LinkedIn is a pretty intrusive social network, all considered. I get spammed by the site constantly (often using faked email headers) whenever someone wants to connect with me, is fishing for a recommendation or wants to add me to some group. The site is always trying to get me to leave my current job for another. And if I view someone’s profile, they’re notified by default that Fox Van Allen, Freelance Writer in the Greater Los Angeles Area, has visited.
And if all that wasn’t enough, now I have a new reason to distrust LinkedIn. Earlier this week, the company released a new feature for iOS devices called Intro that displays LinkedIn profiles directly from your default iPhone mail client. According to LinkedIn, Intro lets you “see photos, job experience, and connections in your email,” allowing you to “use the insights you get to write more effective emails.” To do so, however, Intro changes the settings of your phone such that all your emails are routed through LinkedIn's company servers.
If that sounds terrifying from a privacy perspective, that’s because it is. With Intro, LinkedIn gets access to every email you write on the associated email account, no matter how sensitive or private. There’s no way of telling exactly what data of yours LinkedIn will store. Intro will be keeping track of which of your contacts aren’t on the social network so it can spam them later. And Intro even tacks its own LinkedIn signature to your outgoing emails, turning you into a commercial for their site.
Naturally, Intro is getting panned by security experts nationwide. Security industry analyst Graham Cluley says that, “from the security and privacy point of view it sends a shiver down my spine.” Runa Sandvik of the Tor Project slammed Intro as a “man-in-the-middle” effort. And security consulting firm Bishop Fox warns that sending your email through LinkedIn servers could void attorney-client privilege and likely violates your company’s security policy.
For its part, LinkedIn has defended its Intro offering, saying that passwords and email contents are not permanently stored, and that “all communication from the Mail app to the LinkedIn Intro servers is fully encrypted.” Of course, that only means you’re secure so long as LinkedIn is secure. Last year, millions of LinkedIn accounts were hacked due to poor data security measures.