LinkedIn Sues 100 Individuals For Scraping User Data From the Site (betanews.com) 112
Mark Wilson, writing for BetaNews: Professional social network LinkedIn is suing 100 anonymous individuals for data scraping. It is hoped that a court order will be able to reveal the identities of those responsible for using bots to harvest user data from the site. The Microsoft-owned service takes pride in the relationship it has with its users and the security it offers their data. Its lawsuit seeks to use the data scrapers' IP addresses and then discover their true identity in order to take action against them. LinkedIn says that a botnet has been used to gain access to user data which is then passed on to third parties. The site has a number of measures in place to prevent this type of data harvesting, but it seems that scrapers have found a way to circumvent these security restrictions. A series of automated tools -- FUSE, Quicksand, Sentinel, and Org Block -- are used to monitor suspicious activity and blocking scraping.
LinkedIn Response in Summary (Score:5, Funny)
Re: LinkedIn Response in Summary (Score:1)
Security? (Score:1)
Oh? https://blog.linkedin.com/2016... [linkedin.com]
Re: (Score:2)
Security my Ass (Score:5, Interesting)
The Microsoft-owned service takes pride in the relationship it has with its users and the security it offers their data.
Thanks to LinkedIn hackers are attempting to login to my accounts on sites like Steam, Facebook, eBay, Twitter, etc. Now, I know better and use different passwords for different sites. But, at least these sites have security in place to warn me of suspicious logins while denying the logins.
Re: (Score:2)
I don't even have the same login in different sites.
Linked in? linkedin.com@example.org.
Facebook? facebook.com@example.org.
Re: (Score:2)
Point is, there's nothing tying two different sites to each other. Using even just the login ID of one is useless on the other.
Re: (Score:1)
Re: (Score:3)
Same with Passwords eh?
See, Security requires a lack of convenience, you don't get both.
If you use the same login ID and same password multiple places, especially in today's world, you are kind of inviting yourself to be hacked.
Re: (Score:1)
Re: (Score:2)
Simply using a different login ID can work. THat way a hack of one place doesn;t give your userID and password to other sites as well.
This isn't rocket science.
Re: (Score:1)
Here's my method for (mostly) solving that issue.
Use a single e-mail address for logins, but then heavily filter that alias. Nobody but companies have that e-mail.
Then, use @domain.com to hand out to acquaintances or anyone who you want to receive mail from.
Every year, increment the user portion of the address and discontinue the previous year. Users will know to increment the year when their e-mail bounces. If they don't bother and just give up... well, the message obviously wasn't that important.
Then ther
Re: (Score:2)
and... lack of edit sucks. Thought I proof read the whole thing but, of course, overlooked the angle brackets (again)...
anyway: YYYY@domain.com is what I meant.
Re: (Score:1)
Re: Security my Ass (Score:1)
I have an account with your mother
Re: (Score:2)
Any company that thinks is a good idea to get customers email password in order to "add information to the email" sucks at security. Basically channeling all emails through their service, even corporate email accounts. It's just unbelievable.
Re: (Score:2)
The annoying thing is, I'm getting a lot of SASL authentication attempts from Microsoft Azure IPs against the email address I used for LinkedIn. Microsoft's LinkedIn service leaked my email address and an ancient password, and lots of Microsoft Azure cloud instances are now busy attempting to login to that email account.
Aug 15 10:51:04 mail postfix/smtpd[12561]: connect from unknown[13.84.216.161]
Aug 15 10:51:07 mail postfix/smtpd[12561]: warning: unknown[13.84.216.161]: SASL LOGIN authentication failed: au
So... (Score:5, Informative)
You publish a public document then get mad when people use it for their own purposes.... brilliant.
How about you just make user privacy a default so that anonymous users cannot see any information?
You would then see which throw away accounts are being used to log in to see the data...
Re:So... (Score:4, Insightful)
Re: (Score:3, Insightful)
Re: (Score:2)
LinkedIn is basically Facebook for business purposes....Is anyone surprised?
