More on My LinkedIn Account

I have successfully gotten the fake LinkedIn account in my name deleted. To prevent someone from doing this again, I signed up for LinkedIn. This is my first -- and only -- post on that account:

My Only LinkedIn Post (Yes, Really)

Welcome to my LinkedIn page. It looks empty because I'm never here. I don't log in, I never post anything, and I won't read any notes or comments you leave on this site. Nor will I accept any invitations or click on any "connect" links. I'm sure LinkedIn is a nice place; I just don't have the time.

If you're looking for me, visit my webpage at www.schneier.com. There you'll find my blog, and just about everything I've written. My e-mail address is schneier@schneier.com, if you want to talk to me personally.

I mirror my blog on my Facebook page (https://www.facebook.com/bruce.schneier/) and my Twitter feed (@schneierblog), but I don't visit those, either.

Now I hear that LinkedIn is e-mailing people on my behalf, suggesting that they friend, follow, connect, or whatever they do there with me. I assure you that I have nothing to do with any of those e-mails, nor do I care what anyone does in response.

Posted on August 18, 2017 at 2:14 PM • 47 Comments

Comments

NinjaAugust 18, 2017 2:20 PM

Ah the annoyance of companies thinking you want them to e-mail the world about the fact you joined when you just want to prevent somebody from impersonating you. LinkedIn is specially annoying in its intrusions.

Ben A.August 18, 2017 2:21 PM

They have a nasty habit of sending invites to anybody on your address book.

I regularly get automated emails from colleagues' LinkedIn accounts imploring me to join - because my email address is in their address book, and they've searched for me on LinkedIn, it triggers an email.

There are other times they send these messages too I believe although your holding page should be enough to give people the message.

Maybe also mention what over social medial outlets you don't use so that people will know that this website/your email is your only genuine outlet to communicate with you.

Ben A.August 18, 2017 2:23 PM

I missed your penultimate paragraph on first reading; my mistake.

"I mirror my blog on my Facebook page (https://www.facebook.com/bruce.schneier/) and my Twitter feed (@schneierblog), but I don't visit those, either."

tzAugust 18, 2017 2:38 PM

just add "dailystormer" and they will permanently ban you from everything.

The interesting part of the current debate over Cloudflare's CEO in a bad mood zapping a nasty, hateful site (negative) and creating a fake account without verification (positive) is an interesting issue.

Are you "real bruce schnier", or can some other person claiming to be, or actually having the name of "Bruce Schnier" create an account at linked in?

UgoAugust 18, 2017 2:47 PM

I'm sure LinkedIn is a nice place

you're wrong.
LinkedIn it's a horrible place, with an awful UI, mediocre user base, badly thought interactions and truly, truly no use at all.
Despite this, a bunch of people consider "professional" to have an account there, so they would consider you "unprofessional" if you don't have an account as well.
And since there's anyway the mini-tiny-smally-finy possibility that you'll need to have an interaction with one of those people, then let's have an account, and set the spam rules accordingly...

mrDOAugust 18, 2017 3:21 PM

@Ugo

You are wrong... Linkedin is a wonderful place that provides a wealth of info about the idiots that are reg'ed with it...

PeteAugust 18, 2017 3:35 PM

I signed up with LinkedIn long, long ago.

Marked the linkedIn profile as private after they leaked data (or was that a hack?) the first time.

Learned long ago to use a different email alias for each login. Never regretted that.

SCAugust 18, 2017 3:43 PM

LinkedIn has a bad history of being and doing the worst of what social networks do including trying to forcibly steal your contacts, trick you into providing your email authentication so that they can get all of your contacts and build up your network. They also share your profile with recruiters and others even if you ask not to and say you are not looking for a job. They'll send you many various friend status and available jobs emails a month. They will mine your name and workplace and suggest that you might know someone or work with them and ask you to be friends with them.

Its a bad product that seems to be built on attempts to force participation.

PhilAugust 18, 2017 3:44 PM

That last paragraph is SUCH a Linkedin move I couldn't hold my laughter.

Perhaps one of the biggest achievements of my life was to get rid of all Linkedin emails.

Doug DAugust 18, 2017 3:54 PM

I think you may want to, oh, I don't know, at least have an intern glance at the page twice a year or something, so that it doesn't build by accretion metadata based on other people tagging you that doesn't match what you want.

Clive RobinsonAugust 18, 2017 3:55 PM

@ Ugo,

LinkedIn it's a horrible place, with an awful UI, mediocre user base, badly thought interactions and truly, truly no use at all.

