Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Technologically this is straightforward: it uses a proxy server that sits in between you and your actual mailserver.

I think the privacy concerns of having your mail (potentially) available over yet another server in exchange for modest convenience makes it unlikely that I would use this, but I'm sure many will find the trade-off acceptable and desirable.



There are lots of concerns:

* your local mail client might get different E-mail content every time mail is downloaded, which is not the intent of IMAP,

* LinkedIn (hence, the NSA) gets full access to your E-mail,

* once people get hooked it's easy to transition to inserting ads, or "more helpful LinkedIn content",

I find all this rather disturbing and would never use this service.


> * LinkedIn (hence, the NSA) gets full access to your E-mail,

What if I believe that Google (hence the NSA) already has access to my Gmail? What's the cost to my privacy if it's already lost?

My major concern is that if I provide Linkedin my credentials, I now have doubled my attack surface for intrusion by non-governmental actors.


>What if I believe that Google (hence the NSA) already has access to my Gmail? What's the cost to my privacy if it's already lost?

Can I have your gmail and password? If not, why not?


I believe they use OAuth for Gmail and Google Apps, much like Mailbox.


You can have my gmail and password, but only if you promise to spam me and show me ads.


You're doubling your surface for anything unethical, too. It not just the NSA, so it really makes no sense to take additional risk in this regards. You are adding an [or] operator, one that can lead to a complete failure mode. This is the opposite of risk diversification. Unless I'm missing something.


Yes, Google has your email, but not your credentials. A breach of your email exposes all the email you have now. Bad, yes. A breach of your credentials exposes all the email you get until you change them, and if you don't know to change them...


Ditch Gmail and host your own email server.


Before every email as yourself "if this email went public, would anyone care?" If I ever answer "yes", I don't send it. I either call or meet in person assuming we're not too remote.


That may work for outgoing mail, but this is reading incoming mail, which you have considerably less control over.


> I find all this rather disturbing and would never use this service.

You don't have a choice. If the person on the other end is using this service then your emails to them are hoovered.


Yes, I would never want them (or virtually any third party) to have the ability to access my inbox, much less stand in between my mail provider and myself.


>I'm sure many will find the trade-off acceptable and desirable.

This is making a big assumption that they understand the implications. Or that LinkedIn explains them at all.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: