Hacker News new | past | comments | ask | show | jobs | submit login
Tell HN: Banned from LinkedIn for Reporting Wickr Drug Spam
667 points by silent_speech on June 16, 2022 | hide | past | favorite | 237 comments
It made the news recently that Wickr (Amazon owned E2EE chat app) is full of illegal imagery.

I read about this on my LinkedIn feed then decided to search for "Wickr" there to see who else was talking about this. The search returned dozens of spam messages offering drugs in Asia and the US with information to contact on Wickr for price.

I reported these drug spam posts to LinkedIn - which is supposedly an anonymous report.

Next day I got a flood of reports on my own comments (nothing to do with that topic), so many I didn't bother to appeal as I had other things to do. Few hours later my account was down.

Seems that for retaliation the drug network decided to find me out and use their accounts to subvert LinkedIn's policy and ensure I can't stop their spam. They have new spam up now while my account is gone.

No good deed goes unpunished I guess.




I recommend filing a report with the Microsoft Security Response Center, especially in light that a malicious party may now have information on you, and as people below pointed out there may be (1) risk of Doxing, and/or (2) there are some suggestions that Microsoft (LinkedIn) employees may be compromised.

https://www.microsoft.com/en-us/msrc (Report an Issue)


I recommend we let LinkedIn implode under the weight of useless spam and indifferent ownership.

Network directly with engineers where they spend time online. Not recruiters in purpose built HR portals.


This is probably a good case to remind people: You ("engineers who want to network") are a small fraction of the LinkedIn userbase. You cannot begin to accurately grok how the vast majority of users use and feel about LinkedIn. Your opinions are valid (and I share them fully). But be careful not to assume that the way _you_ interact with LinkedIn is universally shared.


Who are the predominant users of LinkedIn then? Marketing mostly, or is it recruiters? Startup founders? How do you measure "activity" in this scenario - is it public postings or are we including the private messages that people send about jobs?

I see a lot of useless posts end up on my feed - self congratulations and a lot of what equates to a press release for some product - but those have to target a user base of some kind that isn't there to just do that or it ends up being bots talking to bots (effectively), which is arguably bad for the company (e.g. bad for their valuation).

Seems like the largest userbase are mid-career white collar workers, even if they don't make up the majority (or even a plurality) of the public posts/interactions happening.

Similar to a gacha mobile game you need some minimum amount of userbase to create the environment where "whales" will be encouraged to engage with their money - in this case that's advertising revenue through sponsored posts and premium accounts.


Every college student in the world has a LinkedIn account, whether they want one or not. That's a gigantic userbase of engaged users.


That seems unlikely, given that any EU institution unnecessarily sharing personal details with LinkedIn would be breaking the law.


Users. Not necessarily engaged. Anecdotally, nobody I've ever known uses LinkedIn unless they're job-hunting.


Good points, but I would suggest that just because the swamp-dwellers like it that way, does not mean it isn't a swamp.

I very much minimize my time there, because it is the spammiest, clingiest "social" network I've tried. I abandoned Facebook too, but there is at least marginal usefulness on LI, so I log in periodically.

I'd say that those who engage most are either directly recruiting or marketing, or self-annointed "thought leaders". At least the recruiters are unashamed in their role there. I cringe most at the thought leader types who apply the term to themselves. Like "hacker" or "guru", the term should usually be given by other people.


Generally most people don't even get messaged at all on LinkedIn.

One CEO I know mentioned they only hire recruiters for engineers. Other slots are filled in other ways. Some are with job posts, others might be with referrals.

Another mentioned that engineers are like gold. A valuable commodity that's mineable via a process, enough of a commodity that everyone agrees on value.


Yes the language is intentionally constrained to “network with other engineers.”

Thanks, I guess, for suggesting I keep a perspective I already had in mind (as evidenced by the constrained choice of words).


> Network directly with engineers where they spend time online

Where would that be? I wouldn't recommend HN for networking purposes.


Forums and chat rooms related to technologies you have experience with, want to learn. Slack and Discord have quite a few.

Some like to complain about projects using Slack or Discord because they’re not open and can’t be archived publicly but really who is pulling value from old IRC logs today? Nostalgic lizard brain is all that is.


> Some like to complain about projects using Slack or Discord because they’re not open and can’t be archived publicly but really who is pulling value from old IRC logs today?

When projects use Slack or Discord (or, for that matter, IRC) as their primary support channel it becomes a lot more painful to search online for solutions to problems.


TeamBlind


Discourse on Blind makes HN look like the Athenian Assembly.


Agreed. Still beats vapid LinkedIn feed.


Yes. I have to ruthlessly prune anyone who reposts chaff... which is sadly a non-trivial number of individuals.


I tend to agree with this.

Spending time reporting issues and care-taking Microsoft is a waste of time.

Don't bother doing things for Microsoft that Microsoft is perfectly capable of doing itself. Nothing is stopping Microsoft from solving problems like this themselves. They don't give a shit.

If Microsoft had not acquired LinkedIn in 2016, it might still be led by people whose lives depended on the health and integrity of the site. Microsoft effectively poisoned Linkedin.


I wonder whether by compromised you mean:

1. compromised in the spy movie sense of them voluntarily passing information to the scammers (potentially for money)

2. compromised in the IT security sense of their accounts or computers having been hacked

3. some superset of 1. and 2.


> in the spy movie sense

It’s not just in the movies.

https://krebsonsecurity.com/2022/03/a-closer-look-at-the-lap...

> Microsoft says LAPSUS$ — which it boringly calls “DEV-0537” — mostly gains illicit access to targets via “social engineering.” This involves bribing or tricking employees at the target organization or at its myriad partners, such as customer support call centers and help desks.

> “Microsoft found instances where the group successfully gained access to target organizations through recruited employees (or employees of their suppliers or business partners),” Microsoft wrote.


Recruited employees?

Or people they unknowingly hired?

Small distinction?