I would probably --if I had ever used it-- not disagree with you, based on the nuisance thay have caused me and others in the past.

However the general advice when stepping in somebody elses territory --unless you are Genghis-- is to be polite to the natives, lest they hold it against you. After all offending people without good reason generaly gets you no advantage. The trick is be nice and educate slowley and nicely, that way the worst they will think about you is that you are "mostly harmless".

Just to make a point again, I do not participate in the normal "social networking", due to Linked in amongst others, I now nolonger even have a personal EMail account, and realy don't miss any of it in the slightest (good ridence to bad rubbish). I am in the process of reducing my Internet footprint further. Thus I don't have or want to have any online accounts any more. So no Internet shoping either, Amazon's compleat and utter scr3wups was "the last straw" in that regard.

I don't enable javascript or cookies and disable a few other things as well (often pictures and the like). If I can not see a website's textual content the chances are a little search engine magic will get the same or similar information from somewhere else. I view it this way, if you put a barrier in my way that's your loss not mine.

In short experience has taught me to be the Internet version of a grocery store manager's most loathsome customer, the so called "barnacle"...

I know that is sad for small websites trying to raise funds to stay up, but the simple fact is the price to me is way to high.

Apparently due to advertising idiots the average HTTP page size is now over 3MBytes... For those on capped Intetnet connections on the likes of mobile phones where they might only get 1GByte a month thats only 11pages a day on average... Which if a couple are "login pages" all of a sudden paid for newspapers etc start to look like good value again...

BobAugust 18, 2017 4:01 PM

I get contact requests from accounts that appear to be fake a lot. They are usually fairly easy to spot. However, if I'd gotten one from your fake account I'd have thought it was real.

After 12 years on LI, I just got my first (contract) position from someone who contacted me via the service. I'd actually deleted my account for a couple of weeks 2 months ago but I reopened it to give it one more shot during the latency period they have for account deletion.

Since I'll be starting the job in a few weeks I doubt I'll use the account much from here forward.

I posted this blog entry to LI!

D-503August 18, 2017 4:04 PM

Almost every week I receive LinkedIn "connection" requests from random people I've never met.
Is there any way for me to check whether LinkedIn is sending out automated requests in my name?
Apparently, LinkedIn has been hacking people's email accounts to generate spam:
https://gigaom.com/2013/09/21/linkedin-is-breaking-into-user-emails-spamming-contacts-lawsuit/
Though I don't know why hacking would be necessary given that I'm being spammed with LinkedIn "connection" requests from people I don't know and never communicated with.

A related question: Is there any way I can check how many accounts Microsoft has on file for (on) me? I have access to my LinkedIn account - inactive, like 80% of LinkedIn accounts - but there are probably several Microsoft accounts that I have no access to but are linked to my identity. Between Microsoft gobbling up other companies and Microsoft vacuuming up personal information like a supermassive black hole at the centre of a dying galaxy, Microsoft's tentacles are everywhere.

Speaking of tentacles, here's some squiddy news*, on cephalopod security:
https://www.theguardian.com/science/2017/aug/09/why-do-cephalopods-produce-ink-and-what-on-earth-is-it-anyway

In combination with changing colour, some cephalopods have been observed creating pseudomorphs of ink, ejections which are interpreted to resemble a cephalopod-like form to would-be predators to confuse them. Another form of longer thinner streams of ink are called ropes and are speculatively assumed to bear resemblance to stinging tentacles of jellyfish.

*the "news" is actually 300 million years old, but age is just a number, as they say

Maayan HaninAugust 18, 2017 4:14 PM

When setting up your Linkedin account, you have one and only one chance of opting out of the massive spammage. If you missed your chance, it will go after your friends and family, and it won't stop until you're all forcibly connected.

AndrewAugust 18, 2017 4:55 PM

LinkedIn? You mean the pathetic attempt of Microsoft to have their own Facebook for which they paied 30 billions or so?
The stinky website sending spam to everybody for years and getting away with it, because there is no authority who cares, anymore?

Actually they kind of buried most of jobs websites but they won't be a Facebook.

This retard trend goes on and on for years...we have an application for selling shoes? Let's add to it profiles, news feed and photo albums because of course, people will start to share family photos, add pictures with cats and one day we will take Zuckerberg cake! It doesn't matter it's a weather application, let's make it a Facebook, if he did it we can too!
We will use this this subvert path that nobody notice!

