Privacy and security fears dog LinkedIn's new email service

LinkedIn wants its users to hand over their email experience, worrying many that security concerns have not been addressed.

Let’s say I work for your phone company. I call you and make an offer: most of your calls are from friends and family, but occasionally business contacts use your home number. If you want - and for no extra charge! - whenever that happens I’ll call beforehand to give you a biography of that person before connecting them to you. Y’know, so you’re better prepared. The only condition is that you need to let me screen all of your calls before they get to you, so I know when you’ll need me to call you first.

Interested? I’m guessing you’re not - it sounds like a reasonably large invasion of privacy for a negligible payoff. And yet it’s not far from the offer LinkedIn has made when it comes to your email, with a new service it calls Intro for its users who are on iOS:

What's happening under the hood: without Intro, your Mail app connects directly to the servers of your email provider (e.g. Gmail or Yahoo!) to download messages. With Intro, your Mail app connects instead to the Intro servers, which fetch messages from your email provider and then pass them back to your Mail app. As the messages pass through the Intro servers, we add the social context that helps you be brilliant with people.

For each of your emails, Intro tries to find the sender of the message on LinkedIn. If we find information, we include it at the top of the message, and you can tap to see more detail.

In other words, your emails go to LinkedIn, and then to you. If one of those emails is coming from someone with a LinkedIn account, it’ll stick a little bar at the top of the message containing a condensed version of that person’s LinkedIn account. And if you send an email to anyone else, it’ll have something similar at the bottom that links to your LinkedIn account. Here’s what it looks like (as mocked-up by LinkedIn):

It might seem like a lot of bother, but for LinkedIn it’s worth it if it means people choose to turn the iPhone’s default Mail app into a de facto LinkedIn app. The benefit for the user is that it makes it easier to sort the spam from the wheat, but for LinkedIn the benefit is that they get to define how someone experiences email. That’s a powerful way to get people to pay attention to your site - and LinkedIn is fully aware of just how many of its users ignore all those update emails it sends out all the time.

However, remember that LinkedIn is reading your emails to do this, in a way that exactly mirrors a man-in-the-middle attack. That’s a type of attack where someone slips in between two other computers on a network, intercepting each message that gets passed along and reading it as it goes. Sure, you might consent to it when it’s LinkedIn doing it, but it creates an attractive new target. The weakest point in the network isn’t you, or your email provider, any more - it’s LinkedIn. The site’s reputation as secure was damaged greatly by the hack of 6.5 million user passwords last year, so, perhaps understandably, people have been sceptical of how safe Intro is.

Blog posts like this one at security consultancy Bishop Fox lay out several perceived problems - such as that it appears to break cryptographic email, that it could mean you waive your legal right to attorney-client privilege in private correspondence, that it could violate your company’s security policy, and that LinkedIn is generally quite vague about the details of how Intro works - have forced LinkedIn onto the back foot.

Cory Scott, LinkedIn’s senior manager of information security, has written on the company’s blog to try and reassure users that Intro is nothing to fear. He writes:

Many things have been said about the product implementation that are not correct or are purely speculative, so this post is intended to clear up these inaccuracies and misperceptions.

When the LinkedIn Security team was presented with the core design of Intro, we made sure we built the most secure implementation we believed possible. We explored numerous threat models and constantly challenged each other to consider possible threat scenarios.

Scott claims that an outside security firm - iSEC Partners - has gone through Intro’s code “line-by-line”, and that Bishop Fox was incorrect to claim that Intro breaks cryptography.

However, take a look on social media, or through reddit, and you’ll see people making a point that it’s harder for LinkedIn to refute: even if Intro is secure now, social networks are notorious for updates that render things insecure, or things that were once private no longer being so. Not saying that LinkedIn would do this deliberately - obviously, they wouldn't - but mistakes happen. And for many, Intro looks like it could be a pretty terrible mistake in the waiting.

LinkedIn Intro rejigs how Mail works on iOS. (Photo: ekkiPics/Flickr)

Ian Steadman is a staff science and technology writer at the New Statesman. He is on Twitter as @iansteadman.

Getty
Show Hide image

How to think about the EU result if you voted Remain

A belief in democracy means accepting the crowd is wiser than you are as an individual. 

I voted Remain, I feel sick about this result and its implications for what’s to come. But I’m a believer in democracy. This post is about how to reconcile those two things (it’s a bit unstructured because I’m working it out as I go, and I’m not sure I agree with all of it).

Democracy isn’t just fairer than other systems of governance, it’s smarter. It leads to better decisions and better outcomes, on average and over the long run, than countries that are run by autocrats or councils of wise men with jobs for life. It is simply the best way we have yet devised of solving complex problems involving many people. On that topic, if you’re not averse to some rather dense and technical prose, read this post or seek out this book. But the central argument is that democracy is the best way of harnessing ‘cognitive diversity’ — bringing to bear many different perspectives on a problem, each of which are very partial in themselves, but add up to something more than any one wise person.

I don’t think you can truly be a believer in democracy unless you accept that the people, collectively, are smarter than you are. That’s hard. It’s easy to say you believe in the popular will, right up until the popular will does something REALLY STUPID. The hard thing is not just to ‘accept the result’ but to accept that the majority who voted for that result know or understand something better than you. But they do. You are just one person, after all, and try as you might to expand your perspective with reading (and some try harder than others) you can’t see everything. So if a vote goes against you, you need to reflect on the possibility you got it wrong in some way. If I look at the results of past general elections and referendums, for instance, I now see they were all pretty much the right calls, including those where I voted the other way.

One way to think about the vote is that it has forced a slightly more equitable distribution of anxiety and alienation upon the country. After Thursday, I feel more insecure about my future, and that of my family. I also feel like a foreigner in my own country — that there’s this whole massive swathe of people out there who don’t think like me at all and probably don’t like me. I feel like a big decision about my life has been imposed on me by nameless people out there. But of course, this is exactly how many of those very people have been feeling for years, and at a much higher level of intensity. Democracy forces us to try on each other’s clothes. I could have carried on quite happily ignoring the unhappiness of much of the country but I can’t ignore this.

I’m seeing a lot of people on Twitter and in the press bemoaning how ill-informed people were, talking about a ‘post-factual democracy’. Well, maybe, though I think that requires further investigation - democracy has always been a dirty dishonest business. But surely the great thing about Thursday that so many people voted — including many, many people who might have felt disenfranchised from a system that hasn’t been serving them well. I’m not sure you’re truly a democrat if you don’t take at least a tiny bit of delight in seeing people so far from the centres of power tipping the polity upside down and giving it a shake. Would it have been better or worse for the country if Remain had won because only informed middle-class people voted? It might have felt better for people like me, it might actually have been better, economically, for everyone. But it would have indicated a deeper rot in our democracy than do the problems with our national information environment (which I accept are real).

I’m not quite saying ‘the people are always right’ — at least, I don’t think it was wrong to vote to stay in the EU. I still believe we should have Remained and I’m worried about what we’ve got ourselves into by getting out. But I am saying they may have been right to use this opportunity — the only one they were given — to send an unignorable signal to the powers-that-be that things aren’t working. You might say general elections are the place for that, but our particular system isn’t suited to change things on which there is a broad consensus between the two main parties.

Ian Leslie is a writer, author of CURIOUS: The Desire to Know and Why Your Future Depends On It, and writer/presenter of BBC R4's Before They Were Famous.