Microsoft is running one of the largest corporate espionage operations in modern history.
Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm.
The user is never asked. Never told. LinkedIn’s privacy policy does not mention it.
Because LinkedIn knows each user’s real name, employer, and job title, it is not searching anonymous visitors. It is searching identified people at identified companies. Millions of companies. Every day. All over the world.
It scans your JavaScript context for known browser plugins. That’s it. It’s not scanning your whole computer for installed software.
I was gonna say… If LinkedIn managed to figure out how to break out of the browser sandbox, this would be a much bigger headline. Like “scanning your PC for installed software without the user’s knowledge, simply by visiting the site” is full blown “pull the plug on your entire internet connection until this zero day exploit can be figured out” levels of bad.
I think the “American-Israeli cybersecurity firm” bit really sells the plausibility of this while also being dangerously close to “my uncle works at Nintendo.”
What about the app?
The app will run inside the phone’s sandbox. It can’t see anything outside of its self unless you explicitly give it permission to.