why would Microsoft allow this practice to go on?
What I don't get is why Jeff Weiner and Reid Hoffman are never held accountable for their blatant disregard for user privacy despite many lawsuits over the years. Why is their reputation still so in tact even when Zuck/Sandberg's is hurting over the exact same privacy violations? Why is Reid Hoffman today selling a book on "blitzscaling" which is all about achieving hypergrowth at all cost? Could you imagine how tone deaf it would be if it was Zuckerberg who authored that and not Hoffman?
It makes sense to me - public privacy backlash tends to be limited to what they can understand is happening, and for the most part that is only really concerned with what you are actually sharing rather than what they can link to you via metadata and other dark patterns. Hell a lot of that stuff goes over my head too - the general public just isn't aware of how this works behind the scenes.
People put personal stuff on Facebook, and are more guarded about what they put professionally on LinkedIn. People approach LinkedIn as more of more of a two way selling relationship. They have a better feeling they know what they're in for.
It might be because FB is a much more broadly known brand in the world, and regular news outlets like CNN are significantly more likely to go after public faces.
The world knows who Zuck is.
Nobody knows who Weiner is, except in tech.
Even if there were some coverage, it might not get widely picked up, editorial rooms would just think it too narrow.
Also - there needs to be an 'obvious scandal' with legs - like the the Cambridge Scandal literally had that pink-haired guy with many photo ops making a name for himself, it gives a 'face' to the issue.
Maybe this one breaks though, it could get picked up.
Just go to the “people you may know” page and you’ll see dozens of shadow profiles of people who clearly don’t have LinkedIn accounts. Mine shows relatives who I know don’t have accounts — but whose contact info was scraped by LinkedIn during my dumber years when I opted into their “help us connect you by linking your account” bullshit.
Is there a way to request they remove this data? I sure don’t know how.
I brought this up to my mother who has been retired now for about 15 years but somehow still has a linkedin account. She never created one but somehow still had a profile, it freaked me out.
Now all LinkedIn has to do is apologize and work with regulators to make sure this never happens again... thus ensuring no future competitor will have it as easy as they did.
I naively installed the app on my phone, which gave them my phone number. Then I started getting cold calls from people who paid to have access to my number through LinkedIn. I never entered my number anywhere, however the cold callers repeatedly told me they got my information from LinkedIn.
I wish people would remember that LinkedIn is an evil platform created entirely by dark patterns whenever they idolize Reid Hoffman as some sort of business genius.
Of course they did. In an industry full of shady characters, LinkedIn is among the worst. They're proof that dark patterns and other nasty tactics are profitable, and also that if you make enough money, people in the valley will look past how you made it. The fact that Hoffman is enthusiastically welcomed in polite society says something not great about Silicon Valley ethics.
Unrelated but I'd like take this opportunity to write that the "switch to our app" popup on the LinkedIn mobile site is super annoying. It shows up every time I open the site on mobile browser. On several occasions in attempts of closing the popup I've accidentally clicked on advertisements (Promoted posts) or 'liked' someone's post. And then you see more such promoted posts as they think you like them. If anyone from LinkedIn team is reading this - I do not want to install your app. Please store that flag in the cookie.
Having deleted my account months ago, I still keep receiving an email about one particular guy (who I don't know) wanting to become part of my network. I tried their unsubscribe link multiple times, to no avail. First I just didn't want to have an account anymore, now I hate them.
People are talking about how they have a LinkedIn account and how creepy it is when LinkedIn suggests Facebook friends who don’t have LinkedIn accounts, but obscure that information in some way. You think you’re sending a friend (who you mistakenly believe already has a LinkedIn account) a connection request, but really LinkedIn has tricked you into spamming your own friends on LinkedIn’s behalf. This is obviously bad, but I’ve seen much worse.
I first made a LinkedIn account a few years ago because I got an email that my sister wanted to connect on LinkedIn. I’m not into social networks at all, but in the interest of family bonds I clicked the link to make an account and “connect” with her.
So I made the account, and the link in the email must’ve been set up to automatically connect our accounts. But a few days later she emails me that she got my LinkedIn request via email, but she hadn’t yet made an account, and as soon as she made one she’d add me. So this was a tricky spamming strategy in which no one started out with an account, but neither party was aware of that.
TL;DR LinkedIn knew my sister’s email address, my email address, and our connection, and basically tricked both of us into thinking that the other person was already on LinkedIn and wanted to connect. That’s a step beyond what people are talking about here, and is IMO seriously sketchy, unprofessional, and messed up. I don’t think they kept up this practice for very long, but it’s so over the top and beyond the pale that I’m surprised it didn’t result in lawsuits and the entire company being tarnished for decades. Obviously they’ve tarnished their name in plenty of other ways, but the fact that no one talks about this particular practice makes me wonder what other awful stuff they do that most people don’t know about.
