(Update (05/11/13): On May 10th LinkedIn posted this announcement on the LinkedIn blog: "At LinkedIn, we're committed to putting our members first so we want to let you know we're planning to update LinkedIn's Privacy Policy in the next week." Read the full post here.)
At this point I think that any person that joins a free social network is probably aware that nothing is really free. Even though no money changes hands, when you sign up for a social network account a transaction is initiated.
Your personal data in exchange for access to the network. If the social network provides an understanding of how your data is used, and provides clear instructions for using privacy and opt-out features there is little to object to.
You want free services, both parties agree on a payment method and the transaction is completed.
The folks at naked security sum it up this way:
You're really agreeing to sell those organisations the right to accumulate, index, commercialize, and in some cases sell on to third parties, information about who you are, what you do, when you do it, and how you choose to talk about it online. You get to populate the databases from which they make revenue; in return you get to use the service.
In that sense, you aren't so much a user or a customer of most "free" sites. You're really just an informal employee, paid in kind. That's worth remembering.
The level of transparency as to how and when your data is used has been in constant evolution since the Internet was born, but clear examples from recent history include the legal challenges faced by Google and Facebook as they continue to grow. To date, LinkedIn has not met the same strenuous legal challenges as their competitors and this is surprising since they appear to walking down the same path as Facebook and Google.
Facebook had a variety of confusing privacy settings and they have simplified them and made efforts to provide clear explanations about how data is shared on the network. Google has several social media platforms and a while back they consolidated privacy policies and user privacy setting.
Some people objected to this, claiming it actually compromised privacy but if we accept Google's explanation at face value, it seems they are trying to eliminate confusion resulting from different settings on different networks.
I can't really say that Facebook or Google are model citizens when it comes to your privacy, but they do make the relationship clear and offer options that allow you to reduce your exposure and opt-out of certain features. By leaving optional fields like employment and address blank, combined with prudent choices about what you share as comments and posts you can exercise a good bit of control over your exposure.
By comparison, LinkedIn seems stuck in the 90′s with a convoluted system of member privacy settings that offer little documentation to help members understand how to use them properly. You can get an idea of how LinkedIn prioritizes member privacy by looking at where it is placed in the navigation menu. Both Facebook and Google+ have "Privacy" or "Privacy Settings" prominently displayed in the first level of menu selections. On LinkedIn, you must click settings, before you can see Privacy Controls by selecting the Profile tab. This may seem trivial but to me the design of the menu indicates priority, and privacy gets no mention up front.
LinkedIn recently launched a Safety Center. The Safety Center offers advice on external threats like phishing and malware but does not have a section that offers advice on personal security and privacy settings for member accounts.
The section on Identity Protection discusses external threats like email but provides no information about how to protect your identity on LinkedIn or how to manage your privacy settings. If you are trying to find the new Safety Center, you would have to navigate to the Help Center first (under "More"), then you see a link to the Safety Center.
Let's compare LinkedIn, Google+ and Facebook to determine which networks provide the most useful information on managing privacy settings.
- Google+ : Know your Google security and privacy tools.
- Facebook: Privacy - Get the information you need to control your sharing on Facebook.
- LinkedIn: Privacy Policy (revised May 13, 2013)
LinkedIn does have a Privacy Policy, but it's more of a PR/Legal document and it includes some statements that do not appear to be accurate based on how the site actually functions.
Facebook and Google take a beating on privacy issues and they have certainly earned it. Not many people would think of LinkedIn the same way but that's not because LinkedIn has better privacy. It's because LinkedIn just ignores member complaints about stalking, harassment and privacy. They don't talk about it, they don't address it. LinkedIn seems reluctant to tackle any issue that might not reflect well on the LinkedIn brand.
LinkedIn has a tiered privacy system that restricts data visible to members that are not connections, but there are different levels within your "personal network" where your data may be revealed to persons even if they aren't a direct connection. I've never found any documentation that offers a comprehensive breakdown that explains this and it's clear that LinkedIn members find this system confusing.
The Help Center has a page titled "Your Network and Degrees of Connection" but that page does not explain which member activities or profile details are revealed to the different levels. Remember that, depending on your settings you may also be broadcasting changes to your job title, employment, groups you have joined, new connections, etc.
Harassment and Stalking
That issue pales in comparison to serious issues like harassment and stalking. LinkedIn claims to be "world's largest professional network" and the intricate connection system gives members the impression that it's a safe environment. Many people treat LinkedIn like an electronic resume and provide details they would never consider adding to their Facebook page or Google profile. Some members subscribe to paid premium accounts with the presumption this provides better access to customer service.
