Why LinkedIn's new Intro feature is scary as hell and needs to die by fire

LinkedIn released what, on the surface, sounds like a great new feature: Intro. It lets you have fancy business-centric HTML content injected right in your emails. If the word injected seems odd, it should. The way Intro is implemented, it destroys security and privacy in mail. Scratch the great sounding surface, and you find a minefield. Matthew Panzarino on TechCrunch:

Even if you aren't one of these corporate clients, adding in an interstitial proxy server that even temporarily handles your email is not a good idea – especially if the company who runs the server has been the victim of an enormous data theft hack which nabbed some 6.5M passwords and was shown to be transmitting emails, names and notes from your calendar in plain text. Both of which occurred in the last 18 months. I'm just not sure that LinkedIn doing 'everything we can' to keep us safe is good enough in this case.

Exactly right. I can't imagine any security expert or IT administrator would look at the diagram in Matthew's post and not react with shock, disbelief, and outright rejection.

Super smart engineers at LinkedIn no doubt built something awesome - it just happens to be a bomb. That's why engineering departments have marketing, legal, and simple product oversight divisions to go with them. They're supposed to say, hey, wait, yeah, super cool... we're never, not ever, going to build that.

LinkedIn's new Intro feature is insanely clever, but it's a security and privacy nightmare waiting to happen. It shouldn't be used, not by anyone, and LinkedIn should kill it by fire.

Source: TechCrunch