It's not a small distinction. An organization deliberately trying to inject an asset into your company to do X or Y is a different problem to solve than an existing employee who was coopted. And the co opted case has a different problem in one motivated by gain vs one motivated by threats agains them.


Recruited to join in the scheme against their employer.


Probably simpler than both of those, more as in - there are allegations/comments suggesting that there may be individuals holding trusted positions who may not be as trustworthy as one would hope (based on the potential pathways by which malicious parties may have identified the OP).

Insider threat is still a significant concern to companies, and were one representing Microsoft one might want to at least take a peek at what happened and make sure nothing untoward is occurring.

Standard Disclaimers apply. I am not a Microsofty, nor do I play one on TV. Objects in the mirror may be closer than they appear.


My primary take-home from having DOD/DOE security clearances, and having to sit through historical case studies every 3 months about security breaches, is that every DOD/DOE security lapses and espionage event in history were "trusted insiders" doing the deed.

Physical security was long ago solved by pre-20th century tech like locks and security guards. No, it was always a trusted insider. There's no reason to assume that is any different with social media companies.


I’m not sure I understand the value of reporting this to Microsoft? Wouldn’t it be better to submit an online tip to law enforcement? Is Microsoft doing law enforcement activity now?


LinkedIn is a Microsoft product, so they would have the ability and interest in understanding what broke here.


What broke is probably their internal trust..


It's the "probably" that they want to investigate and try to get to a "almost certainly"


As huhwat said - LinkedIn is part of Microsoft now. As such it is within the auspices of the MSRC


[flagged]


Not OP, but if you are from LinkedIn or affiliated in any way I hope you understand the apperance of you as a fresh account with 2 karma just inquiring for the case # must seem odd and not entirely legit. In any case, it raises a set of red flags for me.


80 days ago isn't new enough to be unduly alarming, surely?


Certainly old enough to know that HN doesn't have DM capability unless it's a spam account.


There's no DM on HN.


Do it anyway! :P


Highly strange post here.


I wonder if more those accounts have pro and can see you viewed them recently, probably multiple accounts are owned by the same groups so when they get a report on a bunch of posts they simple map "who looked at both profiles".


They don't even need LinkedIn Pro btw, they just have to turn Private Mode off.

If you let other people see that you viewed their profile then LinkedIn will let you see who viewed your profile.

So yeah your theory seems most likely unless OP had Private Mode turned on for his profile (then they wouldn't be able to see that he saw their profile regardless of whether or not they have LinkedIn Pro).


My ESTA ran out shortly after covid started, and I didn't renew it until Febuary this year.

Shortly after putting in for it, my linkedin reported I had a visit from a "Law Enforcement professional from the Washington-Baltimore area", which I thought was amusing.


I want to know what they're looking for that could get them to reject the ESTA...? If writing "illegal drug salesman" as your profession gets your ESTA application blocked, then there is nothing to stop some stranger setting up a fake linkedin profile with the same.


It may be simpler than that, one cause of rejection is you working in the US while not allowed. I keep hearing about people that get busted (most by the time they are reaching customs) by pictures or messages on their social media accounts showing that they worked (even just helping family) while in US on tourist visas.


So when I find my rival is visiting the USA, I can set up a linkedin with his name on and write "Working in Seattle for a few months as a plumber. $$$ is good here!".

And they'll be arrested?


I am not a lawyer but that could well be a federal felony.

Maybe you can prove them in person it is not your account, but that mean you would have to get a real visa not an ESTA.


Are ESTAs the one where applicants have to list their own social media accounts, or am I thinking of something else? Last time I went to the US was 2018, so even if I remember right, things may have changed.


I went in 2021, and I had to fill in social media accounts, they didn't say to which sites so I listed a whole bunch of them.


I just got my ESTA a week ago, there is a section where they ask for your social media aliases but it's optional and can be left empty. I did so and had no issues.


I left LinkedIn years ago when I realized they were co-opting my ability to link to external articles by creating there own framework to attempt to get all their users to post updates strictly on there own platform.

This Linux journal article talks about how we are losing our freedom of expression and one of these areas are the war on hyperlinks: https://www.linuxjournal.com/content/whats-our-next-fight

Support social networking sites that don't try to lock you into there ecosystem by making communication less free.


Isn't that a bug? If you report someone,the person should not be able to see who reported them, right??


Technically they aren’t. Like when you visit a site, other sites cannot, oh wait…


> If you let other people see that you viewed their profile then LinkedIn will let you see who viewed your profile.

Not if the viewer has Private Mode on. Having Private Mode off for yourself is not sufficient to see who viewed your profile.


All this counter-intuitive crap is why I don't ever even open LinkedIn.


I had LinkedIn until October 2021.

A colleague was leaving, and I'd been asked to go around the team of 200 people, gathering farewell greetings. Another work project at the same time was the software language translations for our product.

I manually trimmed the list of 200 colleagues down to 70 "international" names. Then I manually searched for each colleague on Google, and clicked the first link. Usually that was Facebook or LinkedIn.

I manually viewed 55 LinkedIn profiles over the course of 2 hours, and copy-pasted out only their "spoken language" field.

LinkedIn proceeded to block my account. "Your account has violated the LinkedIn User Agreement and Professional Community Policies. Due to the number and/or the severity of these violations, this account has been permanently restricted."

Politely explaining the situation to several customer service agents [Case: 211020-004202] didn't help. Had I been warned about viewing too many profiles too quickly, I'd certainly have slowed down! My actions weren't automated. I'd rather return to their online community and make this a learning experience, if possible.

Being unable to use LinkedIn may affect my future career prospects, but I feel powerless to change it at this stage.


> I manually viewed 55 LinkedIn profiles over the course of 2 hours, and copy-pasted out only their "spoken language" field.

It sounds insane, but I suspect what tripped their heuristic was not so much looking at a lot of profiles but not messsaging any of them within LinkedIn's messaging system, which is their use-case for making money (recruiter/journalist/hiring manager/etc.) So your browsing behavior appears to LI's heuristics either like a scraper or a legit user who isn't likely to convert into a paying customer, and they simply don't care which you are (whatever the TOS might allow).

