Thursday, October 24, 2013

#LinkedIn Intro "a spectacularly bad idea"

I like LinkedIn. I use it most days and find it very valuable. But I only use it through a browser, and with care.

This week's launch of their Intro product is really, really clever. And extremely dangerous for the corporate customers they're targeting. And most won't know about the difficulties until it's too late when there is a spectacular PR disaster for LinkedIn.

As TechCrunch has helpfully explained, for Intro to work the user has to trust LinkedIn with the username and password for their email account; and allow a copy of all incoming and outgoing email to go via LinkedIn's servers. Frankly, anything could happen to it there.

Trouble is, most users won't know about the security and privacy implications of this, until it's too late.

And with the trend towards BYOD (Bring Your Own Device) it's entirely possible that many, many corporate workers will download and install the Intro software blissfully unaware that they could be inadvertently sharing privileged emails and attachments like spreadsheets with LinkedIn, or a malicious server that pretends to be LinkedIn.

Scary stuff and a great plot for a corporate espionage spy movie.

It's not unreasonable or paranoid to be wary of this: in the last eighteen months LinkedIn has lost 6.5m usernames and passwords and it has been shown to transmit data from its iPad app over the Internet in plain text. I stopped using and deleted the iPad app immediately.
Get more like this