Robert V
Chief Sales, Marketing & Strategy Officer ♦ renewable energy, smart grid, SAAS, e-commerce. ♦ rv.linkedin at gmail
Did anyone receive the following email from LinkedIn? What are your thoughts?
Background:
-----------------------------------------------
A useful one-click link was created whereby a person can invite a user to their network with one simple click. Great for blogs,email footers, etc.
An examples is at: http://www.robertvolpe.com/linkedin.htm
The Email from LinkedIn:
-------------------------------------------
Dear Robert Volpe,
We had to make a change to your profile, and we wanted to make sure you knew why.
You had included a link, which when clicked by another user, caused that person to send you an invitation to connect.
Unfortunately, we've gotten complaints over the last week or so from users who were surprised and angry that they had unexpectedly sent an invitation when they clicked similar links. The links also jeopardize the privacy of the people who send the invitation, so we cannot allow them.
We'll be changing our software soon to prevent these links from working. Please don't re-enter it into your profile.
We are completely committed to making sure professionals can browse and use LinkedIn safely and with every protection for privacy in place.
Thank you for helping us do so.
Sincerely,
The Privacy Team
Clarification added March 5, 2007:
People, it is not a virus. The link is to simply give background as to the what LinkedIn found to be a problem. The section about "The Email from LinkedIn" is the email message it its entirety.
Good Answers (2)
Marc F
Marc@MyLinkDaddy.com ► CEO/CMO ► Web 2.0/Digital-Social Media/Tech Visionary ► MyLinkNetwork.com TopLinked.com 35
Best Answers in: Using LinkedIn (10), Professional Networking (3), Business Development (1), Public Relations (1)
The key part of LinkedIn's message - "We'll be changing our software soon to prevent these links from working."
Leave it to LinkedIn to destroy a perfectly useful feature. Anything can be abused if not labeled or used correctly, whether it's LinkedIn's own Outlook toolbar, bulk user import and invitations, or the one click invitation.
It is sad that LinkedIn doesn't support innovators like Andy Beard and place blame where it belongs - inexperienced or inattentive members who don't read what they're clicking or abusive members who don't label their links. Instead they wrap their sacred teflon flag of privacy around the matter (kinda like the Bush Administration and patriotism). They kill the innovation and take it away from the 99.99% of users who are quite happy with it.
It shows how out of touch LinkedIn can be. They call themselves a Web 2.0 company, but they are not. In a world moving to a user-empowered landscape of add-ins, widgets, and mashups where everyone takes responsibility for their actions, LinkedIn clings to a totalitarian world that rejects tools that make life easier, better, and faster for its members.
Marc
Marc Freedman
Marc@MyLinkDaddy.com
> Send me a one-click LinkedIn invitation at http://Invite.MyLinkDaddy.com (while it still works!)
> Profile at Who's Your http://MyLinkDaddy.com
Links:
I also got the same message (just checked). Personally I think it is a jackboot tactic and I am not impressed. I cannot recall the exact text of my link, but it was along the lines of "Click here to connect to me" or something similar.
As other posters said:
1) It was clearly labelled what happened when the link was clicked.
2) They can remove the invitation in a couple of clicks.
3) Nothing untoward happened when the link was clicked.
Another example of basic rights being infringed under the guise of protecting privacy. I am not a happy bunny right now.
More Answers (44)
Robert,
No.
I've always thought your open networking messages and helpful hints were quite clear regarding the simple click.
No complaints here.
Regards,
Perry
Stephane D
IT Systems Administrator
Best Answers in: Accounting (1), Business Development (1), Public Relations (1)
No ....
Jean-Baptiste A
Délégué Régional à la Recherche et à la Technologie at Ministry of Education and Research
In the particular cas of Robert, the link clearly indicates its purpose, so I think the Email from Linkedin ("The links also jeopardize the privacy...") is not appropriate... That's my opinion.
Further, there is a question about the people who propose to almost anybody to get connected directly with them. Ther are a lot of people like that on Linkedin. The interest for them is to get a good visibility on the wole Linkedin network. The drawback is they do not really know most of their 1st contacts. Linkedin gives the fredom to its members to act like that or not... That's the good point for me.
Best Regards,
Jean-Baptiste
Sheree R
Senior International Recruiter 21K+ Direct connections sheree.ruland@earthlink.net
Robert - I thought your invitation to connect and make it simple for people was innovative and a great way to save on using invitations through LinkedIn. I flagged in and was going to try and do the same thing.
'Surprised and angry' people when they 'clicked similar links'? It doesn't even sound like anyone complained about your profile link in particular. Bummer!
