Securing yourself from LinkedIn's "Profile Stats" feature

Turn it Off!If you read our previous post, you’ll probably be wondering how to turn off the LinkedIn “Profile Stats” feature, so that random websites can’t find out who you are, where you work, and what you do.

Luckily, LinkedIn does provide a way to disable (at least, anonymize) the feature.

Settings > Privacy Controls > Select what other see when you’ve viewed their profile

And select the “anonymous” option.

You’ve probably noticed that this option is discouraged, as you’ll lose the benefits of “Profile Stats”… but it seems worth it to me!

Logged in to LinkedIn? I just got your first and last name, company and position

Who's viewed your profile?

Creepy LinkedIn Feature

Updated 05/23/20013  - Added periodically updated sample to demonstrate – Added new post on how to disable – made minor clarifications.

If you’re viewing this page and you also happen to be logged in to LinkedIn, you probably just gave me your first name, last name, company name, and position.

A devious website’s paradise:

Profile Stats allow you to see which LinkedIn members have viewed your profile recently. As you can see in the provided image, 19 people have viewed my LinkedIn.com profile in the last 90 days. And if I click through, I can see a list of all those people who have viewed my profile:

Who's viewed me?

One thing you may have noticed right away is that much information is redacted from this record… but don’t worry, LinkedIn has a solution!  For a low monthly fee, I can become a premium LinkedIn subscriber; The redacted information becomes available, and the full name, company and position name of the people who have viewed your profile is now available for your viewing pleasure.

But why is this feature dangerous?

Perhaps you’re okay with LinkedIn sharing your name and company with the profiles you view on their service… that makes sense. But what about no-name random websites like mine?

The most awesome part of LinkedIn’s feature is that it’s enabled by default, so all I have to do to get your information is get you to view my Profile on LinkedIn… then I’ll see who you are.

The easiest way to do that is to simply have you load it in an invisible iframe or image tag.  To test this, I created a LinkedIn account and requested the profile from an image tag right here:…. Did you see anything? Nope. I hid it from you, but LinkedIn was still loaded on your behalf. Really! Look at the HTML source of this page, and you’ll see what I’m talking about.

So, for 1 line of common HTML code and a premium LinkedIn account, I can see your first name, last name, company name, position, and anything else you’ve shared publicly on LinkedIn, as long as you were logged in. When was the last time you logged out of LinkedIn? I swear they have the worlds longest cookie expiration, so it seems like I sign in once a year.

Now here’s the scary thing – how many other websites, both malicious and legitimate, have figured this out? Who knows far more about you than they should?

It is true that there are some technical challenges in correlating the actual web request with your individualized visit. The more heavily trafficked a website, the more difficult it would be to tie an individual name to an individual web request. But in my opinion, the damage is done: Some of my personal information may be available, whether I can be tied to a specific IP address or not.

Summary

I discovered this scary feature after reviewing some technical requests made by 3rd party software my company uses. The company who I saw using it will remain unnamed and anonymous, as I don’t believe it was being used maliciously, and I found their usage of LinkedIn’s feature to be ingenious, albeit scary. This highlights the increasing complexities of trusting large organizations with your data. While I’m okay with being part of the LinkedIn professional network, I’m not okay with them offering my personal information to websites I visit, all for one low monthly fee.

Update

Can I turn this off feature off?

Yes! More here!

Update #2: What you can see without a premium subscription

So it turns out, even without a premium subscription I’m seeing some interesting things. Often I’ll see a company name and position, but no first and last name. For instance, I know that  ”Media Producer” with Thompson Reuters just viewed the blog post about 10 minutes ago, as did an Officer with the Dept. of Homeland Security. Since I haven’t purchased a premium LinkedIn account, I don’t have more details… but even that information is pretty interesting. LinkedIn has also told me an Engineer from Adobe has viewed my profile, as well as several Professors at Universities around the world.

Very interesting! And scary.

 Update #3 A sample of people that are viewing this page

I thought I’d be cool to periodically  update a sample list with people viewing this page. No first and last names, of course. You can see it here. I think I’ll update it throughout the day of Thursday, May 23rd.

Rattling noise coming from your LG Nexus 4? Don't worry, that's by design.

By Rodrigo Ghedin, on Flickr

After waiting what seemed like an eternity for my Google/LG Nexus 4, I was concerned (to say the least) when I realized that every time I set it down, I could hear a slight rattle coming from somewhere inside the phone.

If you gently tap or shake the Nexus 4, you’ll hear small, concerning rattle inside the phone. It’s very noticeable if you tap up near the camera on the back side of the phone. It sounds quite unnerving.

Sadly, sending the phone back won’t do you any good, your replacements will have the same problem. According to T-Mobile’s support pages, the “SIM Socket Lever has a small degree of freedom when placed back in the phone”, and therefore rattles when shaken or tapped in the right way. If you dig far enough into many phone forums, you’ll also find many users reporting the issue… many of them sending their phones back to LG, only to find the issue in their replacement.

It’s unfortunate, because every time I set my phone down, I hear that rattle, and it reminds me that while the Phone is state-of-the-art in terms of Software, it has a long way to go in terms of material.

World War II – Meet the real Captain America

I had no idea men like this actually existed.

Llewellyn Morris Chilson
April 1, 1920—Oct. 10, 1981

Llewellyn Morris Chilson was awarded over a dozen combat decorations for service in World War II, including 3 purple hearts.

Here is the citation for one of his Distinguished Service Cross:

…When the enemy opened up with 20-mm. guns on the company’s positions shortly after entering the town of Meilenholen, Germany, Sergeant Chilson quickly observed their positions and moved a jeep, armed with a machine gun, to the middle of the street and opened fire. In the ensuing action, he personally knocked out two flak guns, one 88-mm. gun, rendered another 88-mm. useless by knocking out it’s crew and killed approximately 40 enemy riflemen. When our reconnaissance troops advanced to take the town of Zell, they were halted by 20-mm. flak fire. Sergeant Chilson quickly mounted a motorcycle, abandoned by the enemy and riding in front of the reconnaissance troop located six more 20-mm. guns. One flak gun opened fire on him from a distance of about 50 yards and his motorcycle was shot from under him. He hit the dirt, rolled over, jumped to his feet, and ran directly towards the gun position and threw a grenade. This action killed three members of the enemy crew and knocked out the gun. Returning to the lead tank, he directed their fire upon the remaining five flak guns which were subsequently destroyed.

Sergeant Chilson has always been an inspiration to the men of his company and his intrepid actions, personal bravery and zealous devotion to duty exemplify the highest traditions of the military forces of the United States and reflect great credit upon himself, the 45th Infantry Division, and the United States Army.

Had I not thoroughly researched Sgt. Chilson, I would’ve thought that this kind of heroism was surely a piece of fiction. Motorcycles, grenades, 40 enemy men killed single-handed!

Let’s look at another one of his citations:

…While engaged in taking the town of Neuberg, Germany, Sergeant Chilson and his platoon were halted by intense automatic weapons fire coming from a second story apartment house. Realizing that unless the enemy was knocked out immediately a large number of casualties would be inflicted upon his platoon, Sergeant Chilson, with complete disreguard for his own safety, rushed across the fire-swept street and into the house. Racing up the stairs to the second floor, he tossed a high explosive grenade into the room killing two members of the enemy machine gun crew and capturing eight. He then called his platoon forward and they occupied the building without a casualty. Later, as one of his squads was moving into the next house, they were halted by automatic rifle fire which came from a courtyard. Again Sergeant Chilson came forward, and tossing a white phosphorous grenade into the courtyard, assaulted the enemy position. Firing his carbine with his left hand after being wounded in the right arm by an enemy bullet, he killed two of the enemy and captured a third. His daring and utter disregard for his own personal safety is worthy of the highest praise and is a credit to himself and the armed forces.”

For more on Sgt. Chilsons citations, you may want to look here,  here, and of course, the Wikipedia entry.

I’m quite grateful for men like Llewellyn Chilson, who were willing to sacrifice so much in the pursuit of freedom, and in the protection of his fellow soldiers, friends, and brothers. Thanks for setting the bar high.