numbers for people.

Hacking LinkedIn to find out who visits your site

Just a heads up, I never disclose any personally identifying information. But this technique will probably work for anyone so you might want to change your LinkedIn settings or log out when you aren’t using it

I was looking at the list of who’s been looking at my LinkedIn profile (as part of an informal A/B test of what keywords get the most love) and got to thinking — what counts as viewing a LinkedIn profile?

Out of curiousity, I made a LinkedIn profile and loaded it up in an iframe. The page doesn’t display in most browsers because the X-Frame-Origin header is set (you can see the headers yourself). As a general rule, when a browser doesn’t let me do something, it’s probably a good feature. But the neat thing is that LinkedIn still registers the page view (if they had done some checking in JavaScript, it’d be much harder to spoof, maybe impossible). So if I just embed the iframe in the bottom of the page… ok, cool, that works. I left it in for a week.

In the last week ~500 people visited my website1. Of those, it looks like 220 were logged in to LinkedIn (so 44%, an interesting number in itself, way to go LNKD!2)

But let’s take a look at the anonymized data3. First off, it’s a little disappointing; people do tend to use the privacy settings pretty well. 25 people (11%) just show up as “LinkedIn Member” and 130 people (60%) didn’t have job titles specified. The titles are the most interesting part to me (tools like Marketo can already guess the company someone is at by IP address4.) but after looking through the list, it’s pretty cool to know that my blog was read last week by employees or students of:

  • Federal Reserve Bank of New York
  • DreamWorks Animation
  • United States Military Academy (and 30 other schools and universities including MIT and Stanford)
  • Boeing
  • The Phnom Penh Post
  • Ernst & Young

The who’s who of the 65 people this week who were logged in to LinkedIn was a bit surprising5. I expected it to be littered with students (only 2!) but I’m not surprised there are so many software developers reading me (~17 depending on how I read the titles). There were some interesting listings though:

  • 3 people in public relations
  • 6 directors
  • a vice president
  • and a partner at a very prestigious firm

I didn’t set it up so I could see who visited which page, but that wouldn’t be too hard to change. Kind of cool, eh?

I’m not sure how big of an information leak this would be seen as at LinkedIn6 , so I don’t know if I’ll get my customary angry letter7.

  1. As a first order approximation, I use the link-bait articles to test things on web traffic. Nothing malicious, I’m just curious how many browsers support gzip vs sdch or have multiple languages in their accept header)
  2. One of the projects I’m forever putting off is a series of articles explaining to people outside the tech bubble why young companies can actually be worth eleventy billion dollars. That 44% of people are logged into it right now will probably by exhibit #1
  3. I’m going to anonymize the data a lot, since the interesting datapoint is that it worked, not who is curious about statistical sampling mistakes or easy encryption (a few of the profiles are of specific people and many more are uniquely identified by their title and place of employment)
  4. I don’t use Marketo my site, it’s also not helpful for startups since everybody in SOMA where I work shows up as the Academy of Arts. And naturally, it doesn’t work if people are reading your site at home
  5. apparently my investigation into HTML5 game hacking is getting a decent fraction of the love that my stupid New York time bookmarklet has been getting, so that might explain some of the ritzier titles
  6. it was a bit of a hassle to page through my visitors and it cost my $9.95 to get. It slows down your page loads a little but otherwise it’s drag and drop to implement.
  7. Angry letters, feature requests and mail from recruiters… although once someone volunteered to maintain some of my code :)

Comments are closed.