LinkedIn makes it too easy to leak contacts’ email addresses

LinkedIn makes it too easy to leak contacts' email addresses

LinkedInEarlier this week my colleague Pablo Teijeira, who is based in our Madrid office, unintentionally shared the email addresses of some of his associates in the computer security field.

We all know how easy it can be to accidentally cc: a whole bunch of people rather than bcc: them, but in this case LinkedIn was at least partly to blame.

No great harm was done on this occasion, but Pablo was still upset that the incident had occurred.

So, why did it happen?

It turns out it’s because of a setting that LinkedIn uses when you share information with others on the business network, that you have to consciously opt-out from.

LinkedIn dialog box

See there at the bottom?

[X] Allow recipients to see each other's names and email addresses

It’s easy to overlook, as Pablo did, and when he tried to do a colleague a favour by suggesting them as a contact to a wide array of associates he mistakenly also revealed all of their email addresses to each other.

I know I would have been miffed if someone had revealed the email address I use on LinkedIn to such an audience.

That’s because, the email address which I use on LinkedIn is not one that I use for any other purpose. I intentionally gave LinkedIn a unique email address, because I was interested to see if that email address would ever be shared with any other service without my permission – so allowing other LinkedIn users to reveal it to strangers is not something I look kindly upon.

I can understand that LinkedIn wants as many of its members to discover each other as possible, but having an option like this doesn’t help you keep your email address private. I would like LinkedIn to change its default, so this option isn’t enabled as standard.

In fact, I would like it if I could be the one who chose if someone else can reveal my LinkedIn email address, rather than leave it to the person forwarding the message. Shouldn’t there be a privacy setting to always keep information like this secret?

PS. If you’re a Spanish reader you might want to read Pablo’s Teijeira’s blog or follow him on Twitter for your Spanish-language security fix.