Microsoft is running one of the largest corporate espionage operations in modern history. Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm. The user is never asked. Never told. LinkedIn’s privacy policy does not mention it. Because LinkedIn knows each user’s real name, employer, and job title, it is not searching anonymous visitors. It is searching identified people at identified companies. Millions of companies. Every day. All over the world.

Microsoft is running one of the largest corporate espionage operations in modern history.

Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm.

The user is never asked. Never told. LinkedIn’s privacy policy does not mention it.

Because LinkedIn knows each user’s real name, employer, and job title, it is not searching anonymous visitors. It is searching identified people at identified companies. Millions of companies. Every day. All over the world.

  • PumaStoleMyBluff@lemmy.worldEnglish
    0·
    17 days ago

    Yeah, they can very easily get all of that right now. But functionally there’s no good reason for any browser to let them. Page layout should be a one-way operation that doesn’t allow information back through.

    • jtrek@startrek.websiteEnglish
      0·
      17 days ago

      You’d have to kill a lot of JavaScript and CSS for that to work, and then a lot of legitimate function goes away.

      Done much web development work?

      • PumaStoleMyBluff@lemmy.worldEnglish
        0·
        17 days ago

        You don’t have to kill much functionality at all. Scripts that need to access that data should simply live in a sandbox with no network access. They can still do full computational layout.

        I have done exclusively web development work.

        • jtrek@startrek.websiteEnglish
          0·
          17 days ago

          So you’re going to make it illegal to call getBoundingClientRect and then pass that information to fetch through any mechanism?

      • partofthevoice@lemmy.zipEnglish
        0·
        17 days ago

        Surely functionality affecting display can be standardized to the point of making them useless for fingerprints? I don’t really care what font my browser uses, as long as I don’t notice it. Similarly, other details should either be randomized, mocked, jittered, or outright blocked. Fingerprinting only works because they’re operating in a rather non-adversarial space. The weakness with their current approach is the huge set of variables, which I’m sure we can leverage to reduce the algorithms determinism.

        We can either all appear the same, or appear completely unique every time. Either approach should work.