I’m On LinkedIn – Now What???

By Miles Austin on Sep 14, 2009 | Reply

I have wondered about this from time to time but was not bothered enough to dig into it. The explanation does pass the sniff test for logical. Guess we will have to take them at their word, no reason not to.

Thanks for providing the answer to what will eventually become a trivia question!

By Scar on Sep 15, 2009 | Reply

I’ve wondered this about Facebook too; I share a computer with two other people, and they’ve had people popping up on their ‘Suggested Friends’ lists that are on my email contacts lists, but who I haven’t added. Long sentence, hope that made sense!

It worries me slightly as it seems to be storing my email contacts even if they’re not my contacts on Facebook, and recommending them to others who share my machine.

By Peter on Feb 1, 2010 | Reply

I’m not sure that their response does pass the sniff test. A person recently showed up on my People You May Know list that I did know – 30 years ago. We live in different cities, in different countries, work in completely unrelated industries, have no contacts in common on LinkedIn and the language school where we met is not listed in either of our profiles. I have not had any contact with this person, personal or electronic, in the past 30 years.

Now here is the interesting bit. The only electronic connection that does exist between us is that this person is a friend of my wife’s on Facebook. I am not connected to my wife on LinkedIn and am no longer connected with her on Facebook, having deleted my account there some time ago. But I used to be and those records undoubtedly still exist somewhere.

I have asked LinkedIn for an explanation and, like you, they responded with a short list of obvious fields they use – none of which apply in this case. Otherwise, they decline to tell me how they made the connection. So, the question is, how did they glean this connection without mining data outside of our own LinkedIn profiles?

By Greg on Feb 13, 2010 | Reply

I had some of Peter’s concerns as well. My theory is this: I’m undoubtedly on some contact lists uploaded by others. So, it’s easy as pie for LinkedIn to suggest I might know THOSE people. Then, there are 2nd degree connections, 3rd degree connections, etc. I suspect LinkedIn is mining all uploaded contacts, looking for potential networks of connections. For example, if I’m on Mary, Bob, and Joes’s lists, and Susie is also on those 3 lists, then I might know people on Susie’s list, even if I never uploaded Susie as a contact. Combine this information with classmate information, colleague information, and there’s all sort of possibilities.

By Peter on Feb 17, 2010 | Reply

I agree that there is potentially quite a bit of information that LinkedIn could validly use to infer relationships, but in the case I described, none of this was applicable. The only electronic data that connected us existed on my wife’s computer in a supposedly separate application.

Since that last post I have also seen on my “People you may know” list the person who bought my last house – more than 3 years before I joined LinkedIn. We are now in different cities and completely unrelated industries. We have no contacts in common. He is in my Apple Address Book, but I did not give LinkedIn permission to scan that for potential contacts.

I am a software designer, not an expert in data mining or data security, but when I describe these situations to colleagues in that end of the biz they get jittery and tell me my concerns are valid. You know what they say about the duck.

By Peter on Feb 17, 2010 | Reply

The old expression is: If it walks like a duck and it quacks like a duck and it looks like a duck …. then it is probably a duck.

By Peter on Feb 17, 2010 | Reply

I use Apple Mail on my Mac. No connection to Outlook whatsoever (thank goodness).

By Frank on Feb 17, 2010 | Reply

I am not sure why this is an issue. The purpose of using any social networking site is to be found, isn’t it?

By Peter on Feb 18, 2010 | Reply

I would put it differently Frank. I see the purpose, especially of this site as it is a business networking site, rather than a social networking site, is to connect with people who you want to connect with. I search for people I am looking for and, if their personally set privacy settings allow, I find them. I find the “People you may know” feature to be useful, but I have not granted LinkedIn permission to access and use any and all data that may exist about me on my PC or in cyberspace. (And let me state that I have no direct evidence that they have done so and am simply questioning how they could have made some of these connections.)

