Category Archives: opt-out

LinkedIn responds quickly to complaints about ‘social ads’

Yesterday, I wrote about LinkedIn’s recent Privacy Policy changes, by means of which the company snuck in the right to use your name and photo in adverts placed by third parties.

You weren’t offered the choice to enable this new feature at will, because it was turned on by default for everyone.

And LinkedIn didn’t warn you directly – which it could easily have done by email – that you might very well want to turn it off.

Crudely put, and in my own words, LinkedIn gave itself the right to mine your usage habits to determine what products and services you’re interested in, and then to use your name and photo in what amounts to an endorsement for those products and services when they’re advertised to other users.

If you were to put a positive spin on this sort of policy change, you might call it something like an exciting new feature which automatically improves your online experience with no cost or effort on your part.

But you might equally well describe it much less flatteringly as a terms-and-conditions land-grab or as a privacy policy bait-and-switch.

And, as regular readers of Naked Security will know, we aren’t big fans of privacy changes that are used by service providers as a vehicle to introduce a brand-new ‘opt-out’ feature. (Opt-out means it is on by default until you get around to turning it off.)

We think that a better business standard would be to make this sort of new feature opt-in. We accept that short-term sales goals might be easier to achieve with opt-out, but we know that opt-in would be safer for users. Indeed, users with strong opinions about privacy would become strong advocates for a service provider which set this sort of standard. The privacy regulators would be pretty impressed, too.

So we feel sure that adopting an opt-in model would actually be better for a service provider’s business value in the long term.

With this in mind, we invited our readers to email LinkedIn with words to this effect:

Dear LinkedIn,

Why not lead the way on privacy?

Become truly opt-in - not just on the basis that a new user opts in altogether by joining up in the first place, but on the basis that everything is locked down until a new user opens up each feature.

Many of you let us know you’d asked LinkedIn to do just that.

already responded publicly to the complaints the company has been receiving.

Roslansky has also recognised that the company should have been more open about its new ‘social ads’ feature, and has even agreed to make some changes to the system.

In particular, LinkedIn has quickly admitted that it took a step too far, respectfully conceding as follows:

Most importantly, what we've learned now is that, even though our members are happy to have their actions, such as recommendations, be viewable by their network as a public action, some of those same members may not be comfortable with the use of their names and photos associated with those actions used in ads served to their network.

And LinkedIn has agreed to changed the look-and-feel of its ads:

I suspect that many companies would find it really hard to react this quickly – except perhaps to say, “We are taking your comments seriously and will determine a course of action after a series of internal business committees have anguished over the implications of any changes, when the economic simulations are complete, and once the lawyers are happy.”

So, from Naked Security to LinkedIn, “Well done!”

There is some bad news, however. There’s still no sign that LinkedIn is willing to go down the opt-in path. The company still seems happy with opt-out, though I must admit that it has made opting out of social ads fairly straightforward. A couple of clicks will do it.

Nevertheless, I’d say this is a real result. It may be just a first step towards stronger privacy standards, but it’s good for you, and it’s good for LinkedIn. Respect!

If you’re on LinkedIn, and want to keep up-to-date on the latest security news, join the Naked Security LinkedIn group.



Share/Save

LinkedIn ‘does a Facebook’ – your name and photo used in ads by default

I’m not a LinkedIn user – at least not yet, though I suspect that like many of my friends and colleagues I may eventually feel compelled to “be there or be square”. As a non-user I haven’t been tracking changes to the default privacy settings of the service, or the implications of those changes.

Neither, it seems, has most of the rest of the world.

Nearly two months ago, LinkedIn updated its Privacy Policy. To give the company credit, it did prefix its official policy with a summary, and it provided a link at the top of the policy page to show you the changes since last time. (For programmers: this takes the form of a changelog, not a diff.)

That’s just as well, because LinkedIn’s Privacy Policy runs to almost 6400 words – that’s about 10% of the length of a respectable novel. Even the summary and the changelog top 1000 words each.

And, as blogger Steve Woodruff pithily points out, inamongst the changes is an on-by-default new feature that you may not yet have seen, definitely need to know about, and almost certainly want to turn off:

LinkedIn may sometimes pair an advertiser's message with social content from LinkedIn's network in order to make the ad more relevant. When LinkedIn members recommend people and services, follow companies, or take other actions, their name/photo may show up in related ads shown to you. Conversely, when you take these actions on LinkedIn, your name/photo may show up in related ads shown to LinkedIn members. By providing social context, we make it easy for our members to learn about products and services that the LinkedIn network is interacting with.

Crudely put, LinkedIn will mine your usage habits to determine what products and services you’re interested in, and then use your name and photo in what amounts to an endorsement for those products and services when they’re advertised to other users.

This feature is opt-out, even though it reduces your privacy and infers your goodwill, and even though it wasn’t part of LinkedIn’s service when many current users signed up.

Like Facebook with its controversial and much-dissected opt-out facial recognition functionality, LinkedIn has snuck this one in under the radar.

As we said on Naked Security nearly two years ago – this time with Facebook crossed out, and LinkedIn written in in crayon [*]:

Dear FacebookLinkedIn,

Why not lead the way on privacy?

Become truly opt-in - not just on the basis that a new user opts in altogether by joining up in the first place, but on the basis that everything is locked down until a new user opens up each feature.

Don't wait until the regulators in the world's developed economies start legislating to make you do so. Take the lead. People will love you all the more in the end.

You can do your bit to get the message across.

Firstly, you can cut-and-paste the above letter and email it to LinkedIn at abuse@linkedin.com. As a subject line, try something like this: An observation about your new opt-out Manage Social Advertising option.

Secondly, you can turn the offending option off. From the pulldown menu under your name at the top right of your LinkedIn pages, choose Settings. Then choose the Account tab at bottom left, and click Manage Social Advertising.

Or you can visit the Privacy Policy, in which LinkedIn has (to its credit) included a link in the relevant part of the policy which takes you directly to the above opt-out dialog.


-
* With apologies to the Fish Licence sketch by Monty Python’s Flying Circus.

Mac malware, Sony, Lulzsec, Facebook facial recognition, Lockheed/RSA – 90 Sec News – May 2011

Don’t just read the latest computer security news – watch it in 90 seconds!

This month: Mac malware gets commercial; Sony data breaches continue apace; the Lulzsec crew flexes its cybercriminal muscle; Facebook facial recognition controversially hits the big-time; and Lockheed has a two-factor authentication crisis following RSA’s earlier breach.

Watch and enjoy:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like.)

Copyright © 2014. Powered by WordPress & Romangie Theme.