Privacy and security fears dog LinkedIn's new email service

LinkedIn wants its users to hand over their email experience, worrying many that security concerns have not been addressed.

Let’s say I work for your phone company. I call you and make an offer: most of your calls are from friends and family, but occasionally business contacts use your home number. If you want - and for no extra charge! - whenever that happens I’ll call beforehand to give you a biography of that person before connecting them to you. Y’know, so you’re better prepared. The only condition is that you need to let me screen all of your calls before they get to you, so I know when you’ll need me to call you first.

Interested? I’m guessing you’re not - it sounds like a reasonably large invasion of privacy for a negligible payoff. And yet it’s not far from the offer LinkedIn has made when it comes to your email, with a new service it calls Intro for its users who are on iOS:

What's happening under the hood: without Intro, your Mail app connects directly to the servers of your email provider (e.g. Gmail or Yahoo!) to download messages. With Intro, your Mail app connects instead to the Intro servers, which fetch messages from your email provider and then pass them back to your Mail app. As the messages pass through the Intro servers, we add the social context that helps you be brilliant with people.

For each of your emails, Intro tries to find the sender of the message on LinkedIn. If we find information, we include it at the top of the message, and you can tap to see more detail.

In other words, your emails go to LinkedIn, and then to you. If one of those emails is coming from someone with a LinkedIn account, it’ll stick a little bar at the top of the message containing a condensed version of that person’s LinkedIn account. And if you send an email to anyone else, it’ll have something similar at the bottom that links to your LinkedIn account. Here’s what it looks like (as mocked-up by LinkedIn):

It might seem like a lot of bother, but for LinkedIn it’s worth it if it means people choose to turn the iPhone’s default Mail app into a de facto LinkedIn app. The benefit for the user is that it makes it easier to sort the spam from the wheat, but for LinkedIn the benefit is that they get to define how someone experiences email. That’s a powerful way to get people to pay attention to your site - and LinkedIn is fully aware of just how many of its users ignore all those update emails it sends out all the time.

However, remember that LinkedIn is reading your emails to do this, in a way that exactly mirrors a man-in-the-middle attack. That’s a type of attack where someone slips in between two other computers on a network, intercepting each message that gets passed along and reading it as it goes. Sure, you might consent to it when it’s LinkedIn doing it, but it creates an attractive new target. The weakest point in the network isn’t you, or your email provider, any more - it’s LinkedIn. The site’s reputation as secure was damaged greatly by the hack of 6.5 million user passwords last year, so, perhaps understandably, people have been sceptical of how safe Intro is.

Blog posts like this one at security consultancy Bishop Fox lay out several perceived problems - such as that it appears to break cryptographic email, that it could mean you waive your legal right to attorney-client privilege in private correspondence, that it could violate your company’s security policy, and that LinkedIn is generally quite vague about the details of how Intro works - have forced LinkedIn onto the back foot.

Cory Scott, LinkedIn’s senior manager of information security, has written on the company’s blog to try and reassure users that Intro is nothing to fear. He writes:

Many things have been said about the product implementation that are not correct or are purely speculative, so this post is intended to clear up these inaccuracies and misperceptions.

When the LinkedIn Security team was presented with the core design of Intro, we made sure we built the most secure implementation we believed possible. We explored numerous threat models and constantly challenged each other to consider possible threat scenarios.

Scott claims that an outside security firm - iSEC Partners - has gone through Intro’s code “line-by-line”, and that Bishop Fox was incorrect to claim that Intro breaks cryptography.

However, take a look on social media, or through reddit, and you’ll see people making a point that it’s harder for LinkedIn to refute: even if Intro is secure now, social networks are notorious for updates that render things insecure, or things that were once private no longer being so. Not saying that LinkedIn would do this deliberately - obviously, they wouldn't - but mistakes happen. And for many, Intro looks like it could be a pretty terrible mistake in the waiting.

LinkedIn Intro rejigs how Mail works on iOS. (Photo: ekkiPics/Flickr)

Ian Steadman is a staff science and technology writer at the New Statesman. He is on Twitter as @iansteadman.

Getty
Show Hide image

Rarely has it mattered so little if Manchester United won; rarely has it been so special they did

Team's Europa League victory offers chance for sorely needed celebration of a city's spirit.

Carlo Ancelotti, the Bayern Munich manager, memorably once said that football is “the most important of the least important things”, but he was only partly right. While it is absolutely the case that a bunch of people chasing around a field is insignificant, a bunch of people chasing around a field is not really what football is about.

At a football match can you set aside the strictures that govern real life and freely scream, shout and cuddle strangers. Football tracks life with such unfailing omnipresence, garnishing the mundane with regular doses of drama and suspense; football is amazing, and even when it isn’t there’s always the possibility that it’s about to be.

Football bestows primal paroxysms of intense, transcendent ecstasy, shared both with people who mean everything and people who mean nothing. Football carves out time for people it's important to see and delivers people it becomes important to see. Football is a structure with folklore, mythology, language and symbols; being part of football is being part of something big, special, and eternal. Football is the best thing in the world when things go well, and still the best thing in the world when they don’t. There is nothing remotely like it. Nothing.

Football is about community and identity, friends and family; football is about expression and abandon, laughter and song; football is about love and pride. Football is about all the beauty in the world.

And the world is a beautiful place, even though it doesn’t always seem that way – now especially. But in the horror of terror we’ve seen amazing kindness, uplifting unity and awesome dignity which is the absolute point of everything.

In Stockholm last night, 50,000 or so people gathered for a football match, trying to find a way of celebrating all of these things. Around town before the game the atmosphere was not as boisterous as usual, but in the ground the old conviction gradually returned. The PA played Bob Marley’s Three Little Birds, an Ajax staple with lyrics not entirely appropriate: there is plenty about which to worry, and for some every little thing is never going to be alright.

But somehow the sentiment felt right and the Mancunian contingent joined in with gusto, following it up with “We’ll never die,” – a song of defiance born from the ashes of the Munich air disaster and generally aired at the end of games, often when defeat is imminent. Last night it was needed from the outset, though this time its final line – “we’ll keep the red flag flying high, coz Man United will never die" – was not about a football team but a city, a spirit, and a way of life. 

Over the course of the night, every burst of song and even the minute's silence chorused with that theme: “Manchester, Manchester, Manchester”; “Manchester la la la”; “Oh Manchester is wonderful”. Sparse and simple words, layered and complex meanings.

The match itself was a curious affair. Rarely has it mattered so little whether or not United won; rarely has it been so special that they did. Manchester United do not represent or appeal to everyone in Manchester but they epitomise a similar brilliance to Manchester, brilliance which they take to the world. Brilliance like youthfulness, toughness, swagger and zest; brilliance which has been to the fore these last three days, despite it all.

Last night they drew upon their most prosaic aspects, outfighting and outrunning a willing but callow opponent to win the only trophy to have eluded them. They did not make things better, but they did bring happiness and positivity at a time when happiness and positivity needed to be brought; football is not “the most important of the least important things,” it is the least important of the most important things.

0800 7318496