Blog.DanYork.com - Promiscuous linking, LinkedIn, and the dilution of webs of trust
Personal journal of Dan York - for my VoIP blog, see www.disruptivetelephony.com
dyork
dyork
Promiscuous linking, LinkedIn, and the dilution of webs of trust
LinkedIn logoNeville recentlly wrote a very thoughtful post on issues with linking in LinkedIn, which closely mirrors some of my own thoughts. He also linked to Renee Blodgett's blog entry and Lance Ulanoff's PC Week article 'Six Degrees of "Who Cares?"'.  All of which tapped into my own concern over LinkedIn and "trust"... but first, a very brief backstory...

Several years ago at the end of an OCLUG meeting, there was discussion around the upcoming PGP keysigning party to be held at OLS that year. I noticed that a friend who was a very hard-core crypto geek (to the point where he has been very heavily involved in the development of some of the IPSEC software that is used throughout the world of open source and Linux) was not interested and was shying away from the conversation at all.  I asked him why and the essence of his words stuck with me.  I don't remember them exactly, but they were roughly:
It all just seems too... um... promiscuous. I mean, you are basing your key signature only on meeting someone and seeing their ID. You don't know them. Can you really trust them? It seems to me that it weakens the Web of Trust.
He went on to say that he only would sign keys of people that he truly knew and that he trusted in turn to only sign keys of people they knew.  Now, it didn't stop me from attending that or subsequent keysignings, but his words definitely did have an effect. PGP (and GnuPG) have an ability to "weight" your signature.  You can say that you did very careful checking (which assigns a value of 3), casual checking (value of 2), or no checking (value of 1).  All of this is used in calculations of how trusted a key is that are far beyond the scope of this posting.  My use of this has been that I only give my PGP signature on a key a weight of 3 if I actually know the person. If they are just someone I met at a conference or keysigning and I know them only from their ID, I assign the weight of 2.  Not a perfect system, but one way to get around the conundrum of showing trust, although it certainly still won't satisfy my hard-core friend.

Enter LinkedIn.

I've used LinkedIn now for a year or two and have actually found it very useful to maintain contact with old friends, former colleagues and interesting people that I've come to know.  I've used it for a few requests and also use it from time to time to find names to contact within companies.  It works for what I need. However, I have enforced the rigidity of my friend's approach to PGP signing - I simply do not accept connections (or invite people) unless I know them somehow.  Either I have worked with them at some job or project, knew them as friends, or have at least spent significant time communicating with them by phone or e-mail.  At the moment I have 111 connections and I know personally 110 of them.  The 1 odd one is a person very highly-connected within security circles from whom, in a moment of weakness, I accepted an invite to connect.  It was quite some time ago when I was concerned about future job options and he seemed to be a good person with whom to be connected.

Since that time, though, like Neville and others I have frequently found myself in the awkward postion of having to decline invitations to connect from numerous people.  On Friday, in fact, I received two invitations from people at rather high-profile executive search firms.  For my own future career as well to always have fall-back options, they are precisely the type of people one should know.  But that's the point: I don't know them!  They don't know me, other than my LinkedIn profile.  They are essentially spamming me to "build their networks".  (At least these two did change the default LinkedIn text so that it at least looked like they spent a tiny bit of effort.) And that, to me, degrades the usefulness of the site.

To me, LinkedIn has two primary benefits.  First, if my contacts use it and update it regularly, it is a useful repository to find people's current contact information.  Since each of us updates our own info, it always has the most recent info in it.  I will always be able to find Fred's current e-mail because he himself has updated it.  This, of course, goes back to my "if".  I note that a number of my contacts obviously don't use the site because they are still listed with job titles and e-mail addresses that they long ago left.  The site obviously wasn't useful enough to them for them to go back in and update it.  Be that as it may, for those who do update the site, it is very useful.

Second, there have been a few times when I have wanted to make contact with someone at another company and I have asked for an introduction through the LinkedIn mechanism through one of my contacts.  This works because in theory (and in practice for most of my contacts) they know me and they know the other person.  They can make a personal recommendation because they know the parties involved.  This is purely an online version of every Chamber of Commerce/Rotary/Kiwanis/pick-your-business-networking-group event that has been held since such meetings began.  It probably happened in the dawn of our time sitting around a fire somewhere in the jungle: "I hear Og is a good skinner of antelope. Can you introduce me to him?  I have a few recent kills but am having a problem getting the skins off them in one piece."

These are the conversations and introductions that have been happening since time immemorial.  LinkedIn, OpenBC and their peers merely allow that campfire around which the conversations occur to be moved to a global level as our relationships have moved from being tribal to global.

But, in my opinion, the value of those introductions break down if people just randomly link to each other.  If I accept one of those invites from a recruiter, I will perhaps be found by people within his network. But what should I do the day I receive a request for an introduction from him?  I don't know him.  I have never met or communicated with him.  How can I say to someone that I do know that they should actually talk to this person?  Perhaps he may be a complete jerk who may act unethically toward the person to whom I have forwarded his information.  Now that person, who again I do know, will have less trust in me because I passed along some idiot's request.  When they receive something from me in the future, their trust in me will be weakened and they may choose not to do what I ask, or at least delay it to think about it a while.  I'd like to think that is a stretch, but it is a possibility, and I guess my personal integrity and the strength of my friendships and relationships is not something I want to take the chance of weakening.

