Hacker News new | comments | show | ask | jobs | submit login

One of the other subtle things they do with metadata is their fascination with IP addresses.

Intro will enable LinkedIn to have the IP address of all of your staff using it, and thus (from corp Wifi, home locations of staff, popular places your staff go) they will know which IP addresses relate to your staff members (or you individually if you are the only person on a given IP).

This means that even without logging onto LinkedIn, if you view a page on their site they can then create that "so and so viewed your profile", which is what they're selling to other users as the upgrade package to LinkedIn.

Worse than that, as a company you can pay to have LinkedIn data available when you process your log files, and from that you know which companies viewed your site. And that isn't based on vague ideas of which IPs belong to a company according to public registrar info, this is quality data as the people who visited from an IP told LinkedIn who they were.

Think of that when you're doing competitor analysis, or involved in any legal case and researching the web site of the other party.

And VPNs won't help you here, as you'd still be strongly identified on your device and leaking your IP address all the time.

There are so many reasons why this LinkedIn feature needs to die a very visible and public death, and very few about why it should survive. It's a neat hack for sure, but then so were most pop-up and pop-under adverts and the neatness of overcoming the "impossible" is no reason this should survive.

Worse than that, as a company you can pay to have LinkedIn data available when you process your log files, and from that you know which companies viewed your site.

To give a real world example of how true this is, I have a friend that owns a service company. He subscribes to Visistat for which he embeds a small snippet of Javascript into every page in his site. He uses a product of theirs called LeadCaster which then identifies the company name and often the contact name of people that visit the site. How does it do this? Look at Visitstat's Learning Center for an explanation:

NOTE: Contact information is supplied by the contact databases of Data.com (formerly Jigsaw), NetProspex and LinkedIn. Not all information will be available for every company and listing, however, your reports will show all the data we are able to access for you.

So for a real world example that he told me about a few hours ago, a lady was on his website. She left without doing anything more than viewing a few pages. Through Visistat, he was able to get her company name and contact information from LinkedIn. He looked up the phone number for her company and called her. He then said, "I understand you're interest in ..." She replied, "How did you know I am interested in ...?"

This is spooky as shit and almost made me delete my LinkedIn profile today.

On a side note, was your friend really that stupid? To call and say "I believe you're interested in our service" and not realize it would have this effect? That's amazing to me. A few years back we used a service called "Leadlander.com" It would tell us domain names that visited our site and what they did. We sold into large ISV/tech co's. So for example we might see someone from "Autodesk" showing up and looking at several pages over multiple days. I confess when we saw that we would email someone high level there and say "Hi, this is what we do and how we help companies. Not sure if this could be applicable to your or not but" Naturally more than once we got "You know, the funny thing is we are just starting to look at doing something like this"

Someone told me over the weekend that some companies use your cookies to track down prices and adjust their prices based on your surfing behavior.

These friends of mine discovered it while browsing an airline website, each with his own laptop, only to discover different prices being offered. Which they found very strange, given they were seated next to each other.

After cleaning the browser history and visiting the same web site with anonymous mode on, both got the same prices being offered.

I heard that Airlines do not like you shopping around for prices from someone who did this research. They log you when you first come on their site. If you come back 2-3 days later, they will jack up the price, presumably to scare you into buying tickets.

Yes, I heard the same story from these friends as they were telling me this.

One of them works for a travel agency.

What's the best work-around to avoid this price jack?

clearing cookies, or just using incognito mode in whichever browser you are using usually does it. They've been doing this for at least a decade now, IIRC.

I'm surprised it's legal. Didn't Amazon have to backtrack on something like this?

They did backtrack, but because of PR reasons, not legal ones. Unless there are antitrust issues, it's perfectly legal to offer different prices to different customers.

Semi-related fun fact: at least on American Airlines' Gogo service, in-flight wifi requires you to pay for each device separately and charges more for laptops than for mobile devices; but it just checks your MAC address and user agent, respectively. Have your laptop browser identify as a mobile to get the better price, or buy on your phone/tablet and then spoof its MAC address on your desktop to use both devices for the price of one.