I'm shocked LI's heuristics are that bad. I recommend you post your issue here (suitably anonymized) as a separate thread (link from here), and I expect it'll get upvoted.


Banned for a rate limit what the hell ...


Why do you consider yourself unable to use LinkedIn? Create a new account with a new email.


I never thought I would say this but LinkedIn seems to have gone even further downhill than it was a few years ago. You know things are bad when even the low end recruiters seem to have left the platform. These days 90% of the contacts/connect requests I receive are from dodgy pension "advisors" trying to get their hands on my pension pot cash.


Further downhill than secretly installing an IMAP proxy on your phone and hijacking all your email to go through it in a way that destroyed all TLS security to your real mail server? Impressive...


That is a separate, standalone app, not the regular LinkedIn app


This doesn't excuse the fact that the company did this.


wait what?


I hadn’t heard of this either, but incredibly it turns out to be true: https://engineering.linkedin.com/mobile/linkedin-intro-doing...


Though, I was thinking that same sort of technology might come in handy for people that wanted to have encrypted email, without having to use a special encrypted email app: proxy through an app that did the encryption and decryption, but didn't store anything.


https://jordan-wright.com/blog/2013/10/26/phishing-with-link...


Yeah [1], and that's not even mentioning that the motivation behind those questionable "engineering" decisions was to be able to read and modify all your emails, helpfully injecting linkedin content into them.

[1] https://threatpost.com/linkedin-intro-app-equivalent-to-man-...


No I must admit that is even lower than I thought they were capable of , yet somehow doesn't surprise me.


Not directly related, whenever I get a new connection request, it is hard to tell if a person is real. Particularly if I don't know them first hand. The job history can be fake and profile photo generated by some GAN. It sucks but yeah, then later on they pitch something to you.


Why would you consider a connection from somebody you have not worked with?


I was early on a team that was > 100 people when I left years ago There's lots of assymetric memories of relationships, especially for people that joined in my last 6-12 months.

I'm sure a GAN picture that looked like a strong team member with a close-but-not-the-same name and lots of connections to people I knew well would fool me.

Also, the cost to me incorrectly friending such a person is much lower than missing a strong hire or new job opportunity.

Edit: Also, as someone hiring, you can't even reasonably ban people for this stuff. Some crappy recruiter database integration startup occasionally merges me with a coworoker, then spams out the fake profile. I've had my own company try to poach me before.


Linkedin should randomly send people made-up requests. They could collect statistics on the gullibility or neediness of the person and sell it!


Yeah it's a good question, most of mine are direct or recruiters. You have someone with "franchise" in their title, guess what... you get pitched a franchise. Idk what I was thinking.

edit: part of it in my rationale is "being nice" but yeah I mostly use LinkedIn to get a job


Recruiters typically have pro memberships meaning they can message you directly without being connected to you.


Yeah I mean I'm not searching for them, they're asking to connect to me

edit: ratio is about 25% recruiters

was interesting though I recently accepted a new role and out of the 30+ talks in a month about 95%+ were LinkedIn. The conversion for me was 10% actual interview phase, then where I actually got a job was Hired. -- some jobs wrong tech or I was not qualified for


LinkedIn is replete with fake accounts. Look at the array of bimboes lined up down the right side of the page at any given moment, all "recruiters."


Yes I'm seeing those as well. The pictures are just a little to perfect & the job history non existent.


Remember that huge hack that started when that person accepted a LinkedIn request. I forgot which hack it was.


wait what?


I could be wrong, but I think the story was contained here [0], where a chilean programmer was targeted through a LinkedIn face account set by north korean hackers.

[0] https://www.newyorker.com/magazine/2021/04/26/the-incredible...


There was also "Operation Socialist" [1] where the UK's GCHQ with the aid of the NSA hacked Belgacom, via phishing linkedin emails. Darknet Diaries also had an episode on it.

[1] https://en.wikipedia.org/wiki/Operation_Socialist


I think this is the one. I read it in Darknet Diaries too but I thought it was a Chinese hacker.


Where else do you think people are going for informal networking / keeping up with old contacts?

(Ie just the messaging part)


I moderate a few subreddits over on Reddit and spam purporting to be offers for black market drugs of abuse which use messaging services like Wickr & Telegram have been a problem for years.

Worse, it's shockingly difficult to convince the site admins of Reddit to decisively act on this sort of content, even though it's explicitly against their site-wide policies. I suppose this is probably the case for every site which hosts user submitted content and an upper management focused on easily produced metrics like "number of posts & comments per time unit".


I am a PM with LinkedIn. DM me and I can try to funnel this to the right channels. I'll be the first to say that there are a lot of problems with LinkedIn, but the company's "heart" is generally in the right place.


Why are you recommending private support channels? Shouldn't OP use your regular customer support channels?


Private support channels just speed things up, because you can directly go to the right teams/people. A large, distributed workforce working on large, complicated web applications means escalation channels get murky.

Front line support is unlikely to be able to help you here. This doesn't seem like a particularly common occurrence. Here's how things typically go with weird cases like this:

1.) Support agent gets the case and says 'Uh, what do I do with this?' Escalation to team lead. 2.) Team lead reviews case and doesn't know what to do. Team lead escalates to manager. 4.) Manager reviews the case and tries to figure out the right team to send this to 5.) Manager sends it to a team. Team reviews the case. If it's the right team, they'll start investigating. 6.) If it's not the right team, the manager has to figure out another team that could be responsible for the case. 7.) Repeat 5&6 until the right team is identified

This all takes time. And assumes that the original customer support agent actually understands the issue for the security issue it is. Many frontline customer support agents are not particularly technical, so the agent may not even understand they have a security event on their hands.

Or, a PM who knows the right people to go to, offers help and things get quickly escalated.


It's the same reason why going through HR to get a job is inefficient and prone to failure, while "private channels" are more efficient for everyone and get the right person to the right job for the right price FASTER.