LinkedIn's growth, much like Facebook's, can mostly be attributed to the use of its "contact importer," which seems to have been where the 18M email addresses came from. Generally speaking, you should read the fine print when using such "features".
I do see an issue with part of this complaint: storing hashed emails and uploading those to use for targeted advertisements. The general consensus seems to be that even under the draconian rues of the GDPR, a hash of an email is not personally identifiable and therefore that data would not be subject to the GDPR. It appears that the DPC overstepped their bounds on that specific aspect of the investigation.
I'm constantly alarmed by the recommended matches on LinkedIn. I'm also torn by the business community's insistence that this site is a necessary part of networking and any of its practices are therefore beyond scrutiny.
And no, you did not match me to my second cousin "based on my profile." Unless you mean "based on your email address, which is already included in the massive social graph of all address book connections we've harvested from people who know you."
If you have to mislead your users about how you're finding potential connections, maybe you shouldn't be doing that thing in the background, or maybe you shouldn't be so focused on aggressively pushing those connections.
[+] [-] whiddershins|7 years ago|reply
I was sharing my wifi for a brief period with my neighbors on the second floor. My neighbor had a new room mate. The guy was from another country. He didn't work in the same industry I do. I didn't have any of his contact information anywhere on any of my devices, and afaik, vice versa. We had no formal contact in any fashion, monetary or electronic communication or any other kind of contact other than passing each other in the hall. I didn't even know his name. He's just one of millions of people who live in my region.
Yet they suggested him as a possible contact.
If they weren't using IP address, they were using black magic.
edit: to clarify, i forgot to mention that i had no linkedin connection to my neighbor, afaik he didn't have a linkedin account, he definitely doesn't have one currently. He was sort of a luddite, barely used his computer, and i don't believe we ever emailed each other, or even had each other's email, I just searched my mail and have record of any.
And I very much doubt my neighbor had any obviously traceable connection with the roomate anyway, at most a phone number and received rent through cash or check.
[+] [-] I_am_tiberius|7 years ago|reply
[+] [-] shshhdhs|7 years ago|reply
[+] [-] cpeterso|7 years ago|reply
[+] [-] clumsysmurf|7 years ago|reply
[+] [-] ptd|7 years ago|reply
[+] [-] balibebas|7 years ago|reply
[+] [-] fsagx|7 years ago|reply
[+] [-] kbumsik|7 years ago|reply
[+] [-] microcolonel|7 years ago|reply
[deleted]
[+] [-] Pica_soO|7 years ago|reply
[+] [-] willmacdonald|7 years ago|reply
[+] [-] DeusExMachina|7 years ago|reply
Well, one such source of email addresses was me.
When I joined it more than 10 years ago, I was not as privacy aware as I am today. So, upon joining, I uploaded my address book to connect to people who already had a LinkedIn account.
I shortly after realized that they abused it. They sent an invite email to every person that was not on their platform.
I only got to know about it becasue one of my university professors sent me an email saying that she was not interested in joining yet another network. I had to apologize, because I did not expect that to happen.
To this day, LinkedIn still uses that information to suggest new connections to me and to prompt me to invite people that are still not on their platform.
In retrospect, it was a stupid move to upload my address book, but I'm sure I am not the only one that made that mistake, and probably many people still do nowadays.
[+] [-] sethammons|7 years ago|reply
[+] [-] CydeWeys|7 years ago|reply
[+] [-] pfarnsworth|7 years ago|reply
[+] [-] mcintyre1994|7 years ago|reply
[+] [-] p_b_r|7 years ago|reply
After a couple of months, our "leader" grabs me and his lieutenant for a special project. We had done a few of those before, I was up for it. We all went for a ride in one of the company vans. Which have only two seats. My job? Make sure the empty rack in the back of the van didn't fall over.
Dude didn't bother to slow down for a number of speedbumps. He let me go that same Friday.
In retrospect, it is always a stupid idea to extend too much trust, when any trust has not first been earned.
[+] [-] koolhead17|7 years ago|reply
[+] [-] logicallee|7 years ago|reply
A quick google suggests linkedin was sued and reached a class action settlement in exchange for the practice.
[+] [-] Renaud|7 years ago|reply
They use any means necessary to get your contact list and abuse it to spam your contacts with dubious marketing ploys and unverifiable claims (someone looked you up! you're missing on new jobs opportunities!).
Liars.
I've resisted creating an account so far but the pressure to conform is there as you basically "don't exist" without a profile that lazy HR managers can look up.
