10 reasons to fear LinkedIn’s new service

The business social media network wants to rout your email. The benefits to you are unclear

Topics: the daily dot, Linkedin, email, intro, internet privacy, NSA, National security, Privacy, , , ,

10 reasons to fear LinkedIn's new service (Credit: AP)
This article originally appeared on bishopfox.com and was reposted with permission on The Daily Dot.

Don’t make the mistake of thinking you’re [the] customer, you’re not – you’re the product.

– BRUCE SCHNEIER

LinkedIn released a new product today called Intro.  They call it “doing the impossible”, but some might call it “hijacking email”.  Why do we say this?  Consider the following:

Intro reconfigures your iOS device (e.g. iPhone, iPad) so that all of your emails go through LinkedIn’s servers. You read that right. Once you install the Intro app, all of your emails, both sent and received, are transmitted via LinkedIn’s servers. LinkedIn is forcing all your IMAP and SMTP data through their own servers and then analyzing and scraping your emails for data pertaining to…whatever they feel like.

“But that sounds like a man-in-the-middle attack!” I hear you cry. Yes. Yes it does. Because it is. That’s exactly what it is. And this is a bad thing. If your employees are checking their company email, it’s an especially bad thing.

Why is this so bad?  Here’s a list of 10 reasons to start:

1. Attorney-client privilege.

You use your email to stay in touch with everyone in your life from your family to your friends to your business associates. And you may exchange particularly sensitive messages with certain people like your lawyer, doctor, psychotherapist, or spiritual advisor. These communications are generally legally privileged and can’t be used as evidence in court – but only if you keep the messages confidential.

“If you let a third party have access to your privileged email, you could be waiving important legal protections,”

-MARCIA HOFMANN, ATTORNEY AND FORMER SENIOR STAFF ATTORNEY AT THE EFF

To be certain if you’re concerned about the legal effect of letting LinkedIn have unfettered access to your email, you should check with your counsel…on a system that doesn’t have Intro installed.

2. By default, LinkedIn changes the content of your emails.

Be aware that outgoing emails receive an additional signature.  Incoming emails receive additional LinkedIn profile data.  The introduction of new data sources into a medium rife with security issues such as email is a dream for attackers.  We’re curious how long until someone finds an innovative way to phish through Intro.



3. Intro breaks secure email.

Cryptographic signatures will break because LinkedIn is rewriting your outgoing emails by appending a signature on the end. This means email signatures can no longer be verified.

Encrypted emails are likely to break because of the same reason – extra data being appended to your messages.

If you forward an email to someone else, the LinkedIn profile data stays in the email. What if you don’t want it to?  What if they don’t want you to and it pisses them off?

4. LinkedIn got owned.

This happened last year, and estimates of 6.5 million usernames and hashed passwords were leaked to a Russian message board. They were using unsalted hashed passwords, which is a terrible design decision. LinkedIn has a documented history of insecure design practice.  So as anybody who has ever assessed a vendor would want to know:

a. Who did the security review of the Intro app?

b. Are there outstanding security vulnerabilities?

c. Can we see a copy of a Letter of Assessment?

5. LinkedIn is storing your email communications.

It’s metadata, or so they claim. In particular, the list of people with whom you communicated is saved because “If you are not connected with the person on LinkedIn, we may later suggest them as a connection on the LinkedIn website and in our other mobile apps.”

Think about it this way.  A vendor tells you they will install a device on your network that monitors all your email so they can insert their data into your emails.  They’ll do this for free – except they want to have unfettered access to all your emails and mine them for information about your users.  They don’t say what exactly they would store from each email, but just trust them to do the right thing.

6. LinkedIn is changing your device’s security profile.

Intro works by pushing a security profile to your device; they’re not just installing the Intro app. They have to do this in order to re-route your emails. But, these security profiles can do much, much more than just redirect your emails to different servers. A profile can be used to wipe your phone, install applications, delete applications, restrict functionality, and a whole heap of other things.

Most of your end users aren’t going to understand the impact of these changes, nor will they know how to reserve them if they wanted to do so. You are effectively putting your trust in LinkedIn to manage your users’ device security.

7. It’s probably a gross violation of your company’s security policy.

If your company’s policy (e.g. security, confidentiality, data classification, email) has anything about not disclosing sensitive data, it more likely says something like “Do not share sensitive data with third-parties.”

You’re probably violating that by installing Intro.

8. If I were the NSA…

…and I hear everyone’s mobile phones were routing their emails through LinkedIn…well I know where I’m having my next birthday party.

9. It’s not what they say, but what they don’t say

The privacy policy is ambiguous and vague.

“Does LinkedIn Intro disclose information to anyone else?” the answer is not “No.” It is “We will never sell, rent, or give away private data about you or your contacts.”

The astute reader must ask themselves:

  • How do you determine what is “private”?
  • What is considered “not private”?
  • Who makes the judgment call?

Even further:

  • Are you agreeing not to misuse “private data about [me]” as in the content of my emails or my LinkedIn profile information?
  • Are you agreeing not to misuse “[my] contacts” as in my contact list or “private data about…[my] contacts” such as the content of our communications?

The better question perhaps is, “How does LinkedIn know what you consider private?”  I suspect the answer is that they don’t.

10. Too many secrets

There are unanswered technical questions, too. Do the LinkedIn Intro servers mandate the use of SSL/TLS for all traffic? Does the Intro app redirect all of the accounts on your phone, or just one that you nominate? Can you opt out of the man-in-the-middleattack feature?

There’s a lot to consider and I’m sure others will think of more implications.  For the time being, Intro is banned from Bishop Fox devices until we know more about it.  And at the time of this writing, our recommendation is:

Don’t introduce Intro into your environment. 