Not sure if this is in good faith or not, but escalating through an internal contact is going to skip a couple layers of support at minimum, and reduce the chance of a misunderstanding. Also potentially some people in CS might be in on whatever is going on.

If you were being snarky, it seems like this LinkedIn employee is trying to do the right thing. They probably don’t run support/there’s no reason to take cheap shots when they offer to help.


It's not a cheap shot. It's snarky but accurate commentary on the abysmal state of customer support and how absolutely worthless it is


Anyone who has worked front-line customer support knows why all the roadblocks are in place; it's a massive firehose of absolute junk 90% of the time.


Yep. My first job out of college was support at a consumer web company. The vast majority of people did not need a PMs attention. Honestly a larger percentage of them needed psychiatric help.

The problem comes when there’s no escalation path for the few cases that actually do need it. Looking at you Google.

I’ve never used LinkedIn support, so couldn’t say whether they would handle something like the OPs issue correctly.


There are always escalation paths, the question is if they're official, or if the front-line support isn't trusted with putting someone on it.


Yep. One job I had was to work on a team to automate the destruction of 99% of all job applications coming from the internet while still nominally being in compliance with EEOC. We figured out a number of ways.

The company actually ONLY hired people directly recommended by employees or trusted business partners. 100% of all unsolicited resumes were ignored and destroyed (yet had a paper trial for legal and EEOC compliance).


that employer is part of the reason job hunting is so miserable


It felt unfair to the employee offering to help. They (probably) have no control over LinkedIn customer support.

It looked like trying to scoring internet points at the expense of the person offering help.


Those go to /dev/null like all major tech company regular customer support channels.


I think a more interesting question is why you are shocked that in large organizations getting to the people who can change things is often difficult. This is not a problem unique to linkedin.

We shouldn't be punishing the gear on the cog that is helping turn the machine in the direction it needs to go.


Turning HN into a support forum for Google, Microsoft, etc does not improve their customer support. It's a fast lane for those "in the know" which only entrenches the problems with their existing channels.


If you want to be a bureaucrat about it, sure. This is a Tell HN post, so someone from LI commenting on it is exactly the desired outcome.


As a former longtime LI pro user and LI user at launch... I'm not surprised. LI loves spam and they have no intention of really doing anything about it. I refused to keep paying for such a low quality service. This has not negatively affected my consulting networking or revenues at all. Good riddance. It can go in the trash with FB.


After reading all of this, it might be time for me to wean myself from LI, so any tips you may have would be great. I run a small pro bono (sometime contracts) for apprenticeships and workforce development in disadvantaged working class and BIPOC communities. Revenue not so much as the networking is the thing that seems to be my biggest challenge without LI


I've only ever heard one person use the term BIPOC to refer to themself in real life. Do people actually say this? Other than that one guy, I only ever see the term online or hear it on NPR. And it seems to have only popped up in the last couple of years. My initial reaction when I heard it was that it seems kind of racist and weird to single out Indigenous and Black people then lump together the rest of the various groups of not White people in the world.


I left linkedin for all the shady things they are doing, see my previous comment for more information: https://news.ycombinator.com/item?id=31762904#31767463.

I rely mostly on my my website for marketing and some twitter. I write articles in my field that focus on topics that are not well covered, but important. When I create relevant content, google picks it up.

It sounds like your field relies a lot on word of mouth, so maybe you can get your audience to talk about subjects that are important, by breaching topics that are a concern for your audience.


Happened to me with telegram. Reported a scammer in relevant tg channels, next thing I know , several users reported me, and telegram blocked me for spam.


Yup. I got some dkim-signed scam mails ("you have won an X" and "missing package details" scams) from a Danish domain, I figured that Denmark was civilized enough that it was worth it to try their domain provider's abuse reporting. Nope, I got an explosion of spam after that, including some that looked like sign ups for genuine newsletters (as much as anything without double opt in can be considered legitimate). Looks an awful lot like the domain registrar decided to punish me with more spam for trying to get their scammer buddy kicked off.


It's pretty common for e.g. hosting providers that don't take spam seriously to just forward complaints to their spamming customer. Exactly the opposite of what they should do, and you've seen the result, but some companies just don't care.


That's also what Apple does when you report an app on the app store for infringing on your rights. They just forward your complaint to the developer, and tell you to deal with it.

So much for curated stores.


Telegram is the worst in terms of spam. I joined some public group chats related to my city and in the middle of the night those channels get spammed with Islamic State recruitment videos.


[flagged]


yeah that one person who uses that one thing that you don’t support, prudent to call them out for not personally fixing the world. You have made a big, big difference today bud.


I think I have, mate.


So you are saying that on LinkedIn if you report something the owner can see the name of who reported it?


They shouldn't, but I wouldn't be surprised if the people that are supposed to review the reports are bribed or compromised. I'd imagine it's outsourced to the lowest bidder, as customer service & moderation typically is in any big/scummy company.


You can often see who viewed your profile. There probably weren't too many people viewing more than one of their profiles.


Of all the social networks, I never would've guessed that LinkedIn is the one people turn to when they want to sell drugs.


Rampant drug use really would explain some of the bizarre "hail corporate" content that gets produced there.


You dont have to be on drugs to do linkedin - but it sure helps.


LinkedIn is closer to Facebook imo. The subreddit /r/linkedinlunatics is pretty funny, and also a bit scary.

It's pretty interesting actually, on facebook you see people show off a manufactured persona that is always laughing, on vacation in exotic or glammy places, and on LinkedIn it's the exact same phenomena but the success indicators are different.

I'm still a bit clueless on the whole LinkedIn influencer thing though. Is there some monetary gain from that? I don't think they have the same possibilities for eg ad space or sponsorship as eg youtube or blog influencers, so perhaps it's more a personal vanity thing, or selling books and courses.

</rambling>


I think everyone else is also "clueless" about it, I don't think the jury is out for the possibilities you can have as a Linkedin influencer.

Some people seem to be advertising their coaching services (for example: by targeting people looking for jobs), some are trying to advertise themselves professionally (lots of people showing Microsoft/Oracle/AWS certificates and writing articles about it), some are trying to advertise themselves as industry leaders so they can advance internally in their company, some are trying to build a network they can recruit from, and some are just misguided and are trying to replicate what they see on other networks.

I guess that's why content is all over the place.


Let me summarize it for you: it's "rise and grind" culture and "hustlers" who have convinced themselves that climbing the corporate ladder is the most important thing they will ever do. It's sad really


> Is there some monetary gain from that?

I think that people who are "active" on LinkedIn rank higher in searches & suggestions, so the feel-good shitposts might be a way to improve their "SEO" if they rely on LinkedIn to find leads (recruiters, etc).


I guess it's "brand-building", be it just for the sake of ego or as a funnel to their other channels.


I just wanted to say that you made my day, @retSava, with that /r/linkedinlunatics community :D I haven't been reading my LI feed for at least 6 years now. I had no idea how quirky things were there. Wow. Just wow.


> I'm still a bit clueless on the whole LinkedIn influencer thing though.

Every day some one on my twitter timeline will retweet a "10x your biz on linkedin" - reading them makes me reconsider if intelligent life exists on this planet.


r/linkedinlunatics looks like pretty funny satire, was hoping for tons of cringe instead


Search Best of LinkedIn on Twitter


Whichever social network doesn't sufficiently moderate is the one people will turn to when they want to sell drugs.

If you have a sufficiently popular CRUD, and you don't go our of your way to stop them, bad actors will leverage it to do crimes. It's that simple.


I dunno, there's a lot of recruiters. They must need something to help them through the day.


Adderall, Modafinil, cocaine, there's probably a big market on LinkedIn if you're peddling the right drugs.


Drug dealers are very entrepreneurial, and are often excellent at identifying underserved markets. It appears LinkedIn users are such a market.


Doesn't surprise me. People do this shit on FB Messenger under their real names.

Though these could be honeypots or straight up scams


It's not surprising. LinkedIn has been shady from the start.

People shouldn't forget that they used to scrape your contacts from your email account through some sneaky user flow that got you to give them your email password.


This is the main reason I will never use LinkedIn.

Context: https://medium.com/@danrschlosser/linkedin-dark-patterns-3ae...


I always set my LinkedIn at the max privacy. I deleted my LinkedIn account over 8 months ago. I still get spam from recruiters in my email that uses my LinkedIn name which is different than my real name. LinkedIn definitely does not follow privacy settings.


Also lots of companies are mining data from Linkedin and building email databases.

As soon as Linkedin knows I switched companies I start receiving a deluge of spam on "guessed" emails (first_name@company.com, first_name.last_name@company.com).


Good to know, makes me consider closing my account myself. Linkedin always had a bit of a scammy feeling to it. Especially when it comes to recruiters' spam messages.


I got surprising results sending canned messages back asking for basically a 50% salary bump over my current. Never followed through but at least one person said "I can do that."


Will try that!


I did that maybe 10 years ago and haven't had a single opportunity to regret.


I mean, by definition you wouldn't. You'd just be worse off without knowing about it. Not saying LinkedIn is great, but..


I did that 10 years ago when they got hacked[1], later recruiters from two FAANG companies even found me without it (The first found me on Github, and another through a referral) and I worked for a couple of years at both companies.

Like you, I'd thought I had a good run without it.

More recently, I noticed that some of the people who were way junior to me earlier in my career, are way ahead of me because they were strategically switching jobs every 1-2 years. After speaking to some of them, the common factor turned out to be LinkedIn, and I begrudgingly rejoined it in January.

[1]: https://en.wikipedia.org/wiki/2012_LinkedIn_hack


I'm also one of those people who jumps between companies every 1-2 years (not as a contractor but actual employee) and it's meant about a 15% increase in salary every year, vs 4% that my ex-colleagues usually get for their "loyalty".

I do very actively maintain my linkedin page, but honestly I got all of my jobs by personally reaching out to companies where I want to work (through their own website).

As such, I wonder if this is correlation vs causation: people are really eager to advance their career might want to keep all options open, including linkedin, regardless of whether it has actually helped them in their career so far.


The one nice thing about LinkedIn is the Easy Apply feature. You can quickly shotgun apply to a bunch of companies and then get on with your day without filling in all the same stuff, and it even tells you if the company looked at your application. I still manually fill in a lot of regular applications, but LinkedIn definitely saves a lot of time.


Would be interesting to know, whether they purely optimize for the money and jumped ship at every opportunity, or they somehow managed to make recruiters pay attention to their profile and actually read and understand anything on the profile. And if so, how they managed to make recruiters do that.


I think it's just a matter of better odds with better discoverability. Also, every jump almost always entails a monotonic improvement in pay and likely also the title. And the tech job market seems to have been quite buyoant in the past couple of years.


Every time you update your LinkedIn page, recruiters throw themselves at you, matching your profile to whatever search keywords they have configured. Some of them turn out to be clueless, some of them turn out to have bad opportunities available, but some of them turn out to be surprisingly savvy and have access to good jobs.

I just recently got a new job that I think it's pretty good, and I didn't have to submit a single "blind" application. All of my interviews came through recruiters via Linkedin.

It's a relatively low effort way to have a steady flow of opportunities, one of which might turn out to be good once in a while.


This is one of the reasons I maintain offline list of all my LinkedIn contacts and also why I ban LinkedIn feed through AdBlock with custom rule. I currently use LinkedIn solely as medium enabling recruiters to cold call me, and as such it is good place to have an account because quite a few recruiters are there.


Seriously: How do we know that these spammers who're using Wickr aren't directly paying LinkedIn and are being protected by LinkedIn?

People used to say I was nuts when I said LinkedIn outright make things up, that they try to track much more than they rightly ever should, and that they were doing nefarious things with the data they collect, but of course now we all know that was true. We don't even know the true extent of their fabrications.

Could LinkedIn be doing whatever it takes to make some extra money? It would neither be surprising nor unexpected in the least.