Robert,
I received the same e-mail. However, I then did a random search on 500+ category users, and found 2 that had not been "disabled". So...I am not sure what method was used to "search and destroy".
A true adage is that you will never go broke overestimating the ignorance and asinine behavior of the human populace. My phrase simply said "click here to connect with me". How a reasonable person can then click that link....and then subsequently be "surprised and angry that they had unexpectedly sent an invitation" is beyond me.
I also don't understnad how their "privacy was jeopardized". This is a free world...if you don't want to connect, don't click.
Stupidity seems to be an abundant natural resource.
How about an answer from those of you who were "surprised and angry"?
Clarification added March 5, 2007:
Seems like the multitudes (below) are in agreement on this one!!
Jason G
Alky/Sulfur Team Leader at ConocoPhillips Company
Best Answers in: Education and Schools (1), Currency Markets (1), Option Markets (1), Career Management (1), Small Business (1)
Robert,
I thought your link was a useful and innovative way to use LinkedIn. I added a similar link to my profile as well. I am confused by the statement made by The Privacy Team. A person can simply withdraw the invitation if they are "surprised and angry." I don't want those that do not want to network with me to be forced to do so. However, why not make it easy for those that want to network.
Sincerely,
Jason Gislason
Vadim D
Recruitment & Selection *LION* 3700+ Vadim.Linkedin@gmail.com
Best Answers in: Change Management (1)
Well, LinkedIn deleted my link and those of all my friends and colleagues who also put it into their profile. It's a shame though since it was quite a nice tool.
Andy B
Owner, Keedz Ltd - Internet Entrepreneur & Consultant
Best Answers in: Advertising (1), Blogging (1)
This seems to be talking about the LinkedIn Fast links where people have been adding them to their profiles, and maybe using tinyurl
The original button code made it clear the purpose of the link was different compared to a normal LinkedIn button.
It seems you still have the link on your profile, so I can't understand the statement that it was removed.
I haven't had anyone express anger on my blog in any way, and haven't had any negative feedback from anyone at LinkedIn
I don't honestly like the TinyURL option, because that is creating TinyURL link equity and control of my links. They could easily discontinue the service, and all the links people have created could be changed to point to an advertising page receiving 700m hits per month, or they could add an advertising page from which you have to click through.
It is much better to use a redirect from you own site
I would also suggest rather than using a direct link from your linked in profile to sign up, you create a "Ways to contact and connect with me" page to your personal websites, and include the Linkedin Fast button on that page. I think that would make a much more effective "landing page".
Clarification added March 5, 2007:
In response to Joseph Cerro
I do recognise the potential harm though I certainly haven't used the code in that way, or suggested others do so.
There are a number of solutions to the situation and these are just examples, I am sure there are others.
1. Totally block the form from external referrers
2. Add a captcha for external referrers or similar confirmation
3. Create their own one click referral solution maybe as a javascript widget
Whenever I have been testing, LinkedIn always prompted me to enter my username and password. Maybe if you spend a lot more time on the site you are always logged in, but I find the site drops my connection fairly rapidly.
Maybe they should require username and password to be entered even if you are already logged in, as a form of additional confirmation.
I have privacy concerns all the time with online services, as an example I would never use the import contacts from Gmail form that LinkedIn provide, even if they claim they don't share my details - the page is secure but I am an Adsense and Adwords user, and typing those details into a form not hosted on a Google owned domain isn't going to happen.
Clarification added March 5, 2007:
I should have also mentioned Juliette Reinders Folmer in the above clarification.
I love the idea of LinkedIn Answers, but it isn't the same as a threaded discussion forum
Clarification added March 7, 2007:
Juliette made a great clarification below with a suggested method to continue allowing this functionality whilst avoiding privacy concerns.
If privacy concerns are indeed the issue, then that should be the method employed - just a simple confirmation click.
Dan M
Headhunter at Dunelm Search & Selection
Best Answers in: Staffing and Recruiting (7), Software Development (1)
I received this...
I agree that if a link is entitled 'Connect with Me' or similar, you can't argue that you didn't know what the link would do.
Also, you can withdraw any invitation sent in three clicks of a button.
Matt C
Senior Manager, Implementations, Engagement Leadership, Global SAP Org Mgmt Process Owner
I got the same note and it was removed from my site. I think Andy's suggestion of linking out to a personal site and having the invitation there is the best way to go.
Hi Robert,
I thought the tool you provided was great, and same as many of the persons who already answered, I entitled my link "click here to link with me". So, the purpose (and consequences) were clear, or so I thought. What I am wondering is the meaning of the phrase: "We'll be changing our software soon to prevent these links from working". Maybe, they won't work even when called from other websites in the way that Andy proposes. The scope of the link disablement is not clearly stated in the message. Does it make sense?
