Sign up to our newsletter
The latest security news direct to your inbox
LinkedIn is a social network platform whose specialty is connecting professionals together to build relationships and create business opportunity. Recently the company became publicly traded and grabbed the attention of the world as its initial public stock offering more than doubled on the first day. Here we focus tools and options for user privacy on this professional social network. Previously I have written a similar blog about Facebook Privacy one may read here. It is worth noting that LinkedIn is working on new privacy and security features, so keep yourself informed. Akin to my Facebook Privacy blog, I set about showing a framework guide on what is available for LinkedIn Privacy and what one possible set of options looks like.
For a sample of what a profile looks like when browsing LinkedIn anonymously, view mine at http://www.linkedin.com/in/laudanski.
Your own mileage for options may vary because this network is indeed built to foster professional networking and opportunity. You may want to have enhanced advertising enabled. Whereas for Facebook you may want to lock down settings, here, you may choose otherwise. And there are many selections to choose from, and not all are in the same location. For instance, there are settings for Groups and each particular group you are part of.
For purpose of this blog, the following are assumed unless stated otherwise:
We recently conducted a survey via Harris Interactive to track concerns about privacy and security with respect to social networking sites. 87% of those who responded rate Security and Privacy as their highest concerns as shown below:
Figure 1: Security and Privacy Highest Consumer Concerns for Social Networking
And respondents also indicate that updating their privacy settings are done at very low frequencies if at all.
Figure 2: Privacy Setting Update Frequency
Settings and options are constantly evolving on sites like LinkedIn and Facebook, so it is important to check your own selections more often. Thus the purpose of this article, to spread awareness of where all the various options exist at LinkedIn and what those selections might offer. The most important thing to note is the status updates shown below and accessible on the homepage:
Figure 3: Status Updates
If a person enters something here (and perhaps through Twitter or a blogging platform), the information is accessible (defined by your privacy controls). Personally, I do not post my travel; however some folks do. There are external sites that track this kind of status update and raise awareness of these dangers. So be mindful of what you share.
For instance, I shared this blog and Claudio, another ESET employee shared it on his network:
Figure 4:Sharing Status Updates
Viewing my Profile one can see (based on my privacy settings) my status update:
Figure 5: Viewing a Profile
Let us begin by stepping through a typical log in process. In order to maintain completeness, we start from zero. Here we see the usual home page for a person when they are not logged into the service.
Figure 6: LinkedIn Home Page – Not Logged In
Next, we observe what the login procedure:
Figure 7: Logging into LinkedIn
Observe that the connection during login is 'https' which translates into 'secure browsing'. During our how-to, this is the one of the times https is enabled transparently by the provider. Another instance is during the Account Settings page.
Once successfully signed on, we step into the familiar LinkedIn user screen home page, a slice served below:
Figure 8: Typical LinkedIn user home screen slice
Now that we are firmly foot in the door at LinkedIn we want to hop over to account Settings located in the upper right hand portion of the page:
Figure 9: LinkedIn account Settings
We are taken to the following screen:
Figure 10: Account Settings Main Screen
Here we visit "Change" Primary Email, bringing up the following screen of options where email addresses may be removed or promoted to "Primary" from "Secondary":
Figure 11: Add and change email addresses
Next we visit the Change Password option (to read more about password strength and techniques visit my blog on No Chocolates for my password please!):
Figure 12: Change Password
For the next set of options, I will be displaying what the screens look like so the reader may be aware of these settings.
Figure 13: Turn on/off your activity broadcasts
Figure 14: Select who can see your activity feed
Figure 15: Select what others see when you've viewed their profile
Figure 16: Select who can see your connections
Figure 17: Change your profile photo & visibility
Figure 18: Manage your Twitter settings
Figure 19: Email Preferences
Figure 20: Select the types of messages you're willing to receive
Figure 21: Set the frequency of emails
Figure 22: Select who can send you invitations
Figure 23: Set the frequency of group digest emails
Figure 24: Turn on/off LinkedIn Announcements
Figure 25: Turn on/off invitations to participate in research
Figure 26: Turn on/off partner InMail
Figure 27: Groups, Companies & Applications
Figure 28: Turn on/off group invitations
Figure 29: Turn on/off data sharing with 3rd party applications
Figure 30: Account
Figure 31: Manage Social Advertising
Figure 32: Turn on/off enhanced advertising
Figure 33: Customize the updates you see on your home page
Figure 34: Customize the updates you see on your home page (Hidden)
Figure 35: Get listed in the service provider directory
Account Types and the information available to those who purchase.
