Hacker News new | past | comments | ask | show | jobs | submit login
I think the LinkedIn Intro team deserves a thumbs up, do you? (evercontact.com)
16 points by plaval on Nov 13, 2013 | hide | past | favorite | 16 comments



I think LinkedIn has a bit of a bad reputation due to their leaking of ~6 million passwords last year, so people are perhaps right to be worried about their credentials.

Also, the example of giving out Gmail access via OAuth is a little inaccurate since OAuth is more auditable and revokable than sharing your username and password with a third party, which is what Intro requires (even if they promise not to look.)


They have a bad reputation in my book because they historically would create an account for you without you even agreeing to join. This is on top of their other unscrupulous actions[1]. IMO they are just a scummy, marketing-driven corporation and I have many friends who see them the same way; though, there's no single action or behavior, it's the sum of their actions.

1. http://www.latimes.com/business/technology/la-fi-tn-linkedin...


Actually, LinkedIn Intro uses oAuth2 to connect to your Google Account.


Ah, fair enough. I still think the comparison is invalid since many people are using other IMAP e-mail providers, where they are generally giving away their unrevokable crown jewels.


Yahoo mail. Gmail, Hotmail provide a real monetary value to me : they make it easy for me to get emails without setting up my email server or being hostage to the whims of my ISP. I trade my email privacy with these companies in exchange for savings. I understand that deal and I am comfortable with it.

LinkedIn on the other hand is an addressbook / contact list and nothing more to me. I do not assign their service having any monetary value to me. I am not a call center operator : I do not need that lookup capability. Therefore I do not want them to fuck with my email. And that is why I find their hack to be sleazy.


Of course. It's all based on value exchange and if you don't perceive value in their service, then there's no sense in engaging in it. For those that enjoy seeing linkedin profiles (myself included) as you enjoy the comfort of not having to deal with email servers/ISP, it might make more sense. To each his own.


I don’t think the team has done anything noteworthy by coming up with a hack that increases risks for the end-user (privacy and security come to mind). Additionally, the technique is not new — redirecting email for scanning and possibly injecting additional content is how spam services work. Conceptually, even Chrome plugins do the same thing in your browser.


I can understand the logic that adding any connection to a platform increases security risks--- examples of hacks of multiple platforms via weaknesses in adobe/java/oracle listed here: http://blog.evercontact.com/we-think-the-linkedin-intro-team...

I'd say that the funny thing about many "hacks", this one included, is that they indeed seem simple in hindsight, but the team at rapportive was the first to take that creative leap to try something that no one else had in Mail OS.


Troy Hunt's write-ups about Intro are quite a good read. http://www.troyhunt.com/2013/10/disassembling-privacy-implic...

Personally, my old hotmail account was breached multiple times, I don't trust Microsoft with my data...

Given LinkedIn's previous security woes, I think it's only a matter of time before it turns out that they've had attackers scraping user emails for credit card information since the start.


No I don't but I do like the service from writeThatName (now called evercontact or something)

Its not perfect - it updates overnight in some kind of batch job, but hell, people who email me, I then get their signature into my contacts.

I have a whole heap of contact management problems (skype, VOip, mobile, email, IRC, please can I link them all - please) but this is one brick in a very large wall.

NB - not affiliated to them, just liked the idea.


No. Thanks for asking!


I looked into it when it first came out and ditched it for obvious reasons.

However, it's surely awesome from a technical point of view. It's almost a pity that privacy issues overshadow the accomplishments.


Company that likes having access to your emails thinks other company did totally cool thing when they also wanted access to your emails.

To answer the question, no.


I don't think that Intro is the right way to go with our privacy.


somebody should ask linkedin if the plain text of linkedin messages are visible to their employees.


sure not




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: