Will Robinson: Hey LinkedIn support, if I join LinkedIn will my contact info be confidential? LinkedIn Support: Uh..."*yes". (Where "yes" means "not a chance in hell")
As proper owner of this blog I feel a slight pressure to post on occasion so as to not allow this site to get too stale or otherwise cobweb ridden. However, my normal inspirational muse (aka: “things that piss me off”) can be overdone and I try to be sensitive that nobody who isn’t also my wife isn’t legally required to sit through my rants and might drift off and make a pledge never to return if all I ever do is bitch, piss, moan and complain (although for my wife, I’m betting that’ll teach her to read the “fine print” on the next marriage certificate SHE signs). So, to that end, while I encounter all manner of subjects I could righteously rant about, I often curb those urges to showcase my more creative talents in the “profane arts” in the interest of the greater public good. However, as is evidenced by the fact that you’re reading this, I sometimes overcome the urge to hold myself back (did you notice there how I make “criminal levels of laziness and outright sloth” sound like a virtue?) and happen upon a subject that requires…nay DEMANDS a post. Today is one of those days and my recent exchange with LinkedIn support is one of those subjects.
Ugh.
Now, like any other working professional who pretends to greater professionalism, I am the proud owner of a LinkedIn account and attendant profile page. I am not an active LinkedIn participant but I do receive a daily email exposing me to the somewhat banal exchanges that pass for professional conversations in my LinkedIn developer group (whose name I won’t divulge here in the really unlikely circumstance they ever happen across this blog). I also get a daily email telling me about alleged employment opportunities in my areas of interest/expertise which I do like to peruse from time to time whilst I wonder why none of them ever seem to be for employers even remotely in the same time zone as me. Anyway, being the savvy surfer of the internet that I am, it has been my habit for many moons now to own several different email accounts. They all have the same account name but somehow I have managed to reserve that same name on Gmail, Yahoo, Excite and MSN. I do this because anytime I want to register for something, I provide the account that I use as my “garbage” account. That is, I’m somewhat sensitive about spam and until I’m sure a site isn’t hawking my contact info to all the penis pill manufacturers of the world (and believe you me, the only thing those folks are more concerned with than my dangly bits being of insufficient girth and/or length is whether I can keep the scourge of perpetual and ill-timed flaccidity at bay), I use one of my garbage accounts to register on sites. Later, once I’m sure they’re not hawking my info about, I can log onto that site and change the email address to one I use more regularly. So, as this relates to LinkedIn, I did originally register on LinkedIn with a garbage email but their privacy policy, and the fact that they provide such strict controls over who can contact me via LinkedIn led me to believe that my email address there was relatively safe and so, after a time, I switched my mail email there to my Gmail.com account from my garbage collecting Excite.com account. Since I’ve taken the time to blog about this you can probably guess that something has gone awry and as of February 10 of this year, it did:
I got the above email in my Gmail inbox on that day. Now, as an aside that I rarely mention, one of the things I dislike most about LinkedIn is how it’s been largely co-opted by every goddamned recruiter in existence who will, if allowed, mercilessly spam your LinkedIn inbox with every manner of job they happen across regardless of whether you’re even remotely qualified or even reside on the same continent as the “opportunity”. By coincidence, most of these “recruiters” tend, from my admittedly biased standpoint, to be Indian and, as a result, tend to mangle the English language in such a way as I wouldn’t trust them with picking up dog turds in my back yard much less my resume and contact info. Spam + half-assed broken English != trust. I guess I’m just a bigot that way. The email above though is from a fellow named Chris Limboo. If you look up his profile on LinkedIn (the one he VERY much wants me to link to) you’ll see two things immediately: 1. he’s Chinese and not Indian and 2. judging from his profile photo he’s a pretty happy guy (possibly because he likes spamming people like me…and maybe due to his not being Indian). Regardless of his disarming smirk smile and his non-Indian-ness, I was still wary of his siren song of Linking. I checked into his employer and, lo and behold, they’re owned by Indians. Yes folks, the Indian recruiters whom I vigorously avoid like toilet seat borne herpes…they’ve outsourced to China. So, onto their little evil plot, I write Chris a quick email:
What a smartass response to email spam looks like
Now, as good as my word, I did indeed send a support email off to LinkedIn explaining my concern as to how the hell did this little leg-humping spam wizard get a hold of my email knowing that I had an account on LinkedIn he could pander to. This in itself is a rather arduous task and should have been my first inkling that something wasn’t at all right with LinkedIn as it took me quite some time to actually locate a link to send their support folk an email outlining my concerns. You see, my profile (and, if you too are on LinkedIn, yours too) doesn’t show your contact email address. This is because LinkedIn believes they have a fairly self-explanatory privacy policy that does indeed address the information you share with them, inclusive of your primary contact email address. Feel free to read it here: LinkedIn privacy policy (and make sure to pay special attention to the part that says “Control the messages you receive from LinkedIn and other Users”). In short, LinkedIn likes to tell you that you cannot contact other users directly unless you’re linked to them. This is actually a pretty nifty feature to cut down on people spamming the unholy crap out of complete strangers and, coupled with the fact that your email address doesn’t appear anywhere on your profile page, seems to infer that the only way for another LinkedIn user to contact you is solely through LinkedIn. How then did Chris Limboo come to my electronic doorstep to suggest that “we can mutually get benefited through our network”?
