[grey-area]

I never hear the same criticism of Facebook or Twitter here, even though their privacy policies are just as bad, or worse in many cases, and they also send bulk email.

Intercepting email and inserting content is quantitatively different from sending bulk email. I think this programme is being criticised because it intercepts people's mail and inserts content - that's very different from receiving mail and leads to insecurity on several levels (they see your mail, sharing passwords, getting used to inserted content which can then be imitated for phishing).

Also people do criticise FB and Twitter here too, but the objection is not spamming.

[cmccabe]

"They see your mail." Ooh, scary. Email is effectively a postcard. It gets sent in cleartext all over the internet. If you think that email is even slightly private, you are misinformed. I don't see why I should trust LinkedIn any more or less with my emails than Google, Yahoo!, or any of the other companies that run regular old SMTP servers which process and store (possibly forever) tons of my email.

"sharing passwords" isn't a problem with this scheme because it doesn't use your password. It creates a separate IMAP account and links it to your regular account via OAuth.

"I think this programme is being criticised because it intercepts people's mail and inserts content" -- really? A sample comment is "they are spammers." Nothing there about man-in-the-middle, nothing there about email interception. I don't think most of the people bashing LinkedIn here even understand how Rapportive/Intro works.

The particular CSS exploit shown here seems like one that can and will be fixed. Obviously, there are other ways to do phishing via email, including just sending an email that looks like someone else's mail (remember: postcard). A lot of mail services are starting to filter spammy or fake-looking mail, so that may help.