You would think that LinkedIn would respond quickly to any reports of harassment or stalking and that they would provide members with the tools needed to protect themselves. That is not the case. If you are being harassed or stalked on LinkedIn you have little recourse. In fact, there are no blocking mechanisms available to LinkedIn members at all. Even if you create a support ticket to report harassment you will be told by customer service that they can not block another member from contacting you or viewing your profile.
Here's a response from LinkedIn Customer Service regarding a recent experience of my own:
Unfortunately, you can't block a specific group member from messaging you. You can prevent all group members from sending you messages through the group from the "Your Settings" option in the group's More tab. If you do not share a group and are not connected, they can't contact you, except through InMail or Open Messaging.
In my case, communication was initiated through a LinkedIn group and if you reviewed the page titled: "Your Network and Degrees of Connection" you see that LinkedIn says that fellow group members are considered part of your network. Ok, not a problem I guess if a group member becomes abusive or a stalker joins a group to harass me I can just leave the group and break contact, right? Actually no. Here's another excerpt from the same customer service inquiry.
I'm sorry for the frustration this is causing. If the line of communication was opened while sharing a group, the communication may continue.
Other major social networks have a blocking mechanism, LinkedIn doesn't. Even an appeal to customer service is futile, they basically just put their hands up and say sorry we can't do anything about it. My experience with this issue is minor compared to women who are victims of stalking and harassment that are trying to use LinkedIn professionally, yet find they are completely exposed by the lack of protection LinkedIn offers.
One member points out that the only solution presently available is for her to increase her profile privacy settings to such a degree that it becomes pointless to even have a LinkedIn membership:
I notice many complaints from Women who are often harassed on sites such as this. It is a real issue that should be addressed. Women should not have to worry about someone stalking her without jeopardizing her professional profile. Women in this situation may have to set her privacy so high that it negates the point of this site. Blocking one person would solve that problem. Please reconsider.
As she points out, in many cases the victims know who is stalking them and just want the ability to block a specific member account from viewing their profile or contacting them.
Another member makes this observation:
This is a negligent practice that LinkedIn is conducting. Stalkers have access to your current employer which can give them all kinds of information such as addresses and telephone numbers. I would suggest that LinkedIn make this change. I believe not having this function available is irresponsible on LinkedIn behalf by not recognizing the seriousness of this issue and contributing to possible criminal activities.
There are a number of discussions in the Help Forum that bring up this issue and the complaints aren't just from women who are victims of stalking and harassment. One gentleman offers these thoughts:
LinkedIn is lacking some key privacy features, which is one reason I hardly use this site, and rarely recommend others. Members should easily be able to block messages from any individual member, and also should block profiles from any individual member.
Connection Privacy
One of the features that sets LinkedIn apart from other networks is the amount of control you have over who you connect with and who can connect with you. LinkedIn puts up a number of hurdles to potential contacts, and if you have ever tried to connect with someone you have had to prove to LinkedIn that you know that person. Every time we try to connect with someone, LinkedIn gently reminds us:
Important: Only invite people you know well and who know you.
LinkedIn: Invite to connect
LinkedIn subverts their own system when they present you with "People you may know". You've probably seen this pop up after you accept a connection invite and this screen presents you with the option to send a connection invite to any member displayed through a single mouse click.
This is one method that a complete stranger can use to send you a connection invitation.
Think about that for a minute... you could actually know someone and if you initiate the connection invite, LinkedIn will ask you to prove that you know them. On the other hand, if LinkedIn thinks you may know someone, you can bypass all the useless formalities. I have no idea who most of the people are that are presented during these opportunities, many seem to have no common interest, shared group or demographic. So much for privacy through exclusivity. During these moments, LinkedIn also seems to toss their own advice out the window... "Only invite people you know well and who know you."
Some people have learned the hard way that using LinkedIn to manage contacts is a very bad idea. Here are a few recent examples from the Help Forum:
It seems there are a few issues going on in these discussions and some may be cases where individuals authorized LinkedIn to import contacts and failed to notice an option to send invitations to contacts that aren't on LinkedIn. If you examine the comments closely you will see that many members claim that is not what happened to them.
Linkedin is sending invitations out & accepting invitations on my account to / from people I have never heard of or had any contact with. This is absolutely unacceptable, must be corrected, apologized for, and corrected expediently!
