Privacy and security fears dog LinkedIn's new email service

LinkedIn wants its users to hand over their email experience, worrying many that security concerns have not been addressed.

Let’s say I work for your phone company. I call you and make an offer: most of your calls are from friends and family, but occasionally business contacts use your home number. If you want - and for no extra charge! - whenever that happens I’ll call beforehand to give you a biography of that person before connecting them to you. Y’know, so you’re better prepared. The only condition is that you need to let me screen all of your calls before they get to you, so I know when you’ll need me to call you first.

Interested? I’m guessing you’re not - it sounds like a reasonably large invasion of privacy for a negligible payoff. And yet it’s not far from the offer LinkedIn has made when it comes to your email, with a new service it calls Intro for its users who are on iOS:

What's happening under the hood: without Intro, your Mail app connects directly to the servers of your email provider (e.g. Gmail or Yahoo!) to download messages. With Intro, your Mail app connects instead to the Intro servers, which fetch messages from your email provider and then pass them back to your Mail app. As the messages pass through the Intro servers, we add the social context that helps you be brilliant with people.

For each of your emails, Intro tries to find the sender of the message on LinkedIn. If we find information, we include it at the top of the message, and you can tap to see more detail.

In other words, your emails go to LinkedIn, and then to you. If one of those emails is coming from someone with a LinkedIn account, it’ll stick a little bar at the top of the message containing a condensed version of that person’s LinkedIn account. And if you send an email to anyone else, it’ll have something similar at the bottom that links to your LinkedIn account. Here’s what it looks like (as mocked-up by LinkedIn):

It might seem like a lot of bother, but for LinkedIn it’s worth it if it means people choose to turn the iPhone’s default Mail app into a de facto LinkedIn app. The benefit for the user is that it makes it easier to sort the spam from the wheat, but for LinkedIn the benefit is that they get to define how someone experiences email. That’s a powerful way to get people to pay attention to your site - and LinkedIn is fully aware of just how many of its users ignore all those update emails it sends out all the time.

However, remember that LinkedIn is reading your emails to do this, in a way that exactly mirrors a man-in-the-middle attack. That’s a type of attack where someone slips in between two other computers on a network, intercepting each message that gets passed along and reading it as it goes. Sure, you might consent to it when it’s LinkedIn doing it, but it creates an attractive new target. The weakest point in the network isn’t you, or your email provider, any more - it’s LinkedIn. The site’s reputation as secure was damaged greatly by the hack of 6.5 million user passwords last year, so, perhaps understandably, people have been sceptical of how safe Intro is.

Blog posts like this one at security consultancy Bishop Fox lay out several perceived problems - such as that it appears to break cryptographic email, that it could mean you waive your legal right to attorney-client privilege in private correspondence, that it could violate your company’s security policy, and that LinkedIn is generally quite vague about the details of how Intro works - have forced LinkedIn onto the back foot.

Cory Scott, LinkedIn’s senior manager of information security, has written on the company’s blog to try and reassure users that Intro is nothing to fear. He writes:

Many things have been said about the product implementation that are not correct or are purely speculative, so this post is intended to clear up these inaccuracies and misperceptions.

When the LinkedIn Security team was presented with the core design of Intro, we made sure we built the most secure implementation we believed possible. We explored numerous threat models and constantly challenged each other to consider possible threat scenarios.

Scott claims that an outside security firm - iSEC Partners - has gone through Intro’s code “line-by-line”, and that Bishop Fox was incorrect to claim that Intro breaks cryptography.

However, take a look on social media, or through reddit, and you’ll see people making a point that it’s harder for LinkedIn to refute: even if Intro is secure now, social networks are notorious for updates that render things insecure, or things that were once private no longer being so. Not saying that LinkedIn would do this deliberately - obviously, they wouldn't - but mistakes happen. And for many, Intro looks like it could be a pretty terrible mistake in the waiting.

LinkedIn Intro rejigs how Mail works on iOS. (Photo: ekkiPics/Flickr)

Ian Steadman is a staff science and technology writer at the New Statesman. He is on Twitter as @iansteadman.

Photo: Getty
Show Hide image

The campaign to keep Britain in Europe must be based on hope, not fear

Together we can show the world a generous, outward-facing Britain we can all be proud of.

Today the Liberal Democrats launched our national campaign to keep Britain in Europe. With the polls showing the outcome of this referendum is on a knife-edge, our party is determined to play a decisive role in this once in a generation fight. This will not be an easy campaign. But it is one we will relish as the UK's most outward-looking and internationalist party. Together in Europe the UK has delivered peace, created the world’s largest free trade area and given the British people the opportunity to live, work and travel freely across the continent. Now is the time to build on these achievements, not throw them all away.

Already we are hearing fear-mongering from both sides in this heated debate. On the one hand, Ukip and the feuding Leave campaigns have shamelessly seized on the events in Cologne at New Year to claim that British women will be at risk if the UK stays in Europe. On the other, David Cameron claims that the refugees he derides as a "bunch of migrants" in Calais will all descend on the other side of the Channel the minute Britain leaves the EU. The British public deserve better than this. Rather than constant mud-slinging and politicising of the world's biggest humanitarian crisis since the Second World War, we need a frank and honest debate about what is really at stake. Most importantly this should be a positive campaign, one that is fought on hope and not on fear. As we have a seen in Scotland, a referendum won through scare tactics alone risks winning the battle but losing the war.

The voice of business and civil society, from scientists and the police to environmental charities, have a crucial role to play in explaining how being in the EU benefits the British economy and enhances people's everyday lives. All those who believe in Britain's EU membership must not be afraid to speak out and make the positive case why being in Europe makes us more prosperous, stable and secure. Because at its heart this debate is not just about facts and figures, it is about what kind of country we want to be.

The Leave campaigns cannot agree what they believe in. Some want the UK to be an offshore, deregulated tax haven, others advocate a protectionist, mean-hearted country that shuts it doors to the world. As with so many populist movements, from Putin to Trump, they are defined not by what they are for but what they are against. Their failure to come up with a credible vision for our country's future is not patriotic, it is irresponsible.

This leaves the field open to put forward a united vision of Britain's place in Europe and the world. Liberal Democrats are clear what we believe in: an open, inclusive and tolerant nation that stands tall in the world and doesn't hide from it. We are not uncritical of the EU's institutions. Indeed as Liberals, we fiercely believe that power must be devolved to the lowest possible level, empowering communities and individuals wherever possible to make decisions for themselves. But we recognise that staying in Europe is the best way to find the solutions to the problems that don't stop at borders, rather than leaving them to our children and grandchildren. We believe Britain must put itself at the heart of our continent's future and shape a more effective and more accountable Europe, focused on responding to major global challenges we face.

Together in Europe we can build a strong and prosperous future, from pioneering research into life-saving new medicines to tackling climate change and fighting international crime. Together we can provide hope for the desperate and spread the peace we now take for granted to the rest of the world. And together we can show the world a generous, outward-facing Britain we can all be proud of. So if you agree then join the Liberal Democrat campaign today, to remain in together, and to stand up for the type of Britain you think we should be.