Hacker News new | comments | show | ask | jobs | submit login
LinkedIn: The Creepiest Social Network (interactually.com)
334 points by interactually 1596 days ago | hide | past | web | 205 comments | favorite

There's a more benign answer to the creepy connection suggestions. LOTS of people import their email address books into linkedin. It's not a stretch to think that his girlfriend's mother (or some other relative) imported her address book that contained the names of both the OP and the girlfriend's stepfather.

As far as the creepier name mismatches go, my oldest email address list has tons of maiden names and unused/defunct email addresses. It's likely that some high school friend of the OP uploaded an old address book and LinkedIn's algorithm made a best effort match on some of the rarer names even if the email addresses don't match. I mean, how many Lucy Hatsbaughs do you think there are on linked in? Two? LinkedIn may as well gamble on odds like that.

People forget about the amount of data LinkedIn has available to them: ConnectedHQ (the predecessor to LinkedIn Contacts) has direct access to thousands of email inboxes, Rapportive can log any time someone hovers over a new address, and millions of connections have been gleaned through 'import your contacts'.

If you really want to talk about creepy, I'm fairly sure they use your IP address to match against other people who live/work at the same location: when I created a test account with dummy information, the first contacts that were suggested to me were my roommates.

This relates to something I noticed recently. Out of the blue, I started receiving "join my network" requests from people whose names sounded vaguely familiar. I couldn't remember ever meeting them, and their profiles didn't give me any clues as to where I might know them from. I searched the inbox of the email account associated with my LinkedIn profile, and it turns out that they were all people I had contacted about items for sale on craigslist.

So, I'm guessing that my address was somehow added to their address books, which they then imported, and that's how LinkedIn identified out "connection". What that doesn't explain, though, is why these invitations were sent out. I'm confident that none of these people would have knowingly sent an invitation to me, so I'm guessing that LinkedIn is obtaining their "consent" without making it clear what is going on.

If anybody understands the process behind this, I'd be glad to know. The sad part is that once I realized who these people were and that they almost certainly didn't intend to send invitations to me, I didn't bother to investigate any further, because that's the kind of thing I've come to expect.

This. The email address I signed up with used to be on a mailing list in another country I lived briefly in, including many people I'd lost touch with and some I'd never met. LinkedIn suggested all of them were contacts (at least until I built something resembling an actual network)

I didn't import my address book, but the most logical suggestion is they imported theirs and LinkedIn did an ultra-simple matchup.

I didn't import anything to LinkedIn. One person showed up on mine who could only have come from either my Twitter account or G+ account, both of which have been deleted.

Yes, it was a hot chick I was creepily cyber stalking. Like you haven't ever.

I'm saying that I think the other person may have uploaded their contacts and then chosen not to send you a friend request or there's someone follows both you and the other person on twitter. In order to build long lists of suggestions, LinkedIn probably has to make some pretty big leaps of logic.

But, other posters have done some anonymous experiments that suggest there's something else going on, perhaps with cookies from other sites or IP addresses. I'm not sure how we'd figure it out, though.

>> Yes, it was a hot chick I was creepily cyber stalking. Like you haven't ever.

I'm not judging, I promise. :)

So you and the person it suggested to you don't know anyone in common that might have uploaded their address book?

I guess that's possible, but unlikely. I'm looking at it now, she's still there and so is a girl I had a crush on in junior high. This is fascinating but extremely disturbing, I'm deleting this thing asap. I figure I must have googled her and found her LinkedIn page while signed in, it could have been years ago. In fact that's got to be the explanation for both of them unless they did something extremely unethical with the email address I gave them.

I finally joined linkedin about a week ago, and it just feels...scammy.

It's interesting to me (or frightening) that some of the smartest people I know have the fewest endorsements. People I know doing [1]actual real work on things like "microcontrollers" have...3-4 endorsements with them, but people who I know have only maybe installed Linux, have 20 or so endorsements for "linux".

There are people I know who are post-graduate level experts on certain fields, and those fields are either not listed at all, or they have maybe 1 or 2 endorsements for it.


I'll keep just linking people to my github, and showing them projects I've built.

[1]: Actual real work as in: writing libraries that other people use. Contributing to the community in ways that effect the entire community.

The endorsements on LinkedIn are useless. LinkedIn suggests things like "Endorse [So and So] for [some thing]," and people just click the "endorse" button.

People that know nothing about technology have endorsed me for skills I don't have.

The best part is you can make up new things to endorse them in! I've endorsed people for "Lunch" and "Alcoholism" as a joke.

Agreed. Endorsements are largely a popularity contest. Sure, it is great that your connect [name] endorsed you for [skill]... That is helpful to know in some ways, but it is no way definitive on your ability.

We're working on a system we think is slight better, based on getting credit for what you read, and hopefully one day what you know.

> Endorsements are largely a popularity contest.

That's the way I've been looking at the entire web these days - and not just social media. The Google page ranking algorithm really boils down to a (potentially high stakes) popularity contest.

Not just the web though - our entire political system is one great big popularity contest.

Ha ha, I get your point.

There are SEO tea leaf readers who think Google+ plays an increasing role in search rankings. It's probably just speculation coupled with coincidence, but as I was reading some articles on this last week, I was reminded of the Googler that wrote about why he was not going to his high school reunion. It wasn't just sad - it made me angry that adults condoned the activity. I was struck by the irony that this Googler had escaped the high school social pressure cooker, only to go on to work for a company that has engineered the world's biggest popularity contest.

That endorsements looks more or less like a poll. People with whom I have barely worked also endorsed me! Very creepy!

Same here - people that I haven't worked with but know socially have endorsed me for totally unrelated programming skills that were last used in the late 90s. LinkedIn suggests something, and people click Next-Next-Next. The whole endorsements thing is a joke.

Also not a big fan of LinkedIn's asking me to connect to the spouses of exes I haven't talked to, emailed, stalked, nor seen for 15 years and several email accounts. Massively creepy.

I'll keep just linking people to my github, and showing them projects I've built.

[1]: Actual real work as in: writing libraries that other people use. Contributing to the community in ways that effect the entire community.

I worry a little about the GitHub approach as well.

On the one hand, it's great that some people have effectively got portfolios now. It's verifiable evidence that they have some clue what they're doing.

