There was a time when proving you owned an online account meant demonstrating control of the email address tied to it.
Apparently that is no longer enough.
Recently, LinkedIn restricted my account after claiming there had been suspicious activity. Fine. These things happen. If a platform sees something unusual, I would much rather it act cautiously than simply shrug and let someone stroll into my account.
But here is the part that matters: I had not seen any actual evidence of suspicious activity on my account. I had not seen some obvious unauthorized posting spree. I had not been dealing with visible account tampering. What I had was LinkedIn telling me there was a problem and instructing me to change my password.
So I did what a reasonable person would do. I complied with their request. I changed my password through LinkedIn's official process, exactly as they told me to do.
And that is when things got worse.
Instead of resolving the issue, I was thrown into an endless loop of CAPTCHA challenges and prompts that kept steering me toward Persona verification. Solve the CAPTCHA, go around again. Try again, same result. Instead of feeling like I was securing my account, it felt like I was being funneled toward a process I had already decided I did not trust.
Meanwhile, I was contacting support from the same company email address that has been associated with the account for decades. I still control that address. I still own the company behind it. LinkedIn was actively corresponding with me at that same address.
And yet none of that seemed to matter.
The recovery options they kept pushing boiled down to this: hand over a government ID and a selfie to a third-party verification service, or print forms, track down a notary, and burn half a day proving what should already have been obvious.
That was the moment the issue stopped being about account security and started becoming something else entirely.
It became a lesson in how modern platforms increasingly treat long-time legitimate users as strangers unless those users are willing to submit to whatever identity ritual has been placed in front of them.
That is where LinkedIn became LinkedOut.
Security is not the problem
Let me be clear about that.
The problem is not that LinkedIn wanted to protect the account. The problem is not that they responded to suspicious activity. The problem is not even that they wanted additional verification.
The problem is that there seemed to be no meaningful sense of proportion.
If a platform has a long-established account tied to a long-established business email, and the user is replying from that very email address in an active support thread, common sense ought to count for something. Context ought to count for something. History ought to count for something.
Instead, the process acted as though all of that history was irrelevant.
In other words, the system was not evaluating trust. It was enforcing procedure.
That distinction matters more than a lot of companies seem to realize.
A process can be secure in the abstract and still be unreasonable in practice.
The disappearing middle ground
What struck me most in this whole exchange was the disappearance of any middle ground.
This was not a situation where I was refusing to engage. I was not ignoring support. I was not replying from some random address. I was not trying to bypass security entirely. I was saying something much simpler:
I still control the long-established email tied to this account. If you want to verify me through that channel, do it.
That should not be a radical position.
In fact, for many years that would have been considered the obvious and normal way to handle a problem like this. Send a code. Confirm control of the address. Restore access. Move on with life.
And what made this more aggravating was that LinkedIn's own website lists a straightforward recovery path involving sending a passcode to your business email. In other words, the lower-friction path was not some fantasy I invented in anger. It was right there in their own published material.
Yet when it came time to actually use it, that middle ground seemed to vanish.
Instead, we are drifting into a world where email ownership, account history, and plain common sense all seem to carry less weight than whether you are willing to feed your identity into an outsourced verification pipeline.
That is not progress. It is just a different kind of friction.
Privacy is not guilt
One of the uglier assumptions built into many of these systems is that if you hesitate to provide highly personal information, your hesitation itself starts to look suspicious.
I reject that completely.
Saying no to a third-party identity service is not evidence of wrongdoing. It is not evidence that the account is fake. It is not evidence that the person behind the support ticket must be an imposter. It is a privacy decision.
A reasonable one, at that.
I am not interested in handing a selfie and a government ID to some outside verification service I did not choose, do not know, and do not trust simply because a platform has decided that this is now the price of admission.
That does not make me difficult. It does not make me paranoid. It means I still believe there should be limits.
