First off, I will point out: this is not a leak of your contact list, it is a leak of your calendar. You might have a very different perspective of the kind of information you store in your calendar, as it includes (explicitly from the article) meeting notes (in which I can imagine someone even having stored a bunch of sensitive corporate information) and the date/time and location of your upcoming whereabouts.

That said, I will also attempt to answer your question as asked, partly as everyone else is responding to you under the guise "LinkedIn should not get this data", yet, I, generally agree with you: for most people that is the worry of someone who is paranoid. That said, I /can/ come up with legitimate (but unlikely) situations where I'd fear for someone's life based on an address book being accessible from LinkedIn.

However, to me the key problem here is "in plain text": it is one thing for a service that already knows too much about me and the people I work with to know a little more about them, or think about people hacking into LinkedIn (again unlikely), but it is an entirely different thing for everyone sharing the WiFi network I'm on to have my entire contact list: these are people who are actually in a position to take action.

It might be your ex-husband who has been stalking you ever since the divorce, or it might be the creepy guy that hangs out at the comic book shop who seems to have taken slightly too much of an interest in you. It could even be someone running a scam: they go to conferences, intercept as many address books as possible, and try to use the result for some kind of social engineering hack or even identity theft.

If you haven't yet, I thereby implore you to consider "what could I learn about my best friend if I had their entire contact list": looking at it from the vaguely mischievous and voyeuristic stance of it being someone else's data might make it simpler to envision why that person might not want you to know all of that information. If that fails, then try to think about it from the perspective of a thief or an evil employer.

Out of principle, an app must not collect what it doesn't need. If the programmer thinks nothing sensitive should be in there, it's still not ok. Unrelated example because you mention the contact list - people who put passwords in there as phone numbers.

What really got to me though are notes. Notes! Of course no user should write "make that fat ass invest in us" in their appointment notes, but that is not how privacy works.

Not to mention meeting notes that are under a strict NDA.

Perhaps it is a trust issue. When I get someone's contact information, I expect to be consciously aware any time I give that information to someone else.

"Would Alice want Bob to have her contact information? She gave it to me, but that doesn't give me the right to share it with others--it's hers."

It seems like asking an assistant to go through your contacts to prepare for a meeting, and while he's at it, he copies them all to his computer so he can do a better job. A little creepy and maybe acceptable. At best it's not what you asked for.

Will you post your email and cell contacts to this thread now? If not, why not?

I'm confused that you're confused. There are a hundred scenarios I can think of. Gmail being good at spam detection is your defense? For one, I get text message spam all the time now. I dont want people having my number who don't need it.

> Will you post your email and cell contacts to this thread now? If not, why not?

Well that is completely different to what LinkedIn is doing.

Sending information via plain text is bad but is fairly unlikely to be read in transit. (This isn't to say that it shouldn't be changed)

LinkedIn shouldn't be collecting the data. At the same time it isn't making the data public. It is somewhat unclear what they are doing with it. It is unlikely though that is for some evil scheme.

Compare this to posting a tonne of personal information on what is essentially a public forum. Completely different.

The OP was making a very broad claim. Why would anyone want to keep their contact list secret? Who cares?

In this particular case, I agree LinkedIn in all likelihood is not going to post your contacts to a public forum. But it's completely conceivable that it could happen.

But if there are hundreds of apps and services out there storing your contacts (and there will be if you're careless), then it's a virtual certainty that they will be used in ways you didn't attend.

It almost seems more likely than not these days that a big trove of personal information will be hacked. Even if it doesn't contain your credit card numbers, personal information is still extremely valuable because it allows hackers to bypass security questions and reset passwords.

EDIT: Haha, front page, huge dump of linkedn PW hashes leaked: http://news.ycombinator.com/item?id=4073309. I had written something about LinkedIn probably having "decent engineers", and being safer than giving your personal data to a shoddy government website. But I realize security is more a matter of process than hiring top engineers. And all these startups in a huge rush. They're only going to do security right after they're embarrassed. Being a programmer, I know how the sausage is made.

@cletus: would be interesting to see your response to the parent.

While this is not a direct violation of California law SB1386, it is not a long distance to be able to argue that the companies in question are acquiring unauthorized personal information. While we're not talking SSN, driver's license, etc etc., the definition of PII is only going to expand over time.

Basically, if I don't have a personal contract with LinkedIn, it is extremely thin ice for them to be collecting my e-mail address just because I was invited to one of your meetings.

The personal contact info of other individuals is not mine to share. They've entrusted me with their privacy, but it's theirs to continue to hide or share as they will.