Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: LinkedIn got my Google Contacts – how do they do that?
47 points by tlogan on May 5, 2017 | hide | past | favorite | 18 comments
Today, LinkedIn listed a large number people from my Google Contacts and asked me whether I wanted to connect to them. I double checked and I never had LinkedIn authorized to access my Google Contacts. And my Gmail password is different from LinkedIn password.

It is interesting that list is not the exact copy of Google Contacts but it is quite similar.

This post is not to complain but to understand what kind of voodoo LinkedIn is using to get users Google Contacts.

It's not required for you to give LinkedIn access to your contacts for them to know you're connected with someone else.

* Your friend may have given LinkedIn access to their contacts and now LinkedIn will start spamming you to connect with them.

* You have a friend-a and friend-b who both gave LinkedIn access to their contacts. You're in friend-a's contacts but not in friend-b's. LinkedIn can assume there's higher than random chance that you know friend-b. LinkedIn will probably try to spam both of you to connect with one another. Why not, right?

* You have a friend-a and friend-b and friend-c who all gave LinkedIn access to their contacts and you're on all 3 but none of them are in each others. LinkedIn will probably try and spam all 4 of you to add each other.

There's prolly plenty more and a team at LinkedIn focusing on just this. Anyone else care to add clever ways to infer connections?

I was the PM for this at Twitter. You pretty much nailed it. The straight Address Book algorithms are Reverse Address Book (your #1) and Strong-ties prediction (your #2 and #3).

LinkedIn for sure also uses common groups (schools, workplaces, interests, etc), and geolocation in their recos. There's also sneakier signals like app graph and browsing history, though in my experience those were more useful for content recos than people recos.

Do big companies buy 3rd party databases that they can cross link data or is it easier to build your own with linkedin patterns?

They would if they could and it was clean/legal. But there are very few purchasable databases that make a dent at Twitter or LinkedIn scale.

This line of thinking was behind the original motivation for Digits (part of the Fabric SDK). Get developers to collect Address Books for us, in return they get a free SMS-based verification service.

also leave out syncing your android device to linkedin by using the android app and not paying close attention. won't have any visible contacts access online.

Some of these people may have allowed LinkedIn to scan _their_ contacts and you were one of them.

Other commenters mentioned it could have been constructed in the reverse direction.

But, they did have some dark patterns you might have missed: https://medium.com/@danrschlosser/linkedin-dark-patterns-3ae...

I think I figured out this. I'm occasionally using outlook on my iPhone to access my Gmail. And Microsoft owns LinkedIn so this makes complete sense ...

You must have unwittingly opted in at some point. Linkedin is really scammy when it comes to harvesting people's contacts and sending nonstop notifications. They prompt you to add all your device and email contacts at every chance they get.

They can use other people's contact lists (users on LinkedIn who shared their contacts) and you surely will be on some of them.

Also their definition of "google contacts" is extremely broad. During the time I allowed LinkedIn access to gmail contacts, I suddenly noticed a ton of my neighbors in my building being suggested to connect to. People I never had any direct mail conversations with. Turns out our tenant mailing list was sent out once by accident as CC vs BCC, so it seems even the CC field contents count as "contacts".

I gave LinkedIn access to my contacts. What they also did was to send an email referencing every sender email I use (and I use several dozen all from our corporate domain), effectively spaming new and existing contacts with the same request. They also seem to have sent emails to any email that's ever been on a thread... won't be doing that again...

CyanogenMod/Lineage Android roms have a nice feature called privacy guard. I always use it on all social media apps because I know they pull my contacts and upload them.

The feature basically just gives back empty results when the app tries to access, I wish it just fed it back garbage made up accounts.

Outlook has a connector to LinkedIn that can get mysteriously enabled.

They got my contacts because several years ago my Android phone upgraded to a new version that had removed the privacy guard feature. OTA, never again.

Also, considering that bit about unroll.me that came out recently, are there any (non-linked-in) apps that you've authorized to see your contacts? Those services may have sold your address book to LinkedIn.

Don't use what you don't trust

well, you're right.

i guess i should start on that m32u4 assembly emacs clone

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact