
Setting the Record Straight on False Accusations - r0h1n
http://blog.linkedin.com/2013/09/21/setting-the-record-straight-on-false-accusations/
======
molecule
"Who wrote this? Who is Blake Lawit?"

From the inside of a business, it might _seem_ like a proper business behavior
to have the _Senior Director, Litigation at LinkedIn_ publicly address a
class-action lawsuit, but the source doesn't do much to assuage LinkedIn-
users' concerns, and the source's defensive role in the situation could be
interpreted as an indication impropriety.

A response from the CEO, CTO or someone in charge of user experience or user
relations would have been much better if LinkedIn wanted to "(set) the record
straight" w/ their users.

[https://www.linkedin.com/in/blakelawit](https://www.linkedin.com/in/blakelawit)

~~~
mathattack
Agree. The lawyer should draft it, and the chairman or CEO should post it.

------
lawnchair_larry
It seems that this person doesn't understand the difference between getting
permission and tricking the user. If the users also felt that they gave
permission, there would not be a lawsuit.

~~~
droithomme
I agree. For those who understand what is really going on with this issue,
Linked In's response here is infuriating lies and doublespeak that assumes the
reader is either uninformed or ignorant.

------
lifeisstillgood
it's not a legal definition, but it is a marketplace definition:

    
    
      if I give you permission that I did not realise
      or understand, it's not really permission.
    
      if I give you permission to do something, and the
      way you do it is so out of whack with my expectations
      it's not really permission.
    

The lawsuit is about one or both of these happening. neither has any realistic
legal hope without legislation, but that's not the point. LinkedIn, one of the
great professional business hopes for a real revolution in how we find and
work with others, is a spammy marketeer. And worse, they don't realise it.

nb - you don't have to be a spammy marketeer all the time for it to be an
accurate description. just as you don't have to beat your wife every night to
be accurately described as a wife beater. you might think you are being a good
husband tonight - she is just waiting for the next round

a long winded way to say you have lost my trust LinkedIn. One day a viable
alternative will appear and you will discover the meaning of freefall. in the
meantime have my monthly subscription darn it

~~~
lutusp
> it's not a legal definition, but it is a marketplace definition:

> if I give you permission that I did not realise or understand, it's not
> really permission.

Yes, that's true, but it's also true in a legal sense. At least in the U.S.,
if you enter into a contract that includes conditions that no reasonable
person would agree to, those are called "unconscionable" conditions, they have
no force, and therefore the contract has no force.

[http://www.legalmatch.com/law-library/article/what-is-an-
unc...](http://www.legalmatch.com/law-library/article/what-is-an-
unconscionable-contract.html)

Quote: "What is an Unconscionable Contract? An unconscionable contract is one
that is so one-sided that it is unfair to one party and therefore
unenforceable under law. It is a type of contract that leaves one party with
no real, meaningful choice, usually due to major differences in bargaining
power between the parties."

~~~
quanticle
I'm not a lawyer, but I thought most contracts had clauses that said that if
one part of this contract is found to be invalid, the rest of the contract
still holds. In other words, each part of the contract has to be struck down
individually for the whole contract to be struck down.

~~~
lutusp
> I'm not a lawyer, but I thought most contracts had clauses that said that if
> one part of this contract is found to be invalid, the rest of the contract
> still holds.

Yes, one sees that. Unfortunately, a contract that includes such statements,
designed to avoid the consequences of unconscionable terms, are themselves
unconscionable.

My point is that you can't put language into a contract that contradicts
contract law, and the idea of invalidating a contract based on unconscionable
terms, terms no rational person would agree to, is part of contract law.

Just speaking from experience, and IANAL.

------
lutusp
Let me guess -- LinkedIn automatically and surreptitiously "opts you in" to
sharing your email contact list and there's either no meaningful way to opt
out, or the option is buried by people as skilled as those who buried Jimmy
Hoffa, or it doesn't exist at all.

So they now can speak the half-truth that those malcontents who are suing them
didn't find the opt-out option, therefore it was all right to exploit their
contact lists.

One more thing. Given that a lawsuit is pending, it's extremely unwise to
reveal one's defense in advance of the proceedings -- that can only help the
other side. When a lawyer tells you to say nothing publicly about an upcoming
legal action, you really should listen to him. This tells me that LinkedIn
either doesn't have competent counsel, or they're in the habit of ignoring
wise advice.

~~~
abat
They're probably more worried about bad press than the payout for the case.
The class action lawyers only care about their own fees. They'll probably get
a settlement that involves giving some money to some privacy charity rewarding
the lawyers and not actually doing anything to directly benefit the members of
the class action.

~~~
benologist
I think the ramifications are bigger than that - heaps of services want
unrestricted, virtually unaccountable access to our contacts and address books
and quite liberally help themselves to it - like Path earlier this year found
to be uploading everyone's address books to their servers.

A best case scenario for us will greatly limit the way and extent companies
access our data.

~~~
mgkimsal
Some services _give_ it regardless of whether it's asked for - I'm
specifically thinking of facebook here. I've done a couple of prototype apps
with "login with facebook" functionality. Regardless of whether our app
requests it or not, facebook automatically says that we're requesting "access
to friends list" \- that's just one of the minimum levels of things you get,
even if you don't want them, and there's no way to _not_ get it.

