[offbyone]

That article misses the key point; a MITM proxy for mail is the actual problem, no matter how well implemented it is.

[Barnabas]

Agreed. The third party to defend against is not only an intruder to LinkedIn, but LinkedIn itself.

If there are "misperceptions" about Intro, let us include LinkedIn's own misperception of how some of us view account security.

[mrmch]

Isn't this the exact same approach taken by Mailboxapp, proxying your IMAP server?

[PeterisP]

Does this reduce the problem in any way?

[mrmch]

The idea that this is a "problem" is subjective; if the value prop is compelling and there is sufficient trust established, someone should be free to use Mailboxapp OR Intro.

[PeterisP]

The problem doesn't ever go away - if you're using Mailboxapp, you're forever going to be vulnerable; you're free to use them and accept that risk, of course, but it's still a security problem with that service.

There is no such thing as 'sufficient trust estabilished' - trusting Mailboxapp right now doesn't in any way imply that it will be trustworthy enough for your needs (however large or small) after, say, a year. If you're using software X, for example, then you can think about renewing trust only when going to software X+1; but with such a service they can go from 'doing only good things' to 'intentially selling you out' at any arbitrary time.

For example, look at what's happening at Buffer. By using intro or Mailboxapp, you've just added another company whose decisions may screw you up, and that is a problem.

[namecast]

Well put. All due respect to Cory, but this article could have been titled "why we think you shouldn't freak out over our MiTM attack".