

Four LinkedIn users, including a NYTimes exec, sue service for growth hacking - mcenedella
http://www.mediapost.com/publications/article/209547/linkedin-sued-for-hacking-users-emails.html#axzz2fQZebYdU

======
smtddr
[http://community.linkedin.com/questions/4609/why-is-
linkedin...](http://community.linkedin.com/questions/4609/why-is-linkedin-
automatically-sending-out-invitati.html)

I am pretty positive they're talking about this "awesome" feature. I can't
find the page right now, but there is a debatable "dark pattern" somewhere on
LinkedIn that will lead you connect your personal email's address book to
their service if you're just clicking about & not paying attention. I also
have a suspicion that folks should make sure their LinkedIn password isn't the
same as the password used for the email that signed up for LinkedIn. Despite
the comments in that FAQ I linked, I really don't think LinkedIn is really
hacking anyone or using any javascript-exploit to gain access to their Gmail
account. I think it's just the questionable dark pattern... that I can't find
anymore.

------
yscik
Upon subscribing, you can grant LinkedIn access to Google contacts (via
standard OAuth stuff).

This is then used to find your contacts already on LinkedIn, and then followed
by a page where you can send out invites for your Google contacts. Of course,
if you select everyone and click invite (which is the primary action, but
there is a skip button), invites will be sent out.

An "invite your contacts" dialog then occasionally pops up during site usage,
where you can once again click "sure, send out invites to all my contacts",
but nothing is happening without user consent.

So yeah, growth hacking, but not hacking, like the article suggests.

------
chopin
Does anybody know how LinkedIn accomplishes this? Do they request an OAuth
token from Google (which the user should be aware of) or do they do really a
cross site request if you are logged with Google at the same time?