Separation of data sources is key to personal privacy. I don’t think that either of us would want this service, for example, to have access to our banking or income tax records to connect us to people in similar income levels. LinkedIn should only be using the data we explicitly provide to them to suggest connections. That is the principle we are discussing – not the result.

By Rebecca on Mar 9, 2010 | Reply

I too have concerns about this “people you may know” thing. I recently met someone completely new who has no friend or work connections to myself. We met through an online dating site (where we are both insulated with aliases and indirect email). We became friends on Facebook. Now he’s showing up in “people you may know”. And he guarantees that he has not allowed access of his contacts to Linkedin, and neither have I. That leaves our only connection being Facebook. Clearly there is some data sharing happening between Facebook and Linkedin.

By Peter on Mar 9, 2010 | Reply

Thanks for the confirmation Rebecca. I was pretty sure that I wasn’t drawing false conclusions, but it is hard to be certain when you only have one example.

Here is the latest news in this saga. Being a cranky old SOB I am not predisposed to let this lie, so I have chased this story a little further. First, to close off other possible explanations I have confirmed with my mystery contact that she did not have me in her address book or any other reference to me on her computer. She also confirmed that she never performed a search for me on LinkedIn. That leaves my wife’s Facebook account as our only electronic connection.

Then I re-opened the issue with LinkedIn customer support and asked them point blank whether they used any external data that users did not explicitly provide to LinkedIn. Here is their reply: “I can assure you that we do not obtain any information outside of one’s Linkedin account.” They suggested an e-mail address connection that was granted by my contact. I wrote back indicating that this was not the case and asked them to explain the specific data used to infer this connection. That was two weeks ago and I have not received a reply.

I will send the question again, but they can decide to ignore me again if they choose. Jason, do you know of any way that we can spread this issue a little further?

By John on Mar 16, 2010 | Reply

I can’t believe that users can’t figure out linked does the people you may know feature. It is simple. Person A searches for Person’s B’s profile. Then person B sees person A as a people you may know.

The girl – Rebbecca above – The guy is googling her and finds her linked in profile. So he shows up on her list of people you may know.
It is that simple. Just test it with your coworkers or friends PC.

By Peter on Mar 16, 2010 | Reply

Believe is or not John, we actually thought of that and checked it out. In both cases where someone appeared on my “People you may know” list with no connecting data they have both confirmed that they did not search for me – and I did not search for them.

Any more theories?

By John on Mar 17, 2010 | Reply

Peter

A a part of the formula linkedin uses looks for people that are connected in some way (e.g. company, 2nd relationship, etc.) which will account for some people in your “people you may know” list.

I am a software developer and I will say that another part of the formula used to show the list for “People You May Know” is based on people who viewed your profile.

I did test my theory. I viewed my profile on a co-workers PC that I had no connection with. About 4-5 days later, I saw that person on my “People You May Know” list.

Similiarly I viewed some people’s profiles that I had no connection with in 10 years. Few days later, they showed up on my “People You May Know” list becuase they saw me on their “People You May Know” list and viewed my profile.

You could try this theory too with random people. Just open about 10-15 “james smith” or some other common name profiles and a few days later, some may show up on your “People You May Know” list.

By Peter on Mar 17, 2010 | Reply

John,

Your logic is faulty. Just because a particular algorithm works does not mean that it was used for any specific case. If you look at my last post I stated that neither of the people who showed up on my list with no connecting data searched for me on LinkedIn and I did not search for them.

I have been an IT professional for nearly 30 years and know how to diagnose a situation like this. Please believe me when I tell you that I have investigated all of the possibilities I can think of using data validly available to LinkedIn and no one, including LinkedIn customer support, have been able to present an explanation of how these connections could have been made without the use of external data. I am open to listening to one, but so far nothing that explains this situation has been presented.

By Paul on Jun 21, 2010 | Reply

Something strange is definately going on. I did a test : A Facebook search for someone I went to high school with and a few weeks later LinkedIn suggested this person. I checked the LinkedIn connection routes and there was no connection possible through LinkedIn ( different cities, different industry, different professions, no record of school etc).