This is total B.S.

When you do a search on a travel website (including most airlines official sites) you are actually being served results from a GDS. These companies (Worldspan, Sabre, etc) pull in airline/hotel/etc availability and produce an a search and fulfillment API. They are the reason you can get a flight that connects across multiple different carriers.

I've built a number of successful OTAs (Online Travel Agencies, aka websites) and never once been asked to provide visitor IP addresses or cookies.

In the early days of the internet doing repeated searches would increase prices because these systems were designed for travel agents to do a small number of searches, and a spike in searches was a demand signal. Almost all demand based pricing has been eliminated from air and hotel because of internet "casual shoppers" and price wars.

Well it's true. I've had it happen to me multiple times. Do a search and find a flight at price X. Clear your cookies and repeat search (maybe on another day?). The same flight will show up for a lower price.

Do a google search for "clear your cookies before booking flights" and you can read all about it.

If you're doing it on another day, the inventory (and thus price) probably changed. The price of a seat on a plane is dependent on how many other seats have been sold.

Sorry, my wording was confusing. I'm saying that on another day if you repeat your search you might get a higher price. Then, clear your cookies and search again- boom, back to the lower price. I've seen it happen 3 or 4 times now.

Will blocking third party cookies prevent this? Or is this a server-to-server transfer of regular (second-party?) cookies?

Perhaps partially. Doesn't stop evercookies or IP address tracking or ever more inventive means.

Check out Pardot if you want to get an idea of what's possible. They drop a cookie on you the moment you browse the site and it logs every interaction you have with the site. When you finally sign up or fill in a form somewhere it'll associate those sessions with your new account and let you better target drip campaigns and market to them.

There's a lot of other ways to identify someone. It's like in Serenity -- everything has a fingerprint.

Thanks for your valuable information. I'm glad I deleted my Linkedin profile one month ago.

The only people that are going to use this new feature are people who already use LinkedIn a lot. In which case, they already know your IP addresses, since you're likely using LinkedIn from work, home, and mobile anyway. So if they're mining IP addresses, I'm not sure that this is providing something new.

fyi most of the major marketing automation platforms already let you do this. They're based upon a peer-to-peer exchange of lead information (i.e you identify yourself to one site and they'll sell that information to other sites in exchange for identifying information about other users), hence it's already far more accurate than public registrar information.

Hey Imran (chatted to you in IRC a few times),

I do realise that lead information is sold, and I've had enough offers to sell my own users (which I've declined) to realise just how prevalent the practise is.

LinkedIn sell a fairly complete business dataset. My point is that a lot of people might imagine they could do this, but probably don't really believe that they are doing this.

Then when you add in Intro's almost constant tracking (vs occasionally accessing one of the sites that sells your data - or LinkedIn on the web) it is easy to see just how complete one would be making that dataset.

I'd say that most people don't really understand believe that this happens and how good (if that's the word) that dataset already is.

Which LinkedIn dataset are you talking about ? - Rapleaf used to sell one but I don't think that's available anymore.

Citation needed. There's no reference anywhere on LinkedIn's site to selling data sets at all. The only thing they sell are subscriptions to their site and there's nothing anywhere that indicates any of those include any kind of this data.

If I read this right, Visistat itself says that they aggregate visit data provided by a list of websites that include LinkedIn:


Looking at their live demo it looks like you just sign-in with the linkedin auth and they use the regular LinkedIn API to enrich people information, so it's not anything the average user can't access via Linkedin anyway.

If this is true, this whole thread is full of misinformation.

What platforms do this?

I'm pretty curious how they advertise the fact that they do something like this as well.

marketo for example.

I think I'm confused as to what, exactly, they do that you're objecting to.

Some time ago on HN I remember reading about a company that embeds forms on websites. So if I filled out a contact form on Site A, the third party collects the information, stores a cookie on my computer. Then when I visit Site B, the cookie uniquely identifies me, and the third party company gives my email address to Site B, even though I didn't fill out a form.

Is this what you're suggesting marketo does?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact