Slightly related but there is a fake profile of me on Facebook I have been trying to get taken down for months now. It copied my profile picture and added several of my mutual friends. Facebook just keeps saying the profile doesn't violate their guidelines even though my last name is very unique and the profile picture makes it blatantly obvious.
A young (attractive) man was murdered in my country with a case dragged out over a period of years, there was a fake but active profile using his highly published images under a different name. Facebook banned me for continuously reporting the profile, in every report I linked multiple articles containing the relevant images.
I would suggest you encourage a large volume of contacts to report the profile. Funny that you have to game the system to achieve a perfectly legitimate result.
I feel like the workflow that happens when you click "flag" in social networks has become ossified according to " Content Guidelines" in the same way that Level-1 CSR scripts are ossified. To actually get one-off (rather than rule-based) evaluation of a problem, you need your report to not come in from that direction, but from some other side-channel, e.g. a viral tweet complaining about the problem.
Tbh I think most people just don't need to even be posting on a blog, myself included. It's nice to think you have something important to say but we mostly don't. How did our self-worth get tied up in this mess?
Of course if you want to start a blog you should. Maybe you do have something interesting, thoughtful, or worthwhile to say. Maybe you just want to keep a diary of sorts or post for a few friends or family members. But moving from social media platforms to self-hosted blogs misses the key step that most people just need to get the hell of the Internet instead of starting a blog or posting on social media.
Early on blogs and local forums got flooded with spam bots, and trolls, though come to think of it; Trolls were never a huge problem before, as Netiquette helped separate wheat from the chaff. In hindsight it seems like a more concerted effort ending in disabling of public comment threads, and consolidation on social media sites. Nowadays anti-spam bots are more accessible, so it should be possible to revive local forums.
> Maybe you just want to keep a diary of sorts or post for a few friends or family members.
I disagree in that I think that a lot more people should be doing this. The problem is that it is a lot harder to do this than to speak to the entire world. Private networks have been discouraged, not facilitated. Or more accurately, people were pulled into social networking with the promise of small private networks, and these companies wait until they reach a particular size to start a constant push towards opening up the networks and hiding the statistics about them.
Myspace was entirely a bunch of interlinked small private networks of friends. Everybody presented themselves as they liked to people that they knew (maybe barely knew, if you were an extrovert.) This was compromised by the networks deciding to automatically broadcast unrequested information, obviously like Facebook Beacon, but also "Bill just joined the group Guys Who Like Beer" and resetting/redesigning everyone's privacy settings every time they added a new beacon.
It was a very short step to exercising full editorial control over everyone's presence, which is the product. So they manipulate User A's presence to motivate User B whose presence they're manipulating to motivate User A. All in the service of increasing time browsing and the amount of information shared, hopefully maximizing the value of selling a few inches of the screen during that time browsing.
There will never be a significant incentive to stop intentionally alienating User A from User B. It would take away the primary tool that they use to maintain and grow the business and be a phase change in profitability. These are not companies providing real value, they are companies that hope to disrupt the production of real value and extract it. They only work as protected monopolies or trusts, because if there were commodity services that did what they do as a dumb pipe, their sites would be wastelands.
> most people just need to get the hell of the Internet instead of starting a blog or posting on social media.
No, people need a quiet, secure, consistent presence on the internet that does what they want and no more, doesn't try to hurt or confuse them for money, and doesn't need to be constantly futzed with to combat incursions by the host.
If I put a poster on the wall, I just have to dust it once or twice a year, and it will never decide to start associating my medical information to my Amazon purchases. That poster will tell my friends the types of paintings I like, without trying to tell its clients who my friends are (i.e. who would be friends with people who like the kinds of paintings I like), or even testing that poster for misinformation and removing it from the wall without telling me (or waiting to remove it and counting how many people put it up on their own wall as a result.)
People deserve a place to be safe on the internet. Instead, the motivations seem to be to make everything on the internet dangerous and constantly in flux so it a) constantly has to be engaged with, which serves eyeballs, and b) incursions of companies into your private life and your pockets can be successful.
Self-hosted blogs are a bad solution because they are hard to create, secure and maintain. Getting off the internet is a bad solution because it's a request to drop the cheapest, most comprehensive communications system imaginable because if you're a normal person you have nothing worth saying. My grandmother disagrees.
Too ambitious. Platforms like MySpace or GeoCities would be closer to the mark, if we could find a way to incentivize a hand-off approach to data collection.
Site builders like SquareSpace, Wix, and WordPress are also close, but they're mostly designed and marketed as professional tools rather than personal spaces.
Most people don't ever want to hear words like "DNS record" or "PHP version", but they do want to express themselves, and they can figure out a markdown or markup language in pursuit of that.
This is like the terrible inverse of Goodhart's Law ("when a measure becomes a target, it ceases to be a good measure") - because there will always be more users than moderators, the amount of mental energy being applied to parameterizing, normalizing and leveraging the social contract will always be greater than the effort that can physically be put into coherently dividing proof-of-work signal from faked noise over the long term.
It doesn’t, most evidence suggests many users reporting of otherwise legitimate content results in bots deeming the victim against TOS. Malicious groups blackmail prominent YouTubers using this mechanism, and YouTube appears to do nothing.
May as well leverage the weakness for good when we can.
Yeah, fake profiles were one of the things that made me just start completely ignoring friend requests on Facebook. Although I'm one of those grumpy, uninterested/uninteresting people who is just on the site to stay in touch with their parents and grandparents, so it isn't like I'm in the demographic they are trying to grow anyway.
We have the same problem. Fake person claiming to be an alumnus of our medium sized, tight knit firm. It’s obviously an attack, but reporting it does nothing. Very frustrating.
I work at a large tech company and we are routinely made aware of phishing scams on LinkedIn using our name – either fake profiles pretending to be an employee or even impersonating one of our actual employees.
People have:
* Tried to sell our product to others, despite not being affiliated with us
* Acted as recruiters for our company
* Tried to get jobs at other companies pretending to have an employment history with us
It's frustrating that we cannot do anything other than report it to LinkedIn, who may or may not take it down eventually.
The next time you are answering a LinkedIn DM, remember that anyone is allowed to write anything on there. None of it is verified.
It used to be, in the pre-internet 20th century, that people would exploit mismatches between paper stores of information to forge fake identities and game the system.
Has your organisation tried sending a letter from your General Counsel to the General Counsel of LinkedIn?
There's a strong case for arguing the content negatively affects the brand value, etc., of your organisation and in some circumstances could be considered libel.
Yep, the young Asian ladies with glamour shots that have 10 connections and went to some well-known school with work histories that make no sense, all seem to be fake.
I report them all as fake when they add me but they never get erased.
LI has been gradually but surely towards wanting to be a broader-appealing "social network" which utterly makes them nearing "jump the shark" territory.
I guess they haven't got them all yet, I mean, the consensus seems to be that Apple has ~155K employees[1] not 284K (and obviously not every Apple employee will have a LinkedIn account...)
Likely a lot of people just never update their employer on linked in after they leave. Especially if they retire. That'd be a different kind of problem than bot accounts.
I haven't updated my LI profile for quite some time. I don't even care enough to login to see exactly what was the last update. I do know that a recruiter was emailing me about a company that I had already spent time working with and since moved on, but was after I quit updating the LI profile. Still haven't retired either.
I have wondered about fake profiles on LinkedIn. Seems like people believe that someone is real and their credentials are real just because they have a profile. But it would be easy to set up an account with a fake photo, make up an educational and employment history, and current employer. None of this is verified, AFAICT. Then you just start following/connecting to recruiters and others who are Very Online on LinkedIn, to make the profile look legit.
A particularly easy suggestion I first heard on the Risky Biz podcast after the reporting about fake CISOs: LinkedIn should prominently display profile creation dates.
Online dating apps do selfie verifications or identity proofing. LinkedIn could do the same as well. To verify someone's identity with a gov ID is about $1-$2 per proofing request.
"only" seems a bit harsh. It will probably solve some problems and create new ones instead, which then again need to be solved. But that's the story with any solution to a problem.
Better: social platforms should charge users monthly for an account.
No? I guess not. Funny to imagine though — the numbers of accounts on said platforms would collapse like the birth of a black hole. I'll bet it would be a lot more of a pleasant place to hang out though.
Why do you think people who pay money to create accounts to push their agenda will stop doing it when you tell them to cut the middleman? I bet the platform will just be 100% occupied by bots.
I'm assuming that the zero-cost (thus no barrier to entry) is part of the problem now. If everyone had to pay you would, at the very least, see a lot less bots and so no "chorus".
I disagree. From what I can see the problem is that people are receptive to propaganda on the internet, and you can’t really solve this. As long as this is the case, there will be people who can benefit from shifting public perception, and then it becomes merely a question of resources.
There’s lots of interesting grifts out there in LinkedIn.
