Comment by ColinWright
5 days ago
I used to have a LinkedIn account, a long time ago. To register I created an email address that was unique to LinkedIn, and pretty much unguessable ... certainly not amenable to a dictionary attack.
I ended up deciding that I was getting no value from the account, and I heard unpleasant things about the company, so I deleted the account.
Within hours I started to get spam to that unique email address.
It would be interesting to run a semi-controlled experiment to test whether this was a fluke, or if they leaked, sold, or otherwise lost control of my data. But absolutely I will not trust them with anything I want to keep private.
I do not trust LinkedIn to keep my data secure ... I believe they sold it.
This is a good example of why it's insane that nobody at Mozilla cares that they hire CEOs that have only a LinkedIn page. If you want to visit the website of the Mozilla CEO, you have to create an account and log in. No big deal if it's a CEO of a plastics manufacturing company, but when the mission is fighting against the behavior of companies like LinkedIn, it makes me wonder why Mozilla exists.
The CEO role at Mozilla is unstable. Even if Mozilla didn't require a LinkedIn page, chances are their CEOs would have an up to date account. Also, Mozilla's ARR is mostly their Google partnership.
If you visit the Mozilla website right now, you will see "Break free from big tech — our products put you in control of a safer, more private internet experience."
2 replies →
I don't think Mozilla requires a LinkedIn page. bachmeier is complaining that Mozilla's CEO doesn't have a personal webpage, and only has a LinkedIn page. By not having a personal webpage, and having a LinkedIn page, it appears that Mozilla's CEO doesn't really care about the open web.
It’s hard to be perfect.
The surest sign of incompetence is somebody claiming they are forced into a requirement for perfection when the requirement is simply a basic adherence to virtue
Yes, in the same way it's hard for Tim Cook to not run his company on Windows 11.
Good thing quality isn't binary! It's pretty attainable to at be halfway decent
Remember when LinkedIn was condemned because they copied Gmail’s login page saying “Log in with Google”, then you entered your password, then they retrieved all your contacts, even the bank, the mailing lists, your ex, and spammed the hell out of them, saying things in your name in the style of “You haven’t joined in 5 days, I want you to subscribe” ?
The original version of the LinkedIn mobile app uploaded your personal contacts stored on your smart phone and SIM to their server (to also "invite" them), without requesting user permission.
After that, I never installed it again (but too late), and I bought a second (non-smart) phone.
When I created an account on LinkedIn, a long time ago, I used the web. When it asked if I wanted to invite other people from my list of contacts, I clicked yes. I thought it would let me manually enter some contacts, or at worst, give me a list to choose from, with some kind of permissions prompt. Somehow, it accessed my entire Gmail contact list, and invited them all. My goodness, that was terrifying (I didn't even know it was possible) and embarrassing. Companies are not to be trusted, ever. Especially now, as they've proven for decades they have zero moral compass, and no qualms about abusing people for profit.
WhatsApp infamously did just that.
It vacuumed the contacts and spammed them with "Join me on WhatsApp". One of the reasons for their initial exponential growth.
2 replies →
I don't know how they're still in business after that. They also had a massive data breach at one point.
Because super-majority doesn't really care if the product does what it's intended to in the end.
Do you have a reference with more information on that?
On HN itself: https://www.bloomberg.com/news/articles/2013-09-20/linkedin-...
They used a legit google oauth but with broad rights. They did pull the contact and repeatedly spam them as personal emails. There were lawsuits.
It's all documented on Wikipedia: https://en.wikipedia.org/wiki/LinkedIn#Criticism_and_controv...
I remember boycotting them for many years after that, yes.
Now lots of contact forms (not even necessarily job related!) are treating it as a required field. Pretty distasteful situation.
Linkedin has been breached a lot over time.
But I have such low faith in the platform that I would readily believe that once they think you're not going to continue adding value, they find unpleasant ways to extract the last bit of value that they reserve only for "ex"-users.
> Linkedin has been breached a lot over time.
Yeah but the OP got spam within hours. That would be pretty unlikely to have coincided with a breach.
But LinkedIn probably sold the data, they have a dark pattern maze of privacy settings and most default to ON.
My assumption was that it was an intelligence platform first. Just like Skype, Microsoft decided to randomly buy it.
It amazing really. If you reached out to people and asked them for the information and graph that LinkedIn maintains, most employers would fire them.
There's an entire cottage industry of linkedin scrapers that put a lot of effort into guessing your email address to enable cold outreach.
I'm ashamed to say I worked at one such place for several months.
Apollo is probably the most comprehensive source for this. It's creepy as fuck.
Yes I notice that too. I hide my last name now because at my company it's just firstname.lastname so easy to guess.
It helps a lot but I still get a lot of sales goons. A lot of them follow up constantly too "hey what about that meeting invite I sent you why did you not attend"? My deleted email box is full of them (I instantly block them the minute I get an invite to anything from someone I don't know, and I wish Outlook had the ability to ban the entire origin domain too but it doesn't)
2 replies →
I’m a bit on the fence with this one. Sure, spam is bad, but they also enable you to reach out to somebody outside of the LinkedIn’s walled garden (personally, without automation).
