At first I'm thinking, oh, I wonder how they convinced Apple to let them use some private APIs, and then... curiosity turns to revulsion as soon as I saw that proxy diagram. Good god... LinkedIn MITM IMAP. That is truly terrifying.
How would you even go about installing that on the user's phone? Oh, that's in there too... they ship a 'configuration profile' which adds a new email account, so your password is leaving the device in cleartext and being used to create the profile server-side which is then shipped back to the phone and installed, how exactly?
This just gets worse and worse if I understand correctly... I'm surprised that configuration profiles can be shipped to an arbitrary device from a third party this way without the user manually installing LinkedIn's certificate as trusted. In other words, it should be a lot harder to "Accept" these profiles outside an enterprise setting, because it sounds exploitable. What else can you configure "so easily" I wonder?
Then you get into how they are hacking CSS and iframes into the email body, to substitute for Javascript, and actually create a workable user interface. Now this is fascinating, impressive, and deserves further study... Without fully understanding exactly what they are doing, however, it sounds highly abusive of the Mail app's rendering capabilities, and points to exploitable paths within the Mail app that probably need to be tightened up by Apple. If LinkedIn can make an email "act" like that without any opt-in on my part, how would Mallory use the same "feature" in their latest SPAM campaign?
<s>Thanks LinkedIn... really, I'm impressed. When exactly did Walter Bishop start working for you?</s>
P.S. I look forward to following your pending class-action lawsuit for violation of US federal wiretapping laws. Cheers!
And I thought, why the heck would one phone be issuing so many concurrent IMAP connections. Oh my naiveté.
"[iOS 7] opens many IMAP connections at once for searching each folder concurrently. We’re not sure on the upper bound on the number of connections it will make, but saw at least 10 in one case."
I already know that Yahoo! sells the email addresses of the people I exchange even one email with to LinkedIn and I am repulsed by this. LI then turns around and offers them as connections. I should note I am always logged out from LI to prevent even more evil from them. LI is just evil and should be eradicated.
Part of being a semi-decent citizen of the internet is also not encouraging users to give third parties their credentials
It is a neat hack. I'd love this if it was "here's how we integrate LinkedIn into our email clients internally". It is novel and it does use CSS in weird and new ways. It should also not be a shipping public product. MITM is bad shit.
This, like dd+nc, has some practical concerns such as security, but that doesn't mean it isn't creative and interesting.
How is that even close to a valid response to someone that's exercising critical thinking?
Access to this many passwords is a threat even if my password is not one of them.
Finally, it may be opt in, but are they going to explain to the user that they get to keep a password for an account to which they have no legitimate right?
I doubt they have a warning when you install this "This is going to let us read all your emails AND the emails of people who communicate with you (without their consent)
...oh yes, and get your username / password for your email accounts"
And if I am communicating with someone who installed this hack then I certainly didn't opt-in.
Do people find the technical details interesting despite the privacy concerns?
Either way, congrats to Martin, Sam and others on the launch. Getting something out the door to such a wide audience after working on it for over a year must be quite a challenge.
Next thing: store your S/Mime private keys on linked in servers to enable the feature also for encrypted mails...
I think LinkedIn should not offer every feature that's technically possible. Things should stay within reason, and some things should not be offered, especially not to non-savvy users.
The user has to install the profile as trusted. There is no mechanism for auto installing a profile. Similar to TestFlight and the profile you install to use that.
p.s. Why Walter Bishop?
A closely related example would be of a web app I stumbled upon recently via an unexpected email I received in my LinkedIn inbox about a new educational platform that supposedly one of my contacts was recommending me to try. Curious and suspicious, I opened the link and clicked on 'connect with LinkedIn'. In small script, the app was requiring me to authorize it to send emails on my behalf, which is exactly the case of the original unsolicited message I had received: another unsuspecting user just glossed over the terms and connected their LinkedIn account to this app....resulting in all of their contacts being spammed with the message. The 'victim' was displeased to say the least when I warned them what their account was doing without their knowledge.
Had I not been careful about that and proceeded to authorize the app, I would've most likely been booted off at least a few people's contact lists for spamming them with such stuff irrelevant to their interests.
The contacts application also sends things like reminders for your contacts work anniversaries or when they change positions (something that you can't access in the LI API).
I sometimes think that I shouldn't be giving LI all of this information, but this is a typical case where the benefit received is greater than my privacy concerns.
Not to say that this isn't a bad idea though. It would have been an easier sell if you could do the IMAP proxying on the local device somehow.
