Ask The Headhunter: A Challenge to LinkedIn — Grow Some Integrity!


By Nick Corcodilos

LinkedIn should be more transparent about what they’re doing with members’ email accounts, argues Nick Corcodilos.

Nick Corcodilos started headhunting in Silicon Valley in 1979, and has answered over 30,000 questions from the Ask The Headhunter community over the past decade.

In this special Making Sen$e edition of Ask The Headhunter, Nick explores members’ allegations that LinkedIn is gaining access to their email contact lists without their permission. He’s written previously about LinkedIn as a job board and users’ reactions to it.

Next week, he’ll return with insider advice and contrarian methods about winning and keeping the right job, on one condition: that you, dear Making Sense reader, send Nick your questions about your personal challenges with job hunting, interviewing, networking, resumes, job boards, or salary negotiations. No guarantees — just a promise to do his best to offer useful advice.

Is LinkedIn misusing your email passwords and spamming your contacts with repeated solicitations in your name to join LinkedIn or to “connect” with you? LinkedIn says it “will not store your password or email anyone without your permission.”

But many of its users say that’s not true.

Now the controversy is front and center in The New York Times, Bloomberg News, Computerworld, The Los Angeles Times, and other news outlets.

Members Complain

A LinkedIn user recently posted on LinkedIn:

LinkedIn likes to say its network is built on integrity and trust. But recently members of LinkedIn filed a class action suit in San Jose District Court complaining about:

“…LinkedIn’s practice of breaking into its users’ third party email accounts, downloading email addresses that appear in the account, and then sending out multiple reminder emails ostensibly on behalf of the user advertising LinkedIn to non-members.”

How is it possible for LinkedIn to download email addresses from Google mail or Yahoo mail accounts? The suit says:

“When users sign up for LinkedIn they are required to provide an external email address as their username and to setup a new password for their LinkedIn account. LinkedIn uses this information to hack into the user’s external email account and extract email addresses. If a LinkedIn user leaves an external email account open, LinkedIn pretends to be that user and downloads the email addresses contained anywhere in that account to LinkedIn’s servers. LinkedIn is able to download these addresses without requesting the password for the external email accounts or obtaining users’ consent.”

On Sept. 24, 2013, another LinkedIn user complained that people are accepting invitations from him — that he never sent:

A NewsHour reader, A. White, from Ontario, Canada, says LinkedIn didn’t stop at the Gmail contacts she wanted to invite to her network.

“They accessed and contacted everyone in my contacts. Some folks I really never wanted to hear from again. When I complained, they said I must have made a mistake and given them access to all. I know I didn’t.”

White got so frustrated that she canceled her membership. But it didn’t end there, and White’s experience suggests LinkedIn keeps right on using members’ identities after they resign:

“When I unsubscribed, as I was furious, I found that I was still receiving requests from LinkedIn. One person was someone I’d not heard from for ages so I clicked on the button. I was told to sign in as I already had an account! Huh? I’d unsubscribed. They steal contact lists and you are theirs forever.”

LinkedIn Claims No Foul

LinkedIn spokesman Blake Lawit posted a statement on Sept. 21 denying the accusations in the federal lawsuit. “We do give you the choice to share your email contacts, so you can connect on LinkedIn with other professionals that you know and trust,” Lawit wrote.

The legal controversy notwithstanding, I think the bigger problem is that LinkedIn has not addressed concerns raised by members who are clearly upset about the company’s behavior.

Whether or not a court finds LinkedIn violated the Stored Communications Act or California’s Comprehensive Data Access and Fraud Act, LinkedIn has a higher authority to answer to: Its members.

Lawit echoes the disclaimer on its online registration pages: “We never send messages or invitations to join LinkedIn on your behalf to anyone unless you have given us permission to do so.”

I get it: LinkedIn’s position is that those suing gave LinkedIn permission to email solicitations to their contacts — so they can’t hold LinkedIn liable.

Sorry, but according to one litigant, that doesn’t wash. John Weaver, cited in the legal complaint (p. 14), says he’s receiving invitations from people who have confirmed they did not send them:

“How come I’m getting unauthorized invites from people NOT in my address book? The last 10 invitations I received I asked all 10 if they sent it or not… Out of the 10 — 8 said they had sent no such thing… So how do we get invitations from people who don’t send them and they are not people I know and their emails are NOT in my address book??”

LinkedIn: How the Harassment Works

Is it possible that new LinkedIn members actually ask to have their email lists appropriated and their contacts spammed — but just don’t realize they’re doing it? I decided to observe while a new member signed up for a new LinkedIn account.

After the user provides his email address to register, in step two, LinkedIn tries to get the password for his email account on a third-party webmail service (identifying information is redacted):

The user chooses to “Skip this step” because he does not want to share his email account’s password. (Read that closely. LinkedIn is not asking for the user’s LinkedIn password; it is asking for the password of his email account.) You’d think LinkedIn’s efforts to gain access to the user’s email would end here.

But LinkedIn tries again, immediately, with another pop-up:

Without any explanation about what would happen to his contact list, LinkedIn prods the newbie to hand over his password by telling him he’d “miss out on easily finding people you know.” (Since writing this column, I’ve changed my own policy about accepting “connection” invitations: “Join My LinkedIn Big Data Gang-Bang.” I no longer restrict connections to people I know or have done business with.)