Let's make Skype like Snapchat and take their users (lol) and loose current ones, as we weren't smart enough to make an Android version at the time WhatsApp was installing on tens of millions of devices because of our self sufficient managers who didn't want to risk their millions yearly incomes to create a program for a device without physical keyboard... and so on...

ChelloveckAugust 18, 2017 5:00 PM

I'm more interested in how LinkedIn got Bruce's address book in order to spam his associates. I doubt Bruce would have given it willingly. I see three possibilities:

1) LinkedIn is really just that good at social engineering to get users to give up their contacts, and they suckered Bruce.

2) They're not that good, but Bruce was in a hurry and didn't pay much attention to what he was doing.

3) They didn't scrape Bruce's address book at all, but anyone who already had Bruce in *their* address books (and foolishly shared them with LinkedIn) got spammed.

I'm betting on #3 myself.

65535August 18, 2017 5:28 PM

@ Ben A.

“They have a nasty habit of sending invites to anybody on your address book.”

Yes, the address book problem is huge problem with LinkedIn – among other confidence games.

When Bruce signs up for a LinkedIn account doesn’t this increase his social attack surface?

If I were Bruce I would not sign up with LinkedIn and handled any phony accounts like he did previously. I say get the people to come to his blog and then handle it.

Todd JonzAugust 18, 2017 7:03 PM

I had a LinkedIn account once years ago. I abandoned it when LinkedIn began offering a service which, if enabled, would pass all my e-mail through its servers for the purpose of converting selected text into links "for my convenience." As readers of these pages will readily note, this is a Very Bad Idea. Any company so oblivious to the potential of such a service to be used for a man-in-the-middle attack is not worthy of my or anyone else's business.

Bruce SchneierAugust 18, 2017 8:19 PM

"3) They didn't scrape Bruce's address book at all, but anyone who already had Bruce in *their* address books (and foolishly shared them with LinkedIn) got spammed.

"I'm betting on #3 myself."

That's my belief. I didn't give them access to my address book. I don't even keep my address book in a format they could access. It seems they are spamming random people who are somehow associated with me. The three who e-mailed me about it are not people I actually know.

Bruce SchneierAugust 18, 2017 8:20 PM

"When Bruce signs up for a LinkedIn account doesn’t this increase his social attack surface?"

How would it?

WaelAugust 18, 2017 8:42 PM

I must be losing the few marbles I have left...

"I'm betting on #3 myself."

Everything looks like hints now. And your picture is staring me in the face, too. *cringe*

JG4August 18, 2017 9:12 PM


there is at least one option not considered in the list. 4) someone used your email address as a search term at LinkedIn and they remember it forever. back in the day, one of the more efficent methods to locate someone's profile on LinkedIn was to use their email address as a search term. I'm not sure that works now, but I still see a stub profile for every or almost every email address that I searched. welcome to the borg. you have been assimilated.

I'm pretty sure that I searched LinkedIn using schneier@schneier.com as sometime between 2008 and 2011. I've seen plenty of spam via path 3) myself. it can be creepy when it suggests people that it knows that you know, even if you never exchanged email with them.

Doxy McDoxfaceAugust 18, 2017 10:00 PM

"You are wrong... Linkedin is a wonderful place that provides a wealth of info about the idiots that are reg'ed with it..."

Almost did a spit take.

I guess it's a hair more professionally minded than doxing yourself on instagram, right?

EugeneAugust 18, 2017 10:56 PM

I have a Linkedin account for possible job connections. At times it's a desperate one dimensional site though, with a poor UI and so on but what is the alternative? On the positive, there are some high level content thankfully which could benefit you job wise. It could be a good way to market your (personal) brand too - IBM Resilient is on there and many security related brands and individuals sharing products and content. I see Bruce has a strong animosity to the site (not private enough, spammy, not secure enough?) or am I reading you wrong not enough time seems to be a easy way to push it away?

65535August 18, 2017 11:37 PM

@ Bruce

I feel honored.

I am assuming its complex Terms of Service or future changes in Terms of Service, it’s ability to succumb to scams, digital scams and other confidence games and possibly to actually spread malware including [worms, viruses and scrapers] to the various Microsoft and other accounts you may get or have.

I really don’t think it reduces your attack surface. I believe you have much greater control over your blog.

G M August 19, 2017 1:02 AM

LinkedIn is emphatically NOT a nice place, as I'm sure you've gathered. It's one of the most overtly creepy social networks, period. And intensely annoying. And yeah, don't get me started on the users.

albertAugust 19, 2017 10:16 AM

I wouldn't have created a stub account, but I don't do FB or Twit either.

