LinkedIn over the weekend issued a post aimed at allaying security concerns around its new Intro service, which adds LinkedIn profile data to the iOS email client. Launched last week, Intro has come under heavy criticism from security experts over the technology that re-routes email traffic to and from an iPhone (or iPad) user’s device through LinkedIn servers.
Computer security specialists have compared the approach to a so-called man-in-the-middle attack, in which hackers intercept Internet traffic en route to its destination. In response to the warnings about LinkedIn Intro as a threat to enterprise security and personal privacy, LinkedIn sought to address “inaccurate assertions” about the product.
It highlighted a series of precautions taken to ensure that Intro is secure, including a review by external security companies, penetration-testing the final version and isolating Intro into a “separate network segment” with a tight security perimeter.
The company also said that when mail goes through the Intro service, “we make sure we never persist the mail contents to our systems in an unencrypted form. And once the user has retrieved the mail, the encrypted content is deleted from our systems.”
LinkedIn also pointed to its privacy policies regarding how it handles email data, saying it takes them “very seriously.” For now, at least, it sounds like the professional networking site isn’t backing off from Intro. But given its security breach last year, when six million user passwords were compromised, and a more recent class action alleging email hacking against LinkedIn, the controversy over Intro will not necessarily fade quickly.