- Business, Anecdotes, Quality Assurance
What if you couldn't update personal data on the Internet you created and own?
Back in January, the social network LinkedIn started deploying what they called the New Desktop Experience, which was their redesigned web user interface. Along with it came the removal of some features that were not actively used.
One of the removed features that personally affected me is related to secondary profiles. For those unaware, this LinkedIn feature allows users to translate their profiles into languages other than English. This feature was not very polished, but it was functional, and it was an extremely important feature to me as I live in a strong French community proud of its cultural heritage.
So what happened? Well, in the New Desktop Experience, LinkedIn made it so a user can switch languages while editing each individual section of their profile... except they did it for some sections, while for others you can only edit the English version, even if you switch your entire user interface to the secondary language. Whoops!
However, this is a big problem to me. My LinkedIn profile opened me to a lot of professional opportunities I would have missed otherwise. I got unexpected new jobs through headhunters using LinkedIn. I can easily prove the accuracy of professional recommendations performed through LinkedIn. I know my value on the recruiting market thanks to LinkedIn. I've found mentors and business partners through my LinkedIn connections. If my profile is no longer truthful and I can't edit it, it's literally defamation on LinkedIn part.
LinkedIn's User Agreement, which is a legally binding contract between LinkedIn and its users, is even supposed to protect against this. Here are some excerpts of section 3.1:
As between you and LinkedIn, you own the content and information that you submit or post to the Services and you are only granting LinkedIn and our affiliates the following non-exclusive license: A worldwide, transferable and sublicensable right to use, copy, modify, distribute, publish, and process, information and content that you provide through our Services, without any further consent, notice and/or compensation to you or others. [...]
You can end this license for specific content by deleting such content from the Services, or generally by closing your account, except (a) to the extent you shared it with others as part of the Service and they copied, re-shared it or stored it and (b) for the reasonable time it takes to remove from backup and other systems.
I believe I do have the possibility of deleting the out-of-date content, but only by deleting the entire secondary profile. The wording implies I should be able to do so for the affected section only, which is not the case right now.
We provide many choices about the collection, use and sharing of your data, from deleting or correcting data you include in your profile and controlling the visibility of your posts to advertising opt-outs and communication controls. We offer access to the personal data we have about you (for SlideShare, please contact us).
Considering I can't correct my data for some sections of my secondary profile, this is a clear violation.
Back to the User Agreement section 3.1:
You agree to only provide content or information that does not violate the law nor anyone’s rights (including intellectual property rights). You also agree that your profile information will be truthful. LinkedIn may be required by law to remove certain information or content in certain countries.
Well... it was truthful, but not anymore. So technically LinkedIn is forcing me to violate the User Agreement because of their own violation. How ironic.
I would have understood if LinkedIn would have scrapped secondary profiles completely as the whole thing always was half-finished anyway, but if you're going to keep a feature, at least don't remove other features that depend on it!
That said, I just assumed the whole issue was a regression bug, so I contacted LinkedIn's support and opened a new case to report it. What follows are quotes from the support agent, all from different replies:
"Guillaume, currently the functionality to edit the volunteer section language is not available. I've sent your suggestion to our product team for consideration."
"Our engineering team is working on it but there's no estimate as to how long that might take. We'll do our best to keep you posted."
"Our engineering team has identified this as an isolated incident affecting relatively few members at this time."
"At the moment there is no workaround. We are working on the same and update you soon."
LinkedIn closed the case after that last reply and the issue is still present. That was more than two months ago.
At this point I figured, if the user interface is not a priority for LinkedIn due to the low number of affected users, they should still be able to easily perform a database update. So I opened a new case to request such a thing, referencing the previous case. What follows are quotes from the second support agent, again all from different replies:
"At this time we don't have that specific functionality available, but I've sent your suggestion to our product team for consideration."
Clearly the support agent didn't read the previous case I referenced.
"At the moment there is no workaround. We are working on the same and update you soon."
But I just proposed a workaround!
"I have made the changes as requested by you."
To my horror, at this point the support agent modified my English profile instead of my French profile. Fortunately I prepared a backup in advance for this eventuality and was able to restore the data.
"There is only one description box. So if you want an English and French description with the alignment and everything, please send me the draft of exactly what you want on a word doc and I will add it to your profile."
I realized at this point what happened: LinkedIn support agents can impersonate users and perform arbitrary changes to their profile though the user interface. This is a major security issue that LinkedIn should fix, although it is unrelated.
"Just like you, I only have the option to edit the English version:"
In case there was still any doubt about the security issue, this quote is basically confirming it. Still, does the support agent even know what a database update is?
At this point I started requesting escalation of my issue, mentioning the support agent's lack of privileges and LinkedIn's violation of its User Agreement. But the support agent just kept asking basic questions about my problem that I had already answered and repeating the same canned responses over and over again, until one day he wrote this:
"I have escalated this to my supervisor as well."
That was more than a month ago. To this day, I have not heard a word of said supervisor despite multiple follow-up requests.
This goes on and on and on, but you get the idea: LinkedIn's internal processes are causing my requests to be misunderstood and/or ignored, despite a legally-binding contract with me requiring them to do the change. In total, I received 23 replies from support agents about this issue, with no significant result so far.
I'm confident that if I would fight this legal matter I would win, but honestly I have more important things to do in my life than that, especially considering it might involve foreign courts.
So what I decided instead is that if nothing changes in the incoming days, I will delete my French LinkedIn profile and only keep the English one. I might end up publishing the French content on my website directly and link to it. We'll see.
I hope publishing this story publicly will make people at LinkedIn realize that there are major issues with their internal processes and fix them. However, the main reason I wanted to share this story is because I want everyone to realize that the issues I showcased could happen in any organization. Regressions due to technical debt, prioritization of new features over non-functional requirements, unhelpful support agents, privileged data access to employees that shouldn't have said access to, and internal communication issues are common problems, and organizations should be proactive to prevent, detect and resolve them as much as possible.
Related articles I wrote
Upgrading Your Cybersecurity from Cowboys to Sheriffs
- Security, Business, Anecdotes
Roaming throughout the countryside, dangerous desperados are awaiting in their hideout for the perfect opportunity to rob their victims in silence. Powerless, the authorities have posted wanted posters on public boards with cash bounties for any information that could lead to their arrest or death…
Scrum Is Not Agile
- Programming, Business, Psychology
While there is no denying that Scrum revolutionized the software industry for the better, it may seem a little strange to read about someone that dislikes it despite strongly agreeing with the Agile Manifesto, considering the creator of Scrum was one of its signers. However, after having experienced…
Validating and Viewing OpenAPI Definitions with Docker
- Quality Assurance, Programming
Here are a few commands I crafted to validate and easily read API definitions in the OpenAPI format, using Docker and open source tools provided by Swagger. I have yet to convert them into proper shell scripts, but I hope these will be helpful nonetheless. The commands are designed to be run in a…
Essential International Standards and Registries for Web Developers
- Programming, Quality Assurance, Security
The following is a collection of free international standards, registries and references that I collected throughout the years while developing websites and web services. These references, while very precise and technical by their nature, are extremely useful in order to ensure that a specific…
Resolving Playstation Vita Error Code NP-9968-2
- Video Games, Security, Anecdotes
For about 2 years, I was not able to install any new software on my PlayStation Vita, for seemingly no reason. I could make new purchases from the PlayStation Store, but the download would always fail, and only on my Vita. No issues whatsoever with my PlayStation 3 nor my PlayStation 4, but for some…
See all of my articles