Re:So... (Score:4, Insightful)
I'll do you one better: Don't use LinkedIn.
That was my solution. So while everyone else is running around in hair-on-fire mode, my defensive plan is to have a sandwich and then take a nap.
Re: (Score:3)
I'll do you one better: Don't use LinkedIn.
Yes please don't. We don't need more competition in the employment market as it is.
Re: (Score:2)
Let's be clear about this. LinkedIn is upset because that collection of professional data is extremely valuable. Microsoft just paid billions of dollars for it, and someone else just grabbed a lot of it for free. While having a static copy of the data isn't valuable as owning the network, there's still a lot of value of it, especially while the data is still reasonably fresh.
In short, individual users have nothing to fear from this, as they've already made all this data public, presumably because they wa
Re: (Score:1)
Technically we have a lot to fear from a legal system that lets a company sue anonymous people who've been downloading said publicly-available data. We must remain vigilant against this kind of BS; the amount it's gotten worse over the last 20 years is already enough to make one basically give up and assume we live in a 100% orwellian world. :P
Re: (Score:2)
The only reason to scrape all of LinkedIn's public data is to compile and sell it as a database, probably to some shady advertising network that doesn't care where the data comes from. So... I'm not exactly sympathetic to whoever is doing this.
That being said, it doesn't strike me as being illegal either. LinkedIn has every right to try to block mass access, but I agree, it seems like they're on shaky ground, legally speaking (not that I'm a lawyer). Maybe a judge will disagree. We'll have to keep an ey
Re: (Score:2)
How about you just make user privacy a default so that anonymous users cannot see any information?
Err this is linked-in we're talking about. Don't you remember the point of it all? Do you put a "looking for work" notice up on a public billboard and expect that note to be private?
Please sell my data to everyone and make it as public as possible.
Re: So... (Score:1)
Re: (Score:2)
Yeah and have undesirables come sniffing around
Why do you think you're some how forced to work for someone because they find you on LinkedIn? But hey I'm all for it. The less you are known the better chances I have come the next redundancy.
Re: So... (Score:1)
Re: (Score:3)
Simple. If you are an employer or recruiter, create an account. Once you are inside the gates, things are nice and open.
I was simply suggesting that they not make this level of access available to anonymous users.
If it turns out that a single account is crawling thousands of user's info... there you go, you have the user account responsible and can then do whatever internal correlations you need to do in order to determine who is scraping data.
Bing scrapes Youtube (Score:2, Informative)
Bing scrapes Youtube to index its contents. Bing is Microsoft owned.
It makes zero difference what EULA terms you put on a public website since the scraper doesn't read or agree to those terms. They don't use your service, they just index your website. If you don't like it Microsoft, don't publish the data publicly, keep the good stuff behind a login and monitor/limit accounts usage of those logins.
Put it this way, if you weren't scraping you, but you let others index the public data (e.g. Google, DuckDuckGo
Crime? (Score:1)
Re:Crime? (Score:4, Informative)
Yes. They're trying to turn a civil suit about a breach in contract into a criminal charge of anti-circumvention (DMCA) of their IP blacklist procedures and CFAA and criminal trespass for the access to the nearly public profiles that anyone with a free account can view.
Re: (Score:2)
Re: (Score:2)
The botnet created accounts, under influence of a programmer's hand. That programmer "agreed" to the terms of use. Unless we're going to say that assistive technology acts of its own free will.
Re: (Score:2)
Look closer. They are creating accounts.
Re: (Score:3)
Re: (Score:2)
And has the entire T&C been tried in court to see if it's even actually legal and valid? Companies can and WILL say ANYTHING they want in T&Cs and EULAs, doesn't make them legal...
Re: (Score:3)
They have a pretty standard severability clause - and those hold up in court just fine. If part of the contract is invalid / unenforceable, the rest still stands.
IANAL, but I'd say "no bots / no scraping [linkedin.com]" is probably perfectly valid legally speaking.
Re: (Score:2)
bots != botnet. A bot can be a computer you own. All of the accounts were created in the same manner and all are behaving the same.