On the other hand, I'm concerned about a bias developing against people who don't put loads of work on GitHub for whatever reason, which is not verifiable evidence that they don't know what they're doing. They might be world class experts who could easily demonstrate their skill and expertise in person, but that's no good if employers all start using cost-cutting auto-screening software that never shortlists such candidates for interview because they didn't share their ingenious but proprietary code/ideas with the general public.

In short, any scheme that relies on historical demonstrations, whether it's claims on a CV or code on a GitHub account, is always going to be vulnerable to false negatives.

Any scheme at all is always going to be vulnerable to false negatives. There are companies that have multiple-stage recruitment, with skill tests, psychometric tests, multi-person interviews, background checking - and still end up with a few duds.

But if you can use a bunch of proxies (like StackOverflow, GitHub, and LinkedIn), and know the value of each of those proxies, then you can more efficiently match a person with a role. Sure, there'll be lots of mistakes, but it's hard to see a better alternative.

The number of endorsements is really just a matter of the number of connections and a persons activity on Linkedin (e.g. if a person endorses many others, then it's likely they will also be endorsed by them).

Speculating: Perhaps people who have lesser skills make up for it by networking, asking others to endorse them to fluff up their profile? Those with valuable skill sets might have little need for that, and can promote themselves more optimally.

Example: "So-and-So endorses me for Programming" vs. "github.com/myrepo/"

LinkedIn works best for "networkers" - people who regularly meet a lot of other people as part of their day job; those doing business development, sales, evangelizing products etc. These are not the people that do "real work" - the roles where you're not meeting people all the time.

Facebook does the same thing and it's just as creepy.

I closed my "real" account around 2011. A few months back I created a new blank account because I needed access to a couple organization's pages. The only information on that account is my name (a fairly common one) and an email address which is different from the one on my original account. It's possible they have some geographic info linking the two accounts as I closed and opened them from the same city.

90% of the "people you may know" are correct and from dramatically different social groups. Some how it's picked out a girl I did a family stay with in Germany in '04, a fourth cousin I'm only vaguely aware of, current friends from several groups, and high school friends I haven't talked to in 10 years.

I set up a test Facebook account while doing a Facebook app that uses an e-mail address that has never been used for anything else.

Yet it keeps suggesting people I actually know.

The second account also does not have my full name (if it had my full name it'd be less weird, as my name to my knowledge is globally unique - there's only a few hundred people with my last name worldwide)

The account has not been used for anything related to me. I've never searched for anyone from it. Never given my e-mail address there...

The only thing connecting the two is that the "fake" e-mail address is a "real-user-part+something@gmail.com" address, and that I've logged in to them from the same machine.

It took less than a day before that account started getting friend requests from people I know (clearly the "TEST" instead of my surname did nothing to dissuade them)

> The only thing connecting the two is that the "fake" e-mail address is a "real-user-part+something@gmail.com" address, and that I've logged in to them from the same machine.

So, to summarize, a simple regular expression matching emails against /\+[^@]+/ and replacing with '' is some 1984-level creepiness?

Come on.

The technology to do any of those is little more than a few database joins and some fuzzier matching logic like you are suggesting. What's creepy is just the extent to which they match. In the email contacts theory, for example, it's not hard to remember an email address that was in a user's contacts list and then suggest they connect when that email address is used. It's only creepy because you personally had no control over giving them the information that allows them to make that leap.

The ability to do that is not creepy. Doing it is.

> and that I've logged in to them from the same machine

Wouldn't that be a dead giveaway?

If you can't log into Facebook from a public/shared computer without them disclosing your relationships to everyone else who uses that computer, they should make that very very clear.

They absolutely use geo-ip correlations, and it is a problem.

> the "fake" e-mail address is a "real-user-part+something@gmail.com" address

If not the machine, then surely this.

Cookies? From marketting networks?

It's amazing how much the marketting networks can figure out about you, and keep track of you with a cookie.

I'm sure this is the case. They probably keep track of all the accounts that have been logged into from your computer via a cookie, and then suggest friends based on those accounts. Creepy, but understandable.

yup seems more likely (to me at least) than matching on an ip address

My guess is that the same machine is a big giveaway. There's a difference between leaving a trace of your presence on a shared computer accessed by many people and a computer accessed by one or two.

However, if people you know found the account, then that's also something that Facebook uses - I've had "do you know X?" suggestions from people with whom I have no traceable connections (not in my address book, don't even know their email addresses) - turns out (when I asked one of them) that he had been looking at my profile (without friend-requesting me) a few days before.

They're probably using the IP.

What is worse is that 1. There is no way to actually delete the data. From what I can see, they only disable the account if you ask them to delete. 2. Even if you didn't give any of your data to FB, your friends/family etc can - there is simply no way to prevent this (a friend takes a picture of you at a party, tags it with your name etc)

My first Google+ account suggested all kinds of information about me and my social graph that was clearly a two year old info dump from LinkedIn.

Are you logging in from the same locality, perhaps the same building, perhaps from the same computer and perhaps still using the same IP as you had when you closed your account in 2011? It doesn't take a lot of work to come up with some new-user-matching-old-user algorithm with a decent success rate using geographic/IP data.

It would have been the same major metro area, but moved about 8 miles in the middle. Same ISP, different IP. Same computer, but there's no way I didn't completely clear the browser a few times in those 2 years.

Hmmm... could the ISP be exposing your MAC address in some weird way?

Or maybe Facebook is using a real-life https://panopticlick.eff.org/

You could still be fairly unique. It's not a guarantee, but within some range of certainty.


I suspect LinkedIn remembers people who looked for you but didn't try to connect, or you didn't have an account at the time. It has definitely suggested that I connect with the odd stalker with whom I have no other ties...

A similar thing happened to me on Orkut

It pointed to me that I probably knew a profile.

This profile was a "fake profile" of a person I knew, from the description it was clear it was this person, can't tell which email was being used, and if I remember correctly it had no friends as well (or maybe only one unrelated friend)

Your ip and browser fingerprint increases the certainty that you maybe be or know the same people

Most of that knowledge is likely due to people importing their address books. From there they can link you to other email addresses and combine the identities. Creepy yes, but relatively easy to explain.

It would be interesting to see someone test this on a public, shared computer.