However, what if some of my contacts accept these invitations that are so rampant these days?  On a macro level, accepting them makes a good deal of sense.  Now suddenly they are in the position of potentially forwarding something on to me from these mega-networkers.  Do I have to scrutinize it and wonder if, because it is someone from a big recruiter (for instance), my contact does actually know them?

I don't know.  The existence of things like the Cheater's Guide to Linked In, to folks who admittedly call themselves link sluts, and folks who brag about how you can make money forwarding LinkedIn requests (see also the myth of having too many connections) concern me in that from my point-of-view they will only ultimately serve to devalue the quality of trust networks within LinkedIn.  I understand what they are doing and on one level I agree: connections are extremely useful in business and in one way you can't have too many.  But are these truly "connections"? Or are they more like random people who have mailed me their contact info?

The LinkedIn folks have responded to some of this by introducing new features such as allowing you to find anyone in the site (thus removing much of the value of someone with an enormous network because you are no longer limited to just seeing those people in your network) and also by restricting searches of your network to the third degree.  But already, people are writing about how to get around that (which, incidentally, is why you are now starting to see e-mail addresses appearing in people's names within LinkedIn).

We'll see what happens.  I'll keep using LinkedIn because it works for me.  But these ongoing issues do make me concerned.  The only reason you usually get introduced to Og-the-antelope-skinner is because the person you are asking around the fire: a) knows that Og is a good antelope-skinner; b) knows you are not the type of person who is going to conk Og on the head and steal all his antelope skins.

Trust matters.

Tags: , , ,

Comments
From: (Anonymous) Date: August 24th, 2005 06:19 am (UTC) (Permanent Link)

Trust matters

I enjoyed your post. Trust is certainly an issue we wrestle with every day. And we look at both how much to clarify and enforce rules and when to "go with flow" of how people are using LinkedIn.

For applications like an updated list of email addresses (you can also export them as well as other vCard info) or re-connecting with old colleagues, the trust element is not that important because these things are only between you and your connections.

But if introductions are to add real value and really help the person seeking to get introduced to someone they need to reach (e.g. a potential business partner, someone with certain expertise, etc.), it is essential that the links are strong. One reason we went from fourth to third degree was that trust was stretched pretty thin by the time you received a message from someone four degrees away, and many of our members felt it was awkward to be in the middle of an introduction of the fourth degree where they knew neither the sender nor the receiver. Now, with personal networks of three degrees, incoming messages should generally be more likely to be a good opportunity, and when making intros, you always know the sender or the receiver (and the other party is a friend of a friend).

This tighter network also gives you fairly complete control over the strength of links you may need to rely on for introduction. When you only link to people you know and trust and who also have a like-policy, then you should not have to worry that weak connections will be involved in any intros you request. Any people with more connections than they can possibly know will be in your third degree.

If they are not and you really care about the issue, look up which of them are in your second degree and disconnect from people you know who are directly connected with such "weak connectors." They will still be at the periphery of your network at the third degree, but that shouldn't have any influence on you unless they try to reach you (presumably, you won't seek out an introduction to them), and it's pretty easy to decline to make contact.

In my experience, people with many connections are generally quite harmless. In fact, many feel they are doing a good thing by being open and trying to help even people they don't know. Some have done it to increase their searchable network or to show up higher in search results, but our recent re-design makes it so members get a pretty low ROI on time spent connecting with more people than they know and trust.

Another fine point is that we do have up-to-date email addresses for most users because virtually everyone responds to invitations from colleagues. So, if you move on from company A to company B, it is just a matter of time until someone from company B invites you at your company B email address. And once you accept, this new email address is added to your account - without you having to explicitly go to LinkedIn to update your email address. We don't always expose secondary addresses, but the current email address is usually there.

-Konstantin
www.linkedin.com/p/kguericke
From: (Anonymous) Date: May 6th, 2007 12:19 am (UTC) (Permanent Link)

great line

Dan: While I know it was some time ago, I really enjoyed your post. I am still an active LinkedIn user and blog about it myself. I just wanted to drop you a line to say that I really enjoyed your line:

"I hear Og is a good skinner of antelope. Can you introduce me to him? I have a few recent kills but am having a problem getting the skins off them in one piece."

Classic. Now that I have read your blog post, perhaps we should link up as well? (just kidding)

Best,
Lou
http://correlate.wordpress.com
2 comments or Leave a commentPermanent Link
Profile
Dan York
User: dyork
Name: Dan York
My Other Weblogs
- Disruptive Conversations
   (social media, blogs, PR, etc.)
- Disruptive Telephony
   (Voice over IP, telecom)
- Blue Box: The VoIP Security Podcast
- Voice of VOIPSA
   (VoIP Security Alliance)
about this journal
Copyright 2004-9 Dan York

All opinions expressed here are entirely mine and have no connection to my employer or any other person or organization.

If you enjoy my writing (style or content) and would be interested in a contribution of text to a book, magazine, website, etc., please feel free to contact me as I am always open to considering writing opportunities.
Full Disclosure
Dan York, CISSP, is Director of Conversations at Voxeo. He is also the Best Practices Chair for the VOIP Security Alliance. However, there is no connection between Voxeo and this weblog and nothing stated here should in any way be interpreted as statements or positions of Voxeo or VOIPSA.
Categories/Tags

Select a tag/category to view all entries in that category.

Links
page summary
Anonymous great line