A lot of those websites scan your address book and show you people that are already on the site and then ask you to send emails to people who aren't. It's reasonable to not know that 11,000 people would be on linked in. Also Linkedin isn't exactly a website that he "wasn't sure about". Everyone knows what the site is and does. Also your Rule 1 is kinda silly. I guess as long as I keep the passwords to those to sites different then I should be safe?
Believe it or not, I blame this entire incident on Google, not LinkedIn.
Reasons?
a) you sign in using google. That is actually a REALLY GOOD PRACTICE because it gives you lots of benefits of oauth (I can de-authorize an account).
b) you only have the one password to remember, which is good for most people.
Why it's bad? Because when signing in, the other side can ask for details from your account and the best you can do is say "yes" or "no" and if you accidentally said yes, it's plowing though user preferences (something most people can't do) at google.
What should happen instead? An intentionally slow experience.
a) user clicks the sign in with google+ or whatever.
b) user is presented with option "allow/deny access for XXXX domain to log in with your credentials"
c) user is now presented with (all default off) options to allow sharing of data. There is a big message up top saying "these options are not required for you to log in with your google account. You may lose some functionality, but will not share any extra data with the 3rd party"
No, you won't be safe, but you won't accidentally log into your gmail account from Linkedin. This is specifically about Linkedin, because it's asking for your gmail credentials and if in a hurry, as I often am and don't go to linkedin that often, I mistakenly enter my linkedin password thinking it's telling me I am not logged in.
I agree that letting linkedin in scan your 11,000 contacts is going to be faster, but seriously, how many contacts are useful? I have less than 100, and some of those are kind of iffy. Unless you are a recruiter that has a use for perusing random resumes, it seems unlikely to get much value from having 10k profiles linked.
I think some people see it as a measure of their value as a professional. If you have 500+ connections, then you've obviously been around and know everyone. This impression can increase your commercial value when you're looking for executive or sales positions. Business is fundamentally social, and if you can leverage a large network in favor of your employer, you become much more valuable than a smooth talker with no connections.
It does kind of ruin the "introduce me" featureset when everyone you contact is going to say "Actually, err, I can't introduce you guys because I don't actually know him", though.
LinkedIn should mitigate this by minimizing or not even displaying the "number of connections" on profiles and emphasizing other value measurements that don't cause misaligned incentives.