You’d think that would be enough. But, much like an online job application form that demands certain information before letting you proceed to the next step, the sign-up process will not proceed. In other words, the “skip” option doesn’t work and there is nowhere else to go.

The frustrated user closes the browser window entirely, but then tries to log into LinkedIn anyway. Wonder of wonders: He is able to log in with his new account. But LinkedIn tries again to get at his email list.

Add his e-mail address? LinkedIn already has his address! (The address is redacted, but it’s important to emphasize that it appears on the form before the user does anything.)

The user clicks “continue” and opens a window to the website that hosts his email account, and he is asked to sign in with his password. Suspicious that LinkedIn might harvest his email password, he closes that new window and instead clicks the tiny “skip” link.

Yet another window opens that presses the new member a fourth time to “See Who You Already Know on LinkedIn.”

Enough Already

The user has already declined three times to provide access to all his contacts. Now he is asked a fourth time. Is it any wonder that some users finally acquiesce, even if it’s only because they’re confused about whether LinkedIn already has their email information?

That last invitation (above) is not about “who you already know on LinkedIn.” It’s about sucking your entire email address book into LinkedIn’s database.

How many attempts to get “your permission” are enough? And that’s just during the registration process. Once you join, LinkedIn’s drive-by dialog boxes keep asking for your email contacts and suggesting you import everyone you know.

LinkedIn chairman Reid Hoffman and CEO Jeff Weiner are playing deaf. Their users are loud and clear: This is too much.

What LinkedIn Is Really Saying

Lawit denies that LinkedIn violates the law. He says, “Our core value at LinkedIn is Members First.” He completely skirts LinkedIn’s obligation to address the very real problems raised by both the litigants and all the other angry users who have posted on LinkedIn’s own discussion forums.

But what’s most telling is that Lawit’s entire “setting the record straight” statement does not deny that:

  • LinkedIn acquires members’ email passwords and accesses their email accounts on third-party mail servers. (That is, their Gmail, Hotmail, YahooMail, and other email contact lists.) There is no indication that LinkedIn ever stops doing this once it starts. Who’s to say that LinkedIn isn’t also reading members’ emails?
  • LinkedIn sends messages and solicitations to join LinkedIn on the members’ behalf, but not necessarily with their knowledge.

What LinkedIn is saying is that it first obtains your permission — whether you realize it or not.

This falls into the “gotcha” category of “what is legal.”

What motivates LinkedIn? That’s simple. A former LinkedIn employee, Brian Guan, a programmer, has disclosed on his blog that “‘Team Money’ is the internal nickname for the Monetization Team responsible for developing and maintaining revenue generating products for LinkedIn.”

Monetization Team? Team Money? What kind of hubris is that? I think it’s indicative of an arrogant, totally disconnected company culture that rationalizes abusing its members for its own benefit.

I Think the Litigants Are onto Something

It’s easy to see how new users get railroaded into giving LinkedIn access to their mail lists. You just get sick of all the repetition, and you figure, “I already gave them my email address,” so you click the big “continue” button and you re-enter your information — including your password — just so you can get on with what you’re doing.

And BAM! — LinkedIn accesses your email account, takes your contact list and spams your list in your name with your permission.

I watched a new member get driven to his webmail account’s log-in window again and again. If he hadn’t been vigilant, he’d have shared his entire contact list. Likewise, people are accustomed to logging into a website via their Facebook or other social media account. But they fail to realize they are already logged into LinkedIn, and the request for a Facebook login is redundant and completely suspicious.

That’s why I think the LinkedIn litigants are onto something.

Even if LinkedIn has not broken the law, it clearly depends on amassing members’ private email lists by misleading them into first, granting permissions they don’t intend, and second, forking over lists of their friends, professional contacts, ex-spouses, and, in one case, a mentally disturbed individual that the member had no wish to ever be in contact with again.

Mr. Hoffman, Mr. Weiner: You are sneaking past your weary new members’ defenses by repeatedly assailing them with misleading demands for their email account passwords and contact lists, and by claiming it’s their own fault if they trust you. I challenge you to grow some integrity. Your denial of legal violations means nothing when you’re violating the trust of your members in the court of public opinion.

Dear readers: You can advance your career and your job search without relying on LinkedIn because success is all about getting in the door by making real inside contacts — not by waiting for sixth-degree connections and silly endorsements. This takes work. But it works. Start here:

The Basics

Getting in the door

Who will lead you to your next job?

Job Hunting: I’m lousy at selling myself!

Skip The Resume: Triangulate to get in the door

Don’t Get Hired, Get Acquired: Audio from Cornell workshop

Did you ever give LinkedIn permission to access your email list to build its network? Do you believe LinkedIn has taken your email list without your permission and used it to solicit people in your name?

Nick Corcodilos invites Making Sense readers to subscribe to his free weekly Ask The Headhunter© Newsletter. His in-depth “how to” PDF books are available on his website: “How to Work With Headhunters…and how to make headhunters work for you,” “How Can I Change Careers?”, “Keep Your Salary Under Wraps” and “Fearless Job Hunting.”

Send your questions to Nick, and join him for discussion every week here on Making Sense. Thanks for participating!

Copyright © 2013 Nick Corcodilos. All rights reserved in all media. Ask the Headhunter® is a registered trademark. This entry is cross-posted on the Rundown — NewsHour’s blog of news and insight.