Archive for juin 10th, 2024

Linkedin Access to your account has been restricted – Final debrief and resilience plan

2024 May 30th, cruising along the internet, doing my posts, sending some contacts invites, and giving shit to the #clowd as usual (cloud=leak, connected=hacked). Damn, no public cloud for anything else than public data. Please.

Did my morning routine, and went for lunch. Checked my phone, and an email from linkedIn came in :

I read this, and I’m like, hell, someone tried to hack my account ! And I even feel thankful that LinkedIn actually protected my account from this fraudulent activity ! … You know, I rant against the cloud, I point security issue hoping people avoid them, I collaborate, share awareness and do things for good. (I don’t want my private data to leak from the cloud, or anyone else’s data either).

I want security and privacy by default and by design. So I wrap my lunch and go on the computer.

Try to login to figure what the hell (is this that PDF that a random guy sent me for review ? Did it steal my oauth session ? … all this kind of things cross my mind. When you are sharing a lot of strong opinions like me, you always have bunch of haters ).

And that’s the screen I get :

I read this, especially the part that says « your content doesn’t comply with our Professional Community Policies », and then I’m like, WTF is this ! Double check the rules, nah, nothing really. Doesn’t make sense.

So I’m like, I’ll wait a bit, I assume I’m just logged out. Check LinkedIn help, but when you are logged out like this, you can’t access much !

I start to get paranoid, I think I really annoyed the cloud gods (M$), or maybe it was that post that I made, about Quebec government who was about to waste billions of dollar in this shitty public cloud mixing Azure and AWS… but I didn’t make it up, it was just highlighting public info from main stream article (I’m always careful, only share information from known sources, despite all the tips and disclosure I receive, I’m careful, avoiding lawsuits and liability).

Part of my company activity is managing LinkedIn pages for other businesses, Cyber Security firms, and others. I also post brand partnership content, like the amazing Cynomi company, which I also use for my vCISO work. Being locked out, I can’t deliver my engagement (writing content, posting on their behalf)…

I try to login again, same BS « content doesn’t comply with our… », can you tell WTF you didn’t like ? nope, they won’t.

I start to search online, and I realize that this is happening to bunch of people, which I never realized (I’ve been shadow banned, but I could still access my content, not this time), and I found this :

Again, I wonder what did I do wrong ? I get hooked to « too many connection requests », true that, I sent dozens of them in the past week, to CISOs, CSOs, CIOs… you know, getting more insight, and visibility.

I let this go for the night and hope that next day stuff is resolved, after submitting many support requests on LinkedIn public help pages. These are frustrating because when you post/submit the form, you get redirected to a related topic, and get no confirmation whatsoever, no email, nothing.

Next day I ask my buddies on signal if they still see me, nope… ask other buddies, not only they don’t see me, but our chats are now showing a warning, that malicious content was sent to them (almost looking as a criminal), although it shows « linkedin member », with difference warnings, the softer like this one :

And for some others, a red warning, or black warning.

I think, the worse is that you have NO IDEA WHY ! You don’t know what you did wrong.

I know tons of LinkedIn people, I did mentorship, I’ve been invited to record LinkedIn courses (which I didn’t have time to at the time), yet, we did interviews. As LinkedIn top voice in 2020, they verified my ID, sent me a hoodie from LinkedIn, with a thank note (hell they know where I live). It’s not like if they don’t know me.

I verified my ID, I’m cleared for some sensitive things too, government and linkedin knows it all.

But at this point, I realize that I didn’t keep most of the info out of LinkedIn. My speaking engagement history, my certifications, all of this, no track !

At the same time, I still try to figure what did go wrong, what did I do ! Was it a sponsored link that I forgot to check as « brand partnership » ? …. to be banned like this, it must be serious (well it’s not ! )

Thankfully, some communication happened by email, and some key contact swho invited me to events where I actually had lunch at the table with LinkedIn infra management and others !! (damnit, we are connected on LinkedIn, but not outside), well, the person that got me as guest, is in my inbox.

I email him, and it starts ! What I didn’t know is that LinkedIn has been wiping people like this for a while, and that it has gone totally nuts. My friend is so pissed, he sends email to Linkedin CEO, and head of trust and safety. At the same time, I start to receive emails from partners and friends.

People have no idea why you disappear, and you have no way to tell them, no I didn’t die, I didn’t kill myself. Some of you know, second half of 2023, I went in bad bad burn out, chronic stress and anxiety, and I did stay offline for a few months.

One of my partner send me this beautiful email :

(the type of kindness that get some tears in my eyes, in adversity, true people shine, and some other show they are real fuckers)

Feeling support from your business partners, friends, and network is critical as you are deleted from the professional world. Let’s say it, LinkedIn is where business connects, if you’re forced out, that’s over. I know other platforms exist, but business and job, that’s LinkedIn (for now).