Maria
Yup got the same one. Only they deleted one of my valid company links and left the auto-invite...lol. So I fixed it since they had so much trouble.
Juliette R
Spiegelaar, Keuze-coach, Business consultant and Speaker
Best Answers in: Web Development (2), Using LinkedIn (2), Internationalization and Localization (1), Internet Marketing (1), Business Development (1)
Ok, by the sounds of it none of you have ever heard of Samy Kamkar or the "Samy is my hero" MySpace debacle ;-) (see links below)
Now, before you say anything, I was *not* one of the angry people and I haven't received an email like that either.
This is the first I ever heard about the LinkedIn Fast buttons, but I think I can tell you why LI is not happy about it.
What you are doing is exploiting a cross-site security vulnerability in LinkedIn.
The start with:
The fact that you have a button which says "LinkedIn Fast" and that a user has to click it, does not make a difference - the text of the *button* does not warn a user that he/she will invite you straight away and is therefore misleading.
Having a button text which says something like "Click here to invite me to your LinkedIn network" would at the very least be more truthful.
Luckely your exploit is non-propagating (unlike Samy's), but imagine the following:
If you put an image tag (or iframe or script link etc) on your website with the invite link as src attribute and width/height set to 1, every visitor to your website who at the same time is logged into LinkedIn (lots of people never log out, so that is an easy one), would automatically and *unknown to them*, invite you to their network.
They will not see the LI page saying that they invited you as the request is send through an invisible image and they will only realize that they have unwittingly and unwillingly connected to you when the receive the "your invitation was accepted" email.
Even though I trust that you do not mean any harm, I also trust that if you use your imagination, you can see what harm *can* actually be done using links like this (i.e. use the exploit the way I illustrated on a very busy site and you could bring the LI website down).
No doubt some hacker somewhere is already working on a self-propagating version of the link and then the trouble really starts.
I hope this little explanation helps you understand why having a button like that is undesirable.
Oh, and do have a read through the linked articles... Samy is currently on probation and fulfilling community service because of the MySpace worm...
Links:
- http://namb.la/popular/
- http://www.scmagazine.com.au/news/45262,myspace-superworm-creator-sentenced...
Clarification added March 7, 2007:
Oh, just in case LI moderators are reading this too:
You (LI) can easily avoid these hacks by (use all of them to be secure):
a) accepting only _POST, rather than _GET or _REQUEST from the form
b) checking whether the referrer (mind: tainted data) is your site
c) adding a session related, time limited unique form id to the form and validating this on post (have a look at shiflett.org for more info on this)
To still allow people some sort of functionality like this, you could redirect _GET requests to a pre-filled in form (based on the request variables) on this site which would then still require an active click from the user to send the actual invite.
For the non-techies: I am suggesting that links like this would send the user to a form on the LI site which is then filled out automatically with the information they need to invite you, then all they need to do is click "send" to actually send it.
This way LI can avoid hacks and you can still enjoy providing people with a quick & easy way to invite you.
Yes, I got it too. I had "Click here to connect with me" as well. I am sure they just don't like to have their system hacked or bypassed in some way with it pointing to tinyURL. Other than that, I can't see what the problem is.
I think that the idea of a one-click invitation url is a very good one.
However, it is important to understand that sometimes even the "simplest" technology can have unexpected consequences in certain circumstances -- a very useful thing to keep in mind before assuming stupidity or ill-intent on the part of users, which seems to be an concern in some of the earlier messages.
For example, Robert sent a simple email to the LinkedInnovators list, and I read it.
Simple, right?
Not really. Robert's email had passed through whatever software Robert used to compose the message (Hotmail? Outlook? Yahoo Groups? Something else?), then through either or both the Yahoo Groups discussion system and email system, and then, at my end, the message went through Gmail's infrastructure and into my Gmail inbox, which hides images and certain other types of formatting by default. I read the message on a portable device (small screen) using the Opera browser.
By the time the message reached my eyes, Robert's tinyurl invitation link was appearing next to the text "My linkedin profile", and I would have needed to scroll to the next screen to see the words "My one-click invite" with another set of urls...which I didn't do, because it looked like I had already reached the end of the message.
I clicked on the tinyurl expecting to see Robert's profile, but instead I sent an invitation. I was surprised and even a little miffed, but when I went back later and saw the same message on the LinkedInnovators Yahoo group's page using a larger screen and the Firefox browser, let's just say that the same message appeared very differently, and it was obvious that he wasn't trying to mislead anyone.
