[A nice report from Bloomberg’s Linda Sandler on LinkedIn’s incredibly shady practices](http://www.bloomberg.com/news/2013-09-20/linkedin-customers-say-company-hacked-their-e-mail-address-books.html). The report stems from a lawsuit filed against LinkedIn alleging (very generally) two things:
+ That LinkedIn sent emails asking people to connect with users without user permission.
+ More seriously, that LinkedIn hacked (in someway) into external email addresses of their users and scraped all email addresses to send the above reference emails to people.
Of course, they are trying to make this more of a class action lawsuit than anything else. While the hacking aspect would certainly be damaging, its the first claim that is — I feel — potentially far more interesting. If you read the Bloomberg report you can see LinkedIn’s defense: that they don’t do anything without the permission of the user.
The issue in the case I think will come down to what “permission from the user” really is.
The argument LinkedIn would make is that the user didn’t uncheck this, or agreed to that, in the terms of service, or any other obscure place. The user would argue they had a reasonable expectation to not have to dig for that information to turn off privacy violating features and that they didn’t know, or couldn’t be reasonably expected to, find these settings — probably showing how often the locations change and items mysteriously turn back on as supporting evidence.
The decision by a potential jury on this could be far reaching in the tech industry. The best outcome for users would be for LinkedIn to get hit with huge punitive damages which sends a clear message to other companies that these settings must be clear, easy to access, and explicit. I don’t generally like lawsuits, but this is something I can get behind.