Then it escalates, my partners from all over the world who work WITH linkedin, reach out to their contacts. I’m also member of many groups, one of them being Hackers Without Borders. People that do good and help others.

As soon as they heard about it, they kicked in, coordinated response, they had to fight big corporations before for abuses, these guys are no kids. The team coordinate and start a public communication campaign. (I know a LOT of people, I helped big organizations, countries, governments, law enforcement, and others, I mean, I’d never bug them for favor, unless it’s becoming critical, I could have escalated, way more).

They started to post this « Alexandre Blanc missing » picture :

I gave the group as many contact names as I could remember. I did borrow the account of someone else, to browse some key contacts of mines, and help my memory to spot other people I was connected to.

Basically, the ones I have, from top of my head, direct discussions with. At the same time, I avoided customers, as much as doable, not to mix the situation.

And my buddies tag them in the post, then it started to blast ! People reaching out by email, on my blog here, as I did post about my deletion here.

Email started to get in, my twitter account started to receive messages, I started to be in CC with escalation all over. Specialist of social media account recovery kicked in.

I received support basically from all over the world, anywhere I gave conferences, webinar or brought value, they’ve shown support. From Malaysia to India, from Europe to USA, from Israel to the Emirates ! All over the planet, thousands.

Lawyers practices, activists, joined, lawyers and legal council speaking about coordinating class action, activists reaching to politics about the abuses of big tech. It was about to blow in the media, due to the lobbying groups, and contacts. A shit storm bigger than me.

I felt a bit scared, because it was way bigger than me. I didn’t control the response anymore.

A social media specialist gave me this URL, telling me, that’s the one with which they got success to recover accounts in such situation :

Keep this handy, it seems one of the most relevant page, if you tried all the other forms, as help pages are not easy to find when you are locked out.

On June 8th, at noon 10 days after I got kicked out, I received an email from LinkedIn customer support as follow :

First, after all the scenario and hypothesis that came to mind, everything I did read online, it was just that ?!!!!

I was like WTF, can’t you just hide the post for the time of the review ? (it did happen before, they’d tell you that post visibility is limited to you due to bla bla bla with a specific post) but locking me out 100%, a verified identity, linkedin top voice, because one link came at risk (and it was a false positive), what are you smoking ?!!!!

30 min later, I receive this email :

So, you tell me, that you deleted my account, blocked my business, make me appear as a criminal to all my contacts who looked for messages, because of a false positive !! Are you kidding me ?

Not only this, but it takes 2 days to restore everything, so that’s 12 days of business loss (as content creator and social media service provider) !!! 12 DAYS !

I know I’m lucky, because dozens of people reached out, in the same situation, some are still locked out, after weeks, some months ! I complain about 12 days, but the platform killed many businesses with its erratic behavior and fake positives.

Key aspects to consider here when you are « restricted » :

  • You better keep your contacts out of this platform, make sure you have a good old address book
  • You better keep a copy of all your content, profile, articles, etc, on an external platform (I’ve my speaking engagement history that was stored in an article, I didn’t have it anywhere else), same thing with my profile / bio.. only up to date was on linkedin.
  • You better keep another, if not many other platforms active, like X. I know it’s not better, but this is where people, businesses, have accounts for most. You have to be where people are.
  • Then for sure you should have a mastodon account, and ideally, your own blog, on your own server, with your own backups.
  • You should make sure you keep your key contacts on signal / telegram. When getting in touch with people, I never want to bug them or disturb, and I’m most of the time shy to even ask for a phone number (I don’t like when people call me either :P you know, geek :P ). But hell, you need to keep this information.
  • You should be part of communities outside of linkedin, signal groups, I don’t know, FSF, EFF, and others, making sure you know people and had even an online call with them. This way, you know who’s who and it’s more easy to get support if need be.

What I’ll do differently from now on ?

  • I’ll post both on linkedin AND X (twitter) for redundance
  • I’ll keep contact information out of LinkedIn as much as doable (good old email is good enough sometimes)
  • I’ll post more on my blog, here, because it’s mine. I can say « shit, fuck, cloud is shit » or any fuckery I want, it’s my stuff. (sorry for swearing, it’s just that I won’t censor myself)
  • I’ll trust goodwill a bit more. I tend to be paranoid, but community has been amazing, they gave me hope !
  • I’ll learn more and adjust overtime

Did they try to delete me because I’m challenging the public cloud for all its abuses and weaknesses ? what is the real reason behind the suspension ? I really can’t believe an link triggered that.

I think they may have run into a quick BS fake reason, seeing the amount of support growing. I like to think this. I can’t believe it could be as dumb as a false positive. But who knows.

