I am pretty positive they're talking about this "awesome" feature. I can't find the page right now, but there is a debatable "dark pattern" somewhere on LinkedIn that will lead you connect your personal email's address book to their service if you're just clicking about & not paying attention. I also have a suspicion that folks should make sure their LinkedIn password isn't the same as the password used for the email that signed up for LinkedIn. Despite the comments in that FAQ I linked, I really don't think LinkedIn is really hacking anyone or using any javascript-exploit to gain access to their Gmail account. I think it's just the questionable dark pattern... that I can't find anymore.
Upon subscribing, you can grant LinkedIn access to Google contacts (via standard OAuth stuff).
This is then used to find your contacts already on LinkedIn, and then followed by a page where you can send out invites for your Google contacts. Of course, if you select everyone and click invite (which is the primary action, but there is a skip button), invites will be sent out.
An "invite your contacts" dialog then occasionally pops up during site usage, where you can once again click "sure, send out invites to all my contacts", but nothing is happening without user consent.
So yeah, growth hacking, but not hacking, like the article suggests.
Does anybody know how LinkedIn accomplishes this? Do they request an OAuth token from Google (which the user should be aware of) or do they do really a cross site request if you are logged with Google at the same time?
I am pretty positive they're talking about this "awesome" feature. I can't find the page right now, but there is a debatable "dark pattern" somewhere on LinkedIn that will lead you connect your personal email's address book to their service if you're just clicking about & not paying attention. I also have a suspicion that folks should make sure their LinkedIn password isn't the same as the password used for the email that signed up for LinkedIn. Despite the comments in that FAQ I linked, I really don't think LinkedIn is really hacking anyone or using any javascript-exploit to gain access to their Gmail account. I think it's just the questionable dark pattern... that I can't find anymore.