Why assume it's linkedin official policy rather than some rogue linkedin employees making money on the side?


Because they've had official policy that was user-hostile in the past.

For example: scraping user address books and sending all their contacts LinkedIn spam without asking permission.


Didn't most things do that back in the day? LinkedIn (owned by Microsoft!) supporting drug spam sounds ludicrous.


Do social networks stand a chance against infiltration? With the high turnover of moderators, it's easy to get somebody on the inside to get to know the inner workings of the moderation process.


A different business model that 1) requires less moderators and 2) makes money so you can pay the remaining moderators enough that they actually stick around for longer and are less prone to bribery.

1 can be achieved by making it costly to break the rules. If new accounts have fees and privileges that accumulate over time (such as being able to post links, upload media, etc basically anything that is prone to abuse) then people will be less likely to break the rules since creating a new account will cost them money and time having to "level up" the new account before it can be useful again. This raises the cost of spamming dramatically and will often make it unprofitable.

Stack Exchange has a model of this where new accounts with little "reputation" can't do much and are heavily rate-limited & unable to post links/images and gaining reputation involves contributing to the community which makes spam significantly harder. The same "reputation" system is used to encourage people to moderate the community (in a way that requires input from multiple people & fully transparent, so misuse is hard and will be easily detected).

2 involves making money which means "growth & engagement" goes out the window and you need to charge for the service. Not being based on "growth & engagement" means you can also achieve 1 because you can now be selective with the kinds of people & content you accept.

> it's easy to get somebody on the inside to get to know the inner workings of the moderation process.

Knowing the process shouldn't be a problem. Ideally the process should already be public - aka the list of "rules" one should abide by when joining the community.

This is a non-problem that forums from back in the day managed to solve on a much lower (often zero) budget. It's only a problem when your business model is "growth & engagement".


I don't understand why there isn't a protocol like email, but for "social media". Something like that combined with decentralized moderation ie you pay x group to filter out trash from public feeds and use that as default. Not happy with that moderation? Pick another one.


I guess our instincts were right when we found LinkedIn features like "view who viewed your page" super weird and creepy.


Not sure what illegal imagery has to do with drugs? AFAIK pictures of drugs is not illegal, the only pictures that I'm aware of that might be considered illegal would contain child abuse stuff, personal info, classified info?

I understand that selling drugs is illegal, but in that case the selling of drugs is what is illegal and not an image


Who is claiming that imagery of drugs is illegal?


Literally the first sentence of the post

>It made the news recently that Wickr (Amazon owned E2EE chat app) is full of illegal imagery.


Right, because it has been: https://www.nbcnews.com/tech/tech-news/wickr-amazon-aws-chil...


I read this to mean imagery of illegal things.


Social media is so dominated by just a few companies and most of them in America and most of them close together geographically.

I think after a social media network reaches X or XX number of million users, all users should have the right to appeal getting blocked / deleted / removed arbitration by an independent third party


Just on Wickr itself. I wonder how secure it really is. Amazon only makes me suspicious. I wouldn't be surprised if it turned out later that the algorithms implementation wasn't perfect. Or just straight out backdoor.

PGP is the gold standard but the ease of use wins again.


Very, I know people who work there, they open sourced their crypto engine [1]. They also struggle with people using WickrMe for bad stuff because of how little info they collect from users (no phone required, true e2ee encryption, and so on...) [2].Own by Amazon doesn't imply that have spyware embedded, unless you can prove, not defending Amazon by any means, there is plenty to criticize and condemn about them, I'm just stating facts.

1- https://github.com/WickrInc/wickr-crypto-c

2- https://www.cnbc.com/2022/06/10/wickr-amazons-encrypted-chat...


If that's true then:

1. Either LinkedIn is hacked by drug mafia 2. Or drug mafia has people inside LinkedIn

But first thing - you should share you full report that you've sent to LinkedIn. You don't risk outing yourself - since mafia already knows your account.


Or four, as suggested by the top comment: Linkedin pro and correlating "who viewed all of my reported accounts recently?"


Or 5 parallel construction, which is just 2, but they blame 4 :)


Or 6. CIA is front for these drug mafias and has access to all your mails.


or 3. The reporting was not anonymous after all


Never happened this to you? Report bot spam?

People did it for years in CSGO. Reporting players for cheating through SteamAPI and Valve didn't even validate these reports, if the account who is reporting someone, was actually in the game together. Nope. Just reaching a certain number of reports was an automatic ban. 2 years or something without fix, funny times.


Probably because "view as" isn't anonymous, even if you adjust your privacy settings. (It'll say things like someone from X uni or with Y title viewed... easy to intuit who looked)

On my end, I had issues after I "looked up" someone convicted of a serious crime[1] who lived in my area code.

(I was looking into a different set of bad people. Apparently there's a lot of evil people on the internet. Not just the "dark web". They are everywhere, and abuse their access if they sense you're gunning for them in any sense of the word. The kids call reacting like some of did in real life "telling on yourself")

[1] https://www.justice.gov/usao-wdpa/pr/suburban-pittsburgh-man...


What happened if I may ask


Nobody really needs linked in. I wouldn't worry about it.


LinkedIn is an absolute cesspool, but some people do need a profile there, even if they don’t actively use it. If you’re doing sales or raising money, you basically have to have a profile there.


Recruiters pin you on LinkedIn all the time for interviews as well.


Getting recruiters to talk to me isn't something you should really struggle with...


I dont have struggle, they reach out to me on LinkedIn. LinkedIn helps them to find you, unless you are just hoping they would just guess your email, etc... lol


Because of your post, I went there, did the same search and reported a bunch of them. Now let's see what happens!


Related to this how does one report Crypto draining scam scripts being posted on Github now that Microsoft owns GitHUb?


I open LI just to read a bunch of patting-myself-on-the-back and virtue signalling posts.

Also: whenever I read about LinkedIn, I can't help but think of this: https://www.youtube.com/watch?v=g-g7e31nAb8


Are you concerned now that illegal enterprise now knows your details and can possibly retaliate?