We busted one guy who claimed to work somewhere 20 years ago that a colleague and I worked at. We thought he was a a former colleague - basically there was a guy named “John Smith” that was this guy. It was too long ago to disqualify the guy, so we validated his LinkedIn history items carefully and they were mostly bogus.
Everything looked legit in the surface. It was like a spy movie or something.
When I joined a large well-known tech company, their background check red flagged my claim of having previously worked in the research division of an automotive company. Luckily, I happened to know the tech company's CTO from when we both worked there! I don't know if the HR rep actually confirmed it with him when I offered him up as a reference.
Worse than that - you can create a LinkedIn job listing under that (unverified) employer.
My last employer got hit by that, and had report the listing to LinkedIn support and wait for them to remove it. Meanwhile the scammer could use to job listing to collect information from targets.
I think there's a lot of recruiters / hiring managers who just hire in bulk, who aren't - or don't need to - be very critical about who they hire; it's about reaching hiring goals (in terms of quantity.
Don't ever set hiring goals. Hire individuals, not numbers. Your company probably doesn't need to hire a hundred people in a month.
I've seen a number of accounts that had fake profile pictures straight out of https://thispersondoesnotexist.com, majority of them used for spam.
Also, the content created by (seemingly) real people is sometimes worse than if it would be automatically generated. I run a couple jobs board groups on LinkedIn and the amount of sheer amount of low quality spam that people are trying to push in is incredible.
> LinkedIn claims that its security systems detect and block approximately 96 percent of fake accounts.
In order for that number to mean anything, they'd have to know what the total is. It would be more accurate to say that 96% of those who are caught at all are caught by LinkedIn themselves (presumably the rest by third parties) but that says nothing about how many are still in the system ... and that still seems to be a lot.
As in any similar problem: you can sample a reasonably representative set of accounts, review them thoroughly by manual means, and see how these manual results compare to the automatic ones.
They don't need to know what the total is, if they knew the problem would be solved.
96% represents the probability of a correct prediction, not a fraction of the total.
You don't know that. If I was premature in making a guess, you were equally premature in contradicting it. What's your interpretation? That they meant 96% of the total? I might enjoy seeing you explain how that could be true while still leaving 600K Amazon/Apple profiles to be cleaned up in a special campaign responding to media exposure. Do you think it's 96% of what they could have caught by manually examining every profile? That's no more supportable than the theory you summarily rejected. Your own guesses or assumptions are no better than anyone else's.
As someone currently trying to switch jobs, I will say LinkedIn is head and shoulders above its competitors that I know about. I switched to "Open to work" and get 2 dozen recruiters a day reaching out, and around 5% are recruiting for positions that pay competitively for me (5 YOE, targeting high 200s, which is L4 Google comp in my area).
By contrast, I've had less than 5 companies reach out from Hired and Triplebyte (and none that were offering competitive pay), even though I got top 10% scores on the platform's stupid quizzes. If there's a new platform I should be using instead, please let me know, because having to respond pleasantly to 19/20 recruiters who are wasting my time is a bit draining.
Unfortunately, I didn't major in CS and have only worked at two companies, neither of which normally pay well, so my network is pretty limited.
Obviously this won't work for every company, but for Amazon, Apple, and similar it seems like the solution is obvious: LinkedIn users should be forced to verify an @amazon.com/@apple.com/etc email address to claim they are currently an employee of those companies.
Worst idea ever. I have never and will never give LinkedIn (or similar platforms) my work email address.
I strictly separate work from personal stuff. Work stuff gets my work email. Personal stuff gets my personal email.
Traveling for work and need to book a hotel? Work email.
Apple Id for work laptop? Work email. New account per employer. Gets disassociated and closed before I hand in my laptop.
Electronic pay slips? Personal email.
Health insurance account? Personal email.
Apple Id for personal laptop? Personal email.
There are things I need or want access to without being dependent on my employer.
LinkedIn has nothing to do with my work. It's personal. It's about me. I list information about me. It's like a CV. No I should not have to update my CV through my work email account where my employer has access to information they shouldn't and where I can't update it if I no longer work there.
> No I should not have to update my CV through my work email account
That (changing your account to use your work email for sign-in) is not what they're suggesting; they're suggesting binding the email address as secondary information to your account (by sending it a magic-link email you have to click) — like a Keybase verification that you "own" a profile.
Exactly my point. I should not require current access to a work email account just to update my CV to show that I worked somewhere. Or for how long I worked there (like that suggestion to "re-verify" periodically).
I don't update my LinkedIn right away for example when I change jobs. I usually wait about a year until I put the new employer. Why would I accept getting forced, as one of the first actions at my new employer, to list where I work?
