Microsoft is running one of the largest corporate espionage operations in modern history. Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm. The user is never asked. Never told. LinkedIn’s privacy policy does not mention it. Because LinkedIn knows each user’s real name, employer, and job title, it is not searching anonymous visitors. It is searching identified people at identified companies. Millions of companies. Every day. All over the world.

Microsoft is running one of the largest corporate espionage operations in modern history. Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm.

https://news.ycombinator.com/item?id=47613981

  • bleistift2@sopuli.xyzEnglish
    153·
    8 hours ago

    First comment from the link:

    Every time you open LinkedIn in a Chrome-based browser, LinkedIn’s JavaScript executes a silent scan of your installed browser extensions. The scan probes for thousands of specific extensions by ID, collects the results, encrypts them, and transmits them to LinkedIn’s servers.

    That is very different from “searches their computer for installed software”

    • Madrigal@lemmy.worldEnglish
      352·
      7 hours ago

      Still don’t really understand why browsers expose this data to sites.

      Web browsers are just such a massive security hole.

      • bleistift2@sopuli.xyzEnglish
        151·
        6 hours ago

        On the contrary, websites are incredibly sandboxed. It’s damn near impossible to find out anything about the computer. Off the top of my head: Want to know where the file lives that the user just picked? Sure, it’s C:\fakepath\filename. Wanna check the color of a link to see if the user has visited the site before? No need to check. The answer will be ‘false’. Always.

        • Madrigal@lemmy.worldEnglish
          141·
          5 hours ago

          Here’s the information a web server needs to deliver content to a browser:

          • The requested resource
          • An IP address
          • User credentials (sometimes)

          Everything else is a fucking security hole. There’s no good reason for servers to know what extensions you have installed, what OS you’re running, the dimensions of your browser window, where your mouse cursor is positioned, or any one of a thousand other data points that browsers freely hand over.

          • Serinus@lemmy.worldEnglish
            41·
            3 hours ago

            There are absolutely reasons. Firefox is done by a reasonable job of anti-fingerprinting, and it’s a fine line to walk to disable as many of those indicators as possible without breaking sites.

            Browsers do give away too much, but at least Firefox is working on it. And it’s not extremely straightforward.

    • credo@lemmy.worldEnglish
      52·
      8 hours ago

      Well, I guess it’s technically installed software… but the scope is significantly less than what’s implied from the headline. My immediate reaction was, “how?”

      This is basically standard browser fingerprinting, hence why it’s sold for surveillance activities. Linked in is big brother.

    • hansolo@lemmy.todayEnglish
      231·
      8 hours ago

      WTF is this article? Browser extensions are standard browser fingerprinting data.

    • lmr0x61@lemmy.mlEnglish
      53·
      7 hours ago

      That sounds… normal? and maybe even sensible, especially if LinkedIn does SSR, since that could allow the servers know how to tailor the content to the specific browser requesting a page.

      • TootGuitar@sh.itjust.worksEnglish
        6·
        2 hours ago

        In what fucking world is it “normal” or “sensible” to scan your browser extensions to decide how to render a page? Please explain.

        I’ve been doing web development for 30 years (since the time when “SSR” was just called “building a web app”) and I have not once ever had the desire or need to do this.

  • Blaster M@lemmy.worldEnglish
    292·
    8 hours ago

    Browsing extensions are being discovered by directly probing them - over 6,200 of them - and they are particular extensions tied to religious, political, and neurodivergent use cases. This is more than just browser fingerprinting - it is breaching the privacy of the user and profiling them in ways deemed illegal in the EU (GDPR) and even California. That doesn’t include the tracking cookies, either.