Bottom line: Even very simple technology (email!) can be deceptively complex. Before assuming stupidity or malice on the part of a user, be sure to consider the idea that things may not be as simple as they seem, and that YOU may not have a good understanding of the user's actual situation.
Steven Miles [LION] S
Director at Grampian Outdoor Pursuits LTD
Best Answers in: Project Management (6), Organizational Development (3), Quality Management and Standards (2), Education and Schools (1), Occupational Training (1), Staffing and Recruiting (1), Criminal Law (1), Business Development (1), Lead Generation (1), Change Management (1), Planning (1), Inventory Management (1), Interface Design (1), Career Management (1), Ethics (1), Enterprise Software (1), Computers and Software (1), Computer Networking (1), Information Security (1), Telecommunications (1), Web Development (1), Using LinkedIn (1)
Not received it.
I received the same one last week, but strangely they hadn't deleted the invite link on my profile...
Ray V
Social Media Strategist, Speaker, Corporate Community expert
Best Answers in: Using LinkedIn (20), Web Development (4), Staffing and Recruiting (3), Business Development (3), Career Management (3), Job Search (2), Mentoring (2), Corporate Governance (2), Change Management (2), Professional Networking (2), Starting Up (2), Commercial Real Estate (1), Regulation and Compliance (1), Education and Schools (1), Corporate Taxes (1), Risk Management (1), Compensation and Benefits (1), Offshoring and Outsourcing (1), Advertising (1), Public Relations (1), Sales Techniques (1), Non-profit Management (1), Distribution (1), Professional Organizations (1), Small Business (1), Blogging (1), Enterprise Software (1), Computers and Software (1), Computer Networking (1), Telecommunications (1)
Very curious how long this question will remain before it will be pulled by LI...
They created it, they will have to live with the consequences of the choise to make it a quantity network..
I also received it...
And I was surprised...
I seriously can not believe the lines from: "Unfortunately, we've gotten complaints..." till "so we cannot allow them."
The one-click link says so "Simply click here to connect". What would someone else expect when clicking this link??
I found it a great tool!
My guess, this is a functionality they want to add as pay service so they are banning it now before its implemented.
Yes, me too. My link read "Click to send instant invite", so you can't say anyone would have been surprised.
Good - deleted too.
I`m just thinking how people can complain about great tool ??? May be it is not bad idea to put smth like legal disclaimer before entering my page :) - like THIS (with big arrow) button will not harm you like coffee in McDonalds or if you don`t like to push the buttons Dont Do It please :)
Katherine C
Market Research Consultant
Best Answers in: Market Research and Definition (3), Business Development (2), Using LinkedIn (2), Staffing and Recruiting (1), Internationalization and Localization (1), Treaties, Agreements and Organizations (1), Employment and Labor Law (1), Advertising (1), Public Relations (1), Business Analytics (1), Organizational Development (1), Personal Real Estate (1), Ethics (1), Business Plans (1), Starting Up (1), E-Commerce (1)
I received the same message this weekend. That was a sad day!
The link was removed from my profile. I had thought it was brilliant (of you) to create the idea so I'm a bit disappointed to have lost it so quickly.
I would understand people being frustrated if they were unclear about what the link was/what it did, but the link on my profile did say "click here to add me".
Jim P
Product Management and Marketing Professional
Best Answers in: Personal Investing (7), Personal Real Estate (5), Retirement and Estate Planning (3), Wealth Management (3), Economics (2), Hedge Funds (1), Personal Taxes (1), Personal Debt Management (1), Career Management (1), Wireless (1), Using LinkedIn (1)
No, have not received a message similar to your,
Jim
I wonder, who was complaining?
Good idea, good tool.
Thought it was a good idea myself, worthy of LinkedIn innovators.
It's a shame that it's been banned so hastily, on what appear to be trumped up charges.
I presume that it has been deemed to undermine their policy of charging for inmails, so maybe there is perverse logic behind it.
Ed A
DIRECTOR OF OPERATIONS, EUROPE at PETRONERDS OIL AND GAS LTD (Previously PETRONERDS ENERGY SERVICES LTD.)
Not received it. But if one has a link which arguably may violate LINKEDIN privacy and other rules, I suppopse it is appropriate to self delete it or it would be deleted by Linkedin. I don't have such a link in my profile.
Edward
Iain M
Intellectual Property Lawyer with Fliesler Meyer LLP - San Francisco
Best Answers in: Intellectual Property (1)
Yes - I recieved the same letter. There's no point debating the privacy points. LinkedIn just doesn't want this kind of open networking. Otherwise they would create a profile option that allowed it for instant invitations. Thus, it is not unexpected that they closed this loophole.
Iain
