New LinkedIn tool for making connections raises privacy concerns

The logo for LinkedIn Corporation, a social networking networking website for people in professional occupations, is shown in Mountain View, California February 6, 2013. REUTERS/Robert Galbraith (Reuters)

A new feature for LinkedIn users has been unveiled, but it’s drawing more questions over privacy rather than praise for ingenuity.

LinkedIn announced Intro on October 23, a service that shows your LinkedIn profile on emails sent through your iPhone Mail application. In the blog post about the new tool, the company explains that users will be able to see at a glance who an unknown email sender is with a brief bio and link to their LinkedIn account, right in the email client.

But security experts have expressed concern over the new feature, as it requires all of your email to be filtered through LinkedIn’s computers.

“LinkedIn would be effectively acting as a middle man in all your communications,” Graham Cluley, an independent security analyst in Oxford, England, told The Wall Street Journal. “If you are going to hand control of your email to a third party, your company’s IT staff should be involved.”

[ More Right Click: Canadian torrent site isoHunt to shut down, debate still rages ]

While the LinkedIn Intro service doesn’t support email provided by the popular Microsoft Exchange corporate client, it is compatible with Gmail, Yahoo Mail, AOL and Apple iCloud. That means that you aren’t going to see whole corporations seeing issues of their Exchange email accounts going through these LinkedIn servers, but for those who send professional emails via any of those personal clients, it may be worth a second thought before installing the LinkedIn Intro tool.

Amidst this criticism, Senior Software Engineer for LinkedIn Martin Kleppmann wrote a blog post explaining how the service’s security isn’t something people should be worried about, as LinkedIn would be adhering to its pledge of privacy for the service. He also shared five key points to help alleviate fears:

  1. You have to opt-in and install Intro before you see LinkedIn profiles in any email.

  2. Usernames, passwords, OAuth tokens, and email contents are not permanently stored anywhere inside LinkedIn data centers. Instead, these are stored on your iPhone.

  3. Once you install Intro, a new Mail account is created on your iPhone. Only the email in this new Intro Mail account goes via LinkedIn; other Mail accounts are not affected in any way.

  4. All communication from the Mail app to the LinkedIn Intro servers is fully encrypted. Likewise, all communication from the LinkedIn Intro servers to your email provider (e.g. Gmail or Yahoo! Mail) is fully encrypted.

  5. Your emails are only accessed when the Mail app is retrieving emails from your email provider. LinkedIn servers automatically look up the "From" email address, so that Intro can then be inserted into the email.

Since the service is such an obvious privacy concern, LinkedIn appears to have gone out of its way to tell people that there won’t be any personal information read or kept by the company. Nevertheless, if there does turn out to be a weak point in the tool at some level (and you know people will be looking for them), it wouldn’t be the first time LinkedIn was embroiled in a security controversy. Just this past September, a group of users sued the networking site claiming that it had hacked email accounts and stolen contact lists. Then again, with this incident so fresh in its users’ minds, chances are good that LinkedIn has gone the extra mile to make sure it is offering the most secure service possible – or at the very least, they should be.

Need to know what’s hot in tech? Follow @YRightClick on Twitter!