You get what you pay for.

Most folks don't want to pay for a domain name and a host service, but having your own name on a domain is what the pros(like Bruce) do.

'Social' media are creating hordes of malignant narcissists. Just look at The Donald.

I'm not a public figure, so it's unlikely that folks will set up fake accounts and have me 'saying outrageous things'. That said, I probably wouldn't care if they did.

. .. . .. --- ....

CallMeLateForSupperAugust 19, 2017 11:17 AM

@Clive

"[...] experience has taught me to be the Internet version of a grocery store manager's most loathsome customer, the so called 'barnacle'... "

Not familiar with this term. My best guess: describes the person who buys only staples, ignores impulse-buy displays, and pays cash. (That would be me.) Am I even close?

Are you also a "deadbeat"? That's the credit card industry's inside term for the card holder who never owes interest because he always pays the entire balance before it's due. (That would be me.)

Clive RobinsonAugust 19, 2017 2:10 PM

@ CallMeLate...,

My best guess: describes the person who buys only staples, ignores impulse-buy displays, and pays cash.

That's most of it but there is a little more to it than that. The barnacle also buys up all the price reduced stuff and whacks it in the freezer... Rather than buy similar full store price equivalents. Likewise the barnacle will reach down low and stretch up high to buy those equivalent but non premium priced items. Premium priced items are not those at the highest price but maximum profit for the store. These are placed at the easy to grab hight for the hurried / lazy shopper. Often those items at the end of isles that are even easier to grab, are "placment" items that the store has got for effectively nothing thus pure profit... So don't buy them unless the price is realy good compared to equivalents.

As for being a "deadbeat" yes I was one when I had a credit card. It was prefreable to use it for getting over the "end of the month wait for pay day lows" and avoiding getting stung by "travel expense" pay back delays, which company accountants use mercilessly to their own advantage.

One trick I did use was to have a pre-pay card for security reasons (ie purchasing from unknown outlets etc). Basicaly I'd transfer just sufficient payment to the pre-pay just before use. Thus if the outlet turned out to be untrustworthy or their employees etc then there was no value for them to steal. Back then I'd transfer the value from the credit card which had a six month intrest free period as it was "new". I stopped doing this when the CC Companies wised up to the "free loans" they were giving us "deadbeats".

The problem I've found, is only having borrowed money to buy property in the last couple of decades, I've become a very poor credit risk... Yup apparently financial responsible behaviour is inappropriate behaviour if you should ever want to borrow money...

As they say the perversity of life has curious if not apparently immprobable outcomes.

HermanAugust 19, 2017 2:57 PM

@clive robinson: If you ignore the telephone long enough, it will eventually stop ringing.

So you don't need to delete your online persona, it will succumb to bit rot before long anyway. Nothing lasts forever.

HermanAugust 19, 2017 3:10 PM

Yes I'm on LI. Been there for about 20 years. I also have a personal web site for even longer and there are only about 3 people in the world with a name resembling mine. So it is quite impossible for me to hide my net activity and anyone that knows how to use google can find me in an instant. I also carry a personal homing beacon for missiles (cell phone) and I'm still alive and well. I'm simply not interesting to anybody for any of this to be a problem.

book_reviewAugust 19, 2017 3:47 PM

Friday morning at 10am ET, Friday News Roundup- Domestic, and at 11am ET, Friday News Roundup- International, can be worth listening to.

For example, at least one contributor to PBS's "1a" (International on 18 Aug.) nominated 'Steve Bannon' to replace the current James Bond movie actor should he retire.

CallMeLateForSupperAugust 20, 2017 10:41 AM

@Clive
"That's most of it but there is a little more to it than that."

Tnx for the explanation.

K.S.August 20, 2017 9:01 PM

All criticism of LinkedIn is very justified. However, it is necessary evil, just like updating your resume or wearing suit and tie to an interview. Unless you happen to be somehow famous.

The trick to managing LinkedIn is not avoidance, this will close enough doors for you to be damaging to your career, but passive indifference with bare-minimum participation. I have it blacklisted everywhere, however ever year or two I keep mine updated. It has about as much information on it as my resume, and as much as I would like to keep it private, it is by necessity is out there.

MZAugust 21, 2017 7:46 AM

@K.S.

I use the same strategy as you do and it has worked well for me -- or at least I've avoided any apparent unintended consequences.

