LinkedIn Intro - keeping your email safe

[Lifted]

https://intro.linkedin.com/micro/privacy

LinkedIn Intro integrates with your email, and we understand that this carries great responsibility. We respect the fact that your email may contain very personal or sensitive information, and we will do everything we can to make sure that it is safe..

Sounds good to me. :thumbsup:

http://www.bishopfox.com/blog/2013/10/linkedin-intro/

LinkedIn ‘Intro’duces Insecurity

Intro reconfigures your iOS device (e.g. iPhone, iPad) so that all of your emails go through LinkedIn’s servers. You read that right. Once you install the Intro app, all of your emails, both sent and received, are transmitted via LinkedIn’s servers. LinkedIn is forcing all your IMAP and SMTP data through their own servers and then analyzing and scraping your emails for data pertaining to…whatever they feel like.

“But that sounds like a man-in-the-middle attack!” I hear you cry. Yes. Yes it does. Because it is. That’s exactly what it is. And this is a bad thing. If your employees are checking their company email, it’s an especially bad thing.


Why is this so bad? Here’s a list of 10 reasons to start:

It’s not what they say, but what they don’t say

The privacy policy is ambiguous and vague.


“Does LinkedIn Intro disclose information to anyone else?” the answer is not “No.” It is “We will never sell, rent, or give away private data about you or your contacts.”

The astute reader must ask themselves:
How do you determine what is “private”?
What is considered “not private”?
Who makes the judgment call?

Even further:
Are you agreeing not to misuse “private data about [me]” as in the content of my emails or my LinkedIn profile information?
Are you agreeing not to misuse “[my] contacts” as in my contact list or “private data about…[my] contacts” such as the content of our communications?

The better question perhaps is, “How does LinkedIn know what you consider private?” I suspect the answer is that they don’t.