LinkedIn launched a new email tool this week that is actually pretty innovative, and could have a significant impact on business to business email communications. Security experts are not sold on it, however, with one notable industry voice saying that from a security and privacy point of view, it “sends shivers down my spine.”
The tool is called LinkedIn Intro, and essentially adds LinkedIn profile info to email messages you’d already be receiving with the goal of making the email more actionable, and making it seem more legit when it is.
Do you see business benefits of LinkedIn Intro? Are you concerned about the privacy and/or security implications? Let us know in the comments.
LinkedIn Intro And What It Does
LinkedIn Intro is not a new email client. You’re not signing up and getting an email address. Rather, it’s a LinkedIn layer, which you can opt in to have added to your current email client. It supports Gmail, Yahoo Mail, AOL Mail and iCloud. It’s currently only available for iPhone, but I expect it will expand in time. Probably to support more email products as well.
If you give LinkedIn Intro your phone number, you can set it up, so you can use it via your iPhone Mail app.
Intro is the direct result of LinkedIn acquiring Rapportive last year. Rapportive co-founder Rahul Vohra announced the feature in a blog post earlier this week, saying, “The growth of mobile email is simply staggering. Four years ago, less than 4% of emails were read on mobile. Today, half of all emails are read on a mobile device! So we set ourselves the challenge: bring the power of LinkedIn, and the technology of Rapportive, straight to the Apple Mail app on your iPhone.”
Here’s the difference between an email without Intro and one with it:
When you tap on the displayed LinkedIn info (“CEO at Crosswise, Past: Commona, Dynamics Inc.” in this example), you get more info from LinkedIn including location info, the site the user has connected to their LinkedIn profile, information about how you’re connected to that person, etc.
The idea is that seeing this kind of info in emails you receive, particularly from people you’re unfamiliar with, lends more credibility to the email. You’re more likely to not dismiss it as spam. It could also provide you more context and info for messages from people you are aware of.
This is actually a pretty interesting mash-up of social media and email, and the kind of thing we can envision seeing more of from social networks going forward. Google already does something similar to an extent. In Gmail, if you get an email from someone with a Google profile, it will display their picture from that profile, along with where they work (if they’ve provided that info), and any Google+ circles you have them in. Google could easily expand this to include more info (like connections you have in common and more bio info), similar to what LinkedIn is doing, though it would still be strictly from Google’s own data in Google to Google email exchanges.
While Google and certainly Facebook have tons of data on people that could be used in a similar way to what LinkedIn is doing, LinkedIn is in a unique position as the “professional” social network, making Intro a potentially very effective business to business tool.
How LinkedIn Intro Works
To LinkedIn’s credit, it managed to do something on the iPhone that most developers probably didn’t think could be done. Even some of Intro’s critics have acknowledged being impressed by how they did it.
“Ask any iOS engineer: there is no API for extending the built-in mail app on the iPhone,” says Martin Kleppmnann from Rapportive and now a software engineer for LinkedIn. “If you wanted to build something like Rapportive, most people would tell you that it is impossible. Yet we figured it out.”
In a blog post, he explains how LinkedIn was able to overcome four “impossibilities,” including: extending the iOS mail client, an interactive UI in email, dynamic content in email and easy installation.
About Those “Shivers”
Graham Cluley, the seasoned security industry veteran who recently shared his criticisms of Yahoo email address recycling program with us, and made the comment about Intro sending shivers down his spine, had this to say on his blog:
Rather than your iPhone connecting directly to your email provider’s servers (Gmail, Yahoo, etc), it will be connecting via LinkedIn’s proxy server instead – which will act as a middle-man in your email communications.LinkedIn will then look at your email messages, and insert Intro information into each one.
In case you’ve forgotten, LinkedIn is the company which lost the passwords of over six million users last year. LinkedIn also scooped up the contents of users’ iOS calendars, including sensitive information such as confidential meeting notes and call-in numbers – which they then transmitted in plain text, not encrypted.
He goes on to mention the lawsuit the company is currently battling, which alleges that they hacked into email accounts to mine address books. LinkedIn calls such accusations false. More on that story here.
The Wall Street Journal ran some additional comments from security experts expressing similar concerns.
Suffice it to say, LinkedIn, like its social network peers, has had its fair share of the spotlight when it comes to privacy issues. There may be legitimate concerns when they’re essentially intercepting emails to “linkedinify” them.
In an update to his blog post, Kleppmann did respond to such concerns. He listed five points for people to keep in mind:
1. You have to opt-in and install Intro before you see LinkedIn profiles in any email.
2. Usernames, passwords, OAuth tokens, and email contents are not permanently stored anywhere inside LinkedIn data centers. Instead, these are stored on your iPhone.
3. Once you install Intro, a new Mail account is created on your iPhone. Only the email in this new Intro Mail account goes via LinkedIn; other Mail accounts are not affected in any way.
4. All communication from the Mail app to the LinkedIn Intro servers is fully encrypted. Likewise, all communication from the LinkedIn Intro servers to your email provider (e.g. Gmail or Yahoo! Mail) is fully encrypted.
5. Your emails are only accessed when the Mail app is retrieving emails from your email provider. LinkedIn servers automatically look up the “From” email address, so that Intro can then be inserted into the email.
Basically whether or not you trust LinkedIn Intro is going to come down to whether or not you trust LinkedIn with your data. Either way, people who send emails to people who happen to be using Intro are going to have those routed through LinkedIn.
Cluley says security is not in LinkedIn’s DNA. The company did at least take a step in the right direction earlier this year with the launch of two-step verification.
LinkedIn For Business
Regardless of the security implications of any of LinkedIn’s offerings, there is no denying that the company has had businesses in mind throughout 2013. The company, in its tenth year, has made a lot of improvements.
LinkedIn has updated its jobs search engine, improved its recruiting tools in a variety of ways, added more insights and analytics, launched sponsored updates, and opened up company page APIs, to name a few.
LinkedIn announced in its earnings report for Q2 that its membership reached 238 million, with growth accelerated to 37% year-over-year. Q3’s report is due out on Tuesday, so we’ll see how that has progressed over the last few months.
Do you think LinkedIn has a legitimate business tool on its hands with LinkedIn Intro? Do you think critics like Cluley make valid points? Share your thoughts, questions or concerns about Intro in the comments.