Microsoft is running one of the largest corporate espionage operations in modern history. Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm.
Alright, I’ll bite. What would one use instead of LinkedIn
I am not a big fan of it myself, but it’s been providing me insight on the corporate world. I have had great job-seeking experience there, especially with the Easy Apply feature.
Recently, tho, it’s been shitty, especially with all the avalance of AI slop, both as content as well as job requirements.
I’d like to know if there’s a less shitty alternative.
First comment from the link:
Every time you open LinkedIn in a Chrome-based browser, LinkedIn’s JavaScript executes a silent scan of your installed browser extensions. The scan probes for thousands of specific extensions by ID, collects the results, encrypts them, and transmits them to LinkedIn’s servers.
That is very different from “searches their computer for installed software”
Still don’t really understand why browsers expose this data to sites.
Web browsers are just such a massive security hole.
On the contrary, websites are incredibly sandboxed. It’s damn near impossible to find out anything about the computer. Off the top of my head: Want to know where the file lives that the user just picked? Sure, it’s C:\fakepath\filename. Wanna check the color of a link to see if the user has visited the site before? No need to check. The answer will be ‘false’. Always.
Here’s the information a web server needs to deliver content to a browser:
- The requested resource
- An IP address
- User credentials (sometimes)
Everything else is a fucking security hole. There’s no good reason for servers to know what extensions you have installed, what OS you’re running, the dimensions of your browser window, where your mouse cursor is positioned, or any one of a thousand other data points that browsers freely hand over.
If the site doesn’t know the window width of can’t react to mobile or desktop users automatically or scale elements/ change to best for your display.
You need mouse input for hovering effects as well
That can all be done 100% client side. The server does not need this information.
Ah I read as the Brower doesn’t need that data. I’d say it needs width (maybe height) but that’s it
But this info talked about in OP is done via client sending the data to a server not the server getting it all the time
If you can do it client side, you can send it to a server…
The difference is intent.
you can send it to a server
Yes, because web browsers, under current web architecture, allow this.
This is entirely my point.
There are absolutely reasons. Firefox is done by a reasonable job of anti-fingerprinting, and it’s a fine line to walk to disable as many of those indicators as possible without breaking sites.
Browsers do give away too much, but at least Firefox is working on it. And it’s not extremely straightforward.
Well, I guess it’s technically installed software… but the scope is significantly less than what’s implied from the headline. My immediate reaction was, “how?”
This is basically standard browser fingerprinting, hence why it’s sold for surveillance activities. Linked in is big brother.
WTF is this article? Browser extensions are standard browser fingerprinting data.
Gonna have to agree here. Article headline is rage bait
That sounds… normal? and maybe even sensible, especially if LinkedIn does SSR, since that could allow the servers know how to tailor the content to the specific browser requesting a page.
In what fucking world is it “normal” or “sensible” to scan your browser extensions to decide how to render a page? Please explain.
I’ve been doing web development for 30 years (since the time when “SSR” was just called “building a web app”) and I have not once ever had the desire or need to do this.
Browsing extensions are being discovered by directly probing them - over 6,200 of them - and they are particular extensions tied to religious, political, and neurodivergent use cases. This is more than just browser fingerprinting - it is breaching the privacy of the user and profiling them in ways deemed illegal in the EU (GDPR) and even California. That doesn’t include the tracking cookies, either.
