With that background we come back to review LinkedIn and what better place to start than the login screen:
It looks like a login screen, but it isn’t. You only see this after you’ve logged on. My ad-blocking system informs me that you’ll probably also see a whole bunch of advertisements around it as well, but fortunately I’ve taken measures to prevent ads from getting on to my screen. This secondary login screen will appear at the top of your page and is very insistent. It will not go away unless you tell it what it wants to know. What does it want? It wants access to your personal and business email accounts. Whilst it is the norm for almost every commercial website to go bat-shit crazy and/or bawl you out if you won’t tell it your email address, LinkedIn goes a step further and wants it all. They want the password to your mail as well so that they can login to your email account themselves.
That breaks the first two rules of going online.
No wonder they get hacked
Let’s think about this. LinkedIn is a site for professionals to link to other professionals. It would seem logical, therefore, that one would wish to upload one’s professional contacts (one’s professional credentials are never asked for). So you’re meant to put your work email and password into LinkedIn’s request. Every single LinkedIn user who does this has breached their employer’s email security, made their IT security team’s job a whole lot tougher, and are almost certainly in breach of the terms and conditions of their ISP – not to mention their precious employment contracts – which are universally worded to forbid sharing passwords.
Something else that should never be shared is the very thing they are asking their users to share: Other people’s email addresses. Those people, especially if they are clients, probably did not expect their email address would be sent to LinkedIn. Did anybody think to ask their permission? If not and this is done from somebody’s work account then the uploader is breaking their employers’ privacy policies, and quite possibly local data protection laws as well. Privacy policies aren’t really worth a damn if the company’s staff are going to upload client’s private data to social media sites on a whim. By all means feel free to share every tiny detail about your personal lives. I’m sure your followers will all be on the edge of their seats in thrall, but the email account that your employer allocated and the email addresses of your clients are not yours to share. This is other people’s property and it has not been entrusted to you in order for you to flatter yourself.
That should read, “if a person with your email address uploads it to LinkedIn they have broken the law and neither we nor they care. Sucks to be you.”
Naturally the good and talented ladies and gentlemen of corporate PR can effortlessly provide a business case for their users violating all these laws, rules and regulations. They say that if you give out your email password to LinkedIn then it saves you the trouble of having to export and import a contacts file yourself (your clients’ privacy be damned). One might argue that those unable or unwilling to learn the minimal-effort skills required to accomplish such a trivial clerical task, who are willing to sacrifice their most important layer of security to avoid spending a few minutes executing due diligence to a duty of care, who are in breach of the terms and conditions of their employment contracts, who hand over to unauthorized third-parties client identifying data protected by law, have NO FUCKING PLACE ON A BOARD FOR PROFESSIONALS.
But this is precisely what LinkedIn encourages its members to do from the moment they create their accounts. So much for professionalism. What then, one wonders, does such cavalier disdain for security, the law, contractual obligation, and other people’s property portend?