No, LinkedIn most certainly does not sink its marketing fangs into users’ private email accounts and suck out their contact lists – well, at least, not without users’ permission – the company said over the weekend.
Blake Lawit, Senior Director of Litigation for LinkedIn, on Saturday responded to a class action lawsuit brought last week by four users who claimed that the professional networking site accesses their email accounts – “hacks into,” to use the diction of the lawsuit – without permission.
Lawit’s statement denies the plaintiffs’ accusations:
We do not access your email account without your permission. Claims that we "hack" or "break into" members' accounts are false.
We never deceive you by "pretending to be you" in order to access your email account.
We never send messages or invitations to join LinkedIn on your behalf to anyone unless you have given us permission to do so.
On Tuesday, four LinkedIn users in the US filed the complaint, which alleges that the company “hacks into” users’ email accounts, downloads their address books, and then repeatedly spams out marketing email, ostensibly from the users themselves, to their contacts.
The suit charges LinkedIn with fuzzily-worded requests and notifications when it comes to just what, exactly “growing” a user’s network entails.
On the screen labelled “Grow your network on LinkedIn”, presented when a new user signs up for the free service, LinkedIn works its marketing sneakiness, the suit says, getting into a user’s email account without a password and then snapping up contacts and the email address for anybody with whom he or she has ever swapped email:
LinkedIn is able to download these addresses without requesting the password for the external email accounts or obtaining consent.
If a LinkedIn user has logged out of all their email applications, LinkedIn requests the username and password of an external email account to ostensibly verify the identity of the user.
However, LinkedIn then takes the password and login information provided and, without notice or consent, LinkedIn attempts to access the user's external email account to download email addresses from the user's external email account.
If LinkedIn is able to break into the user's external email account using this information, LinkedIn downloads the email addresses of each and every person emailed by that user.
The suit mentions “hundreds” of user complaints about the practice on LinkedIn’s own site.
It’s not difficult to see why users might well be appalled, given some of the situations they describe on the site’s help center thread on the topic.
One user, Cynthia Hubbard, describes LinkedIn invitations getting sent out “at [her] alleged behest” to a coworker with whom she “had a great deal of trouble”, to five individuals from opposing in-house counsel and corporate defendants in a lawsuit she was involved in, and to a worker’s compensation client she referred to another law firm and whom she would never personally invite to her contact list, among others.
One reader commented on my coverage last week that he or she had read an account on another posting of this story, about a psychologist whose professional email messages to patients had triggered invitations to connect that were actionable malpractice breaches for which he could face disciplinary action.
In his statement, Lawit says that LinkedIn most certainly gives users the choice to share email contacts and that the company “will continue to do everything we can to make our communications about how to do this as clear as possible.”
From what I can suss out, LinkedIn does tell users what it’s up to, but the language is hidden away and is a far cry from “as clear as possible.”
Users have been decrying LinkedIn’s practices for months, at the very least, without any satisfaction.
It’s easy, in a case like this, to blame users for not reading the fine print. That logic holds that free services are only free from a financial standpoint, but you pay, one way or the other, to keep them alive, including letting a service like LinkedIn vacuum up your contacts for marketing purposes.
There’s merit to that argument.
Then again, there’s no excuse for tucking your marketing practices away where they’re not obvious to users.
The hallmark of clear communication is that you don’t wind up with pages full of comments from outraged, surprised users. And that is exactly what LinkedIn is dealing with now, with the added problem that all that user surprise and outrage has festered and is now boiling up into the legal realm.
Image of email access and checking email courtesy of Shutterstock.
15 comments on “LinkedIn denies hacking into users’ email”
Why am I not surprised. After all they promote and let the scam Who’ Who do targeted marketing through their site.
I think LI are being economical with the truth.
I've never given LI permission to suck up my Outlook contacts – but when I got a request to connect to someone (who I am already connected to via my biz as he works for me!) via their personal e-mail address I suspected something dodgy. Looking at the contact list in LI, I could see all the names of people in my Outlook contacts so instantly deleted the lot. As I said, I hadn't given LI any permission to do pull that list in.
And guess what? My co-director found the same as well.
LI need to be taken to task for this.
"LI are being economical with the truth."
Dick, I love that turn of phrase. Beautifully worded.
Same experience as you, but reversed roles of personal and business email addresses. LI are lying sacks. I don't do much with them at this point and am seriously considering just closing out my account.