Showing that you worked somewhere and showing that you are working somewhere are two different things. A work email can be used to show that you are working somewhere. Proving that you did work somewhere (and for how long) would require... I don't know, an income tax statement? Like banks ask for — "proof of income."
IMHO, of the two options, the email is the more convenient and less invasive one — at the expense of not always being reachable by the time you need it.
I understand that it can be used. I am saying that it is a bad idea to require that.
Yes sure it is less invasive than the other option you gave. I mean income tax statement to show I worked somewhere, are you kidding me? To LinkedIn? Showing exactly how much I made? Your suggestions are not getting better. Less invasive doesn't mean it's a good idea.
Making the president dictator for 20 years is less bad than making him dictator for life. I still like democracy better, even if it's not perfect.
I don't think you've grasped the spirit of what I'm saying. In a perfect world, every interaction with a service would require exactly as much identity verification as is required to entirely, 100% prohibit people pretending to be you... but also, people being people, they would then voluntarily avoid interactions which would necessitate giving that proof.
In other words, in a perfect world, the government requires LinkedIn and similar services to put users through KYC (i.e. demand proof-of-identity+income for sign-up)... and poof! These services cease to exist, because nobody's going to give them that for only the small amount of value LinkedIn provides people.
What if the place has no canonical email domain for its employees? Or if they don't all receive them? Or if many employees are working there as contractors and not receiving emails?
The more I think about it, the more corner cases I see that make this problematic.
Like I said, it would be a pure optimization over a more rigorous proof-of-identity + proof-of-income path. You can always allow the user just fall back to that more-rigorous path if they don't have such a verifiable address.
Linkedin will never require proof of income. That's much more intrusive. So no it's not an optimization over something that simply never will occur.
I think you may just have to accept that if you want to verify an employee, you'll need to call their previous employers. This is the way it's always been done.
> I think you may just have to accept that if you want to verify an employee, you'll need to call their previous employers
You're talking about "they" as in the people reading the CV. Which works fine for the scale individual employers operate at.
But the point of this conversation, is what the services themselves, dealing with fake profiles at scale, should do. LinkedIn themselves don't make hiring decisions; they make money off of how reliable their listings are. Their incentive is entirely different than the employer's incentive.
By analogy: it's fine to talk about how a given person should carry pepper spray with them if they want to avoid getting mugged. But what should a city government do to make a city a place people want to move to, where people generally don't want to move to cities where they might have a high chance of getting mugged?
> Linkedin will never require proof of income. That's much more intrusive.
You seem to think we're talking about this being done for every company automatically. But my understanding is that bots are always trying to impersonate the same top companies — so this requirement would either be for a certain whitelist of important employers, or (more likely) would be an org setting that the LinkedIn org admin for a given company would set (when they're having trouble with bots), to require LinkedIn to do extended verification for people claiming to specifically be employees of that company. Very much like how Cloudflare has an "I'm under attack" toggle that forces visitors through CAPTCHAs. If your previous employer sets that flag... well, that's their fault. Same as it's their fault if they aren't willing to give you a reference for petty reasons.
And do I trust them to silo this information? Similar companies like Facebook and Twitter are a solid 0% in using info provided for verification only for verification purposes.
You rhetorical question is... whether you should trust a company that already has both your full name, and a list of companies you've worked for (because you gave them both of those things to enable them to publicly display them to people searching for you)... with the information of what your corporate email address is?
They already know your corporate email address. They — and anyone else who sees the public profile they display for you(!) — has all the information required to deduce it. (And privately, they have all the info required to not even have to brute-force it — i.e. they already know some of your coworkers' corporate email addresses, and so the format of the username-part of yours.)
The only thing they don't know, is whether you — the person who claims to have worked for company X, but might not actually — can access that email address.
Is there something scary about them having that information, over-and-above what's scary about them being able to do what they can do with the information you explicitly did choose to give them?
I don't want them emailing me job offers at work, and I also don't want them emailing me "you haven't responded to the job offer we sent to your other address" either, and I have zero faith that won't happen.
No one said you had to login with the work email. It could just be a step when you change current employer to a big company, a one time verification. You would still use your personal for login and account control.
This is a good thought but only if the company allows you to generate a throwaway email, or designates a single email for this purpose that potentially forwards to HR (to verify the employment). Otherwise this puts a massive target on linkedin back for a data breach and opens individual work emails to spam. Both would be nasty for credential harvesting (email username) and spear phishing.
The single HR email seems like the best option since they would be able to retroactively confirm employment even if you've left.