Will customers be explicitly told that all of their emails will be going through and stored on LinkedIn servers? I doubt it. I do envision a dialog box along the lines of "Click Here to make your experience better". Sadly people will click without realizing the implications.
So, in the context of use in environments where your email address is not fully owned by you, attack would be a valid word. Otherwise, I agree that it's a MITM but not an attack.
If (when?) this proxy service is compromised are they willing to be accountable for any information which leaks? I can't imagine wanting to even take on this risk (maybe I'm too conservative).
Edit: I just want to add - yes, it's interesting. Yes, it's sleazy.
The value for LinkedIn to vacuum up my email is immense! They'll know everyone I email and the content of the emails as well. They'll know where I shop and what I purchase. If I send a private email to a friend who has this installed, I've now unknowingly bcc'ed LinkedIn. Not only that, but they know this for the entire history of my email account! The person I stopped emailing 7 years ago... LinkedIn has access to that as well.
But in this case I don't think the value prop for the user is big enough to make me overcome this large of an ask.
I appreciate LinkedIn addressing this in their Privacy Pledge, but so long as they retain the right to change it at any time, I'm too uncomfortable to install this. But, I'm still in awe of the creative work-around. :)
Maybe one such comment / thread would be enough to significantly increase quality of a discussion.
You don't really think it's ever "simple" for a user to augment their email app?
Plugins are hard to implement on both ends, and they complicate otherwise simple apps. Open source is also hard, because every codebase is different in many and often unpredictable ways from others. Not even an experienced programmer would always be able to crack open the source to a mobile email client and make this sort of modification.
If they were that fussed they could have tried to make a clone of a email client and integrate their own features. If it was better than the default client, people would use it (I use Sparrow on my iPhone for email, not touched the default Mail app for years)
I think the privacy concerns of having your mail (potentially) available over yet another server in exchange for modest convenience makes it unlikely that I would use this, but I'm sure many will find the trade-off acceptable and desirable.
* your local mail client might get different E-mail content every time mail is downloaded, which is not the intent of IMAP,
* LinkedIn (hence, the NSA) gets full access to your E-mail,
* once people get hooked it's easy to transition to inserting ads, or "more helpful LinkedIn content",
I find all this rather disturbing and would never use this service.
What if I believe that Google (hence the NSA) already has access to my Gmail? What's the cost to my privacy if it's already lost?
My major concern is that if I provide Linkedin my credentials, I now have doubled my attack surface for intrusion by non-governmental actors.
You don't have a choice. If the person on the other end is using this service then your emails to them are hoovered.
This is making a big assumption that they understand the implications. Or that LinkedIn explains them at all.
I would also hope they're not storing passwords in plaintext. Obviously they need access to the plaintext password to auth with your mail server, but I would hope this is still stored encrypted.
Edit: Have I missed the point? I'm sure LinkedIn is a little more cautious about such changes than your average newly-founded startup. This product gives them access to people emails which they can probably glean a lot of info from. They already try to get access into email accounts (username + password) via the LinkedIn webapp so in a way this is just extending that to mobile. The only reason I can imagine them shutting it down is if no-one uses it (in which case, no one will complain).
Cute web hacks. I don't understand the problem with simply using their mobile app if you were really looking for work.
It sounds like an unnecessary feature for people who are looking and an annoyance to people who are not. That seems to be the problem of Linked In. They harass those who are working with vague and misplaced job requests in an attempt to expand their reach.
I also hate iFrames. Cool trick though.
I"m still impressed with the creativity from a technical standpoint.
Phone <------ Proxy <----- IMAP hosts
Same problem; all your lovely lovely communications flowing through the Proxy. And your tasty credentials, too.
LinkedIn have taken the old pattern and injected some data at the Proxy point, enriched from their databases.
Sure, if you do it for your corporate email, you may be violating the rules of your employer, but that's between you and your employer, and not enough reason to keep others from using an amazingly useful service for their own personal email.
Lost in all this discussion is just how awesome Rapportive is - the desktop gmail version has concretely and significantly changed my life for the better, and that's not hyperbole. Being able to research people without leaving my inbox has saved hours of time in my life, made my communications with those people more effective, and prevented me from making at least a couple serious errors.
All that is worth the added risk, especially for my personal email. Curious: does everyone in this thread have equal outrage for those widgets that log into your email clients so that you can invite your friends?
This is like trusting LI and Google with all your email. trusting any 2 parties with your email is less secure than trusting 1 party with it. This increases when only 1 of them is in the business of providing email. What is the other party's interest, and does this conflict with your trust?
They also have numerous business practices that I find shady. Passing your email through them offers yet another conflict of interest.
Yes, there has been much rage against that type of service on HN.
If you don't trust LinkedIn, fine. Don't use it.
But please, don't assume that LinkedIn is universally not trusted, the same way you assume that Microsoft is universally hated.
This is a neat feature, and I'm sure that many people trust LinkedIn enough to think that the trade-off is worth it. Would you prefer to not have the choice to have access to this feature, and prevent others from having it too?
I don't see this kind of reaction when 99% of other services ask access to a third-party API. Why is this so different? Is it because they have access to emails? What makes email SO MUCH more important than any other data to be in a category of their own? I don't think you can draw a line, and it's pure subjectivity.
Surely, the service itself is not a problem. Google would do the same thing, and you would all think it's the best thing since sliced bread? Why? Because most people already trust Google with their emails (and everything else), and accept that they know everything about them.
So please, don't criticize the solution, don't blame the hack (unless you can suggest a better way to do it). The only good reason not to use it is for lack of trust for LinkedIn, and nothing else.
I've had enough of your drama-seeking behaviors, and I don't think I'm the only one. Grow up.
Yes, I would prefer that. LinkedIn has not shown itself to be a particularly good or careful actor in the past, and now, even if I don't opt in to this, my email to people using this feature runs through LinkedIn servers. There are always third parties between me and the person I'm emailing, but as the number increases, the likelihood of compromise or failure of delivery increases.
Consider yourself lucky that you trust Google. Otherwise, imagine how risky it would be for you to email most people!
Paranoia is a hell of a disease. Probably the mental disorder of this era. Just look at all the drama that surrounds the NSA and "privacy".
In an alternative reality, people would probably pay for companies to spread their information publicly. And you know what? I'm confident that this reality is our future.
Learn to fight for the right things. Pro-tip: it's not privacy.
The fact that email has become the de-facto master password for our online lives. If an attacker has my github password, they can push shitty code and write messages that I can roll back on the next day. If they have my email credentials, they can take over most of my online accounts anywhere.
Now you have 220,000,000 LinkedIn users all running their email traffic through LinkedIn's proxy. I'm sure they have the bandwidth and CPU to handle that.
EDIT: not an app apparently.
http://exchangeserverpro.com/blocking-linkedin-access-to-you...
> I ran some tests with two brand new mailboxes, and it seems that LinkedIn
> accesses both the Contacts and the Sent Items.
So in addition to reading your incoming mail they can also modify your outgoing mail as well.
Suppose that user B gets mail from A, then forwards it to C. I'd see why this could be valuable info. for a company like this (and also has a high potential for abuse).
I have noticed that on websites that clearly don't intend that behavior, and it's quite annoying. Does anyone have any details about the exact circumstances required for this phenomenon?
Hover navs are a usability problem and should never have been built in the first place. Computer OS and application developers figured that out years ago but for some reason web developers never got the memo.
If a user knowingly installs this, with the understanding that linkedin is essentially a proxy for their entire email ecosystem - then they are knowingly trusting linkedin.
To be honest, I can see this being used by sales reps. They are often interested in connecting to people and understanding peoples backgrounds. They also move quite freely between organisations, and don't have a religious tie to their email and/or privacy (in the sense of their corporate email privacy).
2) Your average IT department in any publicly traded company would NEVER let this fly.
3) Any general council would shat all over this. No one likes fighting with lawyers, and this is a battle I'd never put on my plate.
It's odd to assume generic users understands IMAP or what a proxy is. Remember how Apple makes products for dumb people? Yeah. They ran a campaign on that.
On top of all of this, they have a "if you're a Google Apps admin" section where the only way to block it is to disable ALL OAuth applications.
No self-respecting CTO/CIO would let this occur in an organization they hope to responsibly grow.
The Iron Law[1] says that the programmers are going to be bored, the product managers and creatives with input will approve and shepherd the product out of boredom, and the management who launches it will do so out of boredom, all in their own interests.
What I hope is going to prove truly impossible is doing anything like this without requiring the user to explicitly accept the configuration profile. Even so I expect they will trick many into allowing "enhancement" of their email.
LinkedIn has a history of abusing email. From the early days* where they would email all of the contacts on your machine if you didn't read carefully enough to today where you can click unsubscribe many, many times and still get "important updates". It's a wretched hive of scum and recruiters, and they will never get between me and my email.
*spoke too soon! looks like they still do it: http://community.linkedin.com/questions/10106/i-want-linkedi...
