Total Pageviews

Saturday, September 21, 2013

Users Sue LinkedIn Over Harvesting of E-Mail Addresses

Four LinkedIn users have filed a lawsuit accusing the business-oriented social network of accessing their e-mail accounts without permission, harvesting the addresses of their contacts and spamming those people with repeated invitations to join the service.

In their most explosive claim, the plaintiffs say that LinkedIn is “breaking into” external e-mail accounts, like Gmail or Yahoo Mail, by pretending to be the account owner, although the legal complaint offers no details about that assertion. Larry Russ, a lawyer for the plaintiffs, declined to comment beyond the suit.

The lawsuit, which is seeking damages on behalf of all LinkedIn users, revives a longstanding issue about the service: Does LinkedIn adequately inform its users about how it uses sensitive information, including e-mail addresses of everyone they know, and get their consent to do so?

As the lawsuit puts it:

As a part of its effort to acquire new users, Linkedln sends multiple e-mails endorsing its products, services and brand to potential new users. In an effort to optimize the efficiency of this marketing strategy, Linkedln sends these ”endorsement e-mails” to the list of e-mail addresses obtained without its existing users’ express consent and, to further enhance the effectiveness of this particular marketing campaign, these endorsement e-mails contain the name and likeness of those existing users from whom Linkedln surreptitiously obtained the list of e-mail addresses.

LinkedIn has always maintained that it gets full consent of its users before reaching out to any of their contacts. And the company reiterated that position in a statement in response to the lawsuit, which was filed in federal court in San Jose, Calif., on Tuesday by the Los Angeles law firm Russ August & Kabat.

“LinkedIn is committed to putting our members first, which includes being transparent about how we protect and utilize our members’ data,” the company said. “We believe that the legal claims in this lawsuit are without merit, and we intend to fight it vigorously.”

Regardless of the claims in the lawsuit, there is no doubt that LinkedIn makes it awfully easy for you to send an invitation to connect to everyone you have ever e-mailed and much harder to revoke that permission.

When you sign up for the service, or want to add contacts, LinkedIn prompts you to import the e-mail addresses of potential contacts from your e-mail accounts, like Gmail, Yahoo Mail or Microsoft Outlook. The lawsuit says LinkedIn does this without seeking the e-mail passwords, suggesting that LinkedIn is hacking into accounts. Under LinkedIn’s normal procedures, it asks users for permission to access each account, though e-mail passwords may not be required if a user is already logged into the e-mail account.

Once those addresses are imported, LinkedIn asks you for permission to contact them on your behalf.

And here we get to the crux of why LinkedIn might be viewed as spamming: By default, LinkedIn wants to invite every one of those people to connect with you on the service.

Instead of asking you to opt in by checking off which specific contacts you want to invite, LinkedIn requires you to opt out by unchecking the “select all” button. If you are not careful, hundreds of invitations can go out â€" no second thoughts or cooling-off period provided.

In fact, once the authorization is given, LinkedIn will e-mail your contacts several times asking them to join the service or connect to you. (You can withdraw an unaccepted invitation once it is sent, but it is a tedious process.)

Moreover, even if you don’t invite some or all of those imported names to connect with you, LinkedIn saves the information for various purposes, including prompting you later to add the people as connections.

Just how vast is this? I tried importing contacts from my Yahoo Mail account. LinkedIn found 615 people who were on LinkedIn that I wasn’t already connected to. And it found another 709 contacts who didn’t use LinkedIn â€" a group that is especially valuable to the company, since an invitation from a current user might prompt them to join.

I aborted the import process to avoid spamming all of those people, but it’s not hard to see how someone new to the service could accidentally send an invitation to everyone they know, including casual acquaintances and people they would rather not connect with ever again.

LinkedIn had 238 million users worldwide at the end of June, up 37 percent from the second quarter of 2012. It relies heavily on user referrals for that sizzling growth, which has also sent its stock price into the stratosphere.

Such growth by referral is common to social networks, games and mobile applications, though sometimes they cross the line into what many of their users would consider spamming. For example, the Path social network got into trouble for such mass mailing earlier this year, prompting Facebook to restrict it from accessing its users’ accounts.

The lawsuit, and numerous complaints on LinkedIn’s own message boards, suggest that the company is treading dangerously. As one user quoted in the lawsuit put it in a post on LinkedIn:

Accessing my contacts so that I can see who I’d like to connect with is one thing. Spamming my entire contact database of everyone I’ve ever e-mailed is definitely black hat tactics at growing users. This included people I know, don’t know, e-mail addresses from people off Craigslist, even mailing lists received an “invite to connect” from me today. I did not click on “invite all.” In fact, I clicked on “skip this step.” Very disappointing.

The legal process will sort out whether LinkedIn is getting adequate consent from its users. But legalities aside, if many users believe that the company is abusing sensitive personal information like e-mail contacts, it risks tarnishing its brand and business.

LinkedIn’s mission includes establishing itself as the premier site for making and maintaining business connections, and trust is the foundation of many lucrative services it wants to offer, from job-hunting help to industry news.