If it enables a tiny startup trying to solve the exact problem I have to reach out to me – I’d say it’s a net positive (but not by a huge margin), and having to blacklist @mongodb.com with their certifications bullshit is a price I’m ready to pay. If more spammers get their hands on this kind of dataset though it’ll probably be a disaster.
1 reply →
> My assumption was that it was an intelligence platform first.
What do you mean by "intelligence platform"?
"Spyware" doesn't quite capture it.
It's "intelligence platform" in the sense that you can gain a ton of information on individuals, organizations, and relationships that drive it all. If you can track how people move and interact between organizations, you can determine who someone is doing business with and even make an educated guess if that's a sale or interview.
I started writing about it almost 20 years ago: https://caseysoftware.com/blog/linkedin-intelligence-part-ii and turned it into a conference presentation called "Shattering Secrets with Social Media"
But there have been numerous proofs of concept over the years: https://en.wikipedia.org/wiki/Robin_Sage
2 replies →
Spyware
LinkedIn has a wild past. I'm surprised that it seems like no one remembers. Scanning users e-mail inboxes, creating fake users, etc.
It's all documented on Wikipedia too: https://en.wikipedia.org/wiki/LinkedIn#Criticism_and_controv...
ofc it's sold. Take a look at this: https://www.rb2b.com/
It identifies users that visit your site and then shows their email, phone number and living place based on their Li profile ;))
rb2b website has an incredibly ironic "we respect your privacy" GPDR banner along the bottom of their landing page.
It’s definitely not a fluke. I was getting between 20 and 30 spam emails per day. Simply out of curiosity I deleted my linkedin account and the spam abated. After a week the spam reduced to a trickle and now after a few months I only get a few spam emails per week. Shortly after discovering that LinkedIn was the problem I deleted Indeed as well. Indeed has a fairly robust data deletion program.
This seems to be exactly the opposite of what I was describing.
While I had a LinkedIn account I was not receiving spam.
When I deleted my account, the spam started, and continues to this day.(+)
(+) Which is not a surprise ... once an email address has been leaked it gets onto lists and the spam will never end.
LinkedIn definitely sells/shares/leaks email address. I'm not sure which but I also have the same problem. I created my account with a unique email I've only used for LI. I occasionally get B2B and recruiter spam sent to that email.
It could be, but I think it's also as likely it was the scrapers treating that as a trigger event of some type. eg you got a job and might have regrets.
I also saw... not sure what to call them, but honeypot friend requests? I used to get regular requests from profiles I didn't recognize with a generic pretty woman (I'd assume stock photography). Since I ignored them, they would re-request on intervals that were exactly 90 or 180 days. I occasionally glanced at them and there seemed to be no rhyme nor reason to their friends. I'd assume this was also some type of scraping, probably for friends-only profile data.
I don't remember where I got this from, but I've heard long ago about a company which TOS stated vehemently that they would never sell the contacts of their customers... Only to sell them once the accounts are closed because, well, technically those were no longer customers.
So maybe that's what happened?
You can replace LinkedIn in your post with every social media etc company and it will ring as true as your current post
A LinkedIn account's sole purpose is publishing, dissemination, and advertising information about you and your company. Anything that you badly want to keep private certainly does not belong there, much like it does not belong to a large roadside billboard.
Otherwise, LinkedIn can be quite useful in searching for a job, researching a company, or getting to know potential coworkers or hires.
Email spam is, to my mind, an inevitability. You should expect waves of spam, no matter what address you use; your email provider should offer reasonable filtering of the spam. Using a unique un-guessable email address, like any security through obscurity, can only get you so far.
You sound like someone that wants to normalize bad behavior. Good luck with that. I would never use a social networking site to find people or jobs. I'm not going to put support behind a entity that doesn't respect privacy and the fact that they are people who don't care, like you, are the problem and why we are in the situation we are in as a country at this point.
I won't call it a social networking site. I'd call it a business-card-exchange site, plus a corporate-flyers-handout site, and of course a self-promotion site.
Selling emails is of course bad, but expecting your email that you give to any big corporation to stay private for a long time is, alas, naïve. I've read the fine print; in most EULAs it includes a ton of clauses about sharing your contacts with a bunch of third parties, etc. LinkedIn, in particular, explicitly says that it may share your contacts with advertising partners.
In other words, if you need to enter this space, wear a hazmat suit, expect no niceties.
1 reply →
This is precisely why I give each website an alias such as website@example.com. If I start receiving spam to that address, I revoke the alias and name and shame the website online whenever I get the chance. Not that I would use LinkedIn anyway.
proxy emails are rejected more and more. Same with google tel numbers. The internet feels more and more like the garbage compactor scene in Star Wars.
How would the website know that it is a "proxy email?" I am using my own domain name and email server, and don't believe I ever received a rejection.
3 replies →
[dead]
> Nobody needs these narcisstic, BS spewing pseudo-networking places.
I mean I got my last job through LinkedIn. I'm currently interviewing at a few places, half of which came from LinkedIn. So I personally clearly do need LinkedIn, unless you want to hire me.