Are you easily doxable ?


Creating a new set of LinkedIn accounts to spam with costs much less than taking an online feud "offline" where the risk is much higher and could include "jail time" if it goes wrong.

He'll be fine.


I really hope so.


At least they know where OP works. Or maybe not anymore since he's banned from LinkedIn.


I found LinkedIn a waste of time and full of bad actors, so not really surprised about this experience.

I keep a presence there to appease a friend but put as little information about myself as possible on the platform and strongly recommend other developers do the same.


LinkedIn, like every other social media/ dating app , makes money off spam.

I reported someone for spamming me with an insurance sells scam, within a few hours I'm informed this spam is just fine.

However, given your warning I'll refrain from reporting spam in the future.


Did you really need LinkedIn to begin with? Possibly the worst service I have ever used.


Any screenshots?


Glad to see that spam is still well and alive in 2022, first we had enlarge your d*ck pills in email spam, now it's moved to all the social media platforms.


It first went mainstream on "social media" aka Usenet

https://en.wikipedia.org/wiki/Laurence_Canter_and_Martha_Sie...


The problem with LinkedIn is that everything you do on that website is tracked and sold; there is no such thing as a private job application, for example.


I don't understand the problem. You wanted to remain on a Microsoft social network being used for spam posts? Why?


And also wants to police it.


I don’t understand why people are surprised to lose social media accounts like this. Companies decide to stop selling products all the time. We don’t see posts like this every time Wal-Mart decides to stop selling some brand of cookies, and it’s essentially the same relationship we have as their products.


Walmart isn’t going to throw you in jail for reporting the drug dealing in isle3.


This is just because Walmart is too large to be in a mall.


Why would they choose Linkedin of all places...


Similar situation when one tries to argue with Russian "patriots".


Using LinkedIn is never a good deed.


What did you search?


"wickr" I suppose. I see those ads too.


[flagged]


I don't understand why this was downvoted, I have noted the same. Many pro-Putin posts go around, pro-Ukrain posts get loads of hate comments and there are also lots of fake news posts trying to spread doubt about US/Nato intentions. I don't see nearly as many of these on FB, for instance.

It seems LinkedIn is FB without content moderation.


[flagged]


You ever pick up someone else's litter in the park?


Are you comparing a public park to the website of a multibillionaire corporation?


I think the public park vs corporation distinction isn't the important bit here. It's a good deed intended to make the life slightly slightly better for people who interact with either space.


how much are you getting paid to make this comment


[flagged]


chill, these people were not stealing baby formula


I don't understand


[flagged]


Thanks for highlighting this side of "Illegal drugs". For some time I had to order Naltrexone (LDN) for my partner with ME/CFS with bitcoin as it was impossible to find a doctor who could subscribe this, let alone know about this specific treatment. She benefited greatly and it would not have been possible without very spammy looking pharmacy sites and bitcoin. Luckily things have improved and this is now possible using regular channels.


Yeah, I can't say anything about Wickr, from the comments it doesn't seem like the best place indeed.

But In Brian Krebs' book he highlights the high quality of the drugs sold, and even the fact that big pharma investigated them expecting to bring people some scary stories, but they didn't find any. These pharmacies care about their customer's experience (of course they do, the want to sell you more).


Eh, I was semi-addicted to heroin, and I can testify - hell, I can give you a list of usernames from memory - that that's absolutely endemic on Wickr. It's the #1 go-to location for it[0]. It's not just 'virtuous' stuff like medical marijuana and abortion pills. I wasn't remotely surprised to read any of this.

And I will bet you, at any odds you like, that the harms done by heroin (uh, 'medical diamorphine') and other opioids outstrip the few virtuous uses a hundredfold.

[0] Perhaps second to the so-called dark web, though that serves a discovery purpose which is a bit orthogonal (and complementary) to Wickr.


> But illegal drugs are helping a lot of Americans who would otherwise not have access to important medication

Or, instead of buying stretched medication that can kill you, buy from somewhere like Costplusdrugs.


Illegal drugs are a symptom, not a cure, of the healthcare system.


That's such a sad and completely avoidable situation.


[flagged]


Educational images of drugs definitely aren't illegal, but OP is clearly talking about advertisement for illegal drugs in image format.


[flagged]


In the real world there is stuff that is illegal and some of those things can be in image format.

And the part that sucks is clearly the retaliation from whoever it was.


[flagged]


Illegal can have multiple definitions, and some advertisement can be illegal.

No, it's not a shame. Mocking someone because their wording is imprecise is a bit shameful, though. Also against the HN guidelines. You can do better.


[flagged]


The problem is not humour, and I didn't say that anywhere, but rather the sarcastic pedantry at the expense of other people who might not be native speakers. Again, humour is not a problem, but your post is also not funny.

I explained it to you in my message. You're clearly having trouble understanding other people on this website, since OP's post is not about his complaints, like you insist, but rather his account. So I'd suggest maybe quit the mockery since you're not looking too smart yourself.

Illegal can definitely mean different things in the context of images: illegal to possess (child pornography), illegal to copy (some documents) or illegal to be an advertisement (drugs).

EDIT: I don't give a damn about "LinkedIn moderators" or "drug advertisement" and nowhere did I indicate I care enough to have a discussion about this. I literally couldn't care less about this subject or what you think about it.


Humor is fine and accepted here - but in your pedantic mockery, I couldn't find something to laugh.


Sorry to hear that you didn’t like the first sentence of my post. Do you have any opinions about the following sentences about spamming the mods of a big website?

(You can just respond “no”)


My opinion is, that apparently you like shady drug advertisement and you like to fight anyone who fights it. Have fun with that.


So no

I haven’t expressed any opinion about drug advertisements at all, in any way. It’s a bit of a bummer that my poking fun at a (from my perspective as an adult) misguided naive spammer is seen as the same thing as supporting crime.

Serious question: Is everybody that would consider this individual, for example, a “fucking idiot that got predictably banned” also a supporter of crime?

