Microsoft is running one of the largest corporate espionage operations in modern history. Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm. The user is never asked. Never told. LinkedIn’s privacy policy does not mention it. Because LinkedIn knows each user’s real name, employer, and job title, it is not searching anonymous visitors. It is searching identified people at identified companies. Millions of companies. Every day. All over the world.

Microsoft is running one of the largest corporate espionage operations in modern history.

Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm.

The user is never asked. Never told. LinkedIn’s privacy policy does not mention it.

Because LinkedIn knows each user’s real name, employer, and job title, it is not searching anonymous visitors. It is searching identified people at identified companies. Millions of companies. Every day. All over the world.

  • PumaStoleMyBluff@lemmy.worldEnglish
    2·
    2 days ago

    Yeah, they can very easily get all of that right now. But functionally there’s no good reason for any browser to let them. Page layout should be a one-way operation that doesn’t allow information back through.

    • jtrek@startrek.websiteEnglish
      4·
      2 days ago

      You’d have to kill a lot of JavaScript and CSS for that to work, and then a lot of legitimate function goes away.

      Done much web development work?

      • PumaStoleMyBluff@lemmy.worldEnglish
        2·
        2 days ago

        You don’t have to kill much functionality at all. Scripts that need to access that data should simply live in a sandbox with no network access. They can still do full computational layout.

        I have done exclusively web development work.

        • jtrek@startrek.websiteEnglish
          2·
          2 days ago

          So you’re going to make it illegal to call getBoundingClientRect and then pass that information to fetch through any mechanism?

          • PumaStoleMyBluff@lemmy.worldEnglish
            1·
            2 days ago

            Essentially yes. Basically, think of two JS sandboxes that can manipulate the same DOM. One can make requests, but cannot retrieve local layout data. The other can get layout data, but not make requests. Both can set layout data.

            Web developers can use the former 99% of the time, and the latter for more precise work.

      • partofthevoice@lemmy.zipEnglish
        1·
        2 days ago

        Surely functionality affecting display can be standardized to the point of making them useless for fingerprints? I don’t really care what font my browser uses, as long as I don’t notice it. Similarly, other details should either be randomized, mocked, jittered, or outright blocked. Fingerprinting only works because they’re operating in a rather non-adversarial space. The weakness with their current approach is the huge set of variables, which I’m sure we can leverage to reduce the algorithms determinism.

        We can either all appear the same, or appear completely unique every time. Either approach should work.

        • jtrek@startrek.websiteEnglish
          1·
          2 days ago

          I don’t know a lot about how fingerprinting works, but some of what i’ve read is pretty insidious. Some things could probably be obfuscated, but some of what the trackers use has legitimate purposes as well. Your application may serve different content based on the screen size, or fall back to an older library if such-and-such API isn’t supported.

          Personally I’d rather make targeting advertising and tracking illegal, and gut the whole thing to avoid the arms race.