Linking In To Metadata

Not being a mobile phone user, I haven’t felt particularly tied into the metadata flap, although I understand why that data is so useful to the powers that be.  This morning, however, I had a particularly graphic moment with the concept that gave me pause.  It all started when I received an invitation to “connect” with someone on LinkedIn.  

I took the time to copy the link, paste it into the browser that is not blocking cookies, and accept the invite.  And as always, once my connection was confirmed, the site loaded up a long list of “people you might know” (aka, PYMK) due to “shared connections.”  A lot of them were people who are completely unknown to me, but a surprising number were not — they’re people I do know.  Some of you reading this today were probably on that list of people I might know.  And a few of the names made me think, “how do they know I know that person?”   It’s not that I care, really, but I was just surprised to see some of those faces there.

Which is what is so cool about Linkedin — it connects you to people based on shared connections.  Just like metadata.  If Joe knows you and Sally knows you, maybe Sally knows Joe.  Maybe she doesn’t, but she might.  In a sampling of the first 80 entries on my People You May Know list at LinkedIn, about 20 were people I actually know (including my mother, which made me laugh), another 20 were people I know of but haven’t met, and the remaining 40 names were completely unknown to me.  So their algorithm worked about half the time if you include people I know only by name and reputation, and 25% if you limit it to people I actually know.

This got me to thinking about the kind of research you could do with a tool like this.  Imagine if we had this for historical persons.  It would make doing their biographies so much easier.  As it is, most of us are writing an ongoing autobiography of ourselves on social media.  If someone was able to monitor that kind of information, they could track our connections in real time as we accrue them.  Which of course made me think of the NSA.

In all the revelations about NSA spying on social media, the one company I haven’t heard much about is LinkedIn.  Maybe it isn’t sexy enough, with no baby pictures or selfies to liven things up.  But I’ll bet it’s interesting to some people, and I doubt their names and faces will be showing up on my LinkedIn invitation list anytime soon.  Then again, they might — the NSA has a LinkedIn page…

I’m not saying that we shouldn’t use LinkedIn.  It’s a potentially useful tool that seems relatively harmless unless maybe you’re the CEO of a major company in which case I would not be using this site, or at least not honestly.  Ditto if you’re a “target” or a person who some world government wants to compromise (various types of engineers, for instance) — you might also want to avoid services that invite you via email to click on links.  As for the rest of us, we’re just racking up profile.  So given the mountain of data we’re entrusting them with, it would be interesting to know who LinkedIn shares data with.  Let’s see what we can find out.

The company’s privacy policy is fair to middling.  Yes, they share our data all over the place but they don’t sell data to direct marketers, which seems like a good thing.  They push ads to you based on your profile, which I’ve never liked.  They may allow many people access to your profile based on your privacy settings, but that’s kind of the point.  In all, I didn’t see anything that made me think they were abusing the privilege of owning our data, or at least, not any more than the next tech company. 

That said, we have to assume LinkedIn is included in the dragnet government surveillance of Internet communications.  To their credit, Linked in seems concerned about the domestic spying operation.  From the beginning, they have been vocal in their push for more transparency about the numbers of requests they receive from the government.  Their argument has been that their business is based on trust and some NSA practices are eroding that trust.  

Last month, LinkedIn joined Google, Microsoft, Facebook, and Yahoo in issuing a  “transparency report” which discloses roughly how many requests for user data they received from the government in the last six months for which they are allowed to report data — January through June 2013.  This would constitute their responses to direct requests, not backdoor visitations or “upstream collection.”

The government isn’t always so polite in their use of social media.  According to documents released by Edward Snowden, LinkedIn has been used by the British spy agency GHCQ to sabotage users’ computers.  Britain’s GCHQ created fake LinkedIn and Slashdot pages to lure network engineers who worked in the cellphone industry.  They used fake web pages to install malware on the engineers’ computers, giving the GHCQ access to their companies’ voice and data routers. It was reported that “LinkedIn denied any knowledge of the program and that it ‘would never approve such activity.’”  

Released NSA documents claim they can use any social media site to set up “man in the middle” attacks that plant malware, although so far the NSA has preferred Facebook for this purpose.  The NSA says these reports are “inaccurate” and must be understood within the correct “legal context.”

Bottom line: LinkedIn seems like a pretty good company that provides a good service if used with good intentions.  But for people whose intentions are murkier, they provide a lot of options to exploit us, from simple data collection (all profiles and connections) to outright hacking (let’s install some malware on a target’s PC).  My takeaway message after researching LinkedIn is to use with caution and be aware of what you’re sharing and who you’re sharing it with.