This is why I hate the term "growth hacking". It encourages this kind of behavior.
I'd be curious to know if anyone on HN thinks that this is morally and ethically ok?
What happened to the good old days when "growth hacking" was building a good product that people want to share with each other and then making it easy for them to share?
> I'd be curious to know if anyone on HN thinks that this is morally and ethically ok?
1. Yes. Absolutely. What could be morally unacceptable about this?
2. I very strongly believe in business ethics. And consumer protection, and worker protection. I don't think that this, in general, rises to the level of even being an issue with regard to consumer protection or worker protection. I don't know what about this would be unethical.
3. If you are going to say "user tracking" then I am just at a loss. This is categorically no different than any of the many dozens of user tracking services already in use. Except that, unlike many of those services who are very, very explicitly shady and fly-by-night, LinkedIn is, overall, an ethical player. When I visit NYTimes.com, my ghostery registers:
* Chartbeat
* Doubleclick
* Dynamic Yield
* Facebook Connect
* Facebook Custom Audience
* Google Analytics
* Moat
* Netratings Site Census
* New Relic
* Optimizely
* ScoreCard Research
* WebTrends
As long as this guy has an appropriately written privacy policy, I see absolutely nothing legally wrong with this, either. Morally - I just don't even know where to begin on how facile a complaint I consider that to be.
> * Chartbeat * Doubleclick * Dynamic Yield * Facebook Connect * Facebook Custom Audience * Google Analytics * Moat * Netratings Site Census * New Relic * Optimizely * ScoreCard Research * WebTrends
In these cases, the NYT isn't getting private information about me from the third party. Facebook won't give the NYT a list of Facebook users who viewed an article on their website. Google Analytics won't tell me visitors' Gmail addresses.
It is a third party exploiting LinkedIn's tracking to monitor and expose identifiable information about who is visiting their website that LinkedIn probably didn't intend to be public.
Obviously, there are lots of trackers out there. But the fact that those trackers exist, and we're sorta, kinda, maybe ok with it, or at least resigned to it--that doesn't imply that we're ok with any third party using leaks of that information to track us.
Probably the reasonable thing to do is say "if we're ok with X tracking us, we're ok with everyone tracking us, because the information will leak." But that's not the same as saying it's ok for everyone to try and make it leak.
It wouldn't at all surprise me if it's against LinkedIn's TOS, and the author admits as much.
The fact that the author believes it is against LinkedIn's terms of service, terms of service to which he has explicitly, voluntarily agreed makes it unethical on its face. (Even if the terms of service don't prohibit this behavior, the fact that he believes they probably do is important.)
It's certainly not a grave matter in and of itself, but he doubles down by publishing a post to encourage people to join him in making a promise in bad faith.
The hack presents a way for the owner of a site I visit, but did not give any other consent to whatsoever, connect that page visit to my LinkedIn profile (which is, basically, me). And then uses that to contact me.
This goes a lot further than an ad broker that knows I am the person that visited sites X,Y and Z and therefore probably have an interest in something (without, still, knowing really who I am).
I know Facebook (and the likes) could technically know where I've been, but I have no clue on whether they really do that, is there proof for that? And is that really accepted? And even then, it's a step further because Facebook at least knows who I am because I 'willfully' told them and chose to 'trust' them.
"Growth hacking" is nothing but marketers rebranding themselves because word "hacking" is hot and cool (i.e. meaningless).
> What happened to the good old days when "growth hacking" was building a good product that people want to share with each other and then making it easy for them to share?
Business came in. The Internet became serious money, and with it came the "entrepreneurs". What you see is what happens everywhere where competition is intense enough - ethics are one of the first thing to fly out of the window. They harm the bottom line.
This is also why you should segregate your browsing to different browsers and different browsing modes.
I personally now use two browsers for different reasons:
* Chrome = Gmail, Drive, Docs, Search that I wanted tracked (work related usually)
* Chrome Incognito = Social media (Twitter, Instagram) and sites I stay on most of the time (HN)
* Firefox Private Browsing = Search that I do not want tracked (shopping research usually), shopping, news sites, media sites, LinkedIn
One can also view these in terms of cookie/data retention periods:
* Chrome = +1 week
* Chrome Incognito = 1 day maximum
* Firefox Private Browsing = Session (created and destroyed for a specific purpose, short-lived)
And yes, it's not convenient as if I get an email with a link in it I will copy the link into the appropriate browser and then browse to it. But then the upside is that I don't get tracked relentless by tracking stuff that expects cookies.
