Prev NEXT

How LinkedIn Works

By: Dave Roos

Privacy and Hacking

LinkedIn public profile settings
LinkedIn public profile settings
Image courtesy LinkedIn

When a Web site is as popular as LinkedIn, it's easy to get caught up in the excitement of posting a profile page without considering the level of information you're sharing. Unfortunately, by posting too much personal and business information on a site like LinkedIn, you could make yourself vulnerable to social engineering hackers.

Social engineering is the practice of using psychological techniques to persuade people to give up sensitive information like passwords or corporate secrets. Social engineering is an effective way to hack a business network because it targets the weakest link in the system: human beings [source: SearchSecurity.com].

Advertisement

An example of a popular social engineering scam is to call the IT department of a company posing as a frantic, angry executive who has lost his network password and needs it immediately for an important meeting. The IT worker will be so frazzled by the call that he'll give up the password without taking the necessary security precautions [source: Security Focus].

You might think that the information you post on LinkedIn is secure because only members of your network can see full profiles. But LinkedIn is different than some other popular social networking sites like Facebook because it allows search engines like Google to access a version of your profile page called the "public profile." When you create a profile page on LinkedIn, you also create a public page that can be seen by anyone who conducts a relevant Web search.

LinkedIn allows you to adjust your privacy setting for that public profile page, including an option to remove the public profile altogether. You can choose to limit your public profile to your name, location and job, or post the "full view," which is your full profile minus recommendations and contact information. Even in "full view" mode, the public profile page will never list your connections.

Only your direct connections -- one degree away -- can see your list of connections. Ultimately, that puts users in control of their privacy. This is why it's so important to accept LinkedIn invitations only from people you know and trust. If a social engineering hacker knows your name, where you work, where you worked, where you went to school, as well as names of current and former colleagues and classmates, it's much easier for him to come up with a convincing scam. He can use all of this information to win your confidence (where the word "con" comes from) and subtly persuade you to give up information you wouldn't have otherwise shared with a complete stranger.

LinkedIn account settings
LinkedIn account settings
Image courtesy LinkedIn

LinkedIn allows users to adjust their privacy settings anytime by clicking on the "Accounts & Settings" link at the top of every LinkedIn page. On that page, you can make your name and location invisible to other LinkedIn users. You can control how and if your connections are notified when you make changes to your profile or add new connections. And you can control whether even your direct connections can browse your connections list.

As for LinkedIn's overall privacy policy, the site promises not to share or sell any of your personally identifiable information to partners. It does, however, share other information like your industry or region with Web site partners for advertising purposes. Basically, if you visit one of LinkedIn's partner sites, you might see ads that are targeted to your job or location. If you want to shut off that targeted advertising service, you can do so on the accounts and settings page.

That just about takes us to the end of our HowStuffWorks tour of how LinkedIn works. For more information about LinkedIn, social networks and related topics, check out the links below.

Related HowStuffWorks Articles

More Great Links

Sources

  • "Ask the CEO: Dan Nye Responds to Users" LinkedIn Blog. http://blog.linkedin.com/blog/2007/10/weekly-news-rou.html
  • "Business of LinkedIn is… Business" USA Today. http://www.usatoday.com/tech/webguide/internetlife/2007-09-04-linked-in_N.htm
  • "Facebook Gives Online Ads a Social Spin" PC World. http://www.pcworld.com/businesscenter/article/139355/facebook_gives_online_ads_a_social_spin.html
  • "How to Be a Master Networker" Entrepreneur.com. http://www.entrepreneur.com/growyourbusiness/portfoliocombusinessnewsandopinion/article182564.html
  • "LinkedIn Corporate Solutions Offers New Tools for Corporate Staffing Departments and Executive Recruiters." http://www.linkedin.com/static?key=press_releases_041807
  • "LinkedIn Traffic Up, But is it Enough?" TechCrunch. http://www.techcrunch.com/2007/07/13/linkedin-traffic-up-but-is-it-enough
  • "MySpace Monthy Ad Rev. Nears $25 Million" MediaWeek. http://www.mediaweek.com/mw/news/recent_display.jsp?vnu_content_id=1003543487
  • Nielsen Netratings August 2007. http://mashable.com/2007/09/13/nielsen-august
  • "Recruiters Get LinkedIn in Search of Job Candidates" Workforce.com. http://www.workforce.com/section/06/feature/24/58/49/index.html
  • "Savvy Companies Get LinkedIn to Find Top Talent" HR.com. http://www.hr.com/servlets/sfs?&t=/Default/gateway&i=1116423256281&b=1116423256281&application=story&active=no&ParentID=1119278002800&StoryID=1168261749559&xref=http%3A//www.google.com/search%3Fhl%3Den%26safe%3Doff%26client%3Dsafari%26rls%3Den%26q%3Dlinkedin+recruiting+services%26btnG%3DSearch
  • "Social Engineering Attacks: What We Can Learn from Kevin Mitnick" SearchSecurity.com. http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci865450,00.html
  • "Social Engineering Fundamentals" Security Focus. http://www.securityfocus.com/infocus/1527
  • "Turning Sales into Science" Inc.com. http://www.inc.com/magazine/20061201/sales-into-science_pagen_2.html