• LinkedIn: The Creepiest Social Network (May 9; 326 points) https://news.ycombinator.com/item?id=5680680
• Why I Just Closed My LinkedIn Account (Jun 18; 137 points) https://news.ycombinator.com/item?id=5900120
• LinkedIn sued by users who say it hacked their e-mail accounts (Sep 22; 204 points) https://news.ycombinator.com/item?id=6425444
• Today I Deleted My LinkedIn Account; You Probably Should Too (Sep 24; 143 points) https://news.ycombinator.com/item?id=6433828
This is probably the most blatant disregard for privacy and security for the smallest possible benefit that I have ever seen. Well, next to giving LinkedIn the password to your email so that they can spam your friends and hack your account.
Everyone needs to stop using this piece of shit service. They're incompetent and malicious. LinkedIn is the Zynga of HR. I'm gonna go buy some puts.
Disgusting.
[1]: http://blogs.msdn.com/b/oldnewthing/archive/2005/06/07/42629...
Over 500 million people trust Google with complete and indefinite access to their email. The leap from trusting no external email providers to trusting Gmail is much greater than this incremental step of trusting LinkedIn as well. The risk is similar to trusting an established company to automatically backup your emails, and smaller than trusting startups like Greplin (which rebranded and got acquired) to safeguard a dump of all your emails.
This is not to say the privacy and uptime risks are non-existent: the attack surface area is marginally increased and there is another system that could break.
Claiming LinkedIn's doing a "MITM attack on your email" is on the same level as saying "Google is Big Brother." Both statements capture an element of reality, but with an extremely alarmist bent.
Win Win! You get to act like privacy isn't a real threat, and you validate your point!
There is a trade-off between security and features here, and while for some people it'll be worth it for others it won't.
The majority of posters here are likely developers/technical people for who the features aren't that important and for who security is a much higher priority (because they're thinking about it from a personal email perspective rather than a professional email perspective).
For people working in bizdev, sales, recruitment, etc. their equation is completely different. This delivers them high-value (being able to close more deals faster) with a relatively lower security trade-off.
Their professional email account is likely already hooked into their CRM, email analytics, backup service, audit and archiving services, address book services, etc. Their PA and corporate IT likely has access to their email as well. Adding Linkedin is just one more service from a company they already trust with highly confidential information (leads, Linkedin inbox mails, etc.)
(incidentally I'm guessing a lot of HN users probably have half a dozen chrome extensions for SEO, screen grabbing, debugging, etc. from unverified sources which have access to far more information than just your email credentials)
(Specifically, iframes in emails have been stripped from most modern email clients for years)
Spammers could very, very easily abuse this. Send a valid-looking e-mail, then swap out the iframe content with something spammy once they've all been delivered.
"For technical reasons, you can't remove the Intro app icon directly from the iPhone home screen." https://intro.linkedin.com/micro/faq
This is insane. Not only does the whole setup hijack your mail, it is implemented in a way that makes it very hard for users to remove it.
http://rapportive.com/help#installation
Basically, I expected it to be a Gmail plugin, but it was a browser extension.
Also, pretty sure the :hover state touch interaction is something anyone who's done any kind of mobile web development knows about.
I have never joined LinkedIn and have never been interested in any position that requires an easily gamed LinkedIn profile instead of meatspace references.
It's a cool hack, however.
I burst out in laughter at that point. Yeah, that silly presumptuous email client assuming an email is some kind of text message that doesn't change every time you read it!
To all those who consider this a cool hack - it's not. It's ugly as hell. Sometimes you need to do this kind of shit to get the job done, it's true, but you know this is kind of thing that you look at after couple of month and think "Oh God, I should get a another job. They shouldn't force me to create THIS. Oh God, I feel so miserable.".
Again, VERY cool how they did it but it requires quite a bit trust in a company that I don't find very trustworthy.
The author is being a bit arrogant, there are more complex stuff that modifying gmail on the fly (remember greasemonkey?).
Well done!
All the privacy issues it raises are already discussed.
I'm just not comfortable giving my email credentials out when access to my email is effectively a skeleton key for the rest of my accounts via password resets.
FYI, in the state of NJ, not even your employer has the right to do many things with your work email. They recently decided this. I would love to the impending lawsuit with LinkedIn for similar reasons, but just for advertising.
But i wouldn't do that, because this way, you can intercept all messages that people are mailing and it would harm your business image (at least, in my eyes).
Seems like an awful waste of time to me.
Looks like it is time to dump Linkedin.