New product Linkedin Intro: convenience or surveillance of users?

Prehistory

Two days ago, Linkedin Engineering's blog post titled “Linkedin Intro: Doing the Impossible on iOS”

This product has not yet been covered in Habré, but in a nutshell, Linkedin suggests using a special IMAP proxy server that modifies incoming emails on your iOS device, adding information about the sender from his Linkedin profile to them.







The technology itself is generally quite transparent, as shown in the following diagram.





I think that any thinking person will immediately feel in this a certain trick that will make him think about what lies behind the proud reports that the engineering team has done the "impossible"

')

What does this threaten users?

The legal side of the issue

In slightly more legal states, the transfer of official correspondence to a third party can cause quite serious problems, so users should consider whether to use this product. Taking into account the fact that linkedin is more often a tool for maintaining official contacts, then the email that you will have in your profile, and the correspondence from which will be proxied, will most likely be your official one.

Intro modifies your letters

And as a result - it affects several problems at once:

• Letters signed by EDS will lose their authenticity - the signature will be invalid
• Encrypted emails are also likely to be corrupted for the same reason.
• The blocks added to the letter will very quickly become the target of phishing attacks.

Linkedin security issues

Not so long ago, the linkedin user database was compromised , it is possible that further attacks will occur, as well as there is no guarantee that hackers did not leave backdoors after the last hack.

"Marketing" research

I would like to be realistic - users of social networks are not clients of companies, and the resource of these companies. Profitability often depends on how much the social network owners know about the nodes of this network. At a minimum, this allows advertising to be targeted very accurately. The analysis of the users' correspondence (even if automatic, like in gmail) could provide a huge mass of invaluable information.

There is no guarantee that LinkedIn will not save your correspondence.

If I were an NSA ...

... and found out that some company installed its proxy on a huge number of smartphones and intercepts all correspondence of their owners ... well, you understand, right?

At last

Several related links:

• Intro Privacy Policy
• Linkedin blog announcement
• Hacker News Talk
• A post that reminded me that I hadn’t yet covered the problem in runet and became the basis for this post.

^{I will be glad to comments sent in private messages}