Donate

Use LinkedIn? Its New Email App Raises Privacy Concerns

| October 24, 2013
  • Share:
  • Facebook
  • Pinterest
  • Reddit
  • Email
File image. (Lisa Pickoff-White/KQED)

File image. (Lisa Pickoff-White/KQED)

LinkedIn’s Intro app looks really slick. The company boasts that it’s done the impossible by creating a product that automatically adds LinkedIn profile information to mail you receive in Apple’s iOS Mail client.

Say a stranger sends you an email. With Intro installed on your iPhone or iPad, you’ll be to see that person’s LinkedIn profile in the message and know whether they’re really a CEO trying to hire you or some sort of fake.

One security expert warns that Intro amounts to “hijacking email.”

But cybersecurity experts and tech analysts are warning that Intro poses a profound threat to individual and corporate privacy.

Vincent Liu, with the firm Bishop Fox, says the Intro app is a data grab that amounts to “hijacking email.” He published a fairly confrontational blog post about it today.

Once a user installs Intro, the app redirects email through LinkedIn servers so that the company can revise the emails to display a sender’s LinkedIn information. The app doesn’t otherwise alter the message contents.

“Still, it’s a major privacy and security issue because you’re giving LinkedIn access to every single email you get on your phone,” Liu said. “They don’t say what exactly they would store from each email, but just trust them to do the right thing.”

Liu says Intro gives LinkedIn “NSA-level” access to users’ email. The way the app works could also breach attorney-client privilege and doctor-patient confidentiality and violate a standard business rule that employees don’t let third parties read internal emails.

LinkedIn points out the app is an opt-in product, one “that helps you be brilliant with people.” If your boss forbids it or you don’t want it, then simply don’t install it.

The company says it’s not currently storing messages or analyzing emails for, say, key advertising words, the way Google’s Gmail and Yahoo Mail do.

But according to LinkedIn, there’s no language in the company’s privacy policy that expressly forbids them from doing that in the future.

Related

Explore: , ,

Category: News, Technology

  • Share:
  • Facebook
  • Pinterest
  • Reddit
  • Email

About the Author ()

Aarti Shahani is a reporter at KQED, focusing on business and technology. She came to San Francisco as a Kroc Fellow with NPR. She was part of the ProPublica team awarded an Investigative Reporters & Editors Award for Post Mortem – a series examining the unregulated coroner and medical examiner industry. Shahani got her Master’s in Public Policy from Harvard’s Kennedy School of Government, supported by the Paul & Daisy Soros Fellowship and a Public Service Fellowship. She studied globalization as an undergraduate at the University of Chicago. She was raised in Flushing, Queens – in the nation’s most diverse zip code. Reach Aarti Shahani at ashahani@kqed.org.

Comments are closed.