It's absolutely ridiculous that the administrator for a Company Page can't remove a person as an employee from that page.
We have a dozen or more fake employees on our page, plus ex-employees who never updated their linkedin, and there's no way for me to say, as a person who owns the business, "This person does not work here."
Even before the current LinkedIn purge, shouldn't duplicate profile images be a red flag? I got three invites from three different accounts with the same profile photo in the space of a week over the summer.
This is also an ongoing issue for Facebook, except the fake accounts use the same profile photo and name as real people. It's a vector for fraud and causes untold headaches for millions. It's been going on for years.
If the criminals are keeping up with tech. I have no reason to expect them to be any more in the loop than anyone else, and I still surprise tech people with Google Translate's augmented reality mode, which is nearly 12 year old tech now.
Fake accounts on platforms raise internal metrics of usage & activity, which practically creates an anti-incentive for the parent company to remove them. One can imagine fictional scenarios that wouldn't pass a basic litmus test yet make an otherwise meaningless number go up that for some reason pleases the investors solely because it's higher than the previous quarter's number. I'd move my profile over to ShlinkedIn if given the choice.
"Wow, according to LinkedIn, over 8 billion people work at FacAmAppNeGoog! That company must be doing very well to be able to pay all those employees; let me update my important financial model based on this non-audited number. Nevermind that only 100,000 worked there a few months ago, this is fastest growing company in history! Here are 5 ways to replicate their success from the comfort of your broom closet:"
Shouldn't there be an option to verify your employment at a company? If you list a company in your profile, you have to provide a company email and click a link to prove that you own that email address. You could tune this to prompt someone to "refresh" the proof once a year or something.
I imagine LinkedIn has no benefit from doing this. It would only serve to show how few real employees they have and devalue the platform to recruiters.
Ah good, they're finally cutting down on Chinese vendors with random company names and fifty unrelated products, soon I'll be able to trust a company's reputation again
Yeah people's contact information changes over the years, especially these days. Some people I develop a close enough relationship with to exchange personal email accounts, the majority I don't.
I'm independent as well and some of my biggest projects have been from former people i've worked with reaching out.
I had this problem when managing a company's page. No real tools exist to prune these people, and it just ends up a mess. I was working for a sports team, and we'd have fans list themselves as employees ¯\_(ツ)_/¯
I wanted to share the link of a job posting on our company website to LinkedIn. It asked if I want to add my work email to my profile, just for verification reasons, so that it shows the "Is Hiring" ring around my profile photo. I made sure it's displayed nowhere in my profile. I also unselected every single consent related to using that email address.
Less than a week later I started receiving recruiter emails in my work address.
Apple with LLVM is arguably a bigger contribution than LinkedIn with Kafka, and Apple are notoriously stingy with open source. I'd have thought their contributions to FreeBSD would be Netflix's most notable contributions. No mention of Google with Angular, Dart, WebM, AOSP, Guava, Kubernetes, Bazel, Go. At this stage Microsoft is also arguably a larger open source contributor than LinkedIn or Netflix.
This is all fair. I genuinely didn’t know Apple developed LLVM, I knew they were heavily involved in early 00’s. Can’t believe I forgot Kubernetes & Angular.
Apple didn’t develop LLVM. It was a research project at the University of Illinois. Apple hired one of the lead developers and started the Clang project. Which is still a great contribution ;)
LinkedIn is a cesspool of shit. I spent a bunch of time and removed literally everything from my profile except for my current job, which only has minimal information. That had the effect of actually increasing the number of Amazon headhunters writing me weekly.
I explicitly have on my profile that I am not interested in Amazon, but their recruiters still contact me. Recruiters still not read profile, it's basically spray and pray.
That said, it's been a couple of weeks since I have heard from Amazon. There truly must be a hiring freeze going on
Every time an Amazon recruiter emails me, I reply back CC'ing every previous Amazon recruiter. I say "Thanks <new person name> but I'm not interested in working for Amazon. <Previous recruiters>: I previously asked to be taken off the mailing list- what happened?"
I got to 4 people on my list before the emails stopped coming.
Truthfully, I know some of those recruiters personally. I don't hold it against them. They're paid terribly and their job is at risk if they don't get candidates.
I just be as polite as I can, but I hold them to their word.
I don't mean harassment by the recruiters, especially if it's the first contact. But surely the recruiting division has a database of people they've contacted and who asked not to be contacted again?
The company is in my home, in New York.
I reported the fake profile, but it's still there, listed as an employee of mine.
[UPDATE] Actually, belay that. They seem to finally be gone.