Guess they felt a canned response was adequate.
Well, I’ll tell you, it was a mystery to me. It was also apparently a mystery to LinkedIn as well because they didn’t respond until today (almost 4 weeks later). Now given that LinkedIn makes it near impossible to trouble them with silly piddling shit like “their network somehow gave spamming assclowns my email address” what do you think I got in return? If your answer was “a form email” come forward to collect your prize. Now, I had pretty much forgotten I’d sent this 4 weeks back so when it arrived today I had to ask myself, if they weren’t going to bother answering my email for 4 weeks, why bother at all and then when they do, send me some canned crap answer that doesn’t even address my question? Well, rather than distress my small, febrile mind with such vexatious stumpers, I kicked it back to them in a return email pointing out that I was the one who originally pointed out that the email didn’t originate from them and that my question (how is it a spammer got my email address from LinkedIn) hadn’t been addressed nor answered. Well, here comes the part of the post that is the entire reason for me even bothering to write this much crap (on a Monday no less).
As I’m waiting for LinkedIn to respond to me, I log onto LinkedIn to check out my profile to make double dog sure I’m not taking them to task for something I may have inadvertently allowed to happen. However, as I check my profile, I don’t see hide nor hair of my email address anywhere on my public profile page (for fun, if you have a LinkedIn profile, check your own right now…you won’t see yours either). Even a cursory search through the view source for the page (the actual HTML code that makes web pages) didn’t reveal my email address. For several minutes I was quite stumped…until I noticed these little links here, at the bottom of my profile synopsis:
How handy! A way to save off your profile info...except...
Being the curious sort, I clicked on them. Guess what you get when you click that middle “PDF” link? Why, you get a PDF document with your profile (how handy!)…with your private email address featured prominently at the top of the frickin’ document! That’s right gentle readers: even if you have read LinkedIn’s privacy policy and even if you don’t even have a way to display your email address in your public profile, LinkedIn recognizes your oversight and helpfully gives it in a handily savable format! Know what’s even better? The PDF that LinkedIn generates has an even handier OCR (read: “scrapable text”) layer. This means that any competent developer can simply set up a spider to crawl LinkedIn, crawl each PDF link it sees, get the generated document, store it and then it has your ready-to-spam email address, right in the frickin’ header of each page! Naturally, I advised LinkedIn of this apparent oversight and…well…why spoil the fun? Here, read it yourself:
My email pointing out their apparent hole...
...and their response.
So, what’s the moral of this story? It’s this:
LinkedIn is a very handy forum where you can post information about yourself and your professional details, accolades and accomplishments. However, when you decide to use LinkedIn, even though you’re led to believe that the ONLY way people on LinkedIn can contact you is via LinkedIn’s own messaging system BECAUSE THEY DON’T PUBLISH YOUR EMAIL ANYWHERE IN YOUR VISIBLE PROFILE NOR EVEN GIVE YOU THE OPTION TO POST YOUR EMAIL TO YOUR PROFILE…it’s still available on the PDF download they also don’t let you block or edit the contents thereof.
If you use LinkedIn, be aware that:
- your email contact info is readily available even though you may think it is not
- there is currently no way for you to block the availability of that info
- if you ask LinkedIn about it, prepare to enjoy the world of canned responses
My name is Euroranger and I approved this message.
Deep Thoughts...with Euroranger 