The Cookie Crumbles: The Hidden Costs of LinkedIn Ranking Tools

There's a growing number of web tools promising insights into LinkedIn rankings and audience demographics. While tempting, the value of this information should be carefully weighed against potential privacy risks.

Why?

Many of these web tools demand extensive access, including full cookie access and control over services like your calendar and email. This level of permission raises serious privacy concerns.

I recently came across an interesting Quora question about the safety of web cookies.

A Quora Bot provided an answer to the question.

Web cookies are generally considered safe as they are small pieces of data stored on a user's device by websites to remember stateful information or to record the user's browsing activity. However, there are some concerns related to privacy and security with cookies.

1. Privacy Concerns: Cookies can track users' browsing habits and preferences, which can raise privacy concerns. Some third-party cookies may be used for targeted advertising, which some users may find intrusive.
2. Security Risks: While cookies themselves are not harmful, they can be exploited by attackers in certain scenarios. For example, if a website does not properly secure its cookies, attackers could potentially steal sensitive information stored in those cookies.
3. Cross-Site Scripting (XSS) Attacks: Cookies can be vulnerable to XSS attacks where an attacker injects malicious scripts into a trusted website, which then can access the cookies of other users visiting that site.

To mitigate these risks, it's important for users to regularly clear their cookies, use browser settings to manage cookie permissions, and be cautious about the websites they visit and the information they provide online. Websites should also follow best practices in secure cookie handling to protect user data.

I found Mohamed's Quora answer on web cookie safety incredibly helpful. His clear explanations and examples made the topic accessible to everyone.

(Author: Mohamed, the post)

I assumed you tried google-ing it and you didn’t get it stiffed up.

Consider this example, you went to a store; you really enjoyed it’s products and actually bought a thing or two.

And then while cashing out, the clerk requested your phone number in order to update you whenever a big sale has started, and you decided to give him your number. Then the clerk goes and update your number into the company’s database.

Let’s say that this company has an imperium ability that whenever you decide to revisit the store, the company gets notified that YOU are wandering at the moment in their store. So they start recording your activites ( a purchase you made, routes you’ve took, just basically everything). After a week you re-visit the store again, stack some items, and proceed to check out as normal, further more you pay another visit the week after. Now the company will realize that you are a frequent visitor to their store, and from the history of your purchases, they exactly know what your purchases were.

Eventually your initial visits will only add information to them, to narrow it down abit, lets say you always buy your weekly groceries from them. Your essentials are for example milk, bread, and eggs. After you’ve visited them more frequently, they’ll get to know which items you mostly buy, therefor, after entering the store agian and while you’re in your shopping route, they’ll send an advertising agent to offer you a hot offer package that consists of (milk, bread, and eggs combined together) with a lower price for example.

You may either accept or decline their indulgent offer, howver; they have a high probability of you accepting this offer since they’ve been studying you for the past month.

Now to conclude this example, when you gave them your phone number, you gave them access to track all your acitivites WHENEVER YOU’RE INSIDE THEIR STORE.

NOW COMPUTER WISE, WHAT ARE COOKIES?

A Web, which uses HTTP, is stateless, meaning that whenever a browser sends request to the server and gets back the file, the SERVER just forgets that it has even communicated with this particular client. Actually it caused problems for some Websites that require their clients to register a membership to have a full access to the site’s services, this Website also has a free version for un-registered users.

The question that arises is How can this server distinguish between requests from a member and anyone else? This is solved by what you can call a “Cookie”.

A cookie is a small file, usually 4KB, that a Web browser store on user’s computer, allowing companies to track the user’s activites in cyberspace, not to mention, a cookie can supply additional information such as confidential information that might be leaked all over the Internet transferring the victim’s life into HELL. Those Web browsers store these cookies in a cookie directory on the user’s hard disk, unless ofcourse the user has disabled cookies. (Only enable cookies from trusted sites)

Cookies are just files, it could contain a virus, but since cookies are treated as data, it’s not executable; it won’t damage your platform. However, a hacker can exploit a browser bug and prove the opposite.

Once a user request a page to some Website, the user’s browser automatically check it’s cookie directory if any cookies that were placed by the domain the request is going to. If not found, the user gets a notification from the Website that requests the user to either agree to the terms or discard it away. If agreed, then the server starts interpreting the user’s journey at the site anyway it wants.

Think twice before granting access to third-party tools on LinkedIn.

Protecting your privacy and that of your connections is more important than satisfying your curiosity about ranking status.

PS: In the worst-case scenario, granting access to third-party tools could potentially expose your LinkedIn account to vulnerabilities, allowing unauthorized parties to exploit your data or even take control of your profile.