If you're on LinkedIn, and you use a smart phone...
Phil Bedard
bedard.phil at gmail.com
Sat Oct 26 13:50:31 UTC 2013
I had to answer the question of "Why is LinkedIn asking for my GMail
account information" to one of my parents recently. "Oh it is so they
can access your information and use it...". It is how some random guys
I play tennis with in a league keep popping up as people I should add,
since they likely succumbed to that prompt. Another practice of theirs
I do not like.
Phil From: Laszlo Hanyecz
Sent: 10/26/2013 1:44
To: Chris Hartley
Cc: Phil Bedard; Nanog
Subject: Re: If you're on LinkedIn, and you use a smart phone...
When a user signs up for a social media account they generally do so
by providing an email address like victim at freewebmailsite.com and
selecting a password. The social media site can obviously probe
freewebmailsite.com and attempt to authenticate using the same
password that you just provided to them (for the purpose of logging
into their social media site). I guess offering an email proxy or
asking if it's ok to worm through your email for contacts is merely a
formality. How many social media users do you guess would use the
same password on the social media site as they would for
freewebmailsite.com (and likely their employer's organization's
email)? It's kind of like when google asks their users with android
phones to provide their mobile phone number for SMS password recovery.
Laszlo
On Oct 25, 2013, at 11:43 PM, Chris Hartley <hartleyc at gmail.com> wrote:
> Anyone who has access to logs for their email infrastructure ought
> probably to check for authentications to user accounts from linkedin's
> servers. Likely, people in your organization are entering their
> credentials into linkedin to add to their contact list. Is it a
> problem if a social media company has your users' credentials? I
> guess it depends on your definition of "is." The same advice might
> apply to this perversion of trust as well, but I'm not sure how
> linkedin is achieving this "feat."
>
> On Fri, Oct 25, 2013 at 7:25 PM, Phil Bedard <bedard.phil at gmail.com> wrote:
>> I saw some antectdotal stuff on this yesterday but reading their
>> engineering blog entry makes me feel all warm and fuzzy inside. Oh
>> nevermind, that's just the alcohol. This is perhaps one of the worst
>> ideas I've seen concocted by a social media company yet.
>>
>>
>> -Phil
>>
>> On 10/25/13, 6:56 PM, "George Bakos" <gbakos at alpinista.org> wrote:
>>
>>> next thing you know, Google is going to be offering free email so they
>>> can do the same thing.
>>>
>>> On Fri, 25 Oct 2013 08:45:40 -0700
>>> Shrdlu <shrdlu at deaddrop.org> wrote:
>>>
>>>> I hate to do this, but it's something that anyone managing email
>>>> servers (or just using a smart phone to update LI) needs to know
>>>> about. I just saw this on another list I'm on, and I know that there
>>>> are folks on NANOG that are on LinkedIn.
>>>>
>>>> ++++++++++
>>>> http://www.bishopfox.com/blog/2013/10/linkedin-intro/
>>>>
>>>> LinkedIn released a new product today called Intro. They call it
>>>> ___doing the impossible___, but some might call it ___hijacking
>>>> email___.
>>>> Why do we say this? Consider the following:
>>>>
>>>> Intro reconfigures your iOS device (e.g. iPhone, iPad) so that all of
>>>> your emails go through LinkedIn___s servers. You read that right. Once
>>>> you install the Intro app, all of your emails, both sent and received,
>>>> are transmitted via LinkedIn___s servers. LinkedIn is forcing all your
>>>> IMAP and SMTP data through their own servers and then analyzing and
>>>> scraping your emails for data pertaining to___whatever they feel like.
>>>>
>>>> ++++++++++
>>>>
>>>> Read the full article. If you're using LI via your smart phone, and
>>>> you have already installed this app, you probably need to save off
>>>> your contacts and data, and wipe the phone. I wouldn't trust
>>>> uninstalling as enough, myself. In the long run, I'll be deleting my
>>>> account.
>>>>
>>>> No, I don't use a smart phone to update any social media. No, I
>>>> especially do not trust LI (never have, never will). BTW, they're
>>>> currently adding back any contacts you've deleted. Thanks for
>>>> reminding me that Joe Barr, Len Sassaman, and Jay D Dyson are gone
>>>> from this world.
>>>>
>>>> --
>>>> Life may not be the party we hoped for, but while we are here,
>>>> we might as well dance.
>>>>
>>>>
>>>
>>>
>>> --
>>>
>>
>>
>>
>
More information about the NANOG
mailing list