Batu69 Posted October 9, 2016 Share Posted October 9, 2016 LinkedIn users are showing concern today as it comes to light that the business network will access a user’s Gmail contacts if the user has a Gmail session and a LinkedIn session open in the same browser – and LinkedIn has confirmed that there is currently no way to turn off what it refers to as the ‘auto-authorization’ that lets this poaching occur. Scientist Forrest Abouelnasr published a digest of his conversation with LinkedIn support after he began to notice impossible associations cropping up on his LinkedIn page: ‘I’ve never knowingly given linkedin permission to access my gmail contacts, but it keeps suggesting I connect on linkedin with people whose only connection to me is messages through gmail – and it usually happens suspiciously right after I send and receive a few emails from that person. This behavior has in the past included people whom I know do not have a linkedin account, since it suggests that I “invite them to linkedin” – which means the other person cannot be allowing linkedin access to their emails, it must be through my linkedin account.’ LinkedIn’s initial response to Abouelnasr suggested that he may have been unaware of the ramifications of sending invitations and using features which he had, in fact, not used – and the explanation didn’t seem to add up. On further investigation, the same representative looked further into the matter and discovered that this ‘infection’ between Gmail and LinkedIn is by design: ‘What you have encountered is that the people you may know could have been uploaded to LinkedIn through auto authorization if you had at any time your LinkedIn account open and accessed any of your emails through the same browser…In order from preventing this from happening again, you will want to be careful to not open up your personal email address in the same browser when you have your LinkedIn account open.’ When Abouelnasr asked how he could revoke this ‘auto-authorization’, he was told: ‘There is not a setting to specifically turn this feature off. The only way to truly prevent this from happening again is to open up those items in separate browsers. We are not doing this to invade your privacy, we are doing this to assist you in growing your network. We don’t share this information with anyone else and is particular to your account only.’ This case is of particular interest to me, since I have been trying to get a response from Facebook for some time over exactly the same issue – that people I have only ever connected with via Gmail and never even looked up on Facebook have begun appearing as friend recommendations. At a technical level this kind of cross-site cross-pollination is quite achievable with the technical resources available to the major players concerned – supercookies, canvas fingerprinting, and global cookies acting as cross-site intermediaries all offer the possibility of breaking through a website’s sandbox. But since both Gmail and LinkedIn use secure (https) protocols universally, it would be interesting to know the mechanics of this particular type of data heist. And it is hard to see how cookie-style data could deliver a complete contact list without a dedicated API to facilitate it. It is worth noting that ‘auto-authorization’ is surely a contradiction in terms..? Article source Link to comment Share on other sites More sharing options...
luisam Posted October 9, 2016 Share Posted October 9, 2016 ‘Auto-authorization" is an euphemism and understatement. Linkedln is HIJACKING mail contacts to send unauthorized requests to contact or affiliate them or you to their "network" Link to comment Share on other sites More sharing options...
ck_kent Posted October 10, 2016 Share Posted October 10, 2016 The last time I checked, this was considered malware behavior. I wonder when this started, was it after MS bought it? Firefox and Chrome should be issuing a warning when visiting this site. Link to comment Share on other sites More sharing options...
shamu726 Posted October 10, 2016 Share Posted October 10, 2016 27 minutes ago, ck_kent said: The last time I checked, this was considered malware behavior. I wonder when this started, was it after MS bought it? That acquisition hasn't been completed yet, so u can't blame MS. Link to comment Share on other sites More sharing options...
AppleGeek Posted October 10, 2016 Share Posted October 10, 2016 Why particularly gmail and not other email providers? Is gmIl particularly vulnerable? Link to comment Share on other sites More sharing options...
flash48 Posted October 10, 2016 Share Posted October 10, 2016 I believe Facebook is doing the same. Several years ago when I created a dummy Facebook account, I soon notice a bunch of 'friend requests' from people I do know and in the 'people you may know column' some of my e-mail contacts were displayed. Frankly, I was puzzled by this since my Facebook account has all phony data about me. Now I am beginning to understand what happened. Thanks for the article. Link to comment Share on other sites More sharing options...
pc71520 Posted October 10, 2016 Share Posted October 10, 2016 22 hours ago, Batu69 said: LinkedIn users are showing concern today as it comes to light that the business network will access a user’s Gmail contacts if the user has a Gmail session and a LinkedIn session open in the same browser – and LinkedIn has confirmed that there is currently no way to turn off what it refers to as the ‘auto-authorization’ that lets this poaching occur. Phishing it is... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.