It will spam everyone you know using one weird trick

I recently was fooled by LinkedIn into bombarding most of my Gmail contacts with invitations to “connect.” Or, more accurately, LinkedIn spammed my Gmail contacts by way of its confusing, deceitful design.

Am I letting myself off the hook too easily for not paying close enough attention to what I was doing? I readily acknowledge that I should have been more careful, but my experience was not unique: the same practices that hoodwinked me are the subject of a class-action lawsuit recently green-lighted by a federal judge.

In fact, I’d argue that much of LinkedIn’s viral growth is due to the evil UX methods I describe below.

The troubles began when I decided that I wanted to send a LinkedIn invitation to one person who was not already a member. Again, I only wanted to send one invitation to one e-mail address. Sounds easy, right?

Well, how would one go about doing such a thing?

On the right side of the top bar I saw what looked like a good bet for adding a contact: an iconified person with a “plus” sign floating helpfully above the shoulder.





Clicking there brought me to this page:





And here is where we grant LinkedIn access to our Google account so that… Wait, what? I just wanted to invite one person to be my “friend” or “connection” or whatever, and now I have to hand over the keys to my email account?

This is normally where the savvy user looks for a little button nestled in a corner somewhere that says something like “Skip This Step,” but such a thing was nowhere to be found.

Still and all, I was assured that my “contacts are safe” with good ol’ LinkedIn: “We’ll never email anyone without your permission.” So what’s the worst that could happen?







After clicking “Continue” to allow LinkedIn to plunder my Gmail contacts, I got to this page, showing a grid of existing LinkedIn members with email addresses that matched my contacts:



This is where things get interesting. The pale box where you select profiles to “connect” to is actually a scrolling pane containing many contacts, only a fraction of which are visible on the page.

You can imagine how easy it might be to miss the fact that dozens more checked profiles are hidden below the threshold of the frame. Yes, there is a scroll bar on the right side of the panel that might clue you in, but the overall design serves to obscure what’s actually going on.

A common way to make it clear that there is additional scrollable content below a “fold” is to size the scrollable box so that the last visible items are cut off somewhere in the middle, thus making it clear that there is additional content below the fold. However, in this list and other one I’ll show below, the scrollable boxes are sized to exactly align with the bottom of the last visible items. Still and all, there is a scroll bar with arrow buttons.

Anyhow, I clicked the “Skip this step” link, but the next page is the one that bit me. It’s a list of email contacts found that don’t match existing LinkedIn profiles.



We see here the same problem of hidden below-the-fold items as on the previous screen, but with a fun twist: The scroll bar has changed to be less recognizable.



It’s narrower, the arrow buttons are gone, and in general the thing is smaller and more subtle, and therefore easier to miss.

Now why would the scroll bar be different on this screen versus the previous one?



The previous page showed people already with LinkedIn profiles. This one consists of addresses without LinkedIn profiles. It’s far more important to LinkedIn to bring in new users than to connect existing ones. So this page, whose purpose is to bring in new users, is accordingly more deceptive than the previous one.

No points for the “260 Selected” label at the top right corner of the frame, which is a fig leaf that wouldn’t register at all with most users, who go through these flows quickly without studying every little label in the UI. (I only just noticed it as I was poring over these screenshots while preparing this post.)

When I got to this page, I unfortunately saw a few names of people I decided I wanted to invite, so I unchecked the names I saw of people I didn’t want to invite, and of course had no idea that 200-odd addresses were still selected and hiding below the fold. Leaving selected the (I thought) three or so people I wanted to invite, I clicked the blue button. Boom. I’d spammed hundreds of my contacts with LinkedIn “invitations.”

It would be exceedingly easy to do this without even knowing what had happened. There’s no confirmation dialog asking, "Are you sure you want to invite 250 of your contacts to connect?“ You only get a little green alert box to indicate that invitations have been sent, and it disappears after a few seconds.

And those invitations are effective. The email masquerades as a little personal note from me:





It’s a well-known compliance trick: Requests from people we know, especially friends, are more difficult to ignore than those from an impersonal business.

So this all might still not seem like such a big deal to you, but it was all very embarrassing to me. I got several responses from friends (e.g. "Hey Mark, I thought we were already connected through my other email address…?”) that clued me into the fact that every recipient could think that I had intended to individually invite them. Current bosses and colleagues. Random former colleagues. Friends of friends. People who’d rejected me for jobs. My ex-girlfriend’s mom who never liked me (it still bothers me).

And that’s not all! LinkedIn doesn’t just stop with one round of spam, but it repeatedly sends reminders with messages like “Mark is still waiting for your response.” When I found out that LinkedIn was continuing to spam all of those contacts, not knowing how long this would continue, I felt I had no choice but to revoke each invitation and send an apology to everyone on the list.

LinkedIn’s own help boards are teeming with complaints about unauthorized invitations. Complaints can be found in the blogosphere as well. Most of these users have no idea how the invitations got sent out. I’d bet dollars to doughnuts that in every case, it happened in exactly the way I described. What’s most maddening is that this UX anti-pattern, hopelessly broken from the user’s perspective, is working exactly as LinkedIn’s designers intended.

(It turns out there is a way to send an “invitation to connect” to a single e-mail address — remember? That’s what I was trying to do when I got into all this trouble in the first place. It’s difficult to find, of course.)

After not reaching out to LinkedIn, I did not get this made-up response from a LinkedIn spokesman:

Well, we could provide a straightforward, obvious way to type one measly e-mail address into a box, but we’d much rather spam hundreds of your contacts, using your name and face, again and again.

So what do we do about it? Shutting down my LinkedIn profile would seem like the very least I could do, but to my shame, I won’t even do that: LinkedIn has just become too darned useful as a networking tool, so I don’t feel I can ditch the thing altogether. I’ll content myself with saying this: LinkedIn, use UX for good, not evil. Eschew dark patterns. You’re a big, established, mature company now. It’s time to act like it, and treat your users with respect.

UPDATE: Some internet people contended that this was all more about me being stupid than LinkedIn being evil. I respond here.

