Sponsored by..

Showing posts with label Privacy. Show all posts
Showing posts with label Privacy. Show all posts

Saturday 26 October 2013

Never mind the NSA, here is LinkedIn Intro

LinkedIn recently announced LinkedIn Intro which is an add-in to the iOS mail app, allowing you do display a contact's LinkedIn data in the message you are reading by injected code into the datastream. This is of marginal use to most people, and many reader will recognise this as being something that annoying browser plugins have done for some time.

Despite LinkedIn's Pledge of Privacy, many people are concerned that LinkedIn is intercepting and reading your email. I don't believe that LinkedIn is at all interested in the content of your email, but I do believe that it is interested in finding out who you contact instead in order to sell its so-called "product" on to more and more people.

Here's a thing - I use LinkedIn under an assumed name, but somehow LinkedIn thinks that I may know various people. Now, some of those are obviously connected to my fake profile.. but then it suggested that I know my own wife. We obviously I do, but the fake profile has no connection to her.. so the only source of this information must have been our shared IP address at home.

Then LinkedIn goes on a data-mining spree and suggests that I know all my coworkers who I also share an IP address with - which is true, but the fake profile I created does not. So, it seems pretty clear that LinkedIn uses your IP address to match you up with others.

LinkedIn has often been accused of rummaging through people's mailboxes without permission, but in this case it was not possible as my LinkedIn account is not linked to any mailboxes and uses a different username and password, so IP address is the only logical source of this.

But one day my wife (an occasional LinkedIn user) reported something very creepy indeed.. it reported that she may know a relative of mine that she does not really ever contact. And then some time later, I had another relative pop up in my fake profile. Where the hell does this information come from?

I have several theories about what is going on, including a deep suspicion that LinkedIn creates shadow profiles of non-members, and that it also includes hidden data about the relationships of members as well.. but those are just my opinions and I have nothing concrete to back them up. But what I do know from playing around with fake profiles is that LinkedIn is extremely clever and building up a network of suggested contacts whether you want them to or not.

LinkedIn's primary resource is the personal connections of its users. And just possibly that extends to shadow profiles of non-users as well. And that brings us back to LinkedIn Intro.. the quickest way of building up a truly massive collection of data about personal relationships is to do a traffic analysis on their email. You don't need to know the content, but if you know who they send and receive emails from then you will easily enumerate their professional and personal relationships. And then you can monetise that.

In the end, it doesn't matter if you sign up for LinkedIn Intro or not, because if just one person in your email chain does us it, then there's the possibility that LinkedIn will slurp up all that data for its own use.

LinkedIn has been accused by some of being the creepiest social network, and some commentators have gone even deeper into the risks of using Intro. There's even a lawsuit claiming that LinkedIn hacked email contacts but actually I suspect that LinkedIn wouldn't even need to bother doing that as it is clearly very efficient in working out contacts without it.

I suspect that at some point the issue of LinkedIn's data gathering will become a big issue, and the company will either need to explain exactly how it collects its data or perhaps someone on the inside will leak it out. Are they doing something illegal? Probably not. Are they doing something very creepy? Almost definitely yes.

Monday 19 October 2009

Google indexing private Google Voice transcripts?

A disturbing item from the Boy Genius Report indicates that seemingly private Google Voice transcripts are appearing in Google search results with a seemingly simple search string. Although some of these are "test" messages, one or two do seem to be the real deal. Oops.

Monday 5 October 2009

Are your personal details on Jigsaw.com?

An interesting post caught my eye about a site called Jigsaw.com over at the CluBlog. It's a sort of collective where people trade other people's business card information, and it might well be the reason why my number of irrelevant direct marketing calls has gone through the roof.

The blog post also usefully tells you how to remove your details - recommended reading!

Monday 2 February 2009

Drive-by cloning of RFID passports

Here's a different type of drive-by attack than the usual one.. security researcher Chris Paget shows that it is possible to read RFID tages from a passing moving vehicle and clone all the information they contain.. for the price of $250 worth of kit off eBay.

Tuesday 1 April 2008

Telephore - advertising gone too far?

Context-sensitive ads are all the rage, but Telephore is the first one to bring them to your mobile phone.. nope, not text messages, but spoken ads that interrupt your call!

What is even more troubling is that Telephore analyses your conversations with a sophisticated voice recognition system and stores them for later reference. Is this too much power to give to a private company? Mobile Gazette have more details on this controversial system.