Today, more and more people spend more time, for a reason or another, in the virtual reality which is called Internet. Beyond the scientific definition of the term, the Internet can be defined differently for each of us. The obvious fact is that we all can feel its huge benefits, but at the same time we can’t ignore the news which are appearing in the international press about computer crime. Social media platforms, but not only, have led to a redefinition of our private space and the way in which we perceive it. This is a space that allows copying. Once you’ve posted something on the internet, it is very hard to have it under control. This internet peculiarity if gets combined with personal data, can create very big problems. Studies show us that there should be more information for large public about what privacy means when you sign up on a social networking site. Registering on such a site has high risks because most social networking sites are in the U.S. and they have a different privacy policy from European Union.

In June 2012 more news about LinkedIn have appeared in the international press according to which LinkedIn, the professional networking website, is investigating claims that 6.5 million of its users’ passwords have been stolen and published on a Russian computer hacking forum. The list of examples goes on: Amazon-owned Zappos hacked, 24 million accounts compromised[1]or Sony Hacker May Have Accessed 77 Million Users’ Data, Possibly Including Credit Cards[2]

What I would like to do next is to analyze privacy policy of LinkedIn according to general services which are offered by this website. But, first of all I have to mention that LinkedIn operates the world’s largest professional network on the Internet with more than 225 million members in over 200 countries and territories. Professionals are signing up to join LinkedIn at a rate of more than two new members per second. Sixty-four percent of LinkedIn members are located outside of the United States. There are over 30 million students and recent college graduates in LinkedIn’s team. They are LinkedIn’s fastest-growing demographic.

LinkedIn offers several different types of accounts, including: free Personal Account – which is what most people use, three types of premium accounts, three types of Job Seeker Accounts. LinkedIn members are both persons and companies.

Basically, all LinkedIn accounts offer the ability to do the following:

  •           Ability to  create a professional profile
  •           Helps and encourages you to develop a professional network
  •           You can search for jobs and people on your LinkedIn account — i.e. who did you go to high school with. –What company would you like to work for.
  •           Send unlimited messages to your connections
  •           Receive unlimited requests for introductions and InMails (a private message to or from a LinkedIn member who is not your connections). You can receive these free “if” you indicated in your account and settings that you are open to receiving
  •           Participate in LinkedIn Groups – A great way to expand your network without directly connecting with the person
  •           Participate in LinkedIn Answer – this is an interactive feature that enables you to ask questions, receive input from a worldwide network of peers and experts, share your own expertise and develop your platform as an expert

Privacy Policy applies to anyone with a LinkedIn account. If you live in the U.S., LinkedIn Corporation controls your information. If you live outside the U.S., LinkedIn Ireland Limited controls your information. They take privacy and security seriously and have enabled HTTPS access to their site (turn on HTTPS), in addition to existing SSL access over mobile devices. They also offer secure HTTPS access to the website. To protect any data you store on their servers, they also regularly monitor their system for possible vulnerabilities and attacks, and they use a tier-one secured-access data center. Other information about site security, not offered as security strategy, is strictly confidential.

Creating a LinkedIn account involves the provision with more information about you – some are considered personal (eg contacts, email address, users’password), but other are considered already public (education, professional experience, projects, publications, organizations, honors and awards, test scores, courses, patents, certifications, volunteering and causes). Here the discussion is very long because to create a LinkedIn profile means to create your CV and CV document is considered as a public document. However, it is quite risky because you can lose the access to your account (hacking attacks). In addition, someone else uses your account because you can stay logged in on multiple devices at the same time. In this case, your data can be modified, deleted or can be used in an unwanted way.

Moreover, if you want to benefit from all the services of a particular LinkedIn account, you have to pay for it using your bank data. These data is theoretically blocked whoever use your LinkedIn account, but day by day we can hear about online fraud by using all kind of technologies. One of the most popular is phishing. However, the discussion is very long.

IT specialists argue that a LinkedIn account can be stolen using cookies technology. Of course, it is not easy. A cookie is a small piece of data sent from a website and stored in a user’s web browser while a user is browsing a website. When the user browses the same website in the future, the data stored in the cookie is sent back to the website by the browser to notify the website of the user’s previous activity. Cookies were designed to be a reliable mechanism for websites to remember the state of the website or activity the user had taken in the past. This can include clicking particular buttons, logging in, or a record of which pages were visited by the user even months or years ago etc. Regarding these, cookies are not a LinkedIn specific risk. Almost all websites are using this technology, but the LinkedIn problem is this cookie does not expire one year from the date it was created. Most commercial websites use a timeout period of 24 hours.  There are a few exceptions: banking sites logout user after 2 or 10 minutes of inactivity[3]

LinkedIn makes many remarks about these issues (what does it mean, how they use etc.) in Privacy Policy, Cookie Policy. It is up to you if you want to know more about it. From my point of you, should be carried out many information campaigns, awareness campaigns for large public about privacy in the virtual reality.

One more thing….

An important advantage offered by a LinkedIn account is possibility to create your own networking, to be put in touch with many people in a professional way. But who guarantees it? Who guarantees that all data registered in a LinkedIn account are true? Who guarantees that a LinkedIn account reflects the reality? In my opinion, here is the biggest risk. Of course, it is not a LinkedIn specific risk. Here we are talking about Social Media. LinkedIn has a similar field, but it does not allow as much text, and it’s not possible to connect links, photos or videos with the update. That’s why the risks are not so high.The obvious fact is that you can be put in touch with anyone (professional or not). Here the discussion is very long and the risks are very big and very different. Now, I would like to show you what is mentioned in LinkedIn privacy policy regarding this: However, since the Internet is not a 100% secure environment, we cannot ensure or warrant the security of any information that you transmit to LinkedIn. There is no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. It is your responsibility to protect the security of your login information. Please note that emails, instant messaging, and similar means of communication with other LinkedIn Members are not encrypted, and we strongly advise you not to communicate any confidential information through these means. Please help keep your account safe by using a strong password[4]

The impact of these risks on LinkedIn members (persons or companies) can be easily understood from what I mentioned above. But what does it mean for LinkedIn? The impact of these risks affects, first of all, but not only, marketing/communication of this company. Last year (June – December 2012) the internet was full of news about LinkedIn information leakage which has compromised 6.5 million accounts (6.5 Million Encrypted LinkedIn Passwords Leaked Online[5] or LinkedIn Confirms Password Breach, Phishing Intensifies[6] This kind of news creates – first of all and not only – concern among its members because of personal data.

In conclusion, the risk using a LinkedIn account is not so high, primarily because of the information requested. LinkedIn is a professional website and has published all updated versions of everything related to privacy. In other words, LinkedIn fulfills its legal obligation to inform its members or potential members about this issue. That’s why LinkedIn has 225 million members. LinkedIn risks mean Social Media risks, but are not so big like Facebook or Twitter risks.

It is up to you if you want to know more about your privacy.

Thanks for this task. I will change the password for my LinkedIn account and I will review my professional network.

Advertisements