Here are some things I find more creepy about LinkedIn:

-It tells people when I view their profile. So now I never view people's profiles because I don't want to look like a stalker. Imagine if Facebook worked this way.

-An andecdote, but maybe you've experienced it: a guy I worked with about 3 years ago (and only for 2 weeks) has "endorsed" me several times recently. I don't know if this is some kind of quid pro quo, but it makes me somewhat uncomfortable.

You can turn off your visibility when browsing other people's profiles. By default, it should be anonymized anyway, unless you switched it when trying to view profile stats:


Personally I keep mine fully on since it is a good way of passive contact (I once browsed ~1000 VCs with a headline that was somewhat provocative as an experiment and about half looked at my profile back and 6 of them emailed me asking what I was working on).

Note: I actually designed this feature at LinkedIn after doing a ton of interviews with people and going to multiple privacy organizations and the EU to make sure it wasn't violating anyone's privacy by making it a tit-for-tat system that was by default anonymized (if you click on profile stats, it prompts you to switch your setting if you want to see who has viewed your profile (or did when I was there)).

Thank you for the link. I'm surprised I haven't found earlier on my own. The only problem is though, it says it will disable Profile Stats (meaning that you can't tell who's been looking at your profile). I guess I don't really need that anyway.

Premium accounts still see it, though.

LI employee here. That's actually not correct. Premium accounts do not still see anonymous viewers.

I'm not sure exactly which accounts premium accounts can see have viewed their profile, but pretty sure all free accounts are included. Will get someone who has setting on anonymous to view my profile later and check, but for now there's only a couple of hidden names on there, looks like people who are more than 3 degrees away.

The "who has viewed your profile" feature leads to epic lulz. There is this forum on the internet that is full or racists, misogynists, and homophobes (and is tangentially useful for getting legal industry gossip). A major troll posted a link to a fake Linked-In page (under his control) with a comment along the lines of: "how did this person get this job with such a shitty resume" (or something like that). When people clicked on the link, if they had been logged onto their Linked-In, their real identity was revealed to the troll, who proceeded to out everyone on the forum. Hilarity ensued.

Hrm. That shouldn't work unless they are within three degrees of the person. Or at least, it didn't work when I was there. Views to people's public profiles weren't recorded and there is no automatic redirect to their private profile.

Links to people's private profiles have an auth token in it that is good only for the account that generated it, so unless you're relatively closely connected, you can't actually view links to random private profiles posted by people on the internet.

3 degrees of separation covers a lot of people.

Unless you upgrade your profile.

In fact, Facebook does quite the opposite - there's always been demand for "see who looked at your profile" apps on Facebook, and Facebook has always gone out of their way to squash them. It's something they most certainly don't want to happen on their platform, with good reason.

You can bet Facebook is storing that data though. And who knows what the future holds, perhaps Facebook will be forced to sell that data to its users in order to increase revenue and make stock holders content?

Yes, they are. They have an ranked array of your top contacted/stalked friends and they use it to speed up the topbar search.

In fact, there is an bookmarklet that shows the list: http://thekeesh.com/2013/03/updated-facebook-friends-ranking...

To be clear, it seems that the data exposed in this way is only affected by your own actions; i.e. it does not tell you who has been stalking you, just who you've been stalking.

The "good reason" is that if they made that information public they wouldn't be able to make as much money selling it.

A social network I used in eastern Europe would allow you to see people who viewed your profile if you paid a small transaction via SMS/phonebill. The functionality would last a month, I think. I thought that this was genius from a "how do we make money" standpoint, and all of my friends used it. Could you imagine the revenue possibilities for Facebook?

Maybe I'm misunderstanding, but there seems to be an element of that already in LinkedIn.


>You'll see profile stats about who's viewed your profile if:

>You have a premium account. This will also give you access to Profile Stats Pro.

>You have a free basic account and have set your privacy settings to show your name and headline.

In other words, as long as you shell out some cash you can avoid detection while viewing other people's profiles but still see when they view yours.

Yeah, didn't know that. Actually, what I especially found interesting was the dead-easy way of paying via your phone bill. I don't see that much here in the States.

You can disable the option in your profile settings to not show when you've viewed someones contact info, however, this means you'll no longer know who the people are the view your profile.

AKA copying OKCupid

Orkut still shows the people who viewed your profile.

It's not the creepiness that's relevant here. That's rather subjective, and as others have pointed out, all social networks do the same.

What's most relevant here is that it's downright illegal in most Western countries LinkedIn e.a. operate in. Both collecting this information and sharing it without explicit (as in: not just default checked boxes) informed (as in: information about why, what and shared with whom) consent is not just unethical, it's a violation of most known privacy laws.

The widespread practice of blatantly unethical business practices in our industry by both high profile companies and small start-ups alike is something we as professionals should take more seriously.

If we don't, it doesn't only harm the image of our industry, but we'll be faced with ever more regulatory hurdles. The infamous EU cookie law is just the beginning if we don't act to clean up our own industry.

Every second web company seems to have a business model that directly or indirectly generates revenue through stalking people on a massive scale. This cannot possible be sustainable without a huge backlash.

I just did a test and opened LinkedIn and took a look at the suggested people.

They included: Several people with the same name as I (expected, not really creepy). But also: People that I trained martial arts with, and I NEVER exchanged electronic messages with them, and I do not talk with them for 4 years now. Also I doubt they remember me to search me, I am not much remarkable. People that I met at school and church 6, 7 years ago, and that again, I never exchanged electronic messages with them.

Yes, LinkedIn is very, very, very creepy.

I am curious why this is supposedly creepy. I think the main premise of a social network is that you reach out or get reached out to people who might know you or you might know. Now, you have the option of not reaching out to those people, and I think it is fair game that the social network assumes that other members might reach out to you, a member of the network.

If you do not like that aspect of the social network, do not join it.

Educated guesses are one thing; exact "guesses" are quite another, and one has to wonder where the 'guessing' is pulling its data.

Would it creep you out if I guess which month you were born in? Probably not.

Would it creep you out if I guessed your exact birthday, including month/day/year? Hell yeah it would.