Marketing by targeting our ego, masked as "growing your network" by accessing email accounts "without permission" is deceptive.
In some country jurisdictions this LI approach may contravene data privacy regulations (personally identifiable information) shared with consent of the "email owner". All parties (LI and the LI account holder) may be in violation in this instance.
LI benefits by selling premium 'upgrades' to new customers, and using our own email account lists as the leverage, is how they are spreading (growing) their customer base.
LI need to be right upfront about this very quickly and correct any hidden away "consent" so its more obvious.
Opt-Out has to be the default "norm' and Opt-In is by explicit "click this button (displaying the terms of engagement) as consent".
Lawyers at 10 paces will solve this problem, as a class action suit, for a fee 🙂
People not thinking about what they are doing. It's this simple, folks: When LinkedIn asks for the password to your email account–and it does, with lots of flowery language around it–STOP and ask yourself "What do they need that for?"
There's no good reason for it–so don't divulge your password. The same sort of people who would blindly submit their passwords are those who would load any old Smartphone app without looking at the permissions it needs.
This is like an intelligence test. If you get a LinkedIn request from someone you barely know–or don't know–they failed.
The problem is – LI somehow gets your contacts without you every giving out the password to your email account.
Other suspect activities include an 'extended network' of people you've never heard of and never knowingly had any contact with and getting the wrong company you might have worked for. I have never worked in California, but LI say I have and got the wrong logo, address, etc. I worked in the UK for company that had the same first three letters but everything else different and included the word 'Europe' – so what part of 'Europe' don't they understand? And it doesn't change no matter what I do to follow their suggestions, they can't get it right.
So why should anyone now trust LI? Nearly as bad, perhaps, as Facebook?
For a fact I know that LinkedIn suggests that you might “know” people that are using the same IP address as you are (e.g. family, colleagues). You can test this easily by creating a fake account and then logging into it at home or the office.
I also strongly suspect that LinkedIn creates shadow profiles of non-members and their relationships without permission (and possibly has hidden profile data on members too), as LinkedIn has the quite extraordinary capacity to suggest people that you know without having an obvious connection.
LinkedIn are lying. I received by email the following. The Reverend Susan B****** swears she didn't send it, nor did she give LinkedIn my email address. In fact she regrets being persuaded by a similar ruse to sign up to Linked In herself. Sorry the HTML would not paste into this, but the text is unchanged, except that I have protected her surname, and have denoted links by the words [Click here to].
From: Susan B****** <firstname.lastname@example.org>
Subject: Invitation to connect on LinkedIn
Date: 25 May 2012 11:58:26 BST
To: Peter Taylor <peterjasontaylor@***.com>
From Susan B*****y
Vicar at Lincoln Diocese
Lincoln, United Kingdom
I'd like to add you to my professional network on LinkedIn.
[Click here to] Confirm that you know Susan
You are receiving Invitation to Connect emails. [Click here to] Unsubscribe
© 2012, LinkedIn Corporation. 2029 Stierlin Ct. Mountain View, CA 94043, USA
LI may not be hacking your address book for contacts. However it has sophisticated data mining to determine people with whom you have corresponded. I am aware of people with whom I only sent several emails and then they pop up in the suggestions or even have requested a connection from me (based on me appearing in their list) This is probably not that far off from what NSA has done.
I keep getting the same request to connect with my cousin via an email address that he has not used in well over 5 years. We do not share the same surname and the email address uses his nickname, rather than his real name. I used to contact him from time to time a number of years ago while he was working away via this address & have just never got around to deleting it from my contacts list. Since he's been back home, he's not used that account at all, so there's nowhere else that LinkedIn could have got the details from other than rooting around in my contact list without permission.
A friend invited me to join Linkedin, so I entered my email address. Shortly after, I started getting requests from linked to add names, and showing me names of people from my email address book, some members of my submarine crew 60 years ago. The only way they could have that info was to take my private info and publicly display it on the internet.
Something similar happened to me. Very worrisome.
Not only did it steal email contacts…..without giving it a password,
but day's latter sent me an email, with 4 of my email contacts asking if
I knew them…!! It not only had their email addressess, it has their
places of business where they worked….. and have no idea how they
got that information…. Something else is going on here besides
stealing email contacts…!
It grab's what it can and then somehow hunts them down to find out
what they do for a living…. and then show you what they do for a living..!
Pretty darn scarry if you ask me…..and this should not be legal..!