And if a company cannot distinguish between a fraudster avoiding verification and a legitimate user objecting to an invasive process, then the company has a design problem, not just a security problem.
Support by script
To be fair, the person on the other end of the support email almost certainly did not create this policy. They did not choose the verification vendor. They did not design the recovery system. They were likely following a narrow set of approved options and responses.
That is often how these things work now.
The front-line support person becomes the human face of a system that has already decided what the answer will be. The conversation appears personal, but the outcome is procedural. The human being in the loop exists mainly to restate the same choices with slightly different wording.
That is one of the reasons these interactions feel so exhausting. You are not really negotiating with a person. You are bouncing off a policy that has been turned into email.
And once you realize that, the whole thing becomes much easier to see clearly.
You are not failing to explain yourself well enough. You are not one better-crafted paragraph away from a breakthrough. You are standing in front of a locked door whose purpose is to keep everyone moving through the same gate.
Friction is a product decision
This is the part more companies need to hear.
What users experience as aggravation, wasted time, dead ends, and privacy invasion is not just an unfortunate side effect of security. It is a product decision.
Every extra step is a product decision.
Every outsourced identity demand is a product decision.
Every refusal to honor lower-friction alternatives is a product decision.
Every moment when a long-time legitimate user feels less like a customer and more like a suspect is a product decision.
Companies like to talk about security as though it arrives from the heavens on stone tablets, beyond discussion and beyond design. But security is implemented by people making tradeoffs. Those tradeoffs have consequences. Some of those consequences are technical. Some are financial. Some are reputational.
And some are much simpler than that.
Some of them just make people decide your platform is no longer worth the hassle.
The account is not always worth the ritual
That may be the most useful thing this situation clarified for me.
At some point you have to stop and ask a very practical question: is this account actually worth recovering at the price being demanded?
In my case, the answer was no.
I used LinkedIn mainly as one more place to post articles. That was it. It was not central to my business. It was not central to my daily work. It was not central to my relationships. It was another publishing channel. Useful, perhaps. Convenient, sometimes. Essential, not even close.
Once I looked at it that way, the fog lifted.
I did not need to keep wrestling with a process I found unreasonable. I did not need to keep spending time and mental bandwidth trying to persuade a scripted support system to honor its own published alternatives. I did not need to prove my innocence to a machine-assisted bureaucracy for the privilege of maintaining one more online outpost.
Sometimes the healthiest answer is simply this:
No. This is not worth the trade.
There is a kind of freedom in that.
What this says about the broader web
This is not really just a LinkedIn story.
It is a story about the larger shift happening across the internet, where platforms increasingly centralize power, externalize friction, and normalize invasive recovery methods while calling all of it trust and safety.
Sometimes trust and safety are real. Sometimes they are necessary. Sometimes they genuinely protect users.
And sometimes they become the polished language used to justify processes that are impersonal, excessive, and disconnected from lived reality.
A long-established user with a long-established email address should not feel like a stranger at the door of an account they have had for years.
Yet that is exactly how these systems now behave.
They have become very good at handling identities as records.
They are not nearly as good at recognizing people.
When LinkedIn became LinkedOut
That is what this experience finally came down to.
Not a dramatic privacy scandal. Not some grand moral panic. Just a simple realization that the platform had crossed a line where continuing to participate no longer felt reasonable.
If the price of recovering a decades-old account is to submit to a process I do not trust and do not accept, then the answer is simple.
You can keep the account.
What companies too often miss is that when you replace proportionality with procedure, and trust with ritual, and common sense with outsourced friction, you do not merely secure the gates.
You also encourage perfectly legitimate people to walk away from them.
And that is how LinkedIn becomes LinkedOut.
Where this goes next
This is the broader issue behind the companion guide, When Account Recovery Becomes Privacy Surrender
That guide steps back from my LinkedIn experience and looks at the bigger question: when does account recovery stop being reasonable, and when is the privacy trade simply not worth it?
-- Charles