RE: If you're on LinkedIn, and you use a smart phone...
I had to answer the question of "Why is LinkedIn asking for my GMail account information" to one of my parents recently. "Oh it is so they can access your information and use it...". It is how some random guys I play tennis with in a league keep popping up as people I should add, since they likely succumbed to that prompt. Another practice of theirs I do not like. Phil From: Laszlo Hanyecz Sent: 10/26/2013 1:44 To: Chris Hartley Cc: Phil Bedard; Nanog Subject: Re: If you're on LinkedIn, and you use a smart phone... When a user signs up for a social media account they generally do so by providing an email address like victim@freewebmailsite.com and selecting a password. The social media site can obviously probe freewebmailsite.com and attempt to authenticate using the same password that you just provided to them (for the purpose of logging into their social media site). I guess offering an email proxy or asking if it's ok to worm through your email for contacts is merely a formality. How many social media users do you guess would use the same password on the social media site as they would for freewebmailsite.com (and likely their employer's organization's email)? It's kind of like when google asks their users with android phones to provide their mobile phone number for SMS password recovery. Laszlo On Oct 25, 2013, at 11:43 PM, Chris Hartley <hartleyc@gmail.com> wrote:
Anyone who has access to logs for their email infrastructure ought probably to check for authentications to user accounts from linkedin's servers. Likely, people in your organization are entering their credentials into linkedin to add to their contact list. Is it a problem if a social media company has your users' credentials? I guess it depends on your definition of "is." The same advice might apply to this perversion of trust as well, but I'm not sure how linkedin is achieving this "feat."
On Fri, Oct 25, 2013 at 7:25 PM, Phil Bedard <bedard.phil@gmail.com> wrote:
I saw some antectdotal stuff on this yesterday but reading their engineering blog entry makes me feel all warm and fuzzy inside. Oh nevermind, that's just the alcohol. This is perhaps one of the worst ideas I've seen concocted by a social media company yet.
-Phil
On 10/25/13, 6:56 PM, "George Bakos" <gbakos@alpinista.org> wrote:
next thing you know, Google is going to be offering free email so they can do the same thing.
On Fri, 25 Oct 2013 08:45:40 -0700 Shrdlu <shrdlu@deaddrop.org> wrote:
I hate to do this, but it's something that anyone managing email servers (or just using a smart phone to update LI) needs to know about. I just saw this on another list I'm on, and I know that there are folks on NANOG that are on LinkedIn.
++++++++++ http://www.bishopfox.com/blog/2013/10/linkedin-intro/
LinkedIn released a new product today called Intro. They call it ___doing the impossible___, but some might call it ___hijacking email___. Why do we say this? Consider the following:
Intro reconfigures your iOS device (e.g. iPhone, iPad) so that all of your emails go through LinkedIn___s servers. You read that right. Once you install the Intro app, all of your emails, both sent and received, are transmitted via LinkedIn___s servers. LinkedIn is forcing all your IMAP and SMTP data through their own servers and then analyzing and scraping your emails for data pertaining to___whatever they feel like.
++++++++++
Read the full article. If you're using LI via your smart phone, and you have already installed this app, you probably need to save off your contacts and data, and wipe the phone. I wouldn't trust uninstalling as enough, myself. In the long run, I'll be deleting my account.
No, I don't use a smart phone to update any social media. No, I especially do not trust LI (never have, never will). BTW, they're currently adding back any contacts you've deleted. Thanks for reminding me that Joe Barr, Len Sassaman, and Jay D Dyson are gone from this world.
-- Life may not be the party we hoped for, but while we are here, we might as well dance.
--
On further reflection: It occurs to me that if a lone researcher conducted such an intrusion against the security and privacy of email (and its contents) (and its users), possible outcomes might include a raid by heavily-armed authorities, confiscation of anything that even looks like an electronic device, and/or very aggressive federal prosecution. I'm not saying that's the correct result, because I don't necessarily think it is. I'm just saying that recent history suggests it's possible. And I wonder if we collectively find this present action more acceptable because it comes with a slick press release touting its "features". ---rsk
participants (2)
-
Phil Bedard
-
Rich Kulawiec