Several years ago at the end of an OCLUG meeting, there was discussion around the upcoming PGP keysigning party to be held at OLS that year. I noticed that a friend who was a very hard-core crypto geek (to the point where he has been very heavily involved in the development of some of the IPSEC software that is used throughout the world of open source and Linux) was not interested and was shying away from the conversation at all. I asked him why and the essence of his words stuck with me. I don't remember them exactly, but they were roughly:
It all just seems too... um... promiscuous. I mean, you are basing your key signature only on meeting someone and seeing their ID. You don't know them. Can you really trust them? It seems to me that it weakens the Web of Trust.He went on to say that he only would sign keys of people that he truly knew and that he trusted in turn to only sign keys of people they knew. Now, it didn't stop me from attending that or subsequent keysignings, but his words definitely did have an effect. PGP (and GnuPG) have an ability to "weight" your signature. You can say that you did very careful checking (which assigns a value of 3), casual checking (value of 2), or no checking (value of 1). All of this is used in calculations of how trusted a key is that are far beyond the scope of this posting. My use of this has been that I only give my PGP signature on a key a weight of 3 if I actually know the person. If they are just someone I met at a conference or keysigning and I know them only from their ID, I assign the weight of 2. Not a perfect system, but one way to get around the conundrum of showing trust, although it certainly still won't satisfy my hard-core friend.
I've used LinkedIn now for a year or two and have actually found it very useful to maintain contact with old friends, former colleagues and interesting people that I've come to know. I've used it for a few requests and also use it from time to time to find names to contact within companies. It works for what I need. However, I have enforced the rigidity of my friend's approach to PGP signing - I simply do not accept connections (or invite people) unless I know them somehow. Either I have worked with them at some job or project, knew them as friends, or have at least spent significant time communicating with them by phone or e-mail. At the moment I have 111 connections and I know personally 110 of them. The 1 odd one is a person very highly-connected within security circles from whom, in a moment of weakness, I accepted an invite to connect. It was quite some time ago when I was concerned about future job options and he seemed to be a good person with whom to be connected.
Since that time, though, like Neville and others I have frequently found myself in the awkward postion of having to decline invitations to connect from numerous people. On Friday, in fact, I received two invitations from people at rather high-profile executive search firms. For my own future career as well to always have fall-back options, they are precisely the type of people one should know. But that's the point: I don't know them! They don't know me, other than my LinkedIn profile. They are essentially spamming me to "build their networks". (At least these two did change the default LinkedIn text so that it at least looked like they spent a tiny bit of effort.) And that, to me, degrades the usefulness of the site.
To me, LinkedIn has two primary benefits. First, if my contacts use it and update it regularly, it is a useful repository to find people's current contact information. Since each of us updates our own info, it always has the most recent info in it. I will always be able to find Fred's current e-mail because he himself has updated it. This, of course, goes back to my "if". I note that a number of my contacts obviously don't use the site because they are still listed with job titles and e-mail addresses that they long ago left. The site obviously wasn't useful enough to them for them to go back in and update it. Be that as it may, for those who do update the site, it is very useful.
Second, there have been a few times when I have wanted to make contact with someone at another company and I have asked for an introduction through the LinkedIn mechanism through one of my contacts. This works because in theory (and in practice for most of my contacts) they know me and they know the other person. They can make a personal recommendation because they know the parties involved. This is purely an online version of every Chamber of Commerce/Rotary/Kiwanis/pick-your-busine
These are the conversations and introductions that have been happening since time immemorial. LinkedIn, OpenBC and their peers merely allow that campfire around which the conversations occur to be moved to a global level as our relationships have moved from being tribal to global.
But, in my opinion, the value of those introductions break down if people just randomly link to each other. If I accept one of those invites from a recruiter, I will perhaps be found by people within his network. But what should I do the day I receive a request for an introduction from him? I don't know him. I have never met or communicated with him. How can I say to someone that I do know that they should actually talk to this person? Perhaps he may be a complete jerk who may act unethically toward the person to whom I have forwarded his information. Now that person, who again I do know, will have less trust in me because I passed along some idiot's request. When they receive something from me in the future, their trust in me will be weakened and they may choose not to do what I ask, or at least delay it to think about it a while. I'd like to think that is a stretch, but it is a possibility, and I guess my personal integrity and the strength of my friendships and relationships is not something I want to take the chance of weakening.
However, what if some of my contacts accept these invitations that are so rampant these days? On a macro level, accepting them makes a good deal of sense. Now suddenly they are in the position of potentially forwarding something on to me from these mega-networkers. Do I have to scrutinize it and wonder if, because it is someone from a big recruiter (for instance), my contact does actually know them?
I don't know. The existence of things like the Cheater's Guide to Linked In, to folks who admittedly call themselves link sluts, and folks who brag about how you can make money forwarding LinkedIn requests (see also the myth of having too many connections) concern me in that from my point-of-view they will only ultimately serve to devalue the quality of trust networks within LinkedIn. I understand what they are doing and on one level I agree: connections are extremely useful in business and in one way you can't have too many. But are these truly "connections"? Or are they more like random people who have mailed me their contact info?
The LinkedIn folks have responded to some of this by introducing new features such as allowing you to find anyone in the site (thus removing much of the value of someone with an enormous network because you are no longer limited to just seeing those people in your network) and also by restricting searches of your network to the third degree. But already, people are writing about how to get around that (which, incidentally, is why you are now starting to see e-mail addresses appearing in people's names within LinkedIn).
We'll see what happens. I'll keep using LinkedIn because it works for me. But these ongoing issues do make me concerned. The only reason you usually get introduced to Og-the-antelope-skinner is because the person you are asking around the fire: a) knows that Og is a good antelope-skinner; b) knows you are not the type of person who is going to conk Og on the head and steal all his antelope skins.