Figure 36: Promoting Opportunity
Figure 37: Account Types
Figure 38: See Expanded Profiles
Figure 39: Talent Finder Subscription
As the reader can observe there are lots of controls for one's account. Visit the LinkedIn FAQ available at http://linkedin.custhelp.com/app/answers/list/ when you have queries.
Figure 40: Frequently Asked Questions
Application Directory provides a user to add additional tools onto one's profile.
Figure 41: Applications
Editing one's profile is also another location for choices to be made, available at http://www.linkedin.com/profile/edit. These are just some of the settings to be mindful of:
Figure 42: Edit Profile (Top View)
Figure 43: Edit Profile Personal Information
My Groups, http://www.linkedin.com/myGroups, is a place where a person can join discussions for a particular company or organization. Here is just one example:
Figure 44: My Group Directory Display Example
Figure 45: My Group Deep Dive Settings
Figure 46: My Group set to Open
When a Group is set to open, LinkedIn displays the following message when the reader enters:
"Previous discussions are stored in a read-only archive for members only. All new discussions can be seen by non-LinkedIn members, shared on Twitter and Facebook, and indexed by search engines."
Figure 47: Close Account
Companies are another location, http://www.linkedin.com/companies, to make adjustments. Here I provide examples of how one's profile may show up for others.
Figure 48: Companies
Statistics http://www.linkedin.com/company/eset/statistics are available for viewing as well.
Figure 49: Companies Statistics
Who's viewed your profile is a service that one may purchase. Here is some information to be aware of.
Figure 50: Profile Stats Upgrade
Figure 51: Upgrade Options
Remove Connections is a page that enables the reader to maintain their connections.
Figure 52: Remove Connections
We collect information:
When you register an account to become a LinkedIn user ("User"), such as your name, e-mail, employer, country, and a password.
When you view and interact with LinkedIn pages, features, and functionality, including LinkedIn mobile applications, software (like adding to your profile, participating in Groups, uploading contacts, etc.), and platform technology (like "Share on LinkedIn" buttons or third party applications). We also collect your IP address, browser type, operating system, mobile carrier, and your ISP, and receive the URLs of sites from which you arrive or leave the LinkedIn website, or sites that have embedded LinkedIn platform technology.
Through cookies and other technologies that allow us to recognize you, customize your experience, and serve advertisements both on and off LinkedIn. Learn more about cookies, beacons in Sections 1G and 1H, below. You can opt-out of advertising off LinkedIn here.
When you interact with third party services available through LinkedIn like surveys, polls or other third party research undertaken with your consent.
Review, enhance or edit your personal information through your personal profile page;
Control what information you make available to search engines through your public profile;
Choose whether you install or remove any third party applications;
Control whether your profile information is shared with third parties through Developer Applications installed by your connections by clicking here;
Change your settings to control visibility and accessibility through our website;
Control whether LinkedIn personalizes its professional plugins across the web using your LinkedIn account here.
Control whether LinkedIn uses your name and profile photo in social ads; and
Tell us to close your LinkedIn account.
Because the mission of LinkedIn is to connect the world's professionals to enable them to become more productive and successful, we have established what we believe to be reasonable default settings that we have found most professionals desire. Because Users may use and interact with LinkedIn in a variety of ways, and because those uses may change over time, we designed our settings to provide our users granular control over the information they share. We encourage our Users to review their account settings and adjust them in accordance with their preferences.
LinkedIn accounts are also defaulted to allow Users to be contacted to participate in polls, surveys and partner advertising. Click here to change these settings.
It is worth noting that after a brief period of time, LinkedIn's default behavior is to prompt the user for their password to access Settings or other features of the site, shown below:
Figure 53: LinkedIn timeout password request
And, LinkedIn strives to improve itself so sometimes you may see this.
This concludes our awareness blog for LinkedIn and all the various tools available in locations around the site. I myself have been using LinkedIn for years professional and has been well worth it.
Thank you, Paul Laudanski (http://www.linkedin.com/in/laudanski)
Director of the Cyber Threat Analysis Center, ESET
Author ESET Research, ESET