I have now tried this test 3 times with 3 different people, one who I met only once at a trade show.

I started Googling possiblities and saw this forum. I am convinced something is going on as described here. Everything you search for is logged somewhere and someone is making a buck from it.

But we should all know this already ?

Interesting the reverse doesn’t seem to happen. If I search for someone on LinkedIn, then Facebook is not suggesting them (yet).

By Paul on Jun 21, 2010 | Reply

Jason – Yes I was.

By Peter on Jun 21, 2010 | Reply

I’m not surprised, but I’m glad to see additional confirmation and some additional intelligence on how this connection might be working. I have pressed this with LinkedIn Customer Support as far as I can. They deny everything and refuse to answer directly how their software inferred a couple of dodgy connections. The only additional steps we can take is to file a complaint with TRUSTe. This is the organization LinkedIn is licensed with to verify their security policies. Instructions for this procedure are located on the LinkedIn privacy policy page. If we are prepared to take this step we should do so jointly with as much information as we can gather. I have saved all of my e-mails from LinkedIn and am game to proceed if you are. Paul and Rebecca appear to have had similar experiences. Let me know. Jason, let me know if you of any other cases that are not referenced on this site.

Thanks,
Peter

By Martin on Jun 22, 2010 | Reply

LinkedIn just suggested that I might know a couple of students I will be supervising this fall – we are listed in a PDF on the university course page, and I’ve sent them an email, but that’s the extent of our contact. However, I have also done a Google search on them – and I did this while logged in on LinkedIn. My theory is that Google somehow uses LinkedIn to search for stuff – and that’s how LinkedIn suddenly knows…

By Hoover on Jun 22, 2010 | Reply

I’m pretty suspicious about this too, having just been presented with somebody I know but have had no email connection with.

And it happened to be a pretty unwelcome suggestion.

LinkedIn need to make their process more transparent, because if this sort of thing’s gonna happen, I’m out of there.

By Paul on Jun 23, 2010 | Reply

I like the Google theory. It may provide an alternative explanation for me as I was verifying contacts were on LinkedIn by Googling them.

By Another Peter on Jul 9, 2010 | Reply

Came across this blog while googling for answers to this phenomenon. I think I may have some input on this. Being in this field as well, I think we tend to have a unique way of thinking about things.

Let’s say Person Y and Person Z have emailed each other in the past. Person Z has not kept any of the emails nor has any connection to Person Y currently in their email address book or account for that matter. Person Y however, had added Z as a contact, let’s assume as “z@domain.com” for the entry. Person Z had not allowed LinkedIn / Facebook to scan their address book / contacts. Person Y did. z@domain.com happens to be the same email address that Z used to sign up for said site. Now Person Y shows up as a person Z may know.

Something like this could even go a step further, using the same example above. Let’s say that Person Z does not know and is not connected with Person A at all. Persons A and Y are great friends and have both given the site access to their contact lists. This may, in some way, be the key as to why Z is showing up as a person A may know.

Thoughts?

By Beck on Jul 9, 2010 | Reply

This is sickening. No question they are logging your searches somehow. Either on Linkedin itself, or via google, yahoo etc… Two people I know from my long past but am not socially connected to at all, (they are not even in my address book), have been passed on as “people we think you know.” I DID do searches but did NOT want to connect to either of them. Only one is in a related field but not close enough given the many tighter fits out there.

Very Big Brother-ish. Unethical as they’re not up-front about it.

By Peter on Jul 9, 2010 | Reply

A good thought Another Peter and it may account for some of the obscure connections we have outlined in this thread, but not mine. I explored all possible avenues of connection with the most suspicious of these connections and the only one that existed was through my wife’s Facebook account. Neither of us existed on each other’s contact lists or anywhere else on our won machines.

