LinkedIn this week announced a new product called Intro that shows you LinkedIn profiles, right inside the native iPhone mail client. If you get an email from someone you don’t know, you can see at a glance their headshot, company, and title, with a button to let you add them to your LinkedIn network with one tap. Pull down on the strip to expand pretty much their whole LinkedIn profile, including the conections you share, their personal summary, work experience, education, etc.
Sounds great right? It does until you read this document that LinkedIn posted which describes how it works. Now very technical readers will be able to spot why this is a privacy nightmare right away. But for everyone else, I’ll translate for you. E-mails are redirected through LinkedIn’s servers. That’s right. Instead of going though your servers, your e-mail goes through their servers. LinkedIn analyze the e-mails for data for Intro to do it’s thing. Basically, the Intro service is a “man-in-the-middle attack.” Which means that anyone could attack the service for say a phishing attack, or someone could read your e-mail. After all, it’s not as if LinkedIn hasn’t been hacked before.
If that’s not bad enough, then there’s LinkedIn’s privacy policy for the service. It states that each piece of data is encrypted with a key that is unique to the user and his device. “The servers themselves are secured and monitored 24/7 to prevent any unauthorized access.” But that shouldn’t make you feel better because nobody has any idea what LinkedIn does with your e-mails while they are on their servers. Consider the fact that those e-mails could be business information that is confidential. Do you really want that exposed to LinkedIn? That’s brings me to my last point which is that it’s likely that this service would violate the security policies of many companies since corporate data is exposed to a third party.
If you want my advice, avoid Intro. It’s too much of a security risk for you and if you’re in a corporate environment, your company. That’s something that you don’t need. In the meantime, LinkedIn has some explaining to do.
Related
This entry was posted on October 26, 2013 at 11:33 am and is filed under Commentary with tags LinkedIn. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Why LinkedIn Intro Threatens Your Privacy
LinkedIn this week announced a new product called Intro that shows you LinkedIn profiles, right inside the native iPhone mail client. If you get an email from someone you don’t know, you can see at a glance their headshot, company, and title, with a button to let you add them to your LinkedIn network with one tap. Pull down on the strip to expand pretty much their whole LinkedIn profile, including the conections you share, their personal summary, work experience, education, etc.
Sounds great right? It does until you read this document that LinkedIn posted which describes how it works. Now very technical readers will be able to spot why this is a privacy nightmare right away. But for everyone else, I’ll translate for you. E-mails are redirected through LinkedIn’s servers. That’s right. Instead of going though your servers, your e-mail goes through their servers. LinkedIn analyze the e-mails for data for Intro to do it’s thing. Basically, the Intro service is a “man-in-the-middle attack.” Which means that anyone could attack the service for say a phishing attack, or someone could read your e-mail. After all, it’s not as if LinkedIn hasn’t been hacked before.
If that’s not bad enough, then there’s LinkedIn’s privacy policy for the service. It states that each piece of data is encrypted with a key that is unique to the user and his device. “The servers themselves are secured and monitored 24/7 to prevent any unauthorized access.” But that shouldn’t make you feel better because nobody has any idea what LinkedIn does with your e-mails while they are on their servers. Consider the fact that those e-mails could be business information that is confidential. Do you really want that exposed to LinkedIn? That’s brings me to my last point which is that it’s likely that this service would violate the security policies of many companies since corporate data is exposed to a third party.
If you want my advice, avoid Intro. It’s too much of a security risk for you and if you’re in a corporate environment, your company. That’s something that you don’t need. In the meantime, LinkedIn has some explaining to do.
Share this:
Like this:
Related
This entry was posted on October 26, 2013 at 11:33 am and is filed under Commentary with tags LinkedIn. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.