So what’s the resilience plan :

  • Make sure you have multiple accounts as admin or content admin on the pages you manage, including your own company
  • Make sure you leverage the network you build outside of linkedin
  • Make sure you keep multiple channels on multiple platforms (with MFA and all) so as people can reach out
  • Keep an active website, or blog, so as you still have a way for others to share the information you want or need.
  • Check on your contacts on a regular basis, check your LinkedIn messages, and see who suddenly turned into « LinkedIn Member ». It would be cool to keep an intro message in all conversation with « Hi, I’m firstname, lastname, happy to bla bla bla », so as when the name is deleted, you know who it was.
  • Back your linkedin connection with a personal welcome email.
  • Ok, it’s late, I’m tired. I may add more later on this. All the best !


lundi, juin 10th, 2024 Technologie Aucun commentaire
Not f'd — you won't find me on Facebook
juin 2024

Suivez moi sur twitter - follow me on twitter
Follow on LinkedIn
[FSF Associate Member]
Free Software, Free Society
Compacter une image virtualbox VDI
Bon petit tutoriel esxi
Marche d'appliances vmware
Installer ESXi sur un disque IDE
Installer ESXi 3.5 sur un disque USB
Installer proxmox avec DRBD et migration / réplication à chaud
Installer OSSEC avec VMware
Information sur le VDI
Ouvrir des ports dynamiquement iptables - knockd
Autre tres bon tuto knockd
Docs Arp poisoning - Anglais
Metasploit test de pénétration
Zone H - sites piratés en temps réel
Blog invisible things
Tips protection sécurité wordpress
Pfsense - distribution firewall opensource - adsl internet failover
Iproute 2 mini how to - linux advanced routing
ClearOS - la passerelle sécuritaire lan - wan
CDN - Accélération de la distribution de données
drbd iscsi ocfs2 dm multipath tutoriel
Load balancing LVS
Load balancing opensource list
HA-Proxy :
HAproxy - http load balancer
Simple tutoriel HAproxy
HAproxy - debian tutoriel
Centos - Ip failover
Configuratoin DM-Multipath Redhat
VMware Doubletake - continuité
Quelques liens sur la réplication MySQL : Manuel MySQL, chapitre sur la réplication
Manuel MySQL, Tutoriel clair sur la mise en place
Autre tuto sur la mise en place de la réplication MySQL
Références pour optimisation du serveur MySQL
Utilisation de EXPLAIN mysql pour optimiser vos bases
optimiser vos bases - requetes et index
Un outil de clonage disque en reseau
Internet NAS 250Go 250 accès VPN
Server ISCSI avec Ubuntu tuto
ISCSI centos redhat tutoriel
Gérer et étendre un LVM
Créer sa piratebox ! trop cool
Deaddrops, les clés USB dans les murs, aussi cool !
Télécharger Xenu
Comment utiliser Xenu
optimisation hébergement wordpress
Super howto wordpress (En)
Test de charge serveur web - Load impact
Zeroshell - le mini-routeur wifi tout en un
Retroshare, votre réseau d'échange crypté!
Openvpn sur centos redhat
Intégrer Linux dans active directory
Routage inter-vlan avec Linux
Routage avec OSPF
Network Weathermap
Boutons twitter
Analyser les tendances des recherches Google
Protocole sitemap - robots.txt
Creer des animations CSS3
Code php pour interagir avec twitter
E reputation
TRUCS ET ASTUCES GNU/LINUX : - Actus et tips linux
Configurer GRUB2 et grub2 ici
Panoet - en anglais - tips & tricks
Readylines tips and trick pertinents
Squid Clamav - proxy antivirus
Apprendre Unix en 10 minutes
13 tips sur les expressions régulières
IE Sous linux IES
LDAP 2.4 Quickstart guide
Tutoriel LDAP
Installation annuaire LDAP
Serveur Mail Postfix - Dovecot - LDAP - MDS
Créer un linux personnalisé en ligne - custom linux
Super site sur linux - en
Capistrano - déploiement automatisé
Nagios tutoriel et doc
Nagios plugin NRPE tuto
Nagios plugin NRPE autre tuto
Nagios plugin NRPE officiel
Zabbix - fonctionnalités
Zabbix - installation
Guide MRTGsys - grapher la charge locale
MRTGsys - ajouter des graphs
MRTGsys - interpréter les données
Shinken - Monitoring
Thruk Monitoring webinterface
Shinken - Tutoriel
Shinken - Référence chez Nicolargo
RemixJobs IT jobs
USB Multiboot
Reset mot de passe windows
Java python et autres tips, intéressant !
Forum inforeseau
Open Clipart
Excellent comic en ligne