Ronny Lam

about://tech

LinkedIn Setting the Record Straight on False Accusations

As you may have read recently, a class action lawsuit was filed against LinkedIn last week. The lawsuit alleges that we “break into” the email accounts of our members who choose to upload their email address books to LinkedIn. Quite simply, this is not true.

First of all, let me state that I do believe LinkedIn here. They would have a very big problem if proof exists that they do indeed use the credentials of their members to access their email.

However, this is all based on a lot of trust that these same member give LinkedIn. I have never understood why anyone would give away their email credentials in order to let LinkedIn access their contacts. Especially since there is one very good and one less good alternative.

With most email providers you can export your contact to a .csv or .vcf file. Within LinkedIn you have the ability to upload this file so that LinkedIn can try to connect you to your email contacts. Even the fact that you upload your full contact database concerns me, but that is beside this point. I would clean up this file so that only the needed information is in there: email addresses.

The second option is to put a temporary password on your email when you connect it with LinkedIn. After the contacts transfer you switch it (back) to your private password.

In this day and age it is never a good idea to give away user credentials. A password is personal and has to be kept secret. There are lots of alternatives which do not give away credentials. Also when giving away permissions using OAuth(2) for example, alway look if the company asking for permissions is not asking for too much.

So, the fact that there is a class action lawsuit against is LinkedIn is a good thing if you ask me. Even when they do not abuse your credentials, they should never ask for them.