惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Security Archives - TechRepublic
Security Archives - TechRepublic
爱范儿
爱范儿
Recent Announcements
Recent Announcements
AI
AI
V
Visual Studio Blog
H
Heimdal Security Blog
L
LINUX DO - 最新话题
Attack and Defense Labs
Attack and Defense Labs
宝玉的分享
宝玉的分享
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
W
WeLiveSecurity
人人都是产品经理
人人都是产品经理
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
WordPress大学
WordPress大学
S
Secure Thoughts
S
Security Affairs
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
N
News and Events Feed by Topic
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
博客园 - 聂微东
博客园 - Franky
阮一峰的网络日志
阮一峰的网络日志
Schneier on Security
Schneier on Security
Hugging Face - Blog
Hugging Face - Blog
Apple Machine Learning Research
Apple Machine Learning Research
Forbes - Security
Forbes - Security
The Cloudflare Blog
博客园 - 【当耐特】
酷 壳 – CoolShell
酷 壳 – CoolShell
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
月光博客
月光博客
有赞技术团队
有赞技术团队
博客园 - 司徒正美
博客园_首页
Recent Commits to openclaw:main
Recent Commits to openclaw:main
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
NISL@THU
NISL@THU
C
Cybersecurity and Infrastructure Security Agency CISA
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
P
Proofpoint News Feed
罗磊的独立博客
V
Vulnerabilities – Threatpost
S
Securelist
N
News and Events Feed by Topic
Cloudbric
Cloudbric
P
Proofpoint News Feed
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
V2EX - 技术
V2EX - 技术
小众软件
小众软件

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
The Box Ticked While You Read This: LinkedIn, AI Training, and the Switch You Did Not Flip
Vivian Voss · 2026-05-23 · via DEV Community

A sunny terrace high in the Hautes-Vosges mountains, forested summits and pines behind. A young developer has turned her open laptop around to face the viewer, the way you swivel a screen to show someone across the table, and she leans in from the side, pointing at it with one finger and a playful, knowing look. The screen shows a settings page: a breadcrumb reading

Not in the Brief, Episode 04

You are, in all likelihood, reading this on LinkedIn. Somewhere in your account settings sits a switch labelled "Data for Generative AI Improvement". For most members it is on. Almost none of them turned it on. This is the fourth episode of Not in the Brief, a series about the things software does that were never in the brief: the features that arrive switched on, the clauses that appear in an update, the defaults that assume your consent because you did not object to a notice you never saw. The aim is not outrage. It is awareness: what was added, how it works, and how you check and change it on your own account.

The Feature

The setting permits LinkedIn to use your data to train generative AI models. Two kinds of model, in fact: LinkedIn's own, and those of its affiliate, Microsoft, which owns LinkedIn and runs the Azure OpenAI service the platform draws on. The data in scope is your profile information and the content you post publicly: your posts, your articles, your comments. LinkedIn states that private messages are not used. That distinction matters, and it is worth stating plainly so the rest of this piece is not misread: this is about your public content, the part of LinkedIn you intended to be seen, becoming training material. It is not about your inbox.

The Introduction

The chronology is the interesting part, because it is where the brief and the execution part company.

On 18 September 2024, an updated LinkedIn privacy policy took effect. With it, the "Data for Generative AI Improvement" toggle appeared in members' settings, already enabled. The mechanism was opt-out: your data would be used unless you went and said no. On the same day, 404 Media reported that LinkedIn had begun using member data for AI training before its terms of service had been updated to disclose it. Asked about the gap, the company said it would update the terms "shortly". A brief, one observes, is conventionally agreed before the work begins, not retrofitted to it afterwards.

Europe and the UK were, briefly, an exception. On 20 September 2024, the UK's Information Commissioner's Office issued a statement welcoming that LinkedIn had paused the processing. LinkedIn confirmed it was "not enabling training for generative AI on member data from the European Economic Area, Switzerland, and the United Kingdom, and will not provide the setting to members in those regions until further notice". For a little over a year, "until further notice" held.

Then the notice came. On 3 November 2025, LinkedIn began using data from members in the EU, the EEA, Switzerland, the UK, Canada and Hong Kong to train its content-generating AI models, having announced the change some weeks earlier. The legal basis it relies on for this is "legitimate interest", a lawful ground under the GDPR that does not require prior consent, only that the interest be balanced against the member's rights and that an objection (the opt-out) be offered. So the switch that did not exist in Europe in 2024 exists everywhere now. Wherever you are reading this, it is in your settings, and it arrived pre-flipped.