Whether it can be proven or not has nothing to do with whether the contract terms are legally valid.
Re: (Score:2)
That's what happened to Aaron Swartz https://en.wikipedia.org/wiki/... [wikipedia.org] He was charged under the CFAA.
Gotta love the "contextual advertising" around this article on Slashdot. I see a "Clear Your Criminal Record for Life" ad (I'm in Canada).
Is data scraping illegal? (Score:5, Interesting)
I know scanning the data from a yellow pages breaks copyright law, but using an army of typists to copy the same data from the same source is perfectly fine.
How does scraping data from a website measure up, assuming all scraped data is available to visitors through normal means (i.e. not using security holes).
At what point does using data from a website become "scraping" and at what point does it violate copyrights?
Re: (Score:3)
When it's an automated tool (just like scanning from the yellow pages)
Re: (Score:2)
You can't copyright facts, but you can copyright a compilation. It's likely there are a handful of fake listings in your average yellow pages just to ensure that they can prove copying.
The same happens with fake streets on GPS to prove when maps are copied. I won't do the research for you, but there's plenty of case law out there.
Re: (Score:3)
Re: (Score:2)
Hmm Yellow pages doesn't require you to sign off on T's & C's before you use it
I don't think the data-scraping bot that agreed to the terms and conditions gives that much thought.
Re: (Score:1)
It isn't a violation of copyright at all.
The law making it illegal is the Computer Fraud and Abuse Act, which states it is a federal crime to violate a websites terms of service.
LinkedIn is claiming web scraping is against their TOS, and the CFAA states violating the TOS is a federal crime.
Re: (Score:3)
Re: (Score:2)
I know scanning the data from a yellow pages breaks copyright law, but using an army of typists to copy the same data from the same source is perfectly fine.
Exactly. They should have just hired 100 guys from a labor pool in India to do it, or used Amazon's Mechanical Turk.
Re: (Score:1)
Scanning the data from a yellow pages book doesn't break copyright law. Republishing that data in the same layout is what triggers copyright issues. If you scan and then reformat you're fine. If you learn the basics about copyright law, which is very specific, then you'd be able to answer your own questions. Scraping doesn't require using that data so your second question isn't even valid.
LinkedIn isn't suing over copyright issues (so why did you even bring that up?), they're suing over unauthorized use
Re: (Score:2)
I know scanning the data from a yellow pages breaks copyright law, but using an army of typists to copy the same data from the same source is perfectly fine.
To me, anybody who thinks this is a reasonable distinction to make in law shouldn't be making law for other people.
It's Illegal activity, but LinkedIn went too far (Score:3)
The charges are a bit trumped up and ridiculous. The illegal access by using a bot and breaking the legally binding user agreement is enough.
Claiming that it's a violation of the DMCA (anti-circumvention) and CFAA to circumvent their blacklisting procedures is silly. Not being on a blacklist is not a thing you "circumvent" nor is it a different kind of illegal access than using the bot in the first place.
What security? (Score:2)
How is the site offering security? If a bot can literally crawl/scrape your site, then given enough time, that is something a human could do as well. How is that data secure in any way?
Botnet? (Score:4, Interesting)
So they're saying a botnet was used to gain access to the data, then passed on to third parties. Unless I'm mistaken, the IP addresses will be pointing to machines on the botnet, and the owners of those machines have no idea that is happening. It sounds like a lot of innocent people might get swept up in this.
Also ironic that LinkedIn is owned by Microsoft, who is no doubt responsible for the operating systems running on all those bots on the aforementioned botnet.
Re: Er, Pot, Kettle. Linkedin harvested data itsel (Score:1)
thats just a relationship map thing.
several people in your contacts list are connected closely to them and in a similar field.
that applies to all their suggestions. you just only recognise and therefore see the ones you actually recognise.
Microsoft? (Score:1)
" The Microsoft-owned service takes pride in the relationship it has with its users and the security it offers their data."
