by Catalin Cosoi, on 11 August 2011
As of yesterday, business social network LinkedIn has introduced a new feature that exposes profile information, including names and photos as illustrations for third-party ads. The feature has been turned on by default across the platform without either asking for users’ consent or sending an announcement note in advance.
A social network’s most valuable assets are users and their information. With this in mind, we can reasonably expect that, at some point, new features that deliberately or accidentally expose users’ data to other parties outside of their network (either other users or advertisers) might be rolled out. Most such services have even taken legal provisions and stipulate in their Terms of Service that they can freely access and “associate” your content with your picture and name.
At the same time, given that the very principle behind the creation and operation of LinkedIn is that of ensuring users’ visibility within various professional environments, it may be argued that all of its members agree to some degree of exposure. On the other hand, they would all be entitled to having easier access to crucial info such as their name and photo being used by the platform for self-advertising purposes.
Generally speaking, there is little to be done in order to avoid these privacy invasions. The big question is whether social networks could do more to help users understand when changes are made and what the implications are.
Users who would like to opt-out of this new feature need to visit their account settings page, choose the Account tab, and then click on the Manager Social Advertising link. On the frame that pops up, they have to uncheck the LinkedIn may use my name, photo in social advertising box.
We advise social networking users to carefully control the information they publish on such websites in order to minimize the impact of such leaks. In the case of Facebook, Bitdefender offers Safego, a security app that scans the user’s profile and prompts them about potential issues with their privacy settings.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners
Chief Security Researcher