The Mechanics

Three mechanical details determine what this actually means for you.

First, the direction. The setting is on by default. You are enrolled by inaction. To leave, you must act; to stay, you need only never look. This is the defining property of an opt-out, and it is why opt-outs and opt-ins produce wildly different participation rates from identical populations: the default is the decision, for everyone who does not make one.

Second, the scope. "Legitimate interest" is a legitimate legal basis; it is not a synonym for wrongdoing. But it is, in plain terms, the ground that lets an organisation process your data because it has decided the processing is justified, subject to your right to object. It is the courteous phrasing for "we may, unless you tell us not to". The GDPR requires that the objection be easy and that it be honoured. It does not require that anyone phone you first.

Third, and most important, the opt-out is forward-only. Switching the toggle off stops your data being used for training from that point onward. It does not retract what has already been used. For members in the regions switched on this November, that means the public content you posted before the cut-off is already within scope, opt-out or not. You can close the gate, but the herd that was already through it does not come back. This is not a quirk of LinkedIn; it is the nature of training data. A model does not forget a sentence because you later asked it to.

The Risk

It is worth being precise about what the risk is and is not, because the temptation in this genre is to reach for the language of surveillance, and that language would be wrong here.

This is not a breach. Nothing was stolen. The content used is content you chose to make public, and the controlling setting is documented and reachable in three clicks. If the story were "LinkedIn read your private messages", that would be a different and far graver piece. It did not, and this is not.

The risk is about consent and expectation, which is the entire remit of this series. A member who posts publicly on a professional network has a reasonable mental model of what that means: my words are visible, searchable, quotable by humans. The model most members do not hold, because nobody asked them to form it, is: my words are training data for a commercial model owned by my platform and its parent. The opt-out is documented. The announcement, for most members, was a footnote in a policy update they did not read, because almost nobody reads them, because they are written to be agreed rather than understood.

Here is the judgment, and it is a judgment about architecture and process, not about motive: default-on with a quiet notice is not a leak, and it is not a conspiracy. It is a design choice. It treats the absence of objection as the presence of consent, and it places the entire burden of awareness on the member. That is a legitimate strategy and a defensible one in law. It is also, precisely, a thing that was not in the brief. You joined a professional network. You did not, in any meaningful sense, agree to seed a model. The brief did not change. The execution did.

How to See It

The whole point of this series is that you can check, in under a minute, and then decide for yourself. On the web:

  1. Click your photo, top right, then Settings & Privacy.
  2. Open Data Privacy.
  3. Find Data for Generative AI Improvement (on mobile it sits under the same Data Privacy heading).
  4. Read which way it points. If it is on and you would rather it were not, switch it off.

That is the entire procedure. Two notes on what the switch does and does not do. It governs both LinkedIn's own training and the sharing of your data to Microsoft for model training, so it is one toggle for both. And it is forward-only, as above: turning it off protects what you post next, not what you posted before. There is a separate, more laborious route for objecting to or requesting deletion of past processing, via LinkedIn's data-access and objection forms, if you wish to pursue it; the toggle alone does not do that.

A Note on the Other Side of the Stack

There is a quiet structural lesson underneath this one, and it is the same lesson this series keeps arriving at from different doors. The reason a default could be set for you is that you are a guest on a platform whose defaults are not yours to set. On infrastructure you run yourself, the question "what is being trained on my data" has a different and duller answer: whatever you configured, which is nothing you did not choose. A FreeBSD box in your own cupboard does not enrol you in anything overnight; its defaults change when you change them, and the changelog is the commit you can read. That is not an argument that everyone should self-host their professional identity, which would be absurd. It is only an observation that the convenience of a managed platform and the authority over its defaults are sold as a single package, and the second half of that package is the half nobody reads. The price of not running the stack is that someone else sets the switches, and occasionally ticks one on your behalf.

Coda

None of this requires villains. It requires only a default, a quiet notice, and a population that, reasonably, does not read privacy policies for entertainment. The setting is lawful, the opt-out is real, and the content involved is content you published on purpose. The single thing missing was the asking.

So this is the asking, in reverse. If you have never looked, you do not know which way your own switch points. The looking takes thirty seconds and costs nothing. The only deadline that matters already passed, quietly, for everything you posted before it. The looking simply has to begin, ideally before the next policy updates "shortly".

Read the full article on vivianvoss.net →


By Vivian Voss, System Architect and Software Developer. Follow me on LinkedIn for daily technical writing.