No, the Microsoft PURCHASED service, none of those users signed to hand their data to Microsoft, they just got shafted.
As to "the security it offers their data", Microsoft BOUGHT their data, LinkedIn handed all that lovely data over as part of the deal, yum yum yum.
LinkedIn itself implemented an API that is licenses to others to access that data, so basically, their entire business is s
What a load of bull... (Score:1)
LinkedIn is the most idiotic brain dead company I've ever worked with.
I had a simple question: tell me how i can get the number of jobofferings that my customer's company has posted so i can show this number on their corporate site with a linked to LinkedIn. There must be an API for it, i've got OAuth2 credentials and a signed letter from the God/Darwin..
"Ah, but yes, but no, but yes, but no..."
Long story short, i've written a small program to check the LinkedIn site and get the value manu militari and it w
Re: (Score:2)
X86 based notebook and desktop machines running Windows. Why would a botnet creator go for anything but the most common configuration of hardware and software?
How would you prove this? (Score:1)
I was just refreshing your website every 20ms, not scraping any data.
How would you prove that any "scraping" took place, and why would it be illegal if it's publicly accessible information? If no security breach occurred, how is it different from other users accessing the same information?
Or is it just one of these american things where a corporation pays a large amount of money to lawyers and judges to imprison and/or financially ruin people that did something they didn't like?
dupe from 4 days ago (Score:2)
Let's see... (Score:3, Funny)
Samples from the list of the 100 individuals being sued...
I. P. Freely
Mike Hunt
Hassant bin Laid
Prince Albert-in-a-can
Anna und Elsa
Bartman Simpson
etc, etc, etc
Lol, too funny (Score:2)
"The Microsoft-owned service takes pride in the relationship it has with its users and the security it offers their data."
Yes, and slave owners in 1700's took pride in the 'relationship' they had with their slaves and the security it offered their profits.
CFAA? (Score:2)
In other words... (Score:2)
They're only pissed that people tried to take the data without paying them first.
VPN and Proxy (Score:1)
Yet another reason to make sure everything you do online is anonymous. What's legal and reasonable today might not be tomorrow. Everything you do is saved forever.
Passing user data on to 3rd parties. (Score:4, Interesting)
As a matter of interest, what is the point of LinkedIn if not to pass my user profile to as many people as possible?
They should be hiring these bots, not taking action against them. The whole purpose of LinkedIn is a public advertisement for work. They like to pretend they are a "social network for business" but really all they are is a giant platform for classifieds, and within that purpose the bots are doing a great job.
Re: (Score:2)
Scammers harvest LinkedIn for victims (Score:5, Interesting)
This is really about paying for the data (Score:1)
The data is readily available if you get a salesman/vendor type account.
In fact, LinkedIn provides almost no value for the typical person. It's a platform to sell access to computer professional.
I get 10 requests to "link" with a saleman every week. I delete every one of them.
I get 5 requests to apply for jobs... in fields that are unrelated to my experience and degrees.
It's a crap platform these days, and you'd have to be dense not to get that.
Good luck with that... (Score:1)
If the folks running the bots are even half as smart as the average geek they'll never figure out who was behind it... but perhaps they'll get lucky? lol
People make it easy (Score:2)
I've already seen on LinkedIn quite a few guys posting stuff like "Hey this is a crappy Excel sheet that allegedly does what a ton of other applications already do better and for free, why don't you post your emails and I pinky promise I'll send it back to you". By the comment 10K someone says "hey, has anyone received the email?". By the comment 20K someone else says "I hope this is not a scam to harvest our email addresses. Anyway, my email is XXX".
My opinion is that they deserve it.
What if I build.... (Score:1)
Re: (Score:2)
Linkedin scrapes U (Score:2)
Is this the same LinkedIn that created a MITM proxy to scrape whatever it pleases from everyone's emails and proceed to mercilessly spam anyone you've ever known to join their happy little cult?
This is the same company now trying to sue people for scraping data from a publically accessible site?
Standard Microsoft Procedure: (Score:2)
Hire good lawyers instead of good developers.