(You can just respond “yes”)


Are you aware that the style your are posting, is very close to trolling?

In either way, I think you have it all backward, maybe intentionally.

Op did spam fighting. And was banned for it. (Or is LinkedIn nowdays a market plattform for drugs?)

But what your point actually is, is not entirely clear to me. But it is not close to arguing in good faith, which would be the style of discussion I prefer around here.


So yes

Sorry that “trolling” means “disagreeing with me” that must suck. Thankfully that’s not an issue I have.

Why is it so important that we elevate the experience of a person that objectively used linkedin wrong and was kicked out? What do you get out of maintaining your position and siding with the backseat modding? Are you looking for modding work?


You're clearly trolling.

You so far called the OP of this thread (who is a member here), "rando spammer", "misguided", "naive" and "fucking idiot". Considering that that it seems even a Microsoft employee offered support to him, it seems that you're alone in your opinion. Also please take some time to self reflect that maybe those adjectives you used apply to you instead.


Do you think that it’s possible that the OP was not the victim of a large coordinated criminal conspiracy? That is what has been implied and discussed and I’m “trolling” by suggesting that that was not the case.

Edit: Also, food for thought: I genuinely did not know you could buy drugs through linkedin. In the OP’s complaint I’ve been informed of what website to go to, what app to install, and what search terms I should use to get into contact with drug dealers.

Should the OP be reported for illegal speech or is that just relegated to jpegs?


You called other member here some terrible stuff that was uncalled for, and now you're suggesting they're advertising drugs on HN. You're a troll, and you're being asshole to another member.

I don't care about your cuckoo fantasy theories and nobody else does. You're out of your depth and out of your mind if you think any of your ideas make sense.

So, stop the trolling and stop trying to save face.


Do you think that it is possible that the OP is not the victim of a criminal conspiracy?

Edit: I don’t really understand the position of “you said a swear word so I will fundamentally disagree with your underlying point.”

If the OP has said fuck or piss or shit while describing their experience of being the victim of a criminal conspiracy, would your position on this matter reflect mine?

Thank you for your unsolicited advice, but I implore you to provide your (very simple) solicited opinion from the first sentence of this post. Namaste.


Quit your bullshit. I never said swear words were a problem anywhere. Trough this discussion you keep misrepresenting what me and another poster have said to match your silly fantasy narrative. You've been caught being disrespectful, pedantic, troll-ish and frankly a tad unintelligent. So stop trying to save face by pretending you're legitimately having a discussion. You got a lot to improve before that. Maybe start with reading the guidelines, then proceed to actually read what people reply to you. Four of your posts are flagged/dead, so your opinion isn't exactly popular.

About the last paragraph: I don't care about what you think or if anything I say is solicited by you or not.


I’ll point you to my related comment here: https://news.ycombinator.com/item?id=31784639

I understand that your interest is strictly and solely on policing my language. Good job “catching” me being publicly rude! I almost got away with it!

It is genuinely a bummer that you refuse to address the actual topic of this thread, namely the conspiracy to ban somebody from linkedin!


Once again, I don't give a shit about your link or what you have to say, so good luck in life.


I wish you good luck as well. I’ll pray that you don’t get banned from social media by MS-13 or some other believable scenario.

1 more


Since modding work would require me to deal with people like you all day long, hell no.

I was actually just trying to give you an advice, maybe for self reflexion, to help you understand, why your posts are not welcome here. You are free to decline that advice and I do not feel responsible for you and have actually other things to deal with.


I’ll try explaining this again, as someone who used to moderate content professionally.

There are certain groups of users that you generally _HAVE_ to ban for a functioning community. Spammers, scammers, criminals, nazis and… so as to not offend you, “people that apparently lack fundamental understanding of, well, anything”

This last group is often the worst group to deal with because while they’re not directly harming the community they are sucking up your time that could be spent banning pedophiles or identity thieves or drug dealers. They often suck up an immense amount of time by filling up your reports queue and are sure that their issue deserves your immediate attention, and if you don’t drop what you’re doing and address their issues instantly, they complain. This means you have to take more time away from moderating to field emails in addition to de-cluttering your queue.

It is absolutely crucial to ban these types of spammers, otherwise you can’t do anything productive. Generally this type of ban is temporary unless the self-appointed mod is particularly egregious.

And then there is a subset of these people: let’s call them “crusaders.” This group will make as much noise as possible offsite in order to Own The Mods. They might even invent a conspiracy theory about a shadowy underground group that has it out for them.

OP could have reported one account and included a note saying “this phenomenon is happening when you search this keyword.” They did not do that. They decided to tackle the issue themselves. When their mod queue spam got them banned, they whined as publicly as possible, which takes up even more time that could’ve been spent actually removing drug dealers.

The inclusion of “illegal imagery” in the complaint was factually wrong, and since moderators have to deal with a LOT of reports, it absolutely makes sense why this was ignored. When you say “illegal imagery”, in some cases that means child pornography or state secrets or any number of things that are meaningful to somebody whose job it is to moderate content.

So to summarize: I am certainly not the only person to consider this person a “fucking idiot”, I’m just the only one that said that on here.


OP's wording could have been better but you can understand he means images of illegal drugs. Very kind of you to nitpick this, how else could people have known?


Imagine if your job was moderating content and some rando spammed your mod queue with “illegal imagery!!!” (which is not, in fact, factually true) and then you banned them to get rid of the noise, then somehow their story made it to the front of HN.


Sorry can't, not everyone lives in fantasy land like you do.


Ah yes, it’s a clearly objective fact that the OP is a victim of a vast criminal conspiracy. Surely the simpler answer of “OP mass reported a bunch of accounts for off site user behavior and in doing so became a nuisance” is worthy of consideration?


A placement agent called me recently about a job. At one point during the call she was obviously struggling to multitask and had to pause to say "I'm having trouble finding you on LinkedIn".

My response was "I'm not on LinkedIn."


Did she recommend creating an account and up to date profile there?




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: