Tag Archives: Oauth

Today I Deleted My LinkedIn Account; You Probably Should Too

(Please note corrections after the post)

Today I will delete my LinkedIn account.  I say I will instead of I have because I do not know how LinkedIn’s account settings work; deleting my account may require substantial effort on my part, it may not even be possible at all.  The fact that I have no idea how my account works on LinkedIn should tell you two things: first, that the web services’ account persistence schemas are incredibly dense and durable, and second, that I have never so much as poked around my LinkedIn account.  The first part is generally interesting, and extremely important on a blog like this.  Why and how web apps choose to persist user data is in many ways the essence, or at least an exemplar, of big data and analytics.  It deserves its own blog post, and it will only be addressed here as it connects to the second item: my particular experience with LinkedIn, and why it convinced me to delete my account.

To begin, some statistics:
As of this post, LinkedIn claimed to have over 225 million registered members.  That’s a lot of people. For context, Instagram claims around 100 million users, and world-heavyweight Facebook tops the chart at over 1 billion users.  For those of you keeping score at home:

  • Facebook > 1,000,000,000
  • LinkedIn > 225,000,000
  • Instagram > 100,000,000

That kind of feels right, but something is off.  Facebook is so massive that it distorts just about every metric it touches. It just does.  But the amount of email spam I get from LinkedIn feels MUCH higher than the Facebook flood.  Without thinking too hard about it, there are a few obvious reasons for the disparity.

First, I hate LinkedIn emails.  Seriously, they are by far the most annoying spam I get from a serious organization.  Why is that? Well, for starters, LinkedIn had the terrible idea to route their spam through user email addresses.  Seriously, go check your inbox for an “Invitation to connect on LinkedIn”.  They don’t come from *@linkedin.com, which THEY ABSOLUTELY SHOULD.  To be clear, LinkedIn asked for – and received – my permission to use my email address this way.  Users – myself included – SUCK at managing 3rd party login permissions.  A quick scan of my Google account reveals that I have granted access to 49 different websites.  AND I HAVE NO IDEA WHAT MOST OF THEM ARE, OR WHAT PERMISSIONS I GAVE THEM.  Worse, I am a (new) web developer, so I have at least a basic understanding of how these authentication systems work.  If you’re like most people, the idea that you would voluntarily give a third party control of your Gmail makes no intuitive sense.  It’s your gmail, why would LinkedIn be sending emails from my.name@gmail.com?  Even worse, if you are a normal person, you probably don’t even have the vocabulary available to ask that question.  Go ahead, try to find your Google account’s permissions. I’ll wait here.  When you give up, you can click here for instructions.

The point isn’t to beat up on Google, or make fun of the average user.  Facebook’s API’s are in some way more invasive than Google’s, or at least, they hold the potential for equally bad abuse by malicious users, and I think software should be targeted to the average “normal” user.  (In fact, I so strongly believe this that I was apparently the only person on Facebook or HackerNews who thought this article was 100% dead-wrong.  I am in fact so opposed to this thinking that I will address it in a dedicated blog post, but let me be clear: abstraction and specialization are the CORRECT ways to design complex systems for common use, and I think the average user should learn as much programming as they do plumbing to fix their sink, which is to say exactly the minimum needed to keep things working for them and nothing more.)

Software that traps standard users, or invites crappy 3rd party developers to trick them is bad software.  Complexity should be abstracted away from users until normal users can reach something like the 80/20 balance – where they can get 80% of the software’s utility with 20% of a full understanding of its functioning.  For what it’s worth, that’s a really hard UX goal to reach, and I respect engineers on the front and back end enormously for the challenge they face.  But that does not mean that it is ok for Google to make it that easy for LinkedIn to email people from your email address, and it certainly does not make it ok for LinkedIn to do it!  Allocating blame is tricky here: Google is the holder of your information and manager of your identity, and so it has the final responsibility not to let spammers get access to it.  But they’ve made a tremendously powerful tool for developers available in their account API’s, and I am more upset with a social network mammoth like LinkedIn for abusing a tool like that than I am at its makers for making it available.  Exactly how you judge everyone involved is up to you, but the point is there’s something wrong.

Nailing it down: the first reason I hate LinkedIn emails so much is that they are delivered in an inherently abusive way.  They are sent through the personal email addresses of people I know, despite the fact that they are marketing emails sent from a large company.

The second reason I hate LinkedIn emails so much is that they are marketing emails for a service that I don’t use, and neither do you.  When I get a marketing email from Facebook, the odds are very good that I will intuitively understand the context surrounding it.  The emails describe an action that happened, and the people involved in that action, so that I am brought up to speed before I even click through to the website.  THIS IS A GOOD DESIGN.

Moreover, the average Facebook user is way more likely to be active than a LinkedIn user.  That means that people tend not to lurk as hard on Facebook as they do on LinkedIn.  Think about that for a second.  Sounds crazy right?  Since both companies are publicly traded, you don’t have to take my word for it:

For the quarter ending June 2013, Facebook reported 1,155,000,000 monthly active users.  Calling their original registration numbers ~ 1,300,000,000 which is generous), that means that 88% of Facebook’s users actually use the site regularly.

Compare that to LinkedIn, which claims that 170,000,000 of its 218,000,000 users logged in during the quarter ending March 2013, for a total of closer to 77%.  That number actually understates the disparity, because it just measures unique visitors.
While LinkedIn users spend an average of 8 minutes on the site daily, Facebook users hang round for over 33 minutes, or OVER HALF AN HOUR each.  In fact, LinkedIn puts this problem much better than I can:

“The number of our registered members is higher than the number of actual members and a substantial majority of our page views are generated by a minority of our members. Our business may be adversely impacted if we are unable to attract and retain additional members who actively use our services.” (source)

(traffic stats: Facebook, LinkedIn, SEC data: LinkedIn, Facebook).

The point of all this isn’t to dump on LinkedIn.  If nothing else their engineering team is absolutely amazing. The point is that they’re a company that is already starting with an unengaged userbase, which means they face a higher bar for unsolicited emails they send their users.  When LinkedIn emails me something – let alone by hijacking a user’s email address (see above) – it is not going to trigger the same easy context recall that Facebook’s or Google’s will.

People tend to intuitively sense LinkedIn’s broad-but-shallow userbase problem.  Everyone knows that everyone has a LinkedIn profile, but I challenge you to find three friends who use theirs actively.  Now try it with Facebook.  Until today I had never read the statistics I linked to above, but it just feels obvious when you read your LinkedIn mail that it isn’t being generated by eager friends trying to network.  LinkedIn should not be sending annoying emails like that.  The company is facing pressure because the average user is turned off from deep engagement.  But the way to fix that absolutely IS NOT to spam them, which makes people even more leery, and irritated with your service.  

What all of this means is that LinkedIn faces a serious challenge in a crappy environment.  I don’t envy them.  Overall, there are a small number of very good reasons for me to get rid of my account, which I’ve discussed above.  They more or less boil down to this: I find the user experience annoying and intrusive.  But the real problem with LinkedIn is not that it’s kind of annoying.  There are lots of kind of annoying services that I continue to use, and will continue to use as long as they provide me with something of value.  The real problem with LinkedIn is that it does nothing useful for me.  Nothing.  In fact, aside from generating a boatload of spam, I can’t tell how exactly LinkedIn is even supposed to impact my life.  I know I’m supposed to “network” with it, but I already “network” with Facebook, and Twitter, and beer.

Maybe some people are finding hot job leads through LinkedIn and I’m just missing the party.  That sounds facetious, but the truth is I am willing to believe that I’m just not getting the full value out of this tool.  The problem is I am not willing to put in a substantial investment in learning how to use it (like I said, 80/20) without a decent value proposition ahead of time.  I’d rather spend my time learning Javascript, or blogging.  Useful career tips or leads tend to come from real friends of mine, who I tend to interact with in person or on real social media.  LinkedIn seems just a touch too tone-deaf to be useful for building real career networks for me for now.  The fact that they operate as a borderline spam factory would be bad for any service that I wasn’t completely sold on.  The fact that it’s one struggling with bored users and a weird image makes it downright toxic.  So for now, goodbye LinkedIn, maybe we’ll connect again in the future.


I have officially shut down my LinkedIn account.  To their credit, “closing” my account was relatively simple.  An odd coda for a pecuilar performance.  If I ever make a new account with LinkedIn, I will be sure to post my experiences.



After publishing this post on Monday a few readers took me up on my advice to:

go check your inbox for an “Invitation to connect on LinkedIn”

and called me out because I MADE A MISTAKE.  It turns out I made a technical error, and I’m extremely grateful some readers took the time to point it out, so here are corrections:

I had contended

  1. 1) that LinkedIn is engaged in a spammy practice of sending messages pretending to be from a user when in fact they are from the service itself and
  2. 2) that Google had enabled this bad behavior by making it possible to send email through users’ Gmail accounts.

The first point IS TRUE.  LinkedIn has engaged in the practice of sending users email that purports to be from other users, instead of from them.  Here is a screenshot of one such email as recently as 2012.  But it looks like LinkedIn has made the decision to move away from this route, at least for some of their emails.  This is a good thing.

As some readers pointed out, what they were doing was probably meant with good intentions, but the fact is that they were spoofing, using the same technique that spammers and phishing attacks use to trick users.  The good news is that LinkedIn is (I assume) not trying to steal anything from users.  Instead, they’re trying to sneak past your mental spam filters: when you get an email from someone you know, you’re more likely to read it than if it were from a big impersonal organization, like LinkedIn.  As far as I’m concerned then, the way they send (or apparently – sent) their emails is spammy, and should not be used by a serious organization.  This goes double for any company tha,t like LinkedIn, is literally built on the notions of professionalism and professional-communication.  It’s just wrong.  Thus, my main point remains, and I stand behind it.  With that said, I absolutely did get the technical point wrong there, and for that I apologize to anyone who I accidentally misled.

As to the second point: I have done a little more digging, and it appears that Google does not offer programmatic access to users’ email, and so as I said above, I was wrong.  But again, and this part is actually a bit more worrying, it looks like Google is still at least somewhat at fault here after all. When you spoof an email in Gmail, it usually warns the recipient about what’s happening.  So for example if I did what LinkedIn does, and sent you an email pretending to be from your own account, you’d get a big flag when you read the message, alerting you to the fact that it was not from you, that it was fraudulent.

Gmail does not raise these alerts for LinkedIn messages, which is presumably a choice Google made, to permit them to pass through as if they were real.  (If I am wrong on this point I invite anyone from Google to comment, or send me an email.)  If this is true, then it’s actually more of a problem than my original accusation.  In the post, I argued that Google had exposed users to abuse by spammy organizations like LinkedIn, but that it was an open question to me whether that was an acceptable trade-off for the amazing flexibility it gave developers.  It turns out that Google DOES NOT expose users in this particular way, and so I was wrong on the technical aspect.  But the deeper point remains, and is kind of crappy – that Google permits certain users to abuse their email system to the detriment of users.

Anyhow, read it and make a decision for yourself about whether LinkedIn is a good system to be plugged into.  I said my piece, and I stand behind it.  Next time I’ll work on getting all the moving parts more exactly correct.