nixCraft 🐧

LinkedIn Is Illegally Searching Your Computer. Microsoft is running one of the largest corporate espionage operations in modern history https://browsergate.eu/

Is there anything Microsoft is not doing these days?

LinkedIn Is Illegally Searching Your Computer

Microsoft is running one of the largest corporate espionage operations in modern history. Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm. The user is never asked. Never told. LinkedIn’s privacy policy does not mention it. Because LinkedIn knows each user’s real name, employer, and job title, it is not searching anonymous visitors. It is searching identified people at identified companies. Millions of companies. Every day. All over the world.

BrowserGate
2:56pmWeb
Show threadv9h ago
@nixCraft how it feels to not use linked in ---->🙂
Show threadAnthk9h ago
@nixCraft Propietary JS gives everyone this for free'.
Show threadcholling9h ago
@nixCraft making good software?
Show threadpancsta9h ago
@nixCraft TLDR *browser and only for DOM-injecting or file serving web extensions. This would explain why the website is so slow...
Show threadjonathankoren™6h ago

@pancsta @nixCraft scrapping from extensions puts a lot of stress on the servers.

What’s completely expected by an ancient like this, is a the researchers breathlessly take single sentences out of a sworn deposition and then claim they’re contradictory, but when you read the actual deposition, it’s completely mundane.

There is so much fucking bullshit in the original report

Show threadRay McCarthy9h ago
@nixCraft
Listening much to customer or doing QA & test?
The insider program is no substitute and should be scrapped. Exploitation.
Show threadFlamekebab8h ago

@nixCraft *repeatedly beating the company on the nose with a rolled up newspaper*
🗞️ STOP 🗞️ BEING 🗞️ ARSEHOLES! 🗞️

Send in the next one.

Show threadferricoxide8h ago
@nixCraft Or, why:

1. I don't use Chrome or chromium browsers unless I absolutely have to
2. When I do use Chrome, i generally run it inside of a VM (or, on my laptop, a WSL2 container)
3. I have things like EFF's Privacy Badger, uBlock Origin (on my non-Chrome browsers), and NoScript plugins installed
4. I don't really login to LinkedIn (and, to the greatest degree possible, any of the O365 or other MicroSoft-owned sites)
Show threadReaverz3r07h ago
@nixCraft how?
Show threadTm5h ago
@Reaverz3r0 @nixCraft I also wonder, it is using Microsoft or even with Linux the "hidden codes" are running ?
Show threadgunstick5h ago
@Reaverz3r0 @nixCraft
They scan chrome for chrome extensions. Probably by triggering a response from the extension and reporting that back.
Show threadAndreas2h ago

@Reaverz3r0

It is explained in detail on the linked website -> "The Attack: How it works"

Show threadpeterfr7h ago
@nixCraft like running 2 outlooks on artemis? https://www.404media.co/artemis-2-astronauts-microsoft-outlook-livestream/
Artemis II Astronauts Have ‘Two Microsoft Outlooks’ and Neither Work

In space, no one can hear you scream at Microsoft’s legacy software.

404 Media
Show threadVincentvd7h ago
@nixCraft That is why i use a different browser to visit websites like these to isolate the threat.
Show threadAnna Miriamsdochter7h ago
@Dehuisgenoot
Show threadpafurijaz5h ago
@nixCraft Isn't that Microsoft's purpose?
Wherever Microsoft is, there is a crime.
Show threadgunstick5h ago
@nixCraft this is for sure done by a loaded js file. Which could just be added to the adblocker.
Show threadheptapodEnthusiast 🏳️‍🌈5h ago

@nixCraft I wish I were surprised, but this type of behavior is fairly common among big tech companies, with the internal justification of stopping fraud.

I haven't worked at Google in over a decade, before GDPR came into effect, but they have / had a very similar browser fingerprinting mechanism for identifying fraud-like patterns and account takeovers. There was a lightweight version for the login page, and a heavyweight version for pages that took credit cards or other payment information.

Show threadWorik2h ago

@nixCraft No
It is scanning browser extensions, on Chrome

Microsoft, Google, LinkedIn and Chrome are all evil. But this is "only" bad.

Show threadTock1h ago

@nixCraft "Is there anything Microsoft is not doing these days?"

What the users ask for, apparently.

They're spinning that they are removing CoPilot from "unnecessary apps" as a user experience concession, but really, they're decreasing CoPilot's footprint in the RAMpocalypse era and walking back any recommendation of system RAM past the minimum.

Nobody involved in AI cares about end user efficiency. Just their datacenter and pocket book.

Show threadBaloo Uriza1h ago
@nixCraft Writing a competent corporate desktop? Making Teams not take 8 gigs while constantly swapping?