It has nothing to do with whether or not one wants to be social, and everything to do with random, axe-murderer creepiness. Imagine if I walked up to you at a party and rattled off names of 5 random people from different aspects of your life; would that not freak you out? "Oh, you don't know me, but I know you ;)". That's virtually the same thing that is happening here.

But also: People that I trained martial arts with, and I NEVER exchanged electronic messages with them, and I do not talk with them for 4 years now.

Well, if your instructor kept emails of all students in his personal address book, and he happened to share it with LinkedIn, then LinkedIn may deduce that each person on the list may be somehow connected to each other.

No creepier than other social networking sites.

I find it interesting that it has automated what some folks have done on their own for years. There was a woman at Netapp who managed these sorts of potential and known relationships in her head about the folks working at a couple of big Netapp customers.

I guess what I find amusing is that it is was my experience when introducing myself to someone new at a social event and saying "I work at <company>" or "Yeah, I grew up in Las Vegas" or something along those lines I would often get "Really, I knew this person <name> who worked/lived there, did you know them?" as social banter. It didn't creep me out then either, but I'm sure that for some folks it does.

I always assumed the suggestions were from other people importing their Twitters and email contacts. So if person A emails me and then imports their emails, Linkedin can suggest to both of us that we might know each other, increasing the chance of creating a connection (and creepy-ness factor for me).

I'm pretty sure that's the case. I got suggestions for 2 people I played WoW with and the only ways we communicated were in-game chat, voice chat, and we had a single e-mail chain where we (the officers) talked about....something, I forget what. I'm guessing one of them imported their mail contacts because I doubt LinkedIn has visibility into Blizzard's social network or private voice chat servers.

I think the creepy part about LinkedIn is you can actually see who views who. If Facebook did that it would be very embarrassing for a lot of people.

"I think the creepy part about LinkedIn is you can actually see who views who."

Is it any creepier than being able to stalk some stranger's Facebook profile anonymously?

Twitter is more interesting in this case because it allows unilateral following. So even if you broke it off with a now ex-girlfriend if they were still (or even only now) following you on Twitter that graph might make indicate the awareness.

The automatic links are one of the reasons I don't use LinkedIn. I have worked at places with people that I do not under any circumstances want to be associated with. I work in a completely different city now and will be moving to another town, which will make as clean a break from them as possible. A social network continuing to track that is a significant issue.

Yes, I also noted the creepiness of "viewers of the profile also viewed."


If I were a woman, I would be turned off to see something like this.

I'm not sure how much one should read into that. I mean, ok, there are probably some guys (and some women, as far as that goes) who click on profiles solely due to the attractiveness of the picture. BUT... there are other reasonable reasons to explain a picture like shown above. For example, note that all of the people listed appear to work in related domains (marketing, event management of some sort). Given the nature of linkedin (business networking, with a heavy emphasis on recruiting) it makes sense that somebody looking to, say, poach an event planner or marketing person, would look at those profiles. And, from what I've seen, those are a couple of domains where women are heavily represented. Recruiting is another one.

Anyway, just as a little anecdotal test, I just logged into LinkedIn and looked at two profiles, both attractive women, where one is a recruiter and the other is a developer. In the recruiter case, every single entry in the "people also viewed" list was female (and also a recruiter), in the case of the developer they were almost completely male (with two exceptions) and are either developers or work for the same company.

I don't know... maybe this is indicative of something that should be considered "creepy" but I have my doubts.

Further, there tends to be a high correlation between someone's success in a field such as marketing and recruiting, and their appearance. I don't want to generalize too much, but most recruiter emails I get are from very attractive women, and I have a feeling that's not unintentional, as gross as that sounds.

Yeah. I guess it says something about society, human nature, etc., but I think you're right. Heck, I can't even remember ever meeting a female recruiter who wasn't at least moderately attractive. And most of the women I've met, who were recruiters, are what I'd describe as flat-out "gorgeous" or "beautiful".

So... are attractive women particularly drawn to recruiting for some reason, or is physical appearance a hiring criteria for recruiting companies? Both? Neither?

I know a woman who was thinking of joining tech recruiting, and she asked me about it. She went for an interview, and most of the to-be co-workers were young women, and also attractive. It seemed like one of the requirements though it wasn't explicitly stated.

She was interested in it primarily for the pay; they were promising something like 45-60k a year, and her current position was only around $30k. You start off as a recruiter, and then you move up into account management, which is better pay and a larger budget for wining and dining clients.

Recruiters and event planners are mostly attractive women, for obvious reasons. So I'm not sure what the above post really signifies...

I get why that makes sense for recruiters, but why event planners?

I've noticed that the "LinkedIn Updates" email spam tend to heavily feature a few attractive women than I worked with some time ago. I strongly suspect Linkedin is using these women's photos to bait people into clicking through to the site (and thus show up in the 'people also viewed' list).

Yeah, I've noticed that quite often. If you happen onto the profile of pretty much any woman that's above average attractive (and quite a few that aren't) you get that. I don't think the same is case for the men, though perhaps I'm just blind to what women finds attractive in men...

I used to get really upset at the large number of local recruiting firms that used a revolving door of attractive women fresh out of college to work as external recruiters. They were energetic, friendly, and it's a lot harder to say no to a sales pitch when they're at your office door and smiling.

Now I can see that there's a secondary use for an attractive LinkedIn profile picture as well. That might have a lot more leverage than cold-calling offices these days.

All of those people appear to be in the Washington DC area. It is possible they are all in the same social circle in which case, it would make complete sense they would all be viewed as a group.

I've had the same experience. Register on LinkedIn, log in, "Would you like to connect with <screwed up relationship from years ago>?" We hadn't spoken in years or connected on any other site, I could only come up with one thing: she emailed me once. I bet she gave LinkedIn her email credentials to find connections. I hate that feature.

I was thinking the exact same thing. It's funny that he wrote that entire post and never raised the possibility of OTHER people sharing their contacts with LinkedIn, and that may explain at least some of the "people you may know."

You're right, I hadn't thought about that. The first person that commented on the blog pointed it out. You're also right, however, that it only explains some of the suggestions they made. It still doesn't explain some of the others, and they still don't make any mention of that in their Help page explaining where they get the data from.

I always had the same hypothesis as to how they were able to find those random connections. Which is why I refuse to give any social network access to my email contact list. For my own privacy and for my contacts privacy.

