LinkedIn messaging allows you to privately communicate with your professional connections. While it provides end-to-end encryption for one-on-one conversations, group conversations are encrypted but not end-to-end. Overall, LinkedIn messaging is reasonably secure but there are some risks to be aware of.
Encryption
For one-on-one conversations, LinkedIn uses end-to-end encryption. This means the messages are encrypted on your device before being sent, and only the recipient can decrypt them on their device using their private key. LinkedIn itself cannot access the contents of your private messages.
However, for group conversations with more than one recipient, standard encryption is used rather than end-to-end. LinkedIn can technically access the contents of these conversations on their servers, but they claim not to unless required by law.
Data Collection
While LinkedIn cannot access the content of your private end-to-end encrypted messages, they do collect metadata about your conversations. This includes information about who you are messaging, when, and how frequently. LinkedIn uses this metadata for advertising targeting and optimizations.
LinkedIn’s privacy policy states that they collect data on your connections, interactions with other members, posting activity, and other actions when using their services. Messaging metadata falls under this broad collection scope.
Compliance Monitoring
LinkedIn scans both private and group messages for spam, abuse, security threats, and violations of their user agreement. This helps them quickly detect and shut down any bad actors misusing messaging. However, it means your conversations are subject to algorithmic monitoring even though contents are encrypted.
Government Requests
As a US company, LinkedIn is subject to secret orders and national security letters from the US government requesting data. Their transparency report states they comply with valid legal requests, so your messaging metadata and potentially message contents could be handed to authorities if LinkedIn is ordered to do so.
Reporting
LinkedIn allows any user to report inappropriate messages they receive. These reports go to LinkedIn’s moderation teams who review the context and contents of your communications. If you send abusive or illegal messages, expect them to be flagged by the recipient and scrutinized by LinkedIn.
Data Breaches
While rare, LinkedIn has suffered security breaches exposing user data in the past. In 2012, 6.5 million hashed passwords were leaked. More recently in 2021, 700 million user records were scraped and sold online. Messaging data has not yet been compromised, but breaches remain a threat.
Unauthorized Access
If someone gains access to your account, they can read your message history and send new messages posing as you. Always use strong unique passwords and enable two-factor authentication to reduce this risk. Also be wary of phishing attempts trying to steal your login credentials.
Device Security
Messages stored locally on your device can be read by anyone with physical or remote access. Use a lock screen passphrase and keep your device updated and free of malware. Avoid linking LinkedIn to less secure apps that may expose your messages.
Deleting Messages
When you delete a LinkedIn message, it’s removed from your view but the recipient may still have a copy on their device or archived. Do not consider any message truly deleted unless also removed by the recipient. Assume all messages persist unless explicitly erased by all parties.
Message Retention
LinkedIn retains messaging metadata and content for years after you send or receive them according to their data retention policy. This allows them to comply with legal obligations. Assume your messages exist in LinkedIn’s archival systems indefinitely unless proven otherwise.
Legal Holds
If LinkedIn is notified your account is subject to litigation or investigation, they preserve associated messaging records beyond normal retention periods. Your messages could resurface years later if required as evidence, even if long deleted from your inbox.
Syncing with Email
You can sync LinkedIn messages to your email provider for convenience. But this means a copy exists in your email account, reducing control and exposing messages to additional risks inherent in email like hacking, unauthorized access, and poor retention policies.
concluding thoughts
LinkedIn messaging provides respectable privacy in many ways, but it’s important to understand the limitations. While content is encrypted, metadata is monitored. Authorities can request access with legal orders. Breaches and unauthorized access remain risks. And copies may persist beyond your control.
For casual professional correspondence it offers reasonable security. But for highly sensitive conversations, more specialized end-to-end encrypted apps may be preferable.
Overall, treat LinkedIn messaging as a professional environment knowing your conversations are observed at some level. Don’t say anything you wouldn’t want potentially read by third-parties now or years in the future as part of the public record.
With knowledge of its limitations, LinkedIn messaging allows private communication with your connections while balancing LinkedIn’s need to maintain a safe, compliant platform.