LinkedIn wants iPhone users to sign-up for a new service called Intro. My advice? Don’t.
LinkedIn Intro extends the standard iOS Mail app in ways that Apple never intended to be possible, injecting HTML code into the top of the emails you receive so you can view someone’s LinkedIn profile alongside their message.
In a fairly self-congratulatory blog post entitled “LinkedIn Intro: Doing the Impossible on iOS”, LinkedIn engineers explain just how clever they have been.
And yes, to give them credit, from the engineering point of view it is pretty nifty. But from the security and privacy point of view it sends a shiver down my spine.
Rather than your iPhone connecting directly to your email provider’s servers (Gmail, Yahoo, etc), it will be connecting via LinkedIn’s proxy server instead – which will act as a middle-man in your email communications.
LinkedIn will then look at your email messages, and insert Intro information into each one.
In case you’ve forgotten, LinkedIn is the company which lost the passwords of over six million users last year.
LinkedIn also scooped up the contents of users’ iOS calendars, including sensitive information such as confidential meeting notes and call-in numbers – which they then transmitted in plain text, not encrypted.
LinkedIn is also, currently, the subject of a lawsuit alleging that they hacked into email accounts, in an attempt to mine address books.
Whether you believe that that lawsuit has merit or not, it’s clear that LinkedIn doesn’t have a spotless record when it comes to security and privacy.
I’m not suggesting that it has created LinkedIn Intro with any malicious intentions (unless you consider them injecting an advertisement for their its brand in every email malicious), but clearly security is not part of the company’s DNA – and that troubles me.
Furthermore, I find it hard to imagine any security-conscious firm being comfortable with its employees handing LinkedIn access to its emails.
And *why* do you even *need* LinkedIn Intro anyway?
If you receive a business email from someone, don’t they normally have a sig at the bottom explaining who they are, and who they work for?
What *real* advantage are you getting by having LinkedIn rifle through every email you receive? Is it just that they put it at the top of the message, rather than require you to scroll to the bottom?
The company says that you can trust them with LinkedIn Intro:
LinkedIn Intro integrates with your email, and we understand that this carries great responsibility. We respect the fact that your email may contain very personal or sensitive information, and we will do everything we can to make sure that it is safe..
Well, the first thing to do if you want to keep your very personal or sensitive information safe is to reduce the chances of a breach. Adding another link in the privacy chain which could be potentially exploited is not the direction you should be going in.
Don’t use LinkedIn Intro.
A few years back, in his blog, Steve Gibson posted the following comment about another company, but it applies equally to LinkedIn…
He states that the company has no assets exept our personal information and to make mony they have to “Monetize” it.
The complete post is available at:
http://steve.grc.com/2010/05/24/facebook-and-the-ford-pinto
A interesting read.
I'm not sticking up for LinkedIN but that's not entirely true in there case. They monetize their platform by charging users.
No, LinkedIn monetize their platform by charging companies
huge amounts of money for access to the data about users. At the
moment this seems to be mainly for recruitment and advertising
purposes, but with email data as well it can go way beyond
that.
Wait, so they alter any message you *retrieve*? That means
that even if I refuse to install this, they'll still have
access to any email I send to someone with this app
installed!
How do you feel about the Mailbox app in this respect?