When startups hack for major players …
Released in late October, LinkedIn Intro, an “app” that allows you to visualize anyone’s Linkedin info right above an email in iOS’s Mail, has received a fair amount of attention, and rightly so. Put quite simply, Rapportive – the developers of LinkedIn Intro and the startup acquired by LinkedIn in 2012- “hacked” a way to do the impossible as they said on the LinkedIn blog by adding hover CSS directly to your emails thus bypassing the previously closed dev space in Mail and clearly raising its value up a level.
And that’s where the “controversy” starts. To do the impossible, the developers created a second profile in iOS and pushed all of LinkedIn Intro’s users email through LinkedIn servers to add that layer of CSS. So, Linkedin now has access to all of its LinkedIn intro users’ email…
Is it bad that LinkedIn has access to our email?
It’s probably not any worse than Microsoft, Google, Yahoo or other major email providers. Granted the latter two clearly make use of your email content to provide targeted advertising, and, yes, Outlook.com has been positioning itself very strongly as the “non-invasive” email client, but how does any major company having your email impact you? For most individuals, it doesn’t.
- Absolutely, if your job or your company’s activity involves confidential messaging ie law or medicine, then you might be abusing legal privilege and have to reconsider your email provider and any 3rd party solutions that you add to it.
- But otherwise, as long as you’re not a criminal 😉 if you have the possibility and willingness to open your data, then isn’t it the same if it’s LinkedIn, Google, Microsoft, Apple or any other major player?
- Most productivity plugins have to see your email to extract value. A short trip to your gmail permissions https://accounts.google.com/b/0/IssuedAuthSubTokens will probably show more than 10 third parties (for me it’s Baydin, Brewster, Gmail Meter, Evercontact, Rapportive (more on that below), Yesware, Nimble, Mailbox Unroll.me, MxHero… and if you were already using Rapportive, like millions of users, you were already sending your metadata to LinkedIn
Is their method dangerous?
Using this “Man in the Middle approach” is not new and it’s actually the way most anti-spam services like Postini or MessageLabs have been providing their service for years. It is one of the few ways to improve a platform that is not yet open, as clearly iOS mail is not. It’s true that it adds another layer, another vulnerability point. However, as mentioned above, we are already trusting our email to mega players so, does anyone really believe that LinkedIn is less trustworthy?
One of the strongest critiques of Intro’s security came from Bishop Fox, and it’s interesting to see how his position evolved on a second post after many more back and forths with the Linkedin team.
With LinkedIn being a prime target for attack, it’s important to recognize the value of taking the right steps to secure a service like Intro. With the threat of hackers, one always wonders will the battle end or will it continue, but we’ve found it’s best to be proactive. [With LinkedIn Intro], Cory and his team have done this.
And let’s be honest, in the past few years, what large company has been spared from a security breach? Not many. Facebook, Twitter, Apple, Google, Microsoft, Linkedin and many more have had their issues, and unfortunately, it’s often not directly related to internal security, but vulnerabilities from browser or more global platforms (Java, Flash, Oracle bugs come to mind).
Why did they do it?
Email is still among the best ways to communicate with the outside world. Far from being dead, it’s very much alive, but for many professionals one of the things it continues to lack is “context”. For example, often we don’t know who a new person is contacting us and whether there’s value or AN IMMEDIATE priority in replying to their specific email— Rapportive has been this solution for web-based email, and LinkedIn Intro is now a part of that solution for mobile on iOS.
Email needs new tools like LinkedIn Intro – or Evercontact which can always show you who’s calling on the phone as all contact data we updated can be synced to your phone or CRM or elswhere. We can benefit so much from context, more automation and easy access to external data, but unfortunately certain platforms, iOS being the prime example, remain fairly closed and LinkedIn Intro’s clever hack is providing an opening for all of us, users and service providers alike.
What we think…
We’d like to applaud Rapportive and LinkedIn’s innovation in pushing the enveloppe in what some may consider a “borderline hack” whereas it’s really another creative way to use the man in the middle approach securely and transparently, thus making it but only technically different from another more standard API / Permissions protocol.
While many of us are huge fans of Apple’s innovation and their product, we’re still a bit disappointed in an overly closed relationship to third party services with many of their applications such as iOS Mail App. We hope that work-arounds like this will help to slowly but surely bring a bit more “openness” to external developments which could so clearly benefit end-users and the overall innovative drive of technology.