On October 23rd, LinkedIn began offering Intro, their "Insights in your inbox", which allowed users to see LinkenIn (LI) profiles in their iPhone mail app. This extension of Apple's built-in iOS mail app is accomplished by routing email through a LI proxy server, where LI information is added to messages, which are then returned to the iPhone. According to Martin Kleppmann, senior software engineer at LI, "With Intro you can see at a glance the picture of the person who's emailing you, learn more about their background, and connect with them on LinkedIn." Here's a graphic that demonstrates how this works.
Intro immediately drew criticism from the IT security world, which pointed out that, in essence, Intro intercepted emails in order to inject LinkedIn information, a kind of "man-in-the-middle attack." Bishop Fox, a global security system, responded with the article "LinkedIn 'Intro'duces Insecurity", which listed ten reasons they considered it "a bad thing." These included concerns over attorney-client privilege, that LI changed the content of emails and a device's security profile, that it stores email communications, and its use could be a "gross violation of your company's security policy." They concluded their article by saying that the use of Intro at Bishop Fox would be banned on company devices until they could further investigate, and recommended that others do likewise and not introduce it into their environments.
Martin Kleppman responded to this criticism on the 24th, pointing out that Intro was an "opt-in" feature, requiring users to install it before being able to use it, and that usernames, passwords, and email contents are not permanently stored anywhere inside LinkedIn data centers, but instead, on your iPhone. (See the update on LinkedIn Intro: Doing the Impossible on iOS for a full list of Kleppman's reasons).
Since this story continues to develop and evolve, ISG recommends that LinkedIn/iOS users wait until all the facts are in so that they can make an informed decision on whether or not to use Intro.
- About LinkedIn Intro
- LinkedIn Intro: Doing the Impossible on iOS by Martin Kleppmann, Senior Software Engineer at LinkedIn (10/23)
- Graphic of Intro IMAP Proxy Service and iOS mail client
- LinkedIn ‘Intro’duces Insecurity by;Bishop Fox (10/23)
- LinkedIn wants the keys to your email for its innovative new Intro feature – but can you trust it? by Jon Russell, Asia Editor for The Next Web (10/24)
- LinkedIn’s Intro Feature Is Very Cool And A Spectacularly Bad Idea by Matthew Panzarino, writer for TechCrunch (10/24)
- The Facts about LinkedIn Intro by Cory Scott, Senior Manager, Information Security at LinkedIn (10/26)
- LinkedIn attempts to iron out security concerns surrounding Intro for iOS (author unknown, 10/26)
- LinkedIn defends security of Intro service by Michael Lee, Journalist, ZDNet (10/28)