[+] [-] forkLding|7 years ago|reply
[+] [-] kodablah|7 years ago|reply
I find this is an effective filter for those trying to avoid working for a red-tape-filled, default big corp. The more bureaucracy visible before getting there, the better. For those that explain it away as a bad HR does not make the company bad, if you're good enough to be picky there are good companies that also have good HR.
[+] [-] wodenokoto|7 years ago|reply
[+] [-] otachack|7 years ago|reply
[+] [-] craftyguy|7 years ago|reply
[+] [-] dawhizkid|7 years ago|reply
[+] [-] skrebbel|7 years ago|reply
I have no idea, but the cynic in me says "because Facebook forms a bigger threat to media organizations".
[+] [-] antod|7 years ago|reply
People put personal stuff on Facebook, and are more guarded about what they put professionally on LinkedIn. People approach LinkedIn as more of more of a two way selling relationship. They have a better feeling they know what they're in for.
[+] [-] sonnyblarney|7 years ago|reply
The world knows who Zuck is.
Nobody knows who Weiner is, except in tech.
Even if there were some coverage, it might not get widely picked up, editorial rooms would just think it too narrow.
Also - there needs to be an 'obvious scandal' with legs - like the the Cambridge Scandal literally had that pink-haired guy with many photo ops making a name for himself, it gives a 'face' to the issue.
Maybe this one breaks though, it could get picked up.
[+] [-] yhoiseth|7 years ago|reply
- Fewer users => smaller impact
- Fewer ads => smaller abuse potential
- Users spend less time on LinkedIn
- Users share less personal information
- LinkedIn has other revenue sources than ads, making them less risk-taking in the ads business
- More savvy users
- People don't feel as sorry for professionals as they do for other people
- Fewer/less impactful breaches
- More likeable founders
[+] [-] uptown|7 years ago|reply
Is there a way to request they remove this data? I sure don’t know how.
[+] [-] brickpaste|7 years ago|reply
There you will find an an option to "remove all."
[+] [-] tjoff|7 years ago|reply
Not from no-reply@linkedin... But from your email.
[+] [-] sudovancity|7 years ago|reply
[+] [-] ukulele|7 years ago|reply
[+] [-] Topgamer7|7 years ago|reply
[+] [-] __bjoernd|7 years ago|reply
[+] [-] fbinthrow|7 years ago|reply
[+] [-] SwellJoe|7 years ago|reply
[+] [-] harshulpandav|7 years ago|reply
[+] [-] mkay313|7 years ago|reply
[+] [-] kbad1000|7 years ago|reply
[+] [-] mwfunk|7 years ago|reply
I first made a LinkedIn account a few years ago because I got an email that my sister wanted to connect on LinkedIn. I’m not into social networks at all, but in the interest of family bonds I clicked the link to make an account and “connect” with her.
So I made the account, and the link in the email must’ve been set up to automatically connect our accounts. But a few days later she emails me that she got my LinkedIn request via email, but she hadn’t yet made an account, and as soon as she made one she’d add me. So this was a tricky spamming strategy in which no one started out with an account, but neither party was aware of that.
TL;DR LinkedIn knew my sister’s email address, my email address, and our connection, and basically tricked both of us into thinking that the other person was already on LinkedIn and wanted to connect. That’s a step beyond what people are talking about here, and is IMO seriously sketchy, unprofessional, and messed up. I don’t think they kept up this practice for very long, but it’s so over the top and beyond the pale that I’m surprised it didn’t result in lawsuits and the entire company being tarnished for decades. Obviously they’ve tarnished their name in plenty of other ways, but the fact that no one talks about this particular practice makes me wonder what other awful stuff they do that most people don’t know about.
[+] [-] kevmo|7 years ago|reply
[+] [-] downandout|7 years ago|reply
I do see an issue with part of this complaint: storing hashed emails and uploading those to use for targeted advertisements. The general consensus seems to be that even under the draconian rues of the GDPR, a hash of an email is not personally identifiable and therefore that data would not be subject to the GDPR. It appears that the DPC overstepped their bounds on that specific aspect of the investigation.
[+] [-] Cyclone_|7 years ago|reply
[+] [-] askaboutit|7 years ago|reply
[+] [-] brownbat|7 years ago|reply
And no, you did not match me to my second cousin "based on my profile." Unless you mean "based on your email address, which is already included in the massive social graph of all address book connections we've harvested from people who know you."
If you have to mislead your users about how you're finding potential connections, maybe you shouldn't be doing that thing in the background, or maybe you shouldn't be so focused on aggressively pushing those connections.
[+] [-] peter_retief|7 years ago|reply