When does data mining cross the privacy line?



How do you draw the line between helpful aggregation of public data, and intrusive data mining?  It seems that line was crossed in April, when LinkedIn stated it had sent a cease-and-desist order to the developers behind a third-party add-in widget for the professional networking site.

The widget, called ‘Sell Hack’, claimed to provide users with email addresses of people on LinkedIn, which are normally available only to people that are connected via LinkedIn on an opt-in basis.  The makers of Sell Hack have not stated how the app is apparently able to circumvent LinkedIn’s normal privacy controls, with some reports stating that it simply uses an algorithm to make a ‘best guess’ from publicly available data, and other stating that it does data mining.

However, it does raise issues about the trustworthiness and data integrity of plug-in apps of this type.  As Pentura technical director Paul Cronin said to SC Magazine UK:   “Although Sell Hack is using an algorithm to check publicly-available data, it is a concern that add-ons like this can watch activity and collect information on any direct connections made via LinkedIn.  It’s also not clear what is being done with this information:  this is something the tool’s vendor needs to make explicit if users are going to trust it.”

In any case, naming the app ‘Sell Hack’ wasn’t perhaps the best basis from which to start building trust.  The full story is here:  http://www.scmagazineuk.com/linkedin-plug-in-mines-for-user-email-addresses/article/340950/