Yeah this really highlighted to me the inherent danger of social computing - I can be as private as I want, but I'm only as private as my real life friends are about me. I don't have to upload my email contacts for third parties to find out all sorts of interesting things about who I talk to.

I actually avoid being in photos at parties and events these days thanks to this risk. Facial recognition creeps me the hell out, and no one can seem to stop putting squares and names around everyone's faces when they upload photos (what are you gaining by this????).

Gonna be fun times when everyone has Google Glass and that data leaks or, more likely, continues to be volunteered by others without my consent.

Yup. Read an article the other day that police cars in some US cities drives around continously scanning license plates with topmounted cameras. Given Moore's law, I suppose they will sooner or later have the computanional power to be able to expand that to realtime facial scanning too.

What confuses me is that I've had the correct contacts show up in Facebook for an email address no one else should know about.

It's probably just name, location, and interest matching. Especially if you have a fairly uncommon name.

It's using a different name; I don't think I have a location set; and the only similar interest would be League of Legends, since I created the account initially just to get the free promo.

The only thing I can think of is that it's matching IP addresses and concluding my two accounts are the same account.

Now that's fascinating. Matching an IP address is a different thing than using information that a user has shared explicitly.

Even when you log out of Facebook, it keeps some cookies around.It could be more than just IP address.

Different browser, too. :P

On the other hand, I'm not sure how well separated I kept those, so it could have been cookies linking the accounts. (I did this way back in 2010, so my memory is fuzzy.)

For a while, Linked in was present a password input box that looked like "You failed to login, try again" at a glance, but in reality it was asking for your email address and password. From that point, they could read your email and extract all your contacts.

The site is down for me. Here is the cached version: http://webcache.googleusercontent.com/search?biw=1436&bi...

Update: Creepy. But I think most of this data can be lifted from other users who imported contacts from GMail. I think they must be matching only by name, because people could have been in touch with different mail addresses (at a previous employer, for instance).

Sorry about that, I didn't expect the response the article got, should be resolved now. And thanks for posting the cached version!

On a throw away account.

Several people have hit upon the major method LinkedIn uses which is that someone you know who has your name/email/... (or likely many someones) uploaded an address book to LinkedIn. LinkedIn then infers that because that person knows you, that you may know the other people they know (which is often true). They then combine that when a bunch of far more complicated inferences to generate the list.

The goal of course is to provide suggestions to someone who just signed up. Sadly, the reason it feels creepy is because it seems like voodoo. They could do a better job explaining how it worked, but a lot of the bigger inferences are secret sauce.

To me LinkedIn is basically a bunch of people circle jerking each other. Professionally.

No, to be fair, it's also a bunch of people filling out profile information and then wondering what the heck to even do with it.

To me LinkedIn is basically a bunch of people circle jerking each other. Professionally.

Endorsed: Product Knowledge.

I think we all don't want to admit that we look up ex-girlfriends, neighbors, college roommates, etc. when we're on these social networks and we're bored (or lonely).

I searched for an ex once on LinkedIn and found nothing...until a year later when she finally signed on and there she was in my "you might know" suggestion list.

LinkedIn recently suggested my neighbor from 1995. I didn't even have Internet access, let alone an email address back then. I haven't had any contact with this person since.

My guess is the neighbor put your name in LinkedIn's search box.

That or they have information on where you and your neighbor once lived. I have signed up for a couple of online brokerage accounts where they ask me questions about where I or my family have lived in the past.

I got questions like; "At which of these 5 addresses has $BROTHER ever lived before?" And one of them was correct.

I've had similar questions when opening online accounts before, I believe that information comes from your credit report.

Most likely. I'm not sure if that makes him or LinkedIn creepier.

Why would it be creepy for someone using a social networking site to search for people they've met over the years?

Also, how much of the perceived "creepiness" of someone searching for someone on LinkedIn just a variation of this: http://thedoghousediaries.com/1042 ?

I did the "attractive women" thing (took a hit for the team, for science) and that was absolutely true. The odd thing was, the first random girl I clicked on was this girl I kinda had a crush on in college (all my "People you may know" recommendations were from college, even as I'm three years out) who happened to be Asian. Then...all of the "Also Viewed" were fairly attractive, well-groomed Asian women. Isn't that interesting? I thought at the very least it would break me out of race, but apparently they're their own class.

The other thing I'll say is perhaps this author is tapped out of "People you may know" and LinkedIn is simply guessing . Mine looks fairly reasonable, random, and not like they were digging particularly deep.

I routinely get suggested to connect with people I've never even emailed or who used email account I closed a decade ago.

It's reasons like this I wish someone would do a Public/Private key based p2p social network. Essentially you digitally sign a key that you know someone and that's how you derive connections. Seems like you could implement browsable profiles as well.

Its a great idea, but I think everyone who has had it is stopped when they look at just how unwilling people are to exchange keys (or understand them) and how unwilling browser companies are to put effort into interfaces for managing keys (both of these obviously feed into each other).

The type of user who uses public keys usually knows better than to use server-side key management on a social networking site (however pretty the interface may be.)

Oh definitely, that's why I highlighted the lack of innovation in browsers for handling keys and encryption/decryption. This all needs to happen locally (not the trendy thing these days) and the current tools aren't at the level where that's going to happen at a large scale.

There would still be the key-exchange problem (I can't imagine a system that would make it easy for non-technical people to exchange keys out of band, even if you could explain why that was necessary and what it means), but with good browser tools I bet the number of zero-knowledge type sites/p2p networks would explode.

I think if you take away the need to it to be really truly secure it's workable. Social profiles aren't nuclear secrets, they are just posts about topics and pictures. I think if you embed the private key with a symmetric key password that would be good enough. I do wonder why that hasn't been done especially in the era of native mobile apps.

The OP site is down so I don't know what they are citing as "creepy"... but I never considered LinkedIn to be a social network. It has always just been a professional network. It is my always on, mostly up to date resume. It has the who/what/where/when of my employment history. I have only accepted connections from people that I have worked with (and even then only those I actually worked with... not just anyone that worked at the same company but does not actually know me in some way) or friends that are in similar fields (and the rare cases of recruiters I've dealt with regarding employment). It actually bothers me that people use it to post twitter/facebook style status updates. LinkedIn is the last place I would think to read about someone's breakfast choice... but I've seen those updates before.

