Skip to main content

Experts say LinkedIn’s new Intro app comes with huge security holes

It’s only been a day since we first introduced you to LinkedIn’s new Intro app for the iPhone that gives emails a more professional edge – in a nutshell, all it does is provide Mail app users an extended introduction to a person sending them messages by showing their LinkedIn bio – but already, some security experts are calling shenanigans, claiming that the new product actually “hijacks” your email.

According to security consulting firm Bishop Fox, LinkedIn Intro actually reconfigures your device so that all your emails go through LinkedIn’s servers. “Once you install the Intro app, all of your emails, both sent and received, are transmitted via LinkedIn’s servers. LinkedIn is forcing all your IMAP and SMTP data through their own servers and then analyzing and scraping your emails for data pertaining to … whatever they feel like,” the company wrote on their blog.

Recommended Videos

The post went on to enumerate a list of reasons why installing Intro is a big mistake, some of them related to the possible repercussions of unwittingly surrendering the contents of your email to a third-party participant. If you use your work email on your phone, you may be unintentionally violating your company’s policy by using the plug-in; if you regularly correspond with people who usually offer confidentiality in correspondences – like your doctor, lawyer, or therapist – using the feature may relinquish certain legal privileges.

To address these security concerns, LinkedIn added an update to their blog post announcing the new service to ensure that people know at least two important things: That users have to opt into the service before any email encryption happens and that LinkedIn does not store any user emails on its servers.

intro
Image used with permission by copyright holder

Researchers were quick to refute LinkedIn’s claims, saying that “in order for LinkedIn to stick changes into an e-mail, they have to decrypt it and then encrypt it again en route to its recipient, adding a new layer of insecurity to e-mail in transit.”

Considering LinkedIn’s seemingly bad reputation when it comes to user data security – 6.5 million usernames and passwords were leaked to a Russian hacker website, and they suffered a major lawsuit because of it – this latest development does not bode well for the social career site. Unless LinkedIn offers a more acceptable and transparent explanation of how Intro works that security experts accept, it almost doesn’t seem worth it to enable the new feature – just go to LinkedIn if you really want to find out more about people on a professional capacity.

Jam Kotenko
When she's not busy watching movies and TV shows or traveling to new places, Jam is probably on Facebook. Or Twitter. Or…
Bluesky finally adds a feature many had been waiting for
A blue sky with clouds.

Bluesky has been making a lot of progress in recent months by simplifying the process to sign up while at the same time rolling out a steady stream of new features.

As part of those continuing efforts, the social media app has just announced that users can now send direct messages (DMs).

Read more
Reddit just achieved something for the first time in its 20-year history
The Reddit logo.

Reddit’s on a roll. The social media platform has just turned a profit for the first time in its 20-year history, and now boasts a record 97.2 million daily active users, marking a year-over-year increase of 47%. A few times during the quarter, the figure topped 100 million, which Reddit CEO and co-founder Steve Huffman said in a letter to shareholders had been a “long-standing milestone” for the site.

The company, which went public in March, announced the news in its third-quarter earnings results on Tuesday.

Read more
Worried about the TikTok ban? This is how it might look on your phone
TikTok splash screen on an Android phone.

The US Supreme Court has decided to uphold a law that would see TikTok banned in the country on January 19. Now, the platform has issued an official statement, confirming that it will indeed shut down unless it gets some emergency relief from the outgoing president.

“Unless the Biden Administration immediately provides a definitive statement to satisfy the most critical service providers assuring non-enforcement, unfortunately TikTok will be forced to go dark on January 19,” said the company soon after the court’s verdict.
So, what does going dark mean?
So, far, there is no official statement on what exactly TikTok means by “going dark.” There is a lot of speculation out there on how exactly the app or website will look once TikTok shutters in the US.

Read more