Linkedin Intro New Product: Convenience or User Tracking?
Two days ago, on the Linkedin Engineering blog, the entry “Linkedin Intro: Doing the impossible on iOS” appeared.
This product has not yet been covered on the hub, but in a nutshell - Linkedin offers to use a special IMAP proxy server that modifies the letters incoming to your iOS device by adding sender information from his Linkedin profile to them.
The technology itself as a whole is quite transparent, as can be seen from the following diagram.
I think that any thinking person will immediately feel a certain catch in this, which will make him think about what is hidden behind the proud reports that the team of engineers made the “impossible”
What does this threaten users with?
The legal side of the issue
In slightly more legal states, the transfer of official correspondence to a third party can cause quite serious problems, so users should think about whether to use this product. Taking into account the fact that linkedin is more often a tool for maintaining official contacts - then the email that will be in your profile and the correspondence from which will be proxied - most likely there will be your official one.
Intro modifies your letters
And as a result, it affects several problems at once:
- Letters signed by EDS will lose their authenticity - the signature will be invalid
- Encrypted emails are likely to be corrupted for the same reason.
- Blocks added to the email very quickly become the target of phishing attacks.
Linkedin Security Issues
Not so long ago, the linkedin user database was compromised , it is possible that further attacks will occur, as well as there is no guarantee that the crackers did not leave backdoors after the last hack.
I would like to be realistic - users of social networks are not clients of companies, and a resource of these companies. Profitability often depends on how much social network owners know about the nodes of this network. At a minimum, this allows you to target ads very accurately. Analysis of user correspondence (even automatic, like gmail) could provide a huge mass of invaluable information.
There is no guarantee that Linkedin will not retain your correspondence.
If I were an NSA ...
... and found out that some company installed its proxy on a huge number of smartphones and intercepts all the correspondence of their owners ... well, you understand, right?
In the end
A few related links:
- Linkedin Blog Announcement
- Discussion at Hacker News
- A post that reminded me that in RuNet the problem has not yet been covered and became the basis for this post
I will be glad to comments sent in private messages
Only registered users can participate in the survey. Please come in.
Another useless poll on Habré
- 0.8% Yes, I already installed Intro 5 for myself
- 73.6% No, I did not install and do not intend to. 421
- 25.5% What is Linkedin? 146