

Anyone can change your email subscription on LinkedIn without  your approval - ytbryan
http://ytbryan.com/linkedout-your-private-data-in-public/

======
tedchs
The post did not say it actually worked, only that he was able to see a
different email address on the page. Did a clickthrough actually succeed for a
different email address?

~~~
thomc
I tried it on my account, you get the confirmation that it has changed, but
when I logged in it hadn't actually changed the setting. Perhaps one of the
URL params is a token, CRC or hash of the email which ensures you need the
correct values for the email you are changing.

------
fibbery
Is this really that big of a deal? If it's a choice between allowing anyone to
unsubscribe someone (low annoyance factor and rare) versus requiring that all
users who wish to unsubscribe log in (annoying and possible can spam
violation),then it makes sense to choose the latter.

~~~
givehimagun
I think people completely forget the CAN SPAM act. It really does enforce
companies to make unsubscribing easy and accessible (ie no logins).

[http://www.fcc.gov/guides/spam-unwanted-text-messages-and-
em...](http://www.fcc.gov/guides/spam-unwanted-text-messages-and-email)

------
ytbryan
TL;DR: LinkedIn email subscription uses no auth token. This means that anyone
can manipulate your email subscription without your approval.

What do you think?

------
pashabitz
Wait, is it possible to subscribe without authentitaction, or only
unsubscribe?

