LinkedIn ‘does a Facebook’ – your name and photo used in ads by default

LinkedIn 'does a Facebook' - your name and photo used in ads by default

I’m not a LinkedIn user – at least not yet, though I suspect that like many of my friends and colleagues I may eventually feel compelled to “be there or be square”. As a non-user I haven’t been tracking changes to the default privacy settings of the service, or the implications of those changes.

Neither, it seems, has most of the rest of the world.

Nearly two months ago, LinkedIn updated its Privacy Policy. To give the company credit, it did prefix its official policy with a summary, and it provided a link at the top of the policy page to show you the changes since last time. (For programmers: this takes the form of a changelog, not a diff.)

That’s just as well, because LinkedIn’s Privacy Policy runs to almost 6400 words – that’s about 10% of the length of a respectable novel.

Even the summary and the changelog top 1000 words each.

And, as blogger Steve Woodruff pithily points out, amongst the changes is an on-by-default new feature that you may not yet have seen, definitely need to know about, and almost certainly want to turn off:

LinkedIn may sometimes pair an advertiser's message with social content from LinkedIn's network in order to make the ad more relevant. When LinkedIn members recommend people and services, follow companies, or take other actions, their name/photo may show up in related ads shown to you. Conversely, when you take these actions on LinkedIn, your name/photo may show up in related ads shown to LinkedIn members. By providing social context, we make it easy for our members to learn about products and services that the LinkedIn network is interacting with.

Crudely put, LinkedIn will mine your usage habits to determine what products and services you’re interested in, and then use your name and photo in what amounts to an endorsement for those products and services when they’re advertised to other users.

This feature is opt-out, even though it reduces your privacy and infers your goodwill, and even though it wasn’t part of LinkedIn’s service when many current users signed up.

Like Facebook with its controversial and much-dissected opt-out facial recognition functionality, LinkedIn has snuck this one in under the radar.

As we said on Naked Security nearly two years ago – this time with Facebook crossed out, and LinkedIn written in in crayon [*]:

Dear FacebookLinkedIn,

Why not lead the way on privacy?

Become truly opt-in - not just on the basis that a new user opts in altogether by joining up in the first place, but on the basis that everything is locked down until a new user opens up each feature.

Don't wait until the regulators in the world's developed economies start legislating to make you do so. Take the lead. People will love you all the more in the end.

You can do your bit to get the message across.

Firstly, you can cut-and-paste the above letter and email it to LinkedIn at As a subject line, try something like this: An observation about your new opt-out Manage Social Advertising option.

Secondly, you can turn the offending option off. From the pulldown menu under your name at the top right of your LinkedIn pages, choose Settings. Then choose the Account tab at bottom left, and click Manage Social Advertising.

Or you can visit the Privacy Policy, in which LinkedIn has (to its credit) included a link in the relevant part of the policy which takes you directly to the above opt-out dialog.

If you’re on LinkedIn, and want to keep abreast of the latest security news, join the Naked Security LinkedIn group.

* With apologies to the Fish Licence sketch by Monty Python’s Flying Circus.