I deleted my LinkedIn account some time back, but I still get email like this (copy from actual email, not paraphrased)
Subject: [Freind]'s invitation is awaiting your response
Body: [Friend] would like to connect on LinkedIn. How would you like to respond?
[Photo of friend] Confirm you know [Friend]
... and ...
Subject: Invitation to connect on LinkedIn
Body: [Photo of friend]
[Me],
I'd like to include you in my network to share updates and stay in touch.
- [Friend]
All emails sent from friend's email account, not LinkedIn. I've confirmed with friend that they were completely unaware of this and were quite embarrassed.
Not cool, LinkedIn, and most definitely dishonest.
Creating a LinkedIn account was by far the creepiest thing I've ever experienced when signing up.
I signed up using email address A, and when I signed in I saw suggestions for "people you may know", but it included people I had only every corresponded with via email address B (bear with me here, it gets more interesting...). It wasn't even people any of my contacts know. From what I can tell people I had corresponded with using email address B (which incidentally doesn't even have a real name associated with it) had given their password to LinkedIn (probably via 'find people you know' or whatever). It seems that LinkedIn went through my friends' gmail contacts and one or more of my friends had probably annotated me in their contact list with my actual name. LinkedIn then associated my name with email address B. From that LinkedIn combined it with more info from people who gave them their gmail address and password who I'd only ever corresponded with a few times anonymously via my unnamed address (B, which LinkedIn has now linked with my name).
Net result is "people you may know" including people I had only corresponded with anonymously via email address B with full details of their name and place of work etc. What makes it creepy I used email address B when I tried online dating a few years ago. I used email address B to first get to know people before deciding whether to give them more info about me etc. Now LinkedIn has kindly provided me with the full name and place of employment of the women I chatted to via "people you may know" (I recognised their photos from the dating site from a few years ago) and vice versa (yikes! a great way to wind up getting stalked). The only link between me and "people you may know" is that I corresponded with them via an email address not even associated with my LinkedIn account, and none of my friends or contacts is in any way associated with them. If that isn't creepy I don't know what is.
Probably you already had an account, called a shadow account -- when signing up, you merely asked for your password for a limited access login.
So the primary form of collection that should concern us most is media that spy on us while we use them. Books that watch us read them, music that’s listen to us listen to it. Search boxes that report what we are searching for to whoever is searching for us and doesn’t know us yet.
There is a lot of talk about data coming out of facebook: is it coming to me? is it coming to him? is it coming to them? They want you to think that the threat is data coming out. You should know that the threat is code going in.
For the last 50 years what has been happening in enterprise computing, is the addition of that layer of analytic on top of the datawarehouse that mostly goes in enterprise computing by the name of "business intelligence". what it means is you’ve been building this vast datawarehouses in your company for decade or 2 now you have only information about your own operations your suppliers your competitors, your customers now you want to make that data start to do tricks. By adding it to all the open source data out there in the world, and using it to tell you the answers to questions you didn’t know you had. That’s business intelligence.
The real threat of facebook is the BI layer on top of facebook warehouse. The facebook datewarehouse contains the behavior not just the thinking but also the behavior or somewhere nearing a billion people. The business intelligence layer on top of it which is just all that code they get to run covered by the terms of service that say "they can run any code they want for improvement of the experience". The business intelligence on top of facebook is where every intelligence service of the world wants to go.
Imagine that you are a tiny little secret police organisation in some not very important country. Let’s put ourselves in their position Let’s call them I don’t know what, you know ... "kirghista".
You are a secret police you are in the "people business" secret policing is "people business". You have classes of people that you want you want agents, you want sources you have adversaries, and you have influencables, that is people you torture who are related to adversaries wives, husbands, fathers, daughter you know those people.
So you are looking for classes of people. You don’t know their names, but you know what they are like you know who is recrutable for you as an agent you know who are likely sources, you can give the social characteristics of your adversaries, and once you know your adversaries, you can find the influencables.
So what you want to do is run code inside facebook. It will help you find the people that you want it will show you the people whose behavior and whose social circles tell you that they are what you want by way of agent, sources what their adversaries are and who you can torture to get to them.
So you don’t want data out of facebook the day you have data out of facebook it is dead. You want to put code into facebook and run it there and get the results you want to cooperate.
I think that you just have to assume that every internet interaction you have with any service is tracked, indexed, cross-referenced, and then bought and sold. Possibly as aggregated data, but likely traceable to you if someone were so inclined. To think otherwise is just to believe that somehow human nature has changed. Scott McNealy was right, "You have zero privacy anyway. Get over it."
