LinkedIn Privacy Concerns After User Setting Change

Professional social networking website LinkedIn has controversially changed the default privacy settings for its user profiles, so that third parties can now utilise users’ information.

Users do have the ability restrict the use of their personal data following the change, but the settings to do so are buried in the account management side of the website.

To make matters worse, LinkedIn did not explicitly inform its users of the changes.

Privacy Changes

LinkedIn quietly made the changes to its privacy settings a couple of months ago now, so quietly in fact that it is only now being recognised and reported.

The change means that now most LinkedIn users will be unaware that their default setting allows their names and photos to be used for third-party advertising.

The issue came to light when Paul Ducklin, Sophos head of technology, Asia-Pacific, used a blog posting on the Naked Security website to report on the issue.

“Nearly two months ago, LinkedIn updated its Privacy Policy. To give the company credit, it did prefix its official policy with a summary, and it provided a link at the top of the policy page to show you the changes since last time,” wrote Ducklin.

“That’s just as well, because LinkedIn’s Privacy Policy runs to almost 6,400 words – that’s about 10 percent of the length of a respectable novel,” he added wryly. “Even the summary and the changelog top 1,000 words each.” (The changelog is for programmers only).

Under the manage social advertising section, LinkedIn wrote the following:

“LinkedIn may sometimes pair an advertiser’s message with social content from LinkedIn’s network in order to make the ad more relevant. When LinkedIn members recommend people and services, follow companies, or take other actions, their name/photo may show up in related ads shown to you. Conversely, when you take these actions on LinkedIn, your name/photo may show up in related ads shown to LinkedIn members. By providing social context, we make it easy for our members to learn about products and services that the LinkedIn network is interacting with.”

How To Fix It

“LinkedIn will mine your usage habits to determine what products and services you’re interested in, and then use your name and photo in what amounts to an endorsement for those products and services when they’re advertised to other users,” wrote Ducklin.

As part of the change, LinkedIn has automatically checked a box that reads: “LinkedIn may use my name, photo in social advertising.”

For concerned LinkedIn users, who do not want to be suddenly and unexpectedly endorsing third party products, Ducklin pointed to the simple instructions from blogger Steve Woodruff on how to disable this function.

1. Click on your name on your LinkedIn homepage (upper right corner). On the drop-down menu, select “Settings”.
2. From the “Settings” page, select “Account”.
3. In the column next to “Account”, click “Manage Social Advertising” .
4. De-select the box next to “LinkedIn may use my name, photo in social advertising”.

Online Privacy

LinkedIn is not alone in changing people’s privacy settings without explicitly informing its users.

Facebook for example recently decided to make its facial-recognition service default to on, much to the anger of industry regulators, meaning that users have to take action to switch it off. And these changes can pose security problems, as demonstrated at the recent Black Hat security conference.

There a Carnegie Mellon University researcher used Facebook photos to demonstrate how facial-recognition technology can be used to identify people as they walk down the street.

In May LinkedIn became a publicly traded company after it had a wildly successful IPO that put the company’s value at about $8.9 billion (£5.4bn) at that time.