STE WILLIAMS

LinkedIn denies hacking into users’ email

Email access. Image courtesy of ShutterstockNo, LinkedIn most certainly does not sink its marketing fangs into users’ private email accounts and suck out their contact lists – well, at least, not without users’ permission – the company said over the weekend.

Blake Lawit, Senior Director of Litigation for LinkedIn, on Saturday responded to a class action lawsuit brought last week by four users who claimed that the professional networking site accesses their email accounts – “hacks into,” to use the diction of the lawsuit – without permission.

Lawit’s statement denies the plaintiffs’ accusations:

We do not access your email account without your permission. Claims that we “hack” or “break into” members’ accounts are false.
We never deceive you by “pretending to be you” in order to access your email account.
We never send messages or invitations to join LinkedIn on your behalf to anyone unless you have given us permission to do so.

On Tuesday, four LinkedIn users in the US filed the complaint, which alleges that the company “hacks into” users’ email accounts, downloads their address books, and then repeatedly spams out marketing email, ostensibly from the users themselves, to their contacts.

The suit charges LinkedIn with fuzzily-worded requests and notifications when it comes to just what, exactly “growing” a user’s network entails.

On the screen labelled “Grow your network on LinkedIn”, presented when a new user signs up for the free service, LinkedIn works its marketing sneakiness, the suit says, getting into a user’s email account without a password and then snapping up contacts and the email address for anybody with whom he or she has ever swapped email:

LinkedIn is able to download these addresses without requesting the password for the external email accounts or obtaining consent.

If a LinkedIn user has logged out of all their email applications, LinkedIn requests the username and password of an external email account to ostensibly verify the identity of the user.

However, LinkedIn then takes the password and login information provided and, without notice or consent, LinkedIn attempts to access the user’s external email account to download email addresses from the user’s external email account.

If LinkedIn is able to break into the user’s external email account using this information, LinkedIn downloads the email addresses of each and every person emailed by that user.

The suit mentions “hundreds” of user complaints about the practice on LinkedIn’s own site.

It’s not difficult to see why users might well be appalled, given some of the situations they describe on the site’s help center thread on the topic.

One user, Cynthia Hubbard, describes LinkedIn invitations getting sent out “at [her] alleged behest” to a coworker with whom she “had a great deal of trouble”, to five individuals from opposing in-house counsel and corporate defendants in a lawsuit she was involved in, and to a worker’s compensation client she referred to another law firm and whom she would never personally invite to her contact list, among others.

One reader commented on my coverage last week that he or she had read an account on another posting of this story, about a psychologist whose professional email messages to patients had triggered invitations to connect that were actionable malpractice breaches for which he could face disciplinary action.

Email. Image courtesy of ShutterstockIn his statement, Lawit says that LinkedIn most certainly gives users the choice to share email contacts and that the company “will continue to do everything we can to make our communications about how to do this as clear as possible.”

From what I can suss out, LinkedIn does tell users what it’s up to, but the language is hidden away and is a far cry from “as clear as possible.”

Users have been decrying LinkedIn’s practices for months, at the very least, without any satisfaction.

It’s easy, in a case like this, to blame users for not reading the fine print. That logic holds that free services are only free from a financial standpoint, but you pay, one way or the other, to keep them alive, including letting a service like LinkedIn vacuum up your contacts for marketing purposes.

There’s merit to that argument.

Then again, there’s no excuse for tucking your marketing practices away where they’re not obvious to users.

The hallmark of clear communication is that you don’t wind up with pages full of comments from outraged, surprised users. And that is exactly what LinkedIn is dealing with now, with the added problem that all that user surprise and outrage has festered and is now boiling up into the legal realm.

Image of email access and checking email courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/SYJZ6LKmdiM/

Comments are closed.