Sorry about the crash, its back up now!

I'm usually pretty careful about picking technologies and websites to use. I've steered clear of linkedin and as time goes on, I'm pretty happy with that decision.

LinkedIn leaks privacy information through their "also viewed" section.

Applied to a new job and started working there, after a few months I decided to look up my managers LinkedIn profile, only to notice that on his page the "also viewed" section showed employees from my older company and family. So yeah, so now I know he was trying to figure out more about me through LinkedIn.

I'm not sure this is a bad thing. In your example isn't a good thing to know your new boss did this?

Social networks encourage creepy behavior amongst their users. LinkedIn lets you know who viewed your profile while Facebook doesn't. Personally I'd rather know.

Not a bad thing for me no.. this time!

I don't think anyone is giving explicit permission to let the world know they have been snooping around other people's profiles. Although this information is not directly published it leaks through their "features".

Eh, LinkedIn says that there are other people that work for my company that I might know. The only problem is, I'm an officer of my company, I know everyone who works there and they're all on my Linkedin. The people its suggesting, work for a similarly named company, about 1000 miles away... Score 1 for accuracy...

I don't like LinkedIn for similar reasons but I somehow feel I will offend people if I drop out, and I have had some decent leads from it over the years.

The import contacts feature is particularly nefarious, it says "import" but it actually keeps checking down the track (or at least it used to work like that).

How was Doug connected ? Doug while only communicating with you via email imported his contacts. His contacts include you. There's the connection. Works similarly on FB. When that business associate imports contacts aka connections, they find you on the other side :) It's really that simple

funny this should come up today. the girl i am currently dating happens to be both attractive and asian. i was on her linkedin yesterday and noticed that the "people also viewed" widget was 100% other young, good-looking asian women. so, add race as a vector to the linkedin creep graph...

I'm glad I wasn't the only one who noticed that. I was admittedly hesitant to add that part to the story.

Looks like his site was taken down or something. Its redirecting to the wordpress setup page.

Back up now, server couldn't handle all the database requests.

I see LinkedIn as something akin to going to networking events. They really really want you to network, and they make some reasonable assumptions about your inhibitions. That's what their paying customers are there for.

Redirected to your install.php file at this URL:


probably worth pointing out that LI doesn't have ads and makes its money from subscribers, most of whom i'm guessing are sales/recruiting.

from a pure-business-no-ethics perspective, why would you care what anyone else thought? w/ that point of view: every connection or link, however creepy, makes the system as whole more valuable to subscribers.

personally, the feature doesn't have enough churn, so i always see the same 5 faces, 99% of the time it's background...otherwise it would probably creep me out slash annoy more.

I also don't like how they recently changed the invitation email titles to "XXX, good to see you on LinkedIn", as it makes it look like it's a personal message, when it's not.

As a hacker, I consider seeing

Error establishing a database connection

as more creepy :)

haha good point. It's fixed now.

I don't know, LinkedIn seems a lot less creepy than Facebook. I mean some of the ads I get hit with would make many folks blush.

"some of the ads I get hit with would make many folks blush"

I'm guessing the "likes" you have that cause the targeted ads to hone in on you would also make many folks blush.

At least, before I shut mine down some months ago, I had plenty of interesting likes but I never had any ads that didn't match my content.

I appreciate your insinuation about my "likes". I don't really have anything "liked" on my Facebook but please, go ahead and tell me about how my personal preferences are affecting my online experience.

I'm happy that your anecdotal experience was different from mine, but your empirical evidence does not undermine mine.

Good day sir.

Facebook tends to base these ads around collected data and demographics, the targeting is not generally random. Perhaps other sites you've browsed that share data with Facebook's advertising network?

I suppose there's also the possibility of malware replacing FB's ads with their own.

If you're a programmer I see no reason to have a LinkedIn profile. GitHub is better for résumé and networking.

I don't have a linkedin account. Should I? Does it provide value I can't find elsewhere?

I get far more quality recruiters contacting me that I ever have from sites like Monster, most of the ones on LinkedIn know the difference between Java and JavaScript and they don't take the one line in my history 5 years ago that said I helped build a printer script in C# that was used by a clients SAP system to mean I have 15 years SAP experience.

I think it's the best / most ubiquitous way to always have your up-to-date resume available, and to keep in touch with industry contacts.

I like the hard copies Careers 2.0 prints out better but the Industry contacts on LinkedIn can't be beat.

The value I get from it is mostly gathering intelligence about companies (e.g. size, new hires/leaves, key people in similar roles, etc), much less about actual "socializing". I very rarely initiate a connection, most of my (double digit only) contacts are by accepting invitations.

I find it to be a good way for recruiters to find me. That may or may not be something that you want.

Wow, it looks like interactually's site has been hacked

Yea, I would do something, I was redirected to the wordpress installation screen..

Lesson of the day: Don't go to lunch after posting an article like this. I got it handled as soon as I got back!


Just deleted my account today.

Y'all know that I worked for Google. On this topic, I can only say good things about the place. When it comes to privacy and PII, Google holds itself to an extremely high standard. Many of these "social" innovations that are popping up on the market place were rejected out-of-hand at Google because it holds itself to an extremely high ethical standard regarding user data, as it actually respects them.

I was shocked, for example, when I learned that a certain social network gives universal profile access to employees as a perk. That would not happen at Google. If you looked at your high-school ex-girlfriend's email, you'd be fired immediately (and deserve it).

Social is creepy, because it's all about being defined by other people, which is ridiculous and horrible. What, so do I suck at Programming Languages because I haven't trolled my 25 closest acquaintances for endorsements? Am I really going to become more credible in Machine Learning if I get 15 strangers to "endorse" me?

The major conflict in "Social" is what I call "Document vs. Improve" (or: Exploit vs. Explore). A social app can expand the web of social connections and make it more efficient, but (a) that's really hard, and (b) there isn't a lot of short-term money in it. Or it can document social relationships that already exist, and make a shit-ton of money off the data. That's easy, but it doesn't actually make anyone's life better. Guess which one the mainstream social players favor?

