Following our recent discovery and the great public attention to the subject, LinkedIn pushed out an update to their Android and iOS mobile apps. LinkedIn’s response was prompt and could be used as a case study for the way wide press coverage and public attention forces vendors to fix their application’s UI and logic rapidly.
LinkedIn made two important changes to their app following our publication:
- They no longer send meeting notes to their servers.
- The app notifies its users about the kind of information it collects and transmits to LinkedIn’s servers.
We believe that this is an important step in the right direction, but recommend they apply additional modifications. At the moment, the app still transfers many other sensitive pieces of information to LinkedIn’s servers. These include the location of the meeting, which also tends to contain calling details and passcodes in some organizations, as well as the meeting subject, date and time. According to LinkedIn’s statement, they do not utilize this information at this point of time; however, they might want to use it in the future to provide additional and enhanced features. Our recommendation to them was simply to avoid grabbing data their application logic does not need today. When they consider additional features for addition, they should measure the added value for their users versus the privacy impact they may have, and then take an educated decision on the matter.
Secondly, the fact LinkedIn sends the actual, raw participants list and not hashed version of the participants details allows them to learn about meetings of participants that are not LinkedIn users. Applying the hash based solution we offered would mainly help protect the privacy of people who are not LinkedIn users, but I still hope it will be done.
We need to remember that while LinkedIn states that they do not keep the information, the fact it is being transmitted to their servers is still problematic. What if the LinkedIn servers get hacked? The attacker could then decide to forward this type of information to his/her own servers. The recent attacks on LinkedIn, in which more than 6 million password hashed were leaked from LinkedIn, show us that this scenario is not far fetched. It is suddenly not just LinkedIn that we need to trust; we now need to trust the hackers who would potentially break into LinkedIn servers. I definitely don’t trust those.
The updates to the mobile app probably cover LinkedIn from the legal aspects, however it is up to the users to decide whether the changes are good enough for their own privacy. Users need to decide whether the great benefits of this feature are worth the loss of their privacy. Yair Amit and I mainly wanted this decision to be under the control and knowledge of LinkedIn’s users. Now that it is, the users are left with a tough choice. I wish LinkedIn would apply the changes we proposed – if so, that choice would be much easier, and eventually better for both LinkedIn and its users.