------
pbreit
This message rings sort of hollow. First, including "False Accusations" in the
title seems overly defensive. That immediately trips my Spidey senses. Next,
while reading what LinkedIn apparently does NOT do, all I can think is, well,
"what does LinkedIn DO?"

~~~
JanezStupar
They do everything he did not claim.

He never said that they do not show you a form that tricks you into thinking
that you are logging into LinkedIn but in reality you are handing over your
email password.

------
busterarm
Notice how they don't say they aren't logging into people's email accounts at
all?

Why should they be logging into anyone's email account, at all, ever?

This might as well be an admission of guilt.

~~~
cschmidt
They do log into people's email accounts, to see the address book. They are
saying they have permission, and I'm sure they do in a strict, legal sense, if
you read all their TOS.

The issue is that they are trying to get as many people to agree as possible,
so they are being sneaky about it. People don't know what they're going to do,
even though they clicked on a box. Legally correct, yet scummy.

~~~
zeckalpha
So many sites/apps do this sort of thing as "growth hacking". If this goes
through, it will set a precedent allowing for many many other suits. I think
where the line will be drawn is how well were users informed of what they were
consenting to. This will generally improve the quality of ToS, eventually.
Hopefully. It also could potentially kill off the business growth model that a
lot of social sites use to build themselves off others, e.g. Zynga on
Facebook. This is a bigger deal than people are making it.

~~~
DerpDerpDerp
If this gets marked as legal, I'm going in to the business of legally phishing
your passwords.

~~~
zeckalpha
That would violate other laws.

------
nullc
Considering all the apologies I get from people after linked in spams the
everlasting crap out of me and mailing lists I'm on, I'm having a hard time
believing that there isn't _something_ wrong going on there and that Linkedin
doesn't know about it.

I'm not a fan of social networks— but Likedin seems like an actually
reasonable idea... However, I've never made an account there because before I
ever got to it the floods of invites (many clearly not intended) provided
ample evidence to me that this wasn't something that I wanted anything to do
with.

------
rvivek
Not even sure how this is even setting the record straight. Just negating the
assumptions doesn't help anyone. I'm not saying Linkedin is doing anything
wrong but clearly the blog post could have had a deeper analysis.

------
chopin
I'd still like to know whats technically going on. There are bold accusations
in another thread
([https://news.ycombinator.com/item?id=6425444)for](https://news.ycombinator.com/item?id=6425444\)for)
which I do not understand how they are accomplished technically. Both XSRF and
simply OAuth seem possible. The latter can't go on unnoticed, imho.

~~~
msandford
What happens is that when you click on a "This person wants to connect with
you..." link in an email LinkedIn's website connects you automatically. BUT
they throw up a page that looks a HELL OF A LOT like a "you're not logged in
yet page" that has a password form on it which SEEMINGLY prompts you to login
to their site.

What it's actually doing is prompting you to give them your email password so
that they can login and scrape contacts. I know this because I've nearly
fallen for it myself in the last couple of months. Thankfully I have some
internet savvy. The folks who are suing probably saw "please enter a password"
and entered one and just happened to use the same password for LinkedIn as
their email; LinkedIn thus "hacked" their emails.

I think LinkedIn should have to face some heat for this for deceiving people,
though I don't believe what they're doing is technically hacking.

~~~
tonfa
> I don't believe what they're doing is technically hacking

Social engineering is often considered hacking.

~~~
msandford
Yeah I would agree with that. It's "unauthorized access" for nearly all
reasonable definitions of "unauthorized".

I guess when I said "not technically hacking" what I meant was that I don't
believe they're doing XSS or brute-force or SQL injection or something along
those lines.

------
Fourplealis
Well, they didnt explained what have they done to make people angry. Those
invites didnt send themselves.

------
dreen
So upon reading this I went to my LinkedIn to find the settings he is talking
about but I don't see them anywhere. Can anybody help me? Where can I disable
this?

~~~
ZoF
It's in the Terms and Conditions on signup. huehuehue.

In reality I have no idea where this opt-in occurs, nor how to opt-out; I'm
(somewhat)surprised it isn't easily accessible.

~~~
hluska
This makes me want to sign up for another LinkedIn account so that I can try
this out! You're possibly an expert growth hacker...;)

------
rhizome
Note that he does not define who is a member in stating the LinkedIn motto as
"Members First." Something tells me it's not "everyone who has created an
account."

------
3327
I have personally felt the same anger against linkedin. Enough to sign my name
under a class action. They deserve this and I think its justified.

------
throwawaykf02
Some potentially relevant screenshots from the other thread:

[https://news.ycombinator.com/item?id=6427599](https://news.ycombinator.com/item?id=6427599)

------
jmmcd
> We never deceive you by “pretending to be you” in order to access your email
> account.

I literally don't know what "pretending to be you" means.

~~~
gergles
It's a literal quote from the (incredibly poorly written) suit against
LinkedIn.

------
bsullivan01
You "get" permission by tricking users. I am very web-savvy and almost fell
for your tricks, so I hope you have to pay at least a $billion as a message.

(That and clicking on ads on Google and other SE, they make it extremely hard
to distinguish between ads and content. If we had an FTC that stuff would end
after threats of lawsuits and billion dollar fines.)

------
avty
Where there is smoke, there is fire.