Oh, and I'm aware of IP tracking too. I tend to use PIA VPN for this reason and do not autoconnect to the closest place, but instead semi-randomly pick somewhere in Europe to surface from each day.
* Firejailed firefox = useful for sites too broken in regular Firefox
Both Chromium and FF are set to destroy cookies upon session termination and block third party cookies. I use uBlock Origin in "default deny"[0] mode which blocks all third party content by default. I never sign into accounts from google, twitter, linkedin, or any other advertiser purveyor within FF.
The firejailed firefox is for such advertising purveyors and/or for sites which are cumbersome to make work properly by selective whitelisting in uBlock origin. I use firejail, rather than incognito / private browsing, so that the browser will behave exactly as if it were freshly installed when I visit these sites. Some settings (and in the case of FF, add-ons) will impact incognito/private browsing; firejail allows me to run a browser "wide open" safely.
Something which might be useful if you want to do this: you can use Firefox with multiple profiles, by starting it with the '-P <profile-name>' option.
I know my browsing habits/history is not private, and I know I am being tracked, even though I use plugins to minimize that.
But having a marketing person send me a personalized email slapping me in the face with that tracking by explicitly telling me that they know what web page I visited on their site... that would be a pretty big turn off for me.
Cataclysmic outcome: linkedin is embedded on a porn site/page and starts feeding the names and professional profiles of visitors to the owner. These people are then contacted and blackmailed based on socio-economic status (e.g. targeting rich married individuals).
This linkedin feature has always been a pure money grabbing ploy with no merit other than the premium revenues generated from exploiting the emotional vulnerability of people and #growthinghacking needs of recruiters.
I've looked at the code - there definitely is some tracking done via XHR requests after the page load. This includes CSRF tokens so you can't hit those tracking links directly.
Having said that, we still can't know whether or not the profile view information is harvested from the server-side logging of the main page view or not without testing it.
but the request has already been sent. Yes, the browsers will respect this header and not display the page and not run javascript, BUT what if the user tracking is done on the server in the first request? In that case, this technique might work...
To play the devil's advocate: if LinkedIn are smart they should offer this functionality (for premium users, of course). This is really useful info for businesses.
I think you overestimate how much ordinary people care / know about their online privacy. I think almost nobody would leave. That said, I myself wouldn't be too happy about it, but I would try to find some other solution instead of leaving LinkedIn.
Not sure why you're downvoted - because they already do this for businesses, just not private users.
There's no money in it outside of selling data to businesses but LinkedIn, Facebook and tons of other major internet properties all share login data specifically to identify users across the web.
What kind of data for each profile? Sites? URLs? What types of "selectors" are available, e.g. "profile number X" or various demographics? And roughly what does it cost?
For the vast majority, it's demographics and interest based stuff. LinkedIn for example will keep lots of 1st party data to itself for it's own ad business but will share generic data like: female, 30s, IT engineer, new york, etc. This is how much of the ad targeting works. Trying to target a single person/identity just isn't easy, scalable or worth it so big overlapping buckets are used.
On the other side, specific identity data is also shared, called PII (personally identifying information), in a hashed format with other data networks. This is often used in retargeting by profile, an example being if a company wants to target all of it's current customers, it'll upload it's CRM database full of emails and data providers will match this up to cookies or other identifiers and let that company target these users with ads online. It's anonymized in that the advertising company doesnt know your identity, just that you're in this bucket of "XYZ email address list".
The way providers get to know your identity is major sites that share your profile data when you login, because they definitely know that it's you. LinkedIn will set a cookie when you login and then they'll have an API or data dump to other providers that can request your info or if you fit a bucket (in a hashed format).
Data is usually on a CPM (cost per 1000 impressions) basis although ranges widely from $1-$100 depending on quality and depth of targeting.
Thanks for info, didn't know that! If I understand correctly, you don't get the data about specific users, like OP did?
About me being downvoted - yeah, I figured I would be, because lots of people here use voting as "I (dis)agree" or "I (don't) like" button instead of "post is (not) useful" button. For the record: I would rather live in a world where such tracking was not possible and/or allowed, however, this is just not the case. As business you would be stupid to not consider using such data though. I personally would welcome a browser with privacy built in (for instance, browser which would disallowed all references to external domains - including images, JS and similar). But in reality this probably wouldn't fly.
