[tedunangst]

“LinkedIn pretends to be that user and downloads the e-mail addresses contained anywhere in that account to LinkedIn’s servers,” they said. “LinkedIn is able to download these addresses without requesting the password for the external e-mail accounts or obtaining users’ consent.”

I am so hoping the case goes to trial so we can see the evidence of this presented.

[fmax30]

This sounds like an outright BS claim. There are two or more scenarios that may be presented as evidence.

i. LinkedIn used the users current passwords with their external addresses to access the external emails. ( impossible) ii. Linked in use some sort of Oauth/google authentication access to information permission thing(can't remember the name). (highly unlikely)

In any case I think we can only be certain with the actual evidence.

The Customers filing suit should know that LinkedIn is a publicly traded company and not a scam site.

Because even these claims are outrages if not utter BS.

[auctiontheory]

The Customers filing suit should know that LinkedIn is a publicly traded company and not a scam site.

Did you mean to say that? I know nothing about the details of this lawsuit, but I hope you realize that being a publicly traded company is no proof of being virtuous in all one's business operations!

[kintamanimatt]

Why is the first scenario impossible? People re-use passwords all the time.

[AjithAntony]

Yeah, don't they just straight up ask for your passwords? http://i.imgur.com/ucFx7Kw.png

[kintamanimatt]

There's that, but what I meant was they could combine the user's LinkedIn password with their email address and most of the time that would be a valid user/pass combination due to the frequency of password reuse. It's not like LinkedIn don't have access to the plaintext version of the user's password. After all, the hashing isn't done on the client but on the server.

[dingaling]

That's brazen, but if the plaintiffs complied with that prompt then they're basically telling the World that they not only violated the TOS of their e-mail provider but also their terms of employment and common sense.

Looks like implementing two-factor authentication might not only protect companies against malicious intruders but also from their own employees spilling the beans.

[kevingadd]

My guess is they used the same password for their email and LinkedIn account, so LinkedIn had the credentials for both and was able to harvest contacts. That, or during the sign up process they plugged in their email credentials without realizing LinkedIn would abuse them in this way.

Scummy in either case, even if it's technically legal.

[city41]

I had the latter happen to me and so have several other people here on HN. LinkedIn ended up sending an invite to everyone I had ever emailed. It was catastrophically embarrassing and caused a lot of grief.

[logicallee]

Not to detract from the main point of this thread (which I agree with) but do you mind sharing why you write "catastrophically" embarrassing? And caused 'a lot of grief'?

I'd never think twice about getting a linkedin invite email from anyone who for any reason has ever emailed me (ever). It's obviously automatic... I really can't think of an exception...

[city41]

There are more email addresses lingering inside your email account than you probably realize. I just did a search for "LinkedIn sorry" to find all the apologies I sent out. 38 of them. All to complete and total strangers. When it first started happening I did some digging and found the connection for a lot of these people is we were on a common mailing list.

Not to mention the more obvious ones like ex-girlfriends, ex-bosses (including one I am not on good terms with), companies that I applied to and did not end up working for, etc. This is my gmail account, it has every email I've ever sent in the past 9 years. There's a lot of stuff in there.

EDIT: I don't know if LinkedIn still does this, but at the time LinkedIn would send reminder emails for any ignored invites. Which just compounded the problem.

[kibibu]

> Your Ex has sent you an invitation to LinkedIn. Would you like to endorse their skills?

[tedunangst]

If that is the worst thing that happens to you, you should be thanking LinkedIn for teaching you a valuable lesson about typing your email password into random forms on the Internet (or sharing passwords).

[phyalow]

Your Ex has endorsed you for "Family Planning".

[fivre]

Somehow I'm thinking the latter.