Same. Cancelled my account a year ago, still getting those emails. The worst part? Actually considering getting a new account, as I've been told by multiple people not having a LinkedIn account is 'suspicious' and that it's costing me job opportunities. Genuinely wishing someone would make a (less evil) LinkedIn-killer. At least for the tech world. Was hoping Stackoverflow Careers would do that, but sadly that hasn't happened.
I've been looking for entry level developer positions as a recent graduate and boy do I hear it repeated so much "Get to me on LinkedIn." "I got my job through LinkedIn". Over and over. I really don't want to create an account either but I suppose I might at some point. Sucks though. Because I get all these e-mails too from people and I've only read somewhat creepy things about LinkedIn.
Why don't you just make a completely empty account with a throwaway email account that tells people not to trust linkedin and pointing them to a place on the web that you control?
I made the mistake of authorizing LinkedIn to fetch contacts from my Gmail account ages ago - atleast 4-5 years back. If you are like me, here is a link to delete the contacts that you have not explicitly added on LinkedIn:
You have to go through every damn letter of the alphabet, and click like 4 different buttons, and wait for 2 page refreshes for each letter. Half the time it doesn't work and you have to refresh the page and try again.
I've gotten through "L" and now their server is giving me errors.
Thank you for this link... I didn't know linkedin had ALL my contacts. And I don't remember linking it to my gmail account at all!
Removed all (530) of them manually. (selecting all give an error).
> All emails sent from friend's email account, not LinkedIn.
Are you sure about this? LinkedIn could just be using the friend's email address as the envelope sender; the email would still be coming from LinkedIn's mail server network.
I'd really love to see the headers of one of these messages.
I think you're correct. Here's the full headers for one of the emails with some added line-breaks to make reading easier. I hope I've redacted enough (someone please tell me if there's stuff here that shoudln't be public)
Delivered-To: [me]
Received: by 10.216.15.83 with SMTP id e61csp34535wee; Sun, 4 Aug 2013 04:14:33 -0700 (PDT)
Received: from maile-fd.linkedin.com (maile-fd.linkedin.com. [199.101.162.92]) by mx.google.com with ESMTP id ck10si13864843pad.187.2013.08.04.04.14.31 for <[me]>; Sun, 04 Aug 2013 04:14:32 -0700 (PDT)
X-Received: by 10.68.135.162 with SMTP id pt2mr17184363pbb.42.1375614872583; Sun, 04 Aug 2013 04:14:32 -0700 (PDT)
Yeah, looks like that's coming from LinkedIn's network. They're probably just setting the From: header to your friend's email address -- which is what will then show up in most email clients as the sender -- and then using the Sender: header to pass SPF.
A little sneaky on their part, but nothing too surprising.
I didn't spot any personal / identifiable information in the headers, you should be OK.
> I'm confident you will find a judge out there that considers this wire fraud.
Eek, I hope not. That would make me and anyone else who's ever written a form-mailer or similar with "-faddress@net.com" or "From: address@net.com" guilty of wire fraud.
> And any email provider should obviously immediately blacklist them. Worse than spam.
I'm a mail provider. I'd like to, but the reality is that a lot of people are on LinkedIn on purpose, and it would be wrong for me to blackhole them just because I don't like them. Fortunately, anybody on my mail system that doesn't like LinkedIn can easily adjust their own SpamAssassin settings right from the webmail interface.
Worse than spam, maybe, but I hope the defense would be able to make a compelling case that using the specification as designed doesn't constitute wire fraud...
This wouldn't be terribly different from (not that I know an example) me sending a letter to friend A and putting friend B as the return address, sending a letter by proxy. Of course in that case, there isn't even a method to see who actually sent the letter, whereas the information on who sent the email is still contained in the email.
Linked in is the only social network that's managed to link me to other people in ways i cannot explain.
An example: I had a real life connection to a trainer, i studied for an industry qualification with him. I had zero online line connections to him. Somehow linked in put us together.
His profile mentioned nothing about taking that course, mine mentioned nothing about attending his course. My work handled all the procurement side of things so he had no access to my email address or anything like that.
In credit to linked in, this guy happened to be the best trainer i'd ever studied with so i was actually pleased to see the recommendation. Still wondered how they managed it though!
Are you sure it was sent through your friend's email servers, or did they just address the From: field as coming from his email address? Check the headers to be sure.
Subject: [Freind]'s invitation is awaiting your response
Body: [Friend] would like to connect on LinkedIn. How would you like to respond?
[Photo of friend] Confirm you know [Friend]
... and ...
Subject: Invitation to connect on LinkedIn
Body: [Photo of friend]
[Me],
I'd like to include you in my network to share updates and stay in touch.
- [Friend]
All emails sent from friend's email account, not LinkedIn. I've confirmed with friend that they were completely unaware of this and were quite embarrassed.
Not cool, LinkedIn, and most definitely dishonest.