When this happens, LinkedIn will send an invitation to join LinkedIn and two reminder emails.
I have more than 1500 contacts and all my contacts are receiving LinkedIn invites on my behalf, i have received complaints from many of my contact who very pretty upset with this recurrent reminders.
Your business associates and friends that do not have LinkedIn accounts may forgive you for sending a single invitation by accident. We all mess up and they may have done the same thing themselves. I did something similar a while back when I was working on organizing my contacts in Google+ and I sent about 200 people invites to join that network.
The problem is that LinkedIn sends an invitation and two reminders. Your contacts will consider that spam, and they are going to blame you.
This is a blog post about privacy, and you are probably wondering how this invitation issue/glitch pertains to that, right? Well consider the previous information about victims of harassment and stalking as you read this member comment in the discussion titled: "STOP AUTO INVITES"
I have gone on this site because the same thing has just happened to me. Only I didn't realise it had happened until many hours later and now one of the invites I have unwittingly sent has gone to an identity thief whose email address was unbeknown to me still in my hotmail account from 5 years ago. I am terrified that this man, having had access to all my links for most of a day (bearing in mind he accepted of course, no doubt immediately) will do something dreadful to me again. I have to find a way of knowing whether he has sent connection requests to my contacts, if all else fails I will have to close my account too.
Note that you might have contacts in your email address book that you didn't add personally. Depending on settings, addresses could be added to contacts if you reply to them or take other action. Depending on the option you choose, the LinkedIn import connections function may pull contacts from an online webmail account instead of your local email client. Review listed contacts and purge any un-wanted contacts before you use this feature. Example: You may have deleted your ex-boyfriend's email address from Outlook, but he could still be in your contacts online in your Gmail account. If you import those contacts and send him an invitation to join LinkedIn - he may think it's "on" again.
Is this a user error, software glitch, or an intentional breach of trust to exploit member contacts to bring more members to LinkedIn? Before any accusations are leveled at LinkedIn we should review their response to the issue.
There is no response, they appear to be ignoring this issue completely.
I reviewed every page of the discussions linked to above and I could not find one comment by a LinkedIn Help Forum moderator. The Help Forum is a replacement to the Answers forum and for the most part its members helping members so there is no requirement for a moderator to address any issue. Moderators participate in some discussions, offering a link or talking about upcoming features. Sometimes they offer advice or correct mis-information provided by other members. I just want to point out that their assistance is conspicuously absent from these discussions.
Many members have indicated they submitted a support ticket for this issue, and when they could not get a decent answer to their request for help from Customer Service, they joined the member discussion in the Help Forum. You would think that with this many unhappy members LinkedIn would move quickly to resolve the issue and provide clear instructions on managing connection invites.
There is some hope for individuals that authorized LinkedIn to connect to their Gmail account and have caught this issue early on - you can revoke LinkedIn's connection to your Gmail account. Follow these steps to revoke access:
- Log into your Gmail/Google account and select Privacy
- Under "Connected applications and sites" click "Manage access"
- Under "Authorized Access to your Google Account" find LinkedIn and click "Revoke Access"
- Here's the direct link.
Breaking the connection with LinkedIn will stop the second and third round of invites from being sent out if you catch it soon enough. The first round of invites will already be in the email in-boxes of your contacts.
Members can withdraw connection requests but this must be done for each invitation. Members who sent hundreds of requests can submit a support ticket and ask LinkedIn to withdraw the requests but one seasoned member notes that:
If you opt to let LinkedIn Customer Service do the "withdraw" process, bear in mind it now takes LinkedIn Customer Service staffers at least 7-10 days to get to and process any service ticket, and all service tickets are handled on a strict FIFO basis regardless of where the service ticket originates. In the meantime LinkedIn will continue to send out reminders, which are sure to prompt even more recipients to click on the "I Don't Know" option, and that will make it even more likely LinkedIn will restrict your account.
Another serious issue hinted at in that member's comment is that LinkedIn only allows members a lifetime quota of 3,000 invites. To add insult to injury, current LinkedIn members that receive automatically generated invites can select "I don't know this person" as a reply to your invite. The number of "IDK's" you receive is used by LinkedIn as a flag that marks you as a "connection spammer". This is one of the types of spam addressed in the Safety Center.
Privacy in Members Only Groups
There are two types of groups on LinkedIn: Members-Only and Open Groups and LinkedIn states that in members only groups: "Discussions are visible to group members only."
