This is off topic, but the next web really needs to make an effort to properly credit images. They've been called out on this a number of times before, but the way they credit image sources is just plain wrong. In this article, for example, at the very bottom of the page is a generic link that says SOURCES: IMAGE CREDIT. With this particular image, the photographer very clearly says "please, kindly credit me (Nan Palmero) with the photo and link back here" - nowhere do they credit him by name. A quick check of all of the other publications using her photo do properly credit her by name, but the next web can't be bothered.
If the author of this article is reading - PLEASE CREDIT THE PHOTOGRAPHER
Thank you very much for looking out. It appears that this has been going on a bit. Matthew, can you help with the following pieces that also do not have my name attached to them, please? Doing so on both the desktop and mobile version would be greatly appreciated!
Wow - I knew they were bad at image attribution, but that's just plain awful. And these are just the photos from one photographer that have been improperly used! TNW clearly has a large gap in their reporting standards that needs to be corrected.
Hello Nan, thank you for collecting those links, I know that it took your personal time to find those and we'll definitely make sure that you're credited properly in them.
All of the posts appear to have an 'image credit' or 'photo source' link back to your Flickr profile, but we understand that this isn't good enough and from now on will be moving image sources into the body of the article.
Please accept our apologies for not crediting it more clearly and thank you for the great shots!
sort of off topic but I used to work at LinkedIn and created the foil wrapped logo'd chocolates being photographed. we used them as a giveaway back at CES in 2010 in the blackberry booth.
its cool that the images is offered under CC license and has been included in so many articles about LinkedIn, he should get a photo credit
Agreed (although this article appears to contain some original reporting), but their neglect for proper image attribution is especially egregious. It is most bothersome to me because all they have to do is mention the guy's name and they get to use his image free of charge, but instead they resort to some sort of half-hidden generic link-back.
I've made a change to credit the image more prominently with the photographer's name.
As a photographer myself, who does offer images under a CC license, I understand the importance of crediting. It was not my intention to slight them in any way.
And you'll find that a good many of the articles that we publish contain original reporting. Thank you for reading.
Thanks Matthew - glad to see you're willing to make that change. I noticed a number of other TNW articles from today also using the same anonymous attribution, one of which was another of yours (http://thenextweb.com/apple/2012/06/05/apple-tv-5-0-2-softwa...). If you'd take a moment to fix the attribution and mention something to your colleagues as well that would be awesome.
A couple of the other articles I noticed are here:
Putting aside the issue that much of this data shouldn't have been sent anywhere in the first place, I'll never understand why, in 2012, SSL is still not used by default when sending any sensitive or private data across the network.
It's even more puzzling when we're talking about background data upload when the potential SSL handshake latency isn't going to pose any UX issue. This has boggled my mind for years actually. Why?
Maybe it's not an issue for LinkedIn, but the iOS app submission process requires developers to do a lot of paperwork with several governments (US, France) for export compliance when using any kind of crypto.
I can easily see smaller developers deciding to go for HTTP instead of HTTPS just to avoid dealing with all that bureaucracy.
Going through CCATS is pretty painless; can't imagine that a public company with a good legal team like LinkedIn would have any issue getting through it if mom & pop shops can DIY without issue.
To this day, LinkedIn's web site still doesn't appear to use SSL by default (I haven't used the mobile app in years after not only snooping my own proxy to see that everything was in clear-text but also finding that it recommended bunches of contacts it shouldn't have; Support was not cooperative in helping me determine why/how they acquired that contact info or how to stop it--I assume the culprit was a surreptitious Address Book siphon). Clear-text access to the Web site is a fantastic feature for employers who want to know what their employees are up to on LinkedIn all day, among other things...I would love to know why they still haven't implemented site-wide SSL by default.
I should go back and take a look at the exact wording of the Apple App Store rules but I never had problems submitting apps that use SSL.
There's one step of the submission process that asks about the use of cryptography and I've always picked the option that doesn't require submitting any additional paperwork - never had problems. I forgot the exact wording but I always worked under the assumption that SSL isn't what Apple is talking about when they ask about the use of cryptography.
If developers had to file paperwork with various governments just to use SSL in their app, then simply using one of the many third party APIs that require SSL (e.g. the Foursquare API) or even just embedding a web browser view that may end up loading an https URL would require the developer to go through the paperwork route to get their app approved. That wouldn't make sense.
You would think so, but I've never been able to find a definitive answer, in public at least. Some forum posts seem to imply you should answer YES if you utilize HTTPS/SSL even if it's just through the iOS standard frameworks. Whether anyone _really_ cares remains to be seen. The vague wording is probably Apple's way to C.Y.A. should any problems arise later.
This is only tangentially related but I really don't understand why anyone cares so highly about their contact list. Does it really matter? Why does it matter?