While doing this for your own profile could be useful for you and some metrics you may want, someone else could be a bit more nefarious.
On a high profile/traffic blog, web app, or site - could just include some targeted, random, or interesting LinkedIn profiles, and then all of these people would be bombarded with misinformation about who's viewed their page.
Want to confuse sales team at XYZ Startup Corp., sure have all of their profile links in hidden IFrames too...
If all you need to get onto the list is a request to the profile page URL, even a simple image link in a forum signature/profile image/etc. might be enough...
I have a LinkedIn profile that I've not updated for a long time. Have programmers here found it to be of any value, apart from being in the know of what your friends/colleagues are up to in their careers?
Being able to contact former co-workers is invaluable. I moved out of New York in 2009 and moved back in 2012. In between the startup I had worked at basically gone out of business and everyone had new jobs. I didn't have anyone's email address or phone number or even Facebook connection, but I was connected on LinkedIn. I was able to reach out, find out what companies were hiring, get some interviews, etc. It massively helped in my move back and I'm in a far better place because of it.
All the recruiters, resumes, cover letters, and interview prep pale in comparison to just having a bunch of people that want to work with you again. Ultimately whether you use LinkedIn or Facebook or a paper rolodex of phone numbers, the key thing is that you need that collection of weak connections. These are not my 20 friends, these are the 150 people that have been in a company with me and know my reputation but probably don't know much more than that.
I find LinkedIn is a good tool for that. Sure there are some negatives, but I haven't found anything better. I don't necessarily want to be Facebook friends with all of the people I currently or previously worked with, and there is no way to keep an up to date contact list by yourself.
> Being able to contact former co-workers is invaluable.
Agreed. Maybe I never felt the need of using LinkedIn for this because I'm already well connected with most of my former colleagues via other channels, since before this, I was at a pretty small startup.
My friends with management jobs love LinkedIn as a job finding tool, and some even claim that being connected to influential people in the industry on LinkedIn helps them stand out somehow, but most of my programmer friends do not like the type of recruiters on LinkedIn. In my personal job searches, I almost never needed anything other than a CV, a cover letter and Github/StackExchange accounts (as opposed to "connections" with famous people).
Yes, I got quite a big contract out of it when an old customer from my previous job noticed that I had set up on my own. Essentially they liked my work but hated dealing with my employer, hence they had taken their business elsewhere over a year previous.
Other than keeping my profile up to date I'm a very passive LinkedIn user though - I don't use it to look people up. It's also a source of a huge amount of worthless recruiter spam.
I read about this over a year ago (I think it may have been on HN, though the article was different). It seemed like it might be a security flaw and that it would get resolved, but I guess not.
Neat one! Not sure it will work too great for a hacker audience -- all sorts of content blockers, and they probably aren't logged into Linkedin 24/7 anyway -- but I really like the idea.
The only issue I have with this is that it tracks people on yet another part of the Internet. Same reason as why I don't have Google Analytics or Youtube embedded videos or embedded Google Maps on my website (let alone Google Ads).
I've been thinking about creating a separate Chrome login for use on any browsing on social sites (FB, Twitter, LinkedIn) - maybe even a unique login for each. Would that be an effective way to isolate this type of thing?
You could just combine two separate browsers and use one for Facebook, Twitter, LinkedIn, Google and whatever else you wish for and use the second one while being logged out of social networks.
That's what I meant by Chrome login - a separate Chrome user profile, and wouldn't incognito mode require that I authenticate each time I visit these sites since any authentication cookies would be disposed of at the end of a session?
This is interesting; I was wondering though are you really using the Chrome Scraper extension to get this data? Is there some way to run that on a schedule, or are you manually scraping periodically?
That's actually a sneaky way of following up with people who visited your carrers page. Check their linkedin and if they are a nice candidate send them a message through linkedin.
I wonder what impact it has on page rank? I remember playing with 1x1 pixel links a few years back and finding my page completely disappear from Google.
I'd be curious to know if anyone on HN thinks that this is morally and ethically ok?
What happened to the good old days when "growth hacking" was building a good product that people want to share with each other and then making it easy for them to share?