Microsoft is running one of the largest corporate espionage operations in modern history. Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm. The user is never asked. Never told. LinkedIn’s privacy policy does not mention it. Because LinkedIn knows each user’s real name, employer, and job title, it is not searching anonymous visitors. It is searching identified people at identified companies. Millions of companies. Every day. All over the world.

Microsoft is running one of the largest corporate espionage operations in modern history. Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm.

https://news.ycombinator.com/item?id=47613981

  • Madrigal@lemmy.worldEnglish
    39·
    9 hours ago

    Still don’t really understand why browsers expose this data to sites.

    Web browsers are just such a massive security hole.

    • bleistift2@sopuli.xyzEnglish
      17·
      9 hours ago

      On the contrary, websites are incredibly sandboxed. It’s damn near impossible to find out anything about the computer. Off the top of my head: Want to know where the file lives that the user just picked? Sure, it’s C:\fakepath\filename. Wanna check the color of a link to see if the user has visited the site before? No need to check. The answer will be ‘false’. Always.

      • Madrigal@lemmy.worldEnglish
        21·
        8 hours ago

        Here’s the information a web server needs to deliver content to a browser:

        • The requested resource
        • An IP address
        • User credentials (sometimes)

        Everything else is a fucking security hole. There’s no good reason for servers to know what extensions you have installed, what OS you’re running, the dimensions of your browser window, where your mouse cursor is positioned, or any one of a thousand other data points that browsers freely hand over.

        • Dnb@lemmy.dbzer0.comEnglish
          1·
          1 hour ago

          If the site doesn’t know the window width of can’t react to mobile or desktop users automatically or scale elements/ change to best for your display.

          You need mouse input for hovering effects as well

            • Dnb@lemmy.dbzer0.comEnglish
              2·
              55 minutes ago

              Ah I read as the Brower doesn’t need that data. I’d say it needs width (maybe height) but that’s it

              But this info talked about in OP is done via client sending the data to a server not the server getting it all the time

            • 3abas@lemmy.worldEnglish
              1·
              38 minutes ago

              If you can do it client side, you can send it to a server…

              The difference is intent.

              • Madrigal@lemmy.worldEnglish
                1·
                28 minutes ago

                you can send it to a server

                Yes, because web browsers, under current web architecture, allow this.

                This is entirely my point.

        • Serinus@lemmy.worldEnglish
          7·
          6 hours ago

          There are absolutely reasons. Firefox is done by a reasonable job of anti-fingerprinting, and it’s a fine line to walk to disable as many of those indicators as possible without breaking sites.

          Browsers do give away too much, but at least Firefox is working on it. And it’s not extremely straightforward.