Concerns about spam seem anachronistic (in that you have to deal with spam and services like Gmail have become pretty good at countering it). Is it just privacy? If so, I'm confused.
First off, I will point out: this is not a leak of your contact list, it is a leak of your calendar. You might have a very different perspective of the kind of information you store in your calendar, as it includes (explicitly from the article) meeting notes (in which I can imagine someone even having stored a bunch of sensitive corporate information) and the date/time and location of your upcoming whereabouts.
That said, I will also attempt to answer your question as asked, partly as everyone else is responding to you under the guise "LinkedIn should not get this data", yet, I, generally agree with you: for most people that is the worry of someone who is paranoid. That said, I /can/ come up with legitimate (but unlikely) situations where I'd fear for someone's life based on an address book being accessible from LinkedIn.
However, to me the key problem here is "in plain text": it is one thing for a service that already knows too much about me and the people I work with to know a little more about them, or think about people hacking into LinkedIn (again unlikely), but it is an entirely different thing for everyone sharing the WiFi network I'm on to have my entire contact list: these are people who are actually in a position to take action.
It might be your ex-husband who has been stalking you ever since the divorce, or it might be the creepy guy that hangs out at the comic book shop who seems to have taken slightly too much of an interest in you. It could even be someone running a scam: they go to conferences, intercept as many address books as possible, and try to use the result for some kind of social engineering hack or even identity theft.
If you haven't yet, I thereby implore you to consider "what could I learn about my best friend if I had their entire contact list": looking at it from the vaguely mischievous and voyeuristic stance of it being someone else's data might make it simpler to envision why that person might not want you to know all of that information. If that fails, then try to think about it from the perspective of a thief or an evil employer.
Out of principle, an app must not collect what it doesn't need. If the programmer thinks nothing sensitive should be in there, it's still not ok. Unrelated example because you mention the contact list - people who put passwords in there as phone numbers.
What really got to me though are notes. Notes! Of course no user should write "make that fat ass invest in us" in their appointment notes, but that is not how privacy works.
Perhaps it is a trust issue. When I get someone's contact information, I expect to be consciously aware any time I give that information to someone else.
"Would Alice want Bob to have her contact information? She gave it to me, but that doesn't give me the right to share it with others--it's hers."
It seems like asking an assistant to go through your contacts to prepare for a meeting, and while he's at it, he copies them all to his computer so he can do a better job. A little creepy and maybe acceptable. At best it's not what you asked for.
Will you post your email and cell contacts to this thread now? If not, why not?
I'm confused that you're confused. There are a hundred scenarios I can think of. Gmail being good at spam detection is your defense? For one, I get text message spam all the time now. I dont want people having my number who don't need it.
> Will you post your email and cell contacts to this thread now? If not, why not?
Well that is completely different to what LinkedIn is doing.
Sending information via plain text is bad but is fairly unlikely to be read in transit. (This isn't to say that it shouldn't be changed)
LinkedIn shouldn't be collecting the data. At the same time it isn't making the data public. It is somewhat unclear what they are doing with it. It is unlikely though that is for some evil scheme.
Compare this to posting a tonne of personal information on what is essentially a public forum. Completely different.
The OP was making a very broad claim. Why would anyone want to keep their contact list secret? Who cares?
In this particular case, I agree LinkedIn in all likelihood is not going to post your contacts to a public forum. But it's completely conceivable that it could happen.
But if there are hundreds of apps and services out there storing your contacts (and there will be if you're careless), then it's a virtual certainty that they will be used in ways you didn't attend.
It almost seems more likely than not these days that a big trove of personal information will be hacked. Even if it doesn't contain your credit card numbers, personal information is still extremely valuable because it allows hackers to bypass security questions and reset passwords.
EDIT: Haha, front page, huge dump of linkedn PW hashes leaked: http://news.ycombinator.com/item?id=4073309. I had written something about LinkedIn probably having "decent engineers", and being safer than giving your personal data to a shoddy government website. But I realize security is more a matter of process than hiring top engineers. And all these startups in a huge rush. They're only going to do security right after they're embarrassed. Being a programmer, I know how the sausage is made.
While this is not a direct violation of California law SB1386, it is not a long distance to be able to argue that the companies in question are acquiring unauthorized personal information. While we're not talking SSN, driver's license, etc etc., the definition of PII is only going to expand over time.
Basically, if I don't have a personal contract with LinkedIn, it is extremely thin ice for them to be collecting my e-mail address just because I was invited to one of your meetings.
The personal contact info of other individuals is not mine to share. They've entrusted me with their privacy, but it's theirs to continue to hide or share as they will.
If the author of this article is reading - PLEASE CREDIT THE PHOTOGRAPHER