What I find depressing about LinkedIn is how much it has play-by-play replicated the old, broken way of doing things. Resumes. Titles and dates of employment. Recommendations. Recruiter spam. It feels like the Wayback Machine took us to 1995.

> When it comes to privacy and PII, Google holds itself to an extremely high standard.

With all due respect, but you've gotta joking.

Google doesn't even hold itself to the standards set by the laws in countries it operates in. Laws that are for now still full of loopholes Google happily exploits with zero restraint, despite knowing full well (not in the last place because they've been warned on a regular basis) that this at the very least violates the intent of those privacy laws.

Also, Google has been actively lobbying against privacy protection laws in the EU for several years now.

Considering that, for years, Facebook had a universal password that would log you into anyone's account, I'd say that Google's standards are significantly higher than other players in the social sphere.


This is a non-argument. Just because other actors do certain things does not excuse ANYTHING. Period.

Well, the claim was that Google's standard is higher than that of (some) other actors, so the behavior of the other actors is kind of directly relevant...

What exactly makes you think Google doesn't have this feature?

From my experience interning twice at Google, I was very impressed by their standard for privacy and the protections they had put in place. They have teams dedicated to just researching ways to improve information security.

Two projects I found fascinating: 1) A system that analyses all attempts and actual accesses to user data by employees (this access it self was very regulated on a need-only basis), determining whether the given user that was accessed falls somewhere within the employee's likely social graph, and flagging anything suspicious to their security team. So if an employee tried to view their ex's info, or their friend's roommates info, etc. the system would auto-flag them and an investigation would likely result in that employee being immediately terminated.

2) Much of Google's data is accessible by many production services. This is a security weakness, however, there was a project to make the data layer enforce security constraints so that applications could only access data relavent to them, and additionally also enforcing security on a user-level (so an app could only access that user's data if it had an access token for that user). Mind you, this is not even limiting admin access, this is actually preventing the code from accessing the data even if the app's built-in security features fail.

  | Also, Google has been actively lobbying
  | against privacy protection laws in the EU
  | for several years now.
Don't some of those same laws have data retention requirements[1] or are those separate laws?

[1] Could be a requirement or a limitation. If your company keeps data indefinitely, then maybe a law saying, "everyone keeps records 2 years, then destroys them" is a limitation. On the other hand, if you retain no information, then it's an extra burden, and an erosion of privacy.

Not all laws in all countries are worth holding oneself to. For example, Russia has official internet censorship, does it mean Google should now support censorship too because some country has laws about that?

By what legal standard should Google be held, then? Are you really advocating the multinational/Internet companies pick and choose what laws they follow according to their own needs and whims?

I'm not advocating anything like that. I'm saying before criticizing Google for trying to avoid or change the laws, it may be useful to consider if these laws are actually good idea. If they are not, all props to Google for trying to circumvent or repeal them.

I do not see why one needs "legal standard" to evaluate somebody's actions. Why not use the standard that is supposed to be the base for the legal standard instead? If in some country it is illegal to publish links that the government thinks are inappropriate, and Google doesn't like it - why would we consider Google being in the wrong?

You need a legal standard because the Russian censorship you describe is a matter of existing law. Also, note Yahoo's experiences with France.

It is a matter of law - means the government wants to enforce it. But why I have to agree with it? I do not have any obligation to respect anything the government of Russia or Iran does.

If you're doing business there, you do. If you're not, then let their firewall or whatever deal with it, but I doubt that's Google's situation.

To the extent that it is feasible, we should follow moral and ethical principles, not laws.

In an online chat discussion? Google should be held to the standards of decency described by the poster himself.

Stating, "Google is not good at privacy because they violate some law and I like that law." Is a perfectly valid argument.

Stating, "Google is bad because it doesn't follow a privacy law I won't describe, in a random country I won't name." Does not advance the conversation in any meaniful way.

Whats wrong with lobbying against the laws which you think are bad? In a democratic process, you can (and do) end up with laws which are crappy/outdated/unjust. Lobbying is a legitimate way to tackle this problem.

s/bad/unprofitable for a corporate entity/

Fixed that for you.

You just made my general point in a specific use case. Anyone (individuals, groups of individuals, corporate entities...) should have freedom to voice against laws they don't like.

Could you provide some examples and some links if possible. I do not know the specifics of what you are talking about.

a certain social network gives universal profile access to employees as a perk

This is a rather insidious thing to say without naming the network, particularly in a comment on a post about a particular network. Which is it?

I know that both Facebook and LinkedIn have similarly strict rules about what user data you can look at.

Throwaway because I learned this while NDAed (on-site interview for an internship over 4 years ago), but Facebook USED to allow employees universal profile access. I heard this from the recruiter who took all of us interviewees to lunch and showed us around, etc. - she said she had used it once to look up some dude she thought was creepy. I'm pretty sure they've since changed their policy. Not sure if OP was referring to Facebook or some other company, though.

Personally I'd argue that this isn't QUITE equivalent to giving employees access to all users' email accounts. That would be a better analogy if they were giving employees access to users' private messages.

From what I have heard they locked that down years ago. Overriding default rights to go admin was logged and if it wasn't justified, the employee who did it was fired. Later, I'm not even sure if it remained an option to manually override it, even with the oversight.

That's pretty horrendous that a recruiter would mention that to you. I'd heard initially there was a master password for fixing things before they had a proper login/auditing setup for account access.

Didn't think people would actually be logging into accounts on a whim to check out users.

It wasn't that they could log into any account they wanted (that would be much worse); it was that they could view any profile page they wanted, so it was essentially like an employee could become "friends" with a user, without the user knowing, and without the user's consent.

Le me first say that I don't work for LinkedIn :).

However, it has been quite helpful for me. A year ago, I was not happy with my job. I worked hard and long hours and felt like I was going nowhere. At the same time I didn't try looking for a new one because I didn't have enough confidence in my work experience.

All that changed when a HR manager from a different company found me through LinkedIn. We clicked really well. I am getting paid more than what I used to and I love my job. I also got promoted a few months ago.

Since that experience, I have changed my attitude about job hunting. Now, I am always on the look out for the next big opportunity. LinkedIn helps with that without me putting in too much work.

FYI, I have no endorsements on my profile. Just my basic resume.

Yup, instead of you finding jobs, jobs finds you. Which totally changes the leverage to favor you.