It looks like there are various undisclosed and ethically questionable methods used by LinkedIn to infer these connections. And as I said earlier, I am at the point where LinkIn Customer Support refuses to answer my specific questions. The only avenue we have left, if we wish to pursue this, is a collaborative complaint to TRUSTe laying out all of our “evidence”. I am prepared to put this together and organize it if some others will work with me to collect and vouch for the material.

By lulu on Jul 12, 2010 | Reply

this is a worry when it comes to both linkedin and facebook, supposing I am not on either but my boss and old boyfriend who is stalking me both have my email address in their address books, will they be recommended to each other by facebook or linked in? I stayed off both to protect myself from this but am I still exposed juts because they both have my email address in their address book

By Peter on Jul 12, 2010 | Reply

lulu,

So far I don’t think that we have seen an instance of LinkedIn making a recommendation based on matching entries in address books. It has taken an active link like a Google search or being on a corresponding friends/contacts list in one of the two sites. That should be some consolation for you. But, I don’t deny based on what we have seen that this is possible. If that happens they are likely to be just another name in a long list of possible “people you may know” and they may not recognize each other. At least I hope not.

For most of us this security crime is just an inconvenience, but your case, lulu, shows just how serious it can be. As I have said before, I am willing to spearhead a complaint to TRUSTe, but I need some support from others in this thread with their specifics. So far I have not received any commitment for that support. Let me know.

By lulu on Jul 12, 2010 | Reply

hmm I hope not but pople can be very careless about friending people they dont know -see the comment by Nick Barnes at the bottom of the page on this link. Nick suspects but how can we find out for sure and prevent it, after all at worst case senario pychotic ex could be standing outside your work place waiting for you because he and your boss got chatting and your name was mentioned in casual conversation” Oh is that Lulu XYZ blond girl from Serbia, 29 yers old” ” Yes thats her”.

http://blog.jgc.org/2009/12/facebooks-creepy-privacy.html

Nick Barnes said…
I have reason to suspect that not only does Facebook retain all the address books, but it uses them to construct a social network model including numerous people who are not on Facebook. It then suggests contacts using this social network, including friends-of-friends where the intermediate node is not on Facebook. That is, if you and I both have Fred in our address books, Facebook will recommend us to each other even if Fred is not a member.
And yes, it’s creepy.

AD627: Cancelling your account is unlikely to help.

By lulu on Jul 12, 2010 | Reply

plus re committing to supporting your complaint – I have no proof not being on facebook or linked in only fears, suspicions and and what ifs…..which I dare not test out!

By Peter on Jul 13, 2010 | Reply

I understand lulu. I was asking whether others who have specific examples of impossible contacts and those who have done some experiments would support the challenge.

By lulu on Jul 14, 2010 | Reply

I think its an important principle that facebook and linkedin should not in any way shape or form be permitted to use emails addresses not handed to them by the owner of that address and its a major flaw that my friends can give them my address to misuse, and use to bring poeple together that could endanger me while I am not even on facebook and haven’t signed up to facebooks 50 pages of small print. My email address could be misused by them because my boss let them have it. I am powerless and still at risk as I can hardly order my boss off facebook. Therefore I am wondering if Truste is geared up to doing some experements and checking this whole possibility out. If my fears have foundation surley facebook is breaking some data protection law somewhere.

By Another Peter on Jul 15, 2010 | Reply

@Peter: I read above that you have had no electronic connection with the person, but really as I though about this with my situation, I can only be sure of the electronic connection that I initiate and have no control over what others do (such as, say, someone else uploading their mail client contacts with your email among them without your permission). Perhaps there is some connection that you are unaware of? Perhaps it was through the wife/facebook/ghost-from-your-past sort of connection path. As I thought of this, I began thinking of people that may be less tech savvy and sure enough, a cousin of mine (to whom I have no account link) had uploaded her contacts and may have inadvertently linked me to the “person I may know.”

Although, under this idea, why wasn’t I “introduced” to every one of her LinkedIn using contacts? The more likely situation is that the “person I may know” just searched for me.

On a Facebook note, I started an account as an experiment to see how I would propagate through my Facebook-loving friends and family. Knowing that some of the people I knew that use that thing had probably given access to their contacts, I knew I would get friend requests without needing to tell anyone I created an account. So, I created an account, set the privacy settings as high as they could be customized, and never logged back in. It was interesting to see how Facebook pimped me out against my will. At first, two or three friend requests. Without even opening the email to confirm or deny the request, people they knew were friending me, and so on and so forth. All without me actually accepting the friend request. Just the action of sending me a request had put me out on the corner for their friends to also send me a request via the similar LinkedIn “people you may know” feature (forgot what it’s called on Facebook). Use of external data, not likely as I used an email address that no one new to create the account. Just a blatant disregard to the privacy of those unfortunate enough to click through the EULA without reading it.

Also, I share the spirit of taking action but lack the “evidence” to present anything substantial to the case. I’ve been trying to think of effective experiments to test the suggestion engine, but nothing crafty has surfaced yet.

By Peter on Jul 16, 2010 | Reply

Agreed Nother. I am sure that LinkedIn drew the inference through my wife’s Facebook account. What I meant was the I had no direct electronic connection with this person for LinkedIn to use – with my permission or without. It is also interesting that they used information from my cancelled Facebook account, which was supposed to have been deleted many months previously.

I don’t think that we need to be able to prove anything to submit a complaint. As this stage LinkedIn is refusing to answer our questions. All I am looking for is a proxy that they will have a harder time ignoring. I think that collectively we have enough information to make a complaint that is sufficiently credible for TRUSTe to pursue.

By samantha on Jul 20, 2010 | Reply

Wow. I have a similar story. I have only logged into LinkedIn twice, once when I set up the account and once today. I have never viewed anyone’s profile, nor did I set up my own with any information beyond my name and (now former) employer. No school, no address, etc. I even used a fake email address, so not only did I not import contacts but no one else would have been able to import me since I don’t actually use this address. My “People you may know” suggested my college freshman year roommate, my college best friend, a guy from my high school, and someone I met in Italy in 2005. I am Facebook friends with all these people, although my Facebook email address is different (the name is the same). There is also the possibility that they have viewed my LinkedIn profile, although I’m not sure how they would have “found” me aside from randomly googling me (possible, although it would be an unlikely coincidence since I am no longer in touch with some of them) or the “People you may know” feature suggesting me to them (because of our Facebook connection). Aside from Facebook, the only thing I can think of is maybe they do something with names–like searching people’s address books for your name rather than your email. I guess it is possible that my name, via my other email address, could be in all of these people’s address books.

Also, the feature suggests a few random people from college I am not Facebook friends with nor have ever emailed with, but I assume this is because it knows I am connected to the above people (via Facebook, searching names, etc.) and the randoms are somehow connected to them. Truly very strange…

By Another Peter on Jul 20, 2010 | Reply

A note about social networking sites that 1st Peter reminded me of:

It’s good practice for when you want to leave a site, to manually delete / change all the info therein. When you “quit the site” / “cancel” / “delete” your account, it is safe to assume that the last state it was in is saved indefinitely. This is the case with Facebook, at least, so it is best to cut ties there before “deleting” your account, as it’s not against anything (law or EULA) for them to keep a copy of your profile. Cutting these ties and changing your profile to look like a blank slate before deleting it is a safe measure to avoid questionable situations like the ones on this site.

By lulu on Jul 22, 2010 | Reply

ie to be specific, re above the suggestion…. chopping off all your friends, changing your email address to a spare throwaway one with an empty contacts book and your surname to something like “blank”, helps ensure that if you are activated again without your permission, no real damage can be done.

By lulu on Jul 22, 2010 | Reply

…amd this will protect you from ID thieves if nithing else who will hack into facebook at some point for sure, so it’s a good idea to change email and name from right now now so that the friends you trust will still regognise you but ID thieves, stalkers and bosses wont.