More Related Stories

Featured Slide Shows

  • Share on Twitter
  • Share on Facebook
  • 1 of 14
  • Close
  • Fullscreen
  • Thumbnails

    13 of "Girls'" most cringeworthy sex scenes

    Hannah and Adam, "Pilot"

    One of our first exposures to uncomfortable “Girls” sex comes early, in the pilot episode, when Hannah and Adam “get feisty” (a phrase Hannah hates) on the couch. The pair is about to go at it doggy-style when Adam nearly inserts his penis in “the wrong hole,” and after Hannah corrects him, she awkwardly explains her lack of desire to have anal sex in too many words. “Hey, let’s play the quiet game,” Adam says, thrusting. And so the romance begins.

    13 of "Girls'" most cringeworthy sex scenes

    Marnie and Elijah, "It's About Time"

    In an act of “betrayal” that messes up each of their relationships with Hannah, Marnie and Elijah open Season 2 with some more couch sex, which is almost unbearable to watch. Elijah, who is trying to explore the “hetero side” of his bisexuality, can’t maintain his erection, and the entire affair ends in very uncomfortable silence.

    13 of "Girls'" most cringeworthy sex scenes

    Marnie and Charlie, "Vagina Panic"

    Poor Charlie. While he and Marnie have their fair share of uncomfortable sex over the course of their relationship, one of the saddest moments (aside from Marnie breaking up with him during intercourse) is when Marnie encourages him to penetrate her from behind so she doesn’t have to look at him. “This feels so good,” Charlie says. “We have to go slow.” Poor sucker.

    13 of "Girls'" most cringeworthy sex scenes

    Shoshanna and camp friend Matt, "Hannah's Diary"

    We’d be remiss not to mention Shoshanna’s effort to lose her virginity to an old camp friend, who tells her how “weird” it is that he “loves to eat pussy” moments before she admits she’s never “done it” before. At least it paves the way for the uncomfortable sex we later get to watch her have with Ray?

    13 of "Girls'" most cringeworthy sex scenes

    Hannah and Adam, "Hard Being Easy"

    On the heels of trying (unsuccessfully) to determine the status of her early relationship with Adam, Hannah walks by her future boyfriend’s bedroom to find him masturbating alone, in one of the strangest scenes of the first season. As Adam jerks off and refuses to let Hannah participate beyond telling him how much she likes watching, we see some serious (and odd) character development ... which ends with Hannah taking a hundred-dollar bill from Adam’s wallet, for cab fare and pizza (as well as her services).

    13 of "Girls'" most cringeworthy sex scenes

    Marnie and Booth Jonathan, "Bad Friend"

    Oh, Booth Jonathan -- the little man who “knows how to do things.” After he turns Marnie on enough to make her masturbate in the bathroom at the gallery where she works, Booth finally seals the deal in a mortifying and nearly painful to watch sex scene that tells us pretty much everything we need to know about how much Marnie is willing to fake it.

    13 of "Girls'" most cringeworthy sex scenes

    Tad and Loreen, "The Return"

    The only sex scene in the series not to feature one of the main characters, Hannah’s parents’ showertime anniversary celebration is easily one of the most cringe-worthy moments of the show’s first season. Even Hannah’s mother, Loreen, observes how embarrassing the situation is, which ends with her husband, Tad, slipping out of the shower and falling naked and unconscious on the bathroom floor.

    13 of "Girls'" most cringeworthy sex scenes

    Hannah and the pharmacist, "The Return"

    Tad and Loreen aren’t the only ones to get some during Hannah’s first season trip home to Michigan. The show’s protagonist finds herself in bed with a former high school classmate, who doesn’t exactly enjoy it when Hannah puts one of her fingers near his anus. “I’m tight like a baby, right?” Hannah asks at one point. Time to press pause.

    13 of "Girls'" most cringeworthy sex scenes

    Hannah and Adam, "Role-Play"

    While it’s not quite a full-on, all-out sex scene, Hannah and Adam’s attempt at role play in Season 3 is certainly an intimate encounter to behold (or not). Hannah dons a blond wig and gets a little too into her role, giving a melodramatic performance that ends with a passerby punching Adam in the face. So there’s that.

    13 of "Girls'" most cringeworthy sex scenes

    Shoshanna and Ray, "Together"

    As Shoshanna and Ray near the end of their relationship, we can see their sexual chemistry getting worse and worse. It’s no more evident than when Ray is penetrating a clothed and visibly horrified Shoshanna from behind, who ends the encounter by asking if her partner will just “get out of me.”

    13 of "Girls'" most cringeworthy sex scenes

    Hannah and Frank, "Video Games"

    Hannah, Jessa’s 19-year-old stepbrother, a graveyard and too much chatting. Need we say more about how uncomfortable this sex is to watch?

    13 of "Girls'" most cringeworthy sex scenes

    Marnie and Desi, "Iowa"

    Who gets her butt motorboated? Is this a real thing? Aside from the questionable logistics and reality of Marnie and Desi’s analingus scene, there’s also the awkward moment when Marnie confuses her partner’s declaration of love for licking her butthole with love for her. Oh, Marnie.

    13 of "Girls'" most cringeworthy sex scenes

    Hannah and Adam, "Vagina Panic"

    There is too much in this scene to dissect: fantasies of an 11-year-old girl with a Cabbage Patch lunchbox, excessive references to that little girl as a “slut” and Adam ripping off a condom to ejaculate on Hannah’s chest. No wonder it ends with Hannah saying she almost came.

  • Recent Slide Shows

Comments

Loading Comments...