Darron WykeAugust 21, 2017 8:37 AM

I deleted my LinkedIn account years ago. Despite me saying, very clearly, that I would not respond to recruiter requests to connect (since all they want to do is mine your contact list), I would get nothing but. The number of professional contacts I kept was tiny. In the many years I had an account, I received nothing of value (not even a single relevant job opportunity), and opened myself up to breaches, data mining, and more. Ditched it faster than a cancerous boil.

Mall MosquitoAugust 21, 2017 9:28 PM

Now I hear that LinkedIn is e-mailing people on my behalf, suggesting that they friend, follow, connect, or whatever they do there with me.

I hate LinkedIn, WhatsApp, InstaGram, FaceBook, tWitTer, gOOglePlus+, all those stupid CamelCase ProGrammers, and all their brethren and kinsmen.

I assure you that I have nothing to do with any of those e-mails, nor do I care what anyone does in response.

You may have that luxury, but the rest of us all have to be properly socialized online for the imposition of white national socialism in America. Aamtrak has the cattle cars ready to haul us "anti-social" security freaks off to the concentration camps.

Just_FreezingAugust 22, 2017 4:12 PM

@Mall Mosquito

You may have that luxury, but the rest of us all have to be properly socialized online for the imposition of white national socialism in America. Aamtrak has the cattle cars ready to haul us "anti-social" security freaks off to the concentration camps.

Yeah, and that`s why I do Facebook like @K.S, with passive indifference with bare-minimum participation.

Mall MosquitoAugust 22, 2017 5:29 PM

@ K.S., Just_Freezing

All criticism of LinkedIn is very justified. However, it is necessary evil,

Dog vomit slush.

just like updating your resume

Part of my work history was re-classified because the SSA determined that it was not a bona fide exception to certain rules. Other work I've done, it was quit-or-go-to-prison, so I quit. Jobless, but to a certain extent free, at least not in prison, except that my right to possess a firearm was denied by some crooked mobster shrinks who had me permanently and irrevokably adjudicated as a mental defective by law.

or wearing suit and tie to an interview.

Sport coat. Slacks. Tie. Articles of clothing that either get in the way or do nothing to keep you warm, and cut off the blood circulation to your brain to boot. That get-up doesn't even look good. Plus, you have to be male, because if you're female and you don't sell your pussy, there are no jobs.

passive indifference with bare-minimum participation.

That's how you perpetrate Holocaust-level war crimes while evading culpability and punishment.

FlyingdervishAugust 23, 2017 7:46 AM

What? You don't want to join the fun of getting daily recruiter messages talking up how you would be a great match for the security analyst position they're trying to fill?

MeAugust 25, 2017 3:55 AM

The LinkedIn Android mobile app has a fake checkbox labelled "Sync contacts from this device". The checkbox is completely disregarded. It will trawl your entire contact list even though is is unchecked. It will then suggest completely inappropriate contacts, e.g. ex girlfriends!

JonAugust 25, 2017 11:53 PM

@ Clive Robinson

Okay, I'm late to this party, but the point isn't that you're a poor credit risk, it's that you are a poor credit profit item. Those who have tried to make money off of you have failed, so they're telling everyone else that you're not to be bothered with, or if they must, to charge screaming amounts up front lest they get nothing at all.

J.

ColinAugust 27, 2017 12:55 PM

What ^^Me said. In an idle moment I once installed the Android app. Shortly thereafter the site started spamming with contact suggestions for family and friends with whom I had no work contact, and who weren't even active on the site (no profiles). It apparently sucked in all contacts in my Android phone. I was unspeakably angry about this, but I also knew it could never be undone.

Like others above, I maintain a basic LinkedIn profile for work-related matters, but can't wait for the day until I retire and can delete it.

Androis really needs to offer more fine-grained controls over what information you allow apps to access, but that is probably a topic for another day.

AndrewAugust 29, 2017 4:16 AM

I had the same problem as Colin. I naively selected "sync contacts" when I installed the app, thinking that at most it would pull in a few suggestions from the 20 or so contacts I have in my phone. I was horrified to find that within a few minutes it had emailed every person I had ever contacted over the past 10 years, including an manager of a company I was applying for a job with which was incredibly embarrassing. With hindsight I should have probably read the terms and conditions more clearly, but I still think this was a disgraceful and unethical approach by LinkedIn. I've since deleted the app as every time I open it I get a similar suggestion to "sync contacts", and I just don't trust it anymore. I think Bruce's suggestion of maintaining an idle account is the best approach.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.