Re: @dogged LinkedIn are dangerous amateurs
1. How bullshitable are they? That is, how strong is their validation that your identity is real and unique?
Given a disposable email address, you could get far enough to log in and you only need to be logged in to use this vulnerability. So, pretty bullshittable.
2. What's the difference between when another member should and shouldn't be able to see this information on the page anyway? (Or are you specifying that the registration email address can differ from that listed for limited publication in one's profile, and that if so it's the former that's being spaffed? That would indeed be extremely bad.)
A "connection" - somebody you've given access to your details - could just send you an on-site message which LinkedIn would spam you with anyway but they couldn't see your email address. They actually sell the addresses to employment agencies as a paid service, which I find ironic.
And yes, it's the registration address that's in the source.
3. Anecdotally, do you reckon there are many source-botherers on there? Clearly you are, but it always struck me more as a managers' playground. Just wondering if it has that many denizens who'd even consider viewing the source (not that this would mitigate the vuln really but...)
Put it this way - unless there's somebody you specifically wanted to connect with (I did) then if you're the kind to wrangle source code at the 'raw bits' level, you have no real reason to be on LinkedIn because it's only useful for getting you a job or finding somebody you used to work with. However, there an awful lot of developers of the type who struggle to find work on there, if you understand me.
Probably some of those get bored. Me, I just wanted to know what the plugin did so I installed it and looked at what it was really up to.