Microsoft is running one of the largest corporate espionage operations in modern history. Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm. The user is never asked. Never told. LinkedIn’s privacy policy does not mention it. Because LinkedIn knows each user’s real name, employer, and job title, it is not searching anonymous visitors. It is searching identified people at identified companies. Millions of companies. Every day. All over the world.
  • mlfh@lemmy.sdf.orgEnglish
    24·
    1 day ago

    Since this is being posted fucking everywhere with the same sensational headline that makes it look like linkedin is jumping out of the browser to scan your actual filesystems, here’s an exerpt from the site linked:

    The Attack: How it works
    Every time you open LinkedIn in a Chrome-based browser, LinkedIn’s JavaScript executes a silent scan of your installed browser extensions. The scan probes for thousands of specific extensions by ID, collects the results, encrypts them, and transmits them to LinkedIn’s servers. The entire process happens in the background. There is no consent dialog, no notification, no mention of it in LinkedIn’s privacy policy.

    It’s enumerating the browser extensions you have installed.

    • ActualGrapesTasteGreen@piefed.zipEnglish
      9·
      1 day ago

      This should be top comment in every post of this article. It doesn’t make what they’re doing ok, but it’s less sensational.

      Honestly I’m surprised any browsers let arbitrary websites list installed extensions.

    • OwOarchist@pawb.socialEnglish
      5·
      1 day ago

      Still could be quite damaging to your privacy, especially since LinkedIn usually also knows your real name and your employer, so they can easily match this list of extensions up with a precisely identified person.

  • scytale@piefed.zipEnglish
    16·
    2 days ago

    LinkedIn loads an invisible tracking element from HUMAN Security (formerly PerimeterX), an American-Israeli cybersecurity firm, zero pixels wide, hidden off-screen, that sets cookies on your browser without your knowledge. A separate fingerprinting script runs from LinkedIn’s own servers. A third script from Google executes silently on every page load. All of it encrypted. None of it disclosed.

    Can’t uBO block this with custom filters?

    • floofloof@lemmy.caEnglish
      8·
      2 days ago

      I don’t know, but I just added a DNS override on my home network to resolve *.linkedin.com to 0.0.0.0.

  • Tim_Bisley@piefed.socialEnglish
    7·
    2 days ago

    I’d like to know how this functions because if MS is doing it than others are as well. Metadata in your browser is one thing but being able to see past that is unacceptable.

  • Kairos@lemmy.todayEnglish
    3·
    22 hours ago

    LinkedIn breaks the law without consequence all the fucking time. See their un-unsubscribable emails.

    • Rando@sh.itjust.worksEnglish
      4·
      2 days ago

      One Linux you could, I.E. for a flatpak you could use flatseal (or manually do it via command line) to lock down what folders the flatpak can operate in. I just did this for Brave Browser.

      There is also the software Bubblewrap that accomplishes the same. These are at the application level for the entire browser though.