Hughes blog post: Beware the perils of Address Book Importing

Ever received an odd friend recommendation on Facebook and wondered how and why Facebook thought you knew each other? Or received a LinkedIn invitation to join someone’s professional network even though they work in a completely different industry and you can’t remember when or why you would ever have done business with them?

The chances are that you, or someone you’re connected to, however loosely or however long ago, has fallen victim to a seemingly innocuous technique called Address Book Importing (ABI).

ABI lies behind the majority of social networks’ ‘friend finding’ tools and any other platforms that rely on email correspondence such as competition entry or newsletter pages. If used carefully these tools are often an incredibly useful and time-efficient way of getting your addresses all in one place and creating and boosting online connections.

But, as always, there’s a catch.

I discovered the true power of ABI this weekend in an unfortunate incident that resulted in LinkedIn sending an invitation to everyone I had ever had contact with, however fleetingly, since I first entered the digital world more than ten years ago. These unwitting victims ranged from the just plain odd, like the hippy yoga studio I visited once on a whim, to the professionally inappropriate, like the top personnel at organisations where I used to be just a lowly work experience student, to the toecurlingly embarrassing like an ex-boyfriend….and his mum.

By clicking ‘yes’ to importing and inviting my contacts, I had given LinkedIn permission to delve not only into my current Gmail account but right across all my other online accounts and my desktop in order to send out invitations to every email address it could find, at lightning speed, before I had a chance to review them. 642 in all.

To make it worse, I then discovered that to prevent LinkedIn from spamming these contacts with constant reminders to connect to a virtual stranger, simply bulk deleting these invitations wasn’t enough. Instead I had to click ‘withdraw’ on every single invitation. One by one. (That’s one Sunday evening that I’ll never get back!)

What makes such a situation even trickier is that by allowing social networks access to all of your contacts, you’re also giving them the green light to make connection recommendations for all of those people too. This could be disastrous for those working in fields where broadcasting your professional or personal connections is highly inappropriate, such as journalists with confidential sources, or health professionals and patients, or those working on projects that are yet to be launched publicly.

And finally, there’s the moral and privacy aspect to consider. Why should I have the right to allow a third party website to store someone else’s email address and to start interacting with that person without first getting permission from that individual? In the worst case scenario, is it my fault if that person’s address gets hacked or spammed as a result?

I hope this tale doesn’t detract attention from the wealth of benefits LinkedIn and other similar sites offer because I still consider them to be a fantastic way to network within your industry, to connect with people wherever they are in the world and to discover training and career opportunities that may otherwise have passed you by.

But what I’ve learnt from this experience is that whenever you are asked to upload or import your contacts by any website, no matter how innocent or helpful the request appears, you need to do your homework to understand exactly what you are permitting that site to do with those addresses and over what timeframe. Yes, it’s tedious, but it’s always a good idea to read the organisation’s FAQs and privacy policy first before clicking ‘yes’ to any request that involves personal data.

And if you’re still in any doubt, then the best approach is to make a cup of tea and send your invitations the old fashioned way, one by one.

- Hayley Burwell