I'll get back to that in a second, first a quick review. We know that when you join a group, other group members are considered part of your network. Discussions you start in open groups can be viewed by anyone on the Internet and can be indexed by search engines. If you're worried about privacy, you should already be well aware of the fact that anything you say in a discussion, comment, or status update on any social network is something that could end up being viewed by anyone. People get fired for the stupid stuff they say on Facebook and Twitter.
If you join a members-only group (sometimes referred to as a closed group) on LinkedIn, you might feel that you have an additional layer of privacy because LinkedIn states that: "Discussions are visible to group members only."
That's not really true because:
- Anyone that is a member of the group, including competitors, your boss, jealous spouse, etc. can just copy/paste your comments to the group. They can also print entire discussions to a PDF file or use their browser print function. You should already know this but some people forget this and LinkedIn doesn't go to any effort to point this out in their information about groups in the Help Center or Safety Center.
- All groups produce an email digest. As a group member you can change you settings to turn off digest emails so that you don't receive them, but they are still available to everyone else. The group owner has no control over this and there is no option in the group administration settings to switch off digests for an entire group. That means that the comment you made about how big an idiot your boss is can be forwarded to him via email in a couple of mouse clicks. It doesn't even matter if your boss isn't on LinkedIn, someone else can just forward the email digest. Maybe you don't talk trash about your boss. Good for you! Maybe you are a member of an industry group and you are discussing company procedures with your peers. Do you realize that your competitors may be listening in on that conversation?
You should be smart enough to think of these things and protect yourself, but I also think that LinkedIn could offer some practical privacy advice in their Safety Center. Why don't they? I don't think that's a priority for them, do you?
Bugs in LinkedIn Cause Privacy Issues
If you're one of the many people annoyed by the fact that other members can view your profile anonymously, here's a glitch that offers a bit of karmic payback to profile stalkers. LinkedIn has a lot of bugs and glitches and if you use the site on a daily basis you probably are no stranger to error messages and features that seem to break for a while then start working again. In the image above you can see that I've clicked the notification flag and it is displaying information on people who have recently viewed my profile. See John on the left? When I click on "Who's viewed your profile" his identity was hidden. It seems that John didn't want me to know he was checking out my profile, but a glitch in the notification system gave him away.
I haven't been able to get this glitch to repeat but I've seen similar issues when navigating the group administration menu. Individuals that had their profile pictures hidden, are revealed under certain circumstances when I review group discussions. Just remember, you might think nobody can see your profile photo, but that doesn't mean a bug in the LinkedIn website won't reveal it anyway.
Overview of LinkedIn Privacy Settings
LinkedIn privacy settings - profile
Most of the privacy settings can be accessed from the Profile tab after you click Settings from the main page. Something to note, you actually have two profiles on LinkedIn. One that LinkedIn members can view, and a public profile. Your public profile can be viewed by anyone on the Internet and may be indexed by search engines so pay close attention to your settings.
Under the Groups, Companies & Applications tab you can review the list of applications connected to your account. Remove any that you do not recognize or that you no longer use.
LinkedIn privacy settings - account
Additional settings are listed under the Account tab. Protect your account with a strong password!
LinkedIn privacy settings - https
Under the Account tab you will also find the setting to enable HTTPS access. If you access LinkedIn on a laptop over a wi-fi network you need to have this enabled. In fact, there really isn't any reason I can come up with to not have this enabled so just do it.
Groups - display icon
If you're worried about stalking or harassment you might also want to turn off group logos that are displayed on your profile. Remember that according to LinkedIn, fellow group members are considered part of your network so a stalker could just look at what groups you're a member of, then join them to send harassing messages to you.
Remember my experience with customer service? Once someone initiates contact through a group, you can't break that contact even if you leave the group. And... there is no block function so if you're worried about stalkers, hide your groups. You have to change that setting in each group you are a member of. The group logo is visible by default when you join a new group so remember to turn it off.
Wouldn't it be nice if all of those privacy settings were organized on a single page?
Wouldn't it be nice if the Safety Center explained how they work? Some settings offer no explanation of what they do or how they impact your privacy. Take a look at "Turn on/off data sharing with 3rd party applications" under the groups tab. What does that do? It sounds important doesn't it? Should I have to go digging around in the Help Forum or create a Customer Service ticket to ask what a profile setting does?
Thanks for reading through to the end. Your comments are welcome