███████╗██╗ ██████╗ ███╗ ██╗ █████╗ ██╗ ██╗ ██╗███╗ ██╗ ██████╗ ██╗███████╗███████╗ ██╔════╝██║██╔════╝ ████╗ ██║██╔══██╗██║ ╚██╗ ██╔╝████╗ ██║██╔═══██╗██║██╔════╝██╔════╝ ███████╗██║██║ ███╗██╔██╗ ██║███████║██║ █████╗ ╚████╔╝ ██╔██╗ ██║██║ ██║██║███████╗█████╗ ╚════██║██║██║ ██║██║╚██╗██║██╔══██║██║ ╚════╝ ╚██╔╝ ██║╚██╗██║██║ ██║██║╚════██║██╔══╝ ███████║██║╚██████╔╝██║ ╚████║██║ ██║███████╗ ██║ ██║ ╚████║╚██████╔╝██║███████║███████╗ ╚══════╝╚═╝ ╚═════╝ ╚═╝ ╚═══╝╚═╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═══╝ ╚═════╝ ╚═╝╚══════╝╚══════╝
// Privacy Audit · Professional Networks · 2026
Who sees what you think is private · LAST SYNC 2026-04-22
/audits/00-overview.md
You built a LinkedIn profile to get hired. Great. In the process you handed over: your full employment history, every company you interviewed at, your graduation year (= your age), your network graph (= who you know), the posts you linger on (= what you care about), your location (= where you live), and — since late 2024 — a license for some or all of that data to train AI models.
That trade might be worth it. For most people, it probably is. But it's a trade, not a gift. This audit exists so you know what you're trading, platform by platform, before you sign up for the next one.
The product is not the network. You are the network. The product is the inferences drawn from you.
┌──────────────────────────────────────────────────────────────────────────┐ │ DATA FLOW : YOU → PLATFORM │ ├──────────────────────────────────────────────────────────────────────────┤ │ │ │ [ YOU ] │ │ │ │ │ ├─── real name + photo + work history ──► [ PROFILE DB ] │ │ │ │ │ ├─── connection graph (who you know) ───► [ NETWORK GRAPH ] │ │ │ │ │ ├─── posts you read / pause on ─────────► [ BEHAVIORAL MODEL ] │ │ │ │ │ ├─── messages sent (inc. "private") ────► [ MESSAGE STORE ] │ │ │ │ │ ├─── IP + device fingerprint ────────────► [ IDENTITY GRAPH ] │ │ │ │ │ └─── search queries on the platform ────► [ INTENT MODEL ] │ │ │ │ ┌──────────────────────┴──────────────────────┐ │ │ ▼ ▼ │ │ [ ADVERTISERS ] [ AI TRAINING ]│ │ [ RECRUITERS ] [ DATA BROKERS]│ │ [ PARENT CO. ] [ GOV ORDERS ]│ │ │ └──────────────────────────────────────────────────────────────────────────┘
fig_01 — where your data goes after you click "I agree"
Pick your target for audit
This guide is modular. You don't have to read it in order. Each platform gets its own audit file, covering: what's collected, what's inferred, who receives it, how long it's kept, and what the recent breach / fine / policy-change history looks like. Start wherever you're most nervous.
What changed in 2024–2026
Three things you need to know about how the privacy landscape shifted:
- LinkedIn (Ireland) was fined €310 million by the Irish Data Protection Commission in October 2024 for GDPR violations related to behavioral advertising consent. This is one of the largest fines ever issued to a professional network.
- LinkedIn updated its privacy policy in late 2024 to explicitly cover AI training. Depending on your region and settings, profile data, posts, and activity may be used to train generative AI models. The opt-out exists but is buried.
- Indeed + Glassdoor merged accounts in April 2026. If you ever posted an anonymous review on Glassdoor, that review is now linked to your Indeed job-seeking identity via a "Connected Profile."
None of these are hypothetical. They're the reason this audit exists.
┌──────────────────────────────────────────────────────────────────┐ │ PRIVACY RISK QUICK SCAN │ ├──────────────────────────────────────────────────────────────────┤ │ │ │ LinkedIn [████████████████████████░░░░] HIGH risk: 8/10 │ │ Blind [██████████░░░░░░░░░░░░░░░░░░] MEDIUM risk: 4/10 │ │ Xing [██████░░░░░░░░░░░░░░░░░░░░░░] LOW-MED risk: 3/10 │ │ Peerlist [█████░░░░░░░░░░░░░░░░░░░░░░░] LOW risk: 2/10 │ │ │ │ Scoring: data volume × data sharing × jurisdiction × breach │ │ history × AI-training exposure │ │ │ └──────────────────────────────────────────────────────────────────┘
fig_02 — summary scoring · full methodology in /audits/audit.html
How to read each audit
Every platform page follows the same structure, so you can skim comparably:
WHAT IS COLLECTED— the explicit data categories in the privacy policy, plus what can be reasonably inferred.WHO SEES IT— parent company, declared third parties, governments with lawful-access rights, and in some cases advertisers.JURISDICTION— where the servers live and which legal regime applies.HISTORY— breaches, fines, policy changes, public incidents.WHAT TO DO— practical settings changes, even if you keep using the platform.