Amen. The new endorsement feature is typically a sign of "how hard is this person looking for another job" which as a quality signal, may be inversely correlated with their capabilities.

LinkedIn seems to be expanding as a magnet for scummy and crappy recruiters. Awesome strategy guys. I love getting unsolicited phone calls from clueless strangers. At least I can ignore emails.

I think the business model for LinkedIn is to try and replace salesforce.com. Eg, maintain customer contacts on an interactive database.

The job search aspect is useful, but it needs work. targeted postings seems a lot less intrusive. the recruiter angle, selling premium access to my contact details is just obnoxious. gives us a good reason to shut down the profile.

Endorsements seem to work OK for people in my network. I've never known anybody to actively solicit endorsements and I think that my network's endorsements are fairly accurate. I find that people making large updates to their profile is a better indicator of whether someone is about to leave.

I've worried about endorsements as a negative signal also, but mostly because my mom keeps endorsing me for technologies that don't mean anything to her. :-)

Or my business-oriented suitemate who endorsed everything I listed in the hope that I would do the same for him. Because apparently that's something that the kids in Business School brag about to each other? (he says it is)

"broken way of doing things. Resumes. Titles and dates of employment. Recommendations. Recruiter spam"

How would you do it differently ? Genuinely interested in your opinion on this.

They should play up whatever the person does 90% of the time. For Engineers that could be demonstrated by the following profiles: GitHub, TopCoder, StackOverflow, Quora, etc. Just get right to the heart of what they do and what their skills are in a way that demonstrates those skills. That's what's missing. Everything else, and most of what is currently used, is a misguided attempt to gauge or estimate what really matters by asking about everything other than what matters.

Great question, and it'd take me a long time to answer.

My first thought about resumes is that they serve two purposes, one legitimate and one not:

(a) social status grading, which is easy for douchebags to game and for extortionists ("do <X> or I'll fire you and give you a bad reference") to abuse.

(b) a list of "ask me about <X>" topics where X ranges over areas of professional expertise and interests, so they can probe you during the interview as to what you actually know.

I'd focus on (b) while throwing (a) to the wind. One thought I had is an "allocate 20 points" system. You don't actually have to prove anything because resumes suck at that, but if you put "Machine Learning: 7" that shows that you view yourself as being "35%" Machine Learning and are fairly comfortable discussing it on an interview.

This leads to the concept of a scarce graph, which is weighted but also imposes granularity (e.g. 20-point limit with 1-point minimum units) to prevent sprawl, and forces people to prioritize. Running graph algorithms against scarce graphs, with data pertaining to peoples' desires for connection (new jobs, new candidates) could be interesting.

So there's that. You get as much legitimate information out of a 20-point allocation of interests and experience as you would out of a resume or a job posting. What you don't get is the social status bullshit (dates and titles).

Ok, onto fixing the labor market in general, I think the best solution I can come up with is to build this: http://michaelochurch.wordpress.com/2013/05/07/fixing-employ...

That's Part I. Part II comes from the fact that, if Part I is build, people are going to want to get better, fast, at marketing themselves so their call options trade at a higher rate. That leads naturally into career coaching (a better model than traditional recruiting) but also into objective evaluation of, for example, source code quality. Now we can actually verify that, yes, John is a top-notch programmer and his $200/hr-struck call options actually aren't out of the money.

Part III would be to use all the professional development data thus gathered and start scoring employers based on how much value they add to peoples' careers. How fast does a typical person grow, as a programmer, after 2 years at Google? What does it do for that person's employment potential 10 years down the road? Those would be great things to know.

I like your idea of point allocation (especially if we can include STR, DEX, and INT). But how do we set up the taxonomy of attributes? Particularly with hierarchical relationships (ex: is Machine Learning a subset of AI?) you'd want rough consensus if you're going to run graph algorithms over it and conclude anything beyond data-visualization style "Look, pretty data!" data pron.

That's one of the hilarious things about linkedin attributes; people accrue tags that have vastly different importance depending on context. But hey, it's hard to say no to someone else vouching for my Computer Animation trait, whatever that means. It has the same sort of vague benefit with negligible cost situation as friend graphs. This is why I like your idea of careful scarce allocation, vs. limitless accrual. Information is only meaningful inasmuch as it represents choice.

It would be way more fun to write up a personal character sheet than a resume. We need an open RPG system for real life!

> What I find depressing about LinkedIn is how much it has play-by-play replicated the old, broken way of doing things. Resumes. Titles and dates of employment. Recommendations.

Old, yes. Broken, no (at least not for the examples you mention). They work, they're familiar, and so they're a much easier "sell" to prospective users.

> I was shocked, for example, when I learned that a certain social network gives universal profile access to employees as a perk. That would not happen at Google. If you looked at your high-school ex-girlfriend's email, you'd be fired immediately (and deserve it).

I worked for a social network that gave universal profile access for every employee, even a specific admin function to log in as any user, but it was never treated as a perk, but a tool to fix errors in their profiles and such. There was no explicit rule about using it for snooping and there was indeed a fair amount of it (more impersonal, "look at the (possibly private) photo of this user" than "let's see how's doing my ex-girlfriend"); however, the shadier uses of the tool were definitely not encouraged and I think someone got into trouble for doing things he wasn't supposed to. After all, they weren't stupid, they kept a log of such accesses.

Problem is that standards erode under pressure from share holders and crummy boards. This sort of thing needs to be a law, and not a company policy.

> When it comes to privacy and PII, Google holds itself to an extremely high standard. Many of these "social" innovations that are popping up on the market place were rejected out-of-hand at Google because it holds itself to an extremely high ethical standard regarding user data, as it actually expects them.


Privacy is not about tehnical details, it's about (ab)using users data. And btw you are also frontend to CIA,FBI,... so sorry to burst your bubble, same shit as facebook, amazon, ... You should all unite and call that corporation Little Bros United >:-)

> When it comes to privacy and PII, Google holds itself to an extremely high standard.

Except that Google has for some time now been waging an all-out assault on the concept of anonymity, which at least in my mind is an important part of privacy.

As long as LinkedIn continues to get me high paying jobs, it is all good.

Site's down.

Back up now, sorry about that!

Applications are open for YC Winter 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact