
LinkedIn dark patterns, or why your friends keep spamming you to sign up for it - wfunction
https://medium.com/@danrschlosser/linkedin-dark-patterns-3ae726fe1462
======
anilgulecha
Here's a question to HN: if we were to design an alternative to linkedin (for
IT/technical folks), what would be the features you'd want?

I'll start: 1) The ability to go no-opportunities. When you're not looking for
work, you turn this on, and you will not turn up on any search result. 2)
Simple export API, with a guarantee of you having complete say over your data.
You may export as a json anytime, and import into another service. 3) Non-
profit is possible. A resume directory can be run by a few people with a small
revenue. Trying to make a unicorn is what leads to linked-in level shit.

Others?

~~~
vletmixutechre
This entire notion of a professional social network I believe is flawed in
that it is built upon the notion that it would be better to hire someone who
has a smaller degree of separation from you, which makes no sense. I do a fair
amount of interviewing of programmers, and not a single person I work with
could give a damn about anyone's linkedin profile; it's meaningless. I just
find the whole idea to be very shallow, vein, and obtrusive.

~~~
anilgulecha
Should it instead be only a directory of people currently looking for
opportunities. People who find work, take themselves off the directory, and
people who want work add themselves in?

~~~
bsilvereagle
I think you'll end up with primarily new grads in the site with this policy.

If you're employed and discreetly looking for new work and you 'activate' your
profile, now everyone in the office knows you're looking to switch jobs.

~~~
vletmixutechre
Yep, turn on your "I'm looking" flag, or even go and spruce up your profile
and you're outed.

------
austinjp
Another "dark pattern" I recently noticed:

One page (member homepage perhaps) displays a list with the standard "add
these people to your network" and in an absent-minded moment I clicked a few.
Too late, I realised it was a mixed list of LinkedIn members and non-members
extracted from my address book. Existing members, fine, they get an invite to
connect. But non-members no doubt receive a message "from austinjp".

I texted one friend a pre-emptive apology and logged out. I very rarely bother
with LinkedIn, and this is another reason they leave me cold.

~~~
dspillett
_> extracted from my address book_

This is why nothing like linked-in gets anywhere near my address book, and
therefore nowhere near my portable devices because the only way to install the
phone app is to agree to that permission and the site itself is terrible on
mobile.

If you let an app install that asks for permission to read your address book
assume it will one day it _will_ spam everyone in it and if someone in your
address book also uses the app assume that the linking information will be
used for profiling purposes (which means more advertising by one of many
means).

And any who gives a web app their email address & password to access their
mail account to look for contacts (seriously, I know people who have done this
and _damn well should know better_ ) they need a good smack up the back of the
head with the security clue stick.

~~~
redwood
I agree with you and this is a reminder of how critical it is to use a
different password for these accounts and for your email address. Because
LinkedIn put what is essentially a fishing screen in front of you where they
ask you for your email address and password. Now you can very easily have used
your email address to log in to LinkedIn and therefore you can easily assume
this is linked in asking you to relogin. What you don't realize is you're
giving up your email address and email password if they have a good match what
you think you're typing in to login to LinkedIn

~~~
acjohnson55
I fell for this years ago. It's super creepy. I only recently figured out
where to go to delete that data, but I still get creepy suggestions.

~~~
JBReefer
Where do you go? I've hunted around a lot - it's really uncomfortable that
they tell you "nothing is connected" and then recommend people you've dated...

------
0x0
Here's another: Trying to browse slideshare while you are cookied on
linkedin.com will create a _public_ slideshare profile in your name without
you ever signing on for that, and with no UI to remove the profile. I had to
mail customer support (which got back to me a few days later and removed the
unwanted auto-profile).

------
micwawa
Last night I applied for a job, and there was a link that you can click to
allow the website to access your LinkedIn information. I clicked on this. I
usually breeze through this because all these applications just want to access
your basic information. I entered my password and hit enter when I looked at
the screen and realized that I agreed to the following:

iCIMS would like to access some of your LinkedIn info:

YOUR PROFILE OVERVIEW

YOUR FULL PROFILE

YOUR EMAIL ADDRESS

YOUR CONNECTIONS

YOUR CONTACT INFO

NETWORK UPDATES

GROUP DISCUSSIONS

INVITATIONS AND MESSAGES

So I looked up what this meant :

Network Updates - Retrieves and posts updates as you.

Group Discussions - Retrieves and posts group discussions as you.

Invitations and Messages - Sends messages and invitations to connect as you.

So it seems I gave them access to pretty much every feature except the ability
to close my account and/or change the password (which I promptly did.) Woops.

This is a category of dark patterns: have the user click on something that has
been benign the last 20 times they've seen something similar, but this time
isn't.

~~~
leejo
> This is a category of dark patterns: have the user click on something that
> has been benign the last 20 times they've seen something similar, but this
> time isn't.

This is the nature of OAuth, in which the scopes can be different for many
different clients. Not that this makes it any better, you just need to be
aware of it. Slideshare do the same thing when you click download - if you
verify using linkedin they want access to _everything_ on your linked in
profile just so you can download the slides. Ridiculous (even if they're
essentially the same company).

Changing your password here is no good, you need to go to linkedin and then
your account settings, then third party apps and delete whatever it was you
allowed to connect. Despite all the failings of OAuth that's one of the good
features about it, you can actually control the access.

Tip: if you're logging in using OAuth (generally when you get redirected to
another site to confirm) always check the requested scopes and always remove
all the scopes but those essential to the functioning of the calling app/site,
which is usually just access to your e-mail address.If you can't disallow
certain scopes then try logging in using something else, github, facebook,
whatever, and rinse and repeat. If you're still not happy then just signup
with a throw away email.

~~~
micwawa
Thanks. I had quite a few apps in there.

------
notlisted
They tricked me too, despite being very careful on the desktop, one wrong
click on mobile and boom. They're not the only ones either.

Does anyone remember how FB ensured growth? "Import your yahoo/google contacts
to see who is on FB". What they didn't mention is that they would hold on to
the email addresses to notify anyone who signed up that they had friends
already, and exporting your contacts was disabled soon. Despite being
officially dismissed, the "shadow profiles" claim rang true to me too.

Before FB, MySpace was built on spamming the bejesus out of people [1].

[1] [http://gawker.com/199924/myspace-the-business-of-
spam-20-exh...](http://gawker.com/199924/myspace-the-business-of-
spam-20-exhaustive-edition)

------
sherifmansour
LinkedIn: what happens to when you build product by growth hacking everything.

I can just picture hundreds of engineers deploying experiments, looking at
data and concluding all things that move numbers up are a success...
Regardless of how deceiving or confusing the UX might be.

~~~
JustSomeNobody
Engineers or Managers? The engineer are probably only looking at the data to
confirm to the MANAGERS that the numbers are moving up.

------
CrimsnBlade
I read this article, which was very enlightening by the way, and the first
thing I did was go to check and see if I had fallen prey to the dark patterns
of LinkedIn. The first thing I see when I log on is that they're asking, "Add
an extra layer of security to your profile, _add your phone number_ "

Really?? This made me even more uneasy than before. Why would that add
additional security to my profile? Has anyone else seen this on their home
page yet?

~~~
lordCarbonFiber
Do you really have to ask why 2-factor authentication would add security to
your profile? (If so,
[http://lmgtfy.com/?q=2+Factor+Authentication+](http://lmgtfy.com/?q=2+Factor+Authentication+))

Im all for jumping on the bash LinkedIn train, but let's be reasonable here.

~~~
vcarl
Adding a phone number to your account and enabling two factor auth aren't the
same thing in my mind. It might be that I'm paranoid about giving LinkedIn my
info plus bad copy on the prompt, but I had the same reaction as the
grandparent.

------
kennydude
It makes it feel as though they're terrible desperate to get more people using
the thing. Is there actually anything at all positive to using LinkedIn?

~~~
jk563
It led me to 3 different jobs. All three started through LinkedIn
communication. During the resume portion of the processes I used LinkedIn Labs
to generate a resume from my profile (laziness). In some unfortunate
happenstance, it seems the Labs were killed off just yesterday [1].

So, positives are there for me so far.

[1] [http://techcabal.com/2016/02/08/linkedin-has-quietly-
killed-...](http://techcabal.com/2016/02/08/linkedin-has-quietly-killed-off-
labs/)

------
mojuba
Here is where you go when in doubt:

[https://security.google.com/settings/security/permissions](https://security.google.com/settings/security/permissions)

------
cpeterso
I don't like the term "dark patterns" because it's not something that non-
technical users will recognize. Especially in conjunction with user
interfaces, dark pattern sounds like a graphic design term. Something like
"deceptive user interface" is clearer and actually expresses the sliminess of
the intended design. Is there catchy name for "deceptive user interface"?

Also, who are the sociopaths designing and coding these deceptive user
interfaces? Have they no empathy for their users?

------
vletmixutechre
It took half a dozen or so emails to every possible email address I could find
on linkedin's site, but I managed to finally have my personal email address
added to some global do-not-contact list. I have since stopped receiving any
invitations from friends to join. It's really disgusting that they have such
functionality, but do not allow people to be added to such a list on their
own.

------
mwagstaff
Fully agree with the article. Got caught out by the same nasty trick.

Unfortunately, LinkedIn serves a niche in the market for keeping in touch with
ex work colleagues who you don't necessarily know well enough to connect with
on Facebook. And to be fair, it's also a good way of getting a job nowadays.

If someone built a better intentioned, less spammy alternative, I think it
would stand a good chance of succeeding.

------
biot
There was a good discussion on this as part of the LinkedIn stock price 40%
drop:
[https://news.ycombinator.com/item?id=11042278#up_11042899](https://news.ycombinator.com/item?id=11042278#up_11042899)
Many of the comments for the article discussed LinkedIn's dark patterns.

------
llamataboot
If you want to skip directly to removing your address back integrations from
LinkedIn, you can do so at this page:
[https://www.linkedin.com/contacts/manage_sources/](https://www.linkedin.com/contacts/manage_sources/)

------
cpeterso
Linked In asks for your email account's password, but I wouldn't be surprised
if they secretly attempt to log into your email account using your
linkedin.com password, hoping you reuse the same password.

~~~
ginko
How isn't this blatantly illegal?

~~~
albemuth
It was hypothetical

------
joesmo
LinkedIn has become such a joke now, even literally with comedians making fun
of all these LinkedIn invites. Plenty of people who don't know the phrase
'dark pattern' have experienced it and know they've experienced something
truly messed up. I have no doubt this has been reflected in their recent stock
price--rightfully so. I hope this is a lesson to other purveyors of dark
patterns, but I doubt it.

------
swalsh
It seems like there's a lot of momentum towards people wanting a "replacement"
for linkedin... kind of makes me think of the transition from SourceForge (has
always been a spammy hole) to github.

------
chinathrow
LinkedIn is so nice to tell me what idiots of my connections gave them their
mail password to spam me. Can't believe it sometimes.

~~~
shitgoose
if you are so smart, do not keep idiots in your connections.

------
anonymousguy
He quit Linked In but not Facebook because of UI, email messaging, and
privacy.... seriously? I quit Facebook years ago and haven't missed a thing,
while on the other hand my past 3 jobs have all come from (at least
indirectly) Linked In.

