Mastodawn

Jernej Simončič �5h ago

Metin Seven 🎨

LinkedIn Is Illegally Searching Your Computer

https://browsergate.eu

#tech #technology #BigTech #IT #enshittification #microslop #microsoft #LinkedIn #social #media #SocialMedia #data #security #safety #InfoSec #internet #web

LinkedIn Is Illegally Searching Your Computer

Microsoft is running one of the largest corporate espionage operations in modern history. Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm. The user is never asked. Never told. LinkedIn’s privacy policy does not mention it. Because LinkedIn knows each user’s real name, employer, and job title, it is not searching anonymous visitors. It is searching identified people at identified companies. Millions of companies. Every day. All over the world.

BrowserGate

Stefan Ihringer 8h ago

@metin holy moly. I'm relieved that I've closed my account 2 months ago although for different reasons...

Metin Seven 🎨7h ago

@compfu 😆👍

I've also left LinkedIn some time ago. It has become Facebook part 2. Extremely annoying posts, people, notifications, UI / UX, bots, algorithms, tracking and AI misery. 😖👎

Dagnabbit, Pascaline! 💥5h ago

So true, I could no longer stand it, and each reply was 'Look at me' promoting themselves.

I wonder: does the search take place if you visit it without logging in? Because in some cases this works. Or does LI only search if a user is actively logged in?

Stefan Ihringer 5h ago

@pascaline @metin I've skimmed the article and it seems like they are brute-force searching for installed Chrome extensions. I can imagine that this is useful information for them, even if you're not logged in (there might be other browser fingerprinting techniques going on to identify you) but it's most useful to check if they know your actual name.

Dagnabbit, Pascaline! 💥5h ago

I don't use Chrome at all, so that's good.
But I have to use Edge because some of their stuff doesn't work in other browsers. I wonder how deeply they go into personal settings and other stuff.

@metin It's wild the browser even has access to be able to collect this information. I hope with how locked down I have Firefox that it wasn't able to do these things.

That said, it's also utterly discouraging that everyone feels the need to keep an account, I'm trying to keep mine hibernated until I end up on the job market again.

Metin Seven 🎨7h ago

@tehstu Yeah, I hope FediWork will soon mature and get an online home:

https://github.com/Haui1112/FediWork

#fediverse #LinkedIn

Jolivier 🇪🇺🇵🇸🇺🇦 🏳️‍🌈🦌7h ago

@metin @tehstu you can go see the simplistic https://ponos-job.eu/

Ponos - Alternative européenne open source et IA à LinkedIn

Réseau professionnel minimaliste, sans tracking, respectueux de votre vie privée. Conforme RGPD.

Ponos

Metin Seven 🎨6h ago

@Jolivier @tehstu Thanks! Added it to this post:

https://graphics.social/@metin/115894842710778497

Jolivier 🇪🇺🇵🇸🇺🇦 🏳️‍🌈🦌6h ago

@metin Great!

Marianne 4h ago

@tehstu @metin we are heavily encouraged to use ours at work to help boost our charity's posts' visibility.
Think I will get to deleting my account on Mon.

devsimsek 6h ago

@metin What? I am flabbergasted...

Metin Seven 🎨6h ago

@devsimsek Maybe the worst part of this is that I'm not surprised at all. 😔

devsimsek 6h ago

@metin I mean me neither, but still...

Toni Aittoniemi 6h ago

@metin Wow! Shit.

argentum 5h ago

@metin @404mediaco this sounds right up your alley!

Adrian Morales 5h ago

@metin Probably for dick pics 😅👍

OV Dragonman 5h ago

@metin Not if you cancelled your account, like 10 years ago!

Klaus Vink Slott 5h ago

@metin
Wtf. Have you guys seen this @noybeu ?

Tyler Parker 5h ago

@metin thank you for this much-needed inspiration

Metin Seven 🎨5h ago

@tylerparker 👍👍 Same here.

ĞÖKÜ👻👻™4h ago

@metin i used LinkedIn 20+ years ago for sometime 😅

@metin today in "reasons to use Firefox .."

Mitch Rose 4h ago

@Vivaldi IIRC you are chrome based - is your browser susceptible to this exploit?

https://browsergate.eu

LinkedIn Is Illegally Searching Your Computer

Microsoft is running one of the largest corporate espionage operations in modern history. Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm. The user is never asked. Never told. LinkedIn’s privacy policy does not mention it. Because LinkedIn knows each user’s real name, employer, and job title, it is not searching anonymous visitors. It is searching identified people at identified companies. Millions of companies. Every day. All over the world.

BrowserGate

Metin Seven 🎨4h ago

@mrose @Vivaldi I was also wondering about that.

Eric Bono 4h ago

Finally deleted it just now. Very mixed bag but I refuse to partake in this sort of bullshit. My contacts there are from a previous lifetime and I need some new projects now but I've never gotten them there.

Metin Seven 🎨4h ago

@EricBono 👍 I've also left LinkedIn some time ago. Felt liberating.

Eric Bono 4h ago

I bet. What a bunch of noise to no longer have in the back of your mind. Thanks for posting.

Guillotine Jones, Flâneur 4h ago

@metin
"LinkedIn Is Illegally Searching Your Computer."
This. Is. Fine.
Said no one -- except Microsoft -- ever.

Darwin Woodka 4h ago

That's why it isn't allowed on my computer

The Hat Fox 4h ago

@metin From what I’ve gathered, they are detecting installed Chrome browser extensions, not locally installed software. For a minute I thought there was some horrible new browser API that was exposing that.

Harvesting extension data still isn’t great, but it does beg the question why Chrome browsers allow that in the first place.

@thehatfox @metin My thoughts exactly. I thought extensions got a random id when installed to prevent something like this, kinda like ASLR. Maybe that's just a Firefox thing?

@steven @thehatfox @metin it seems LI assigned an internal code/id for each extension and match that with a known file in the extension. A randomly assigned ID makes no difference.

Cassandrich 1h ago

@thehatfox @metin There probably is some browser API exposing that too, to some extent, via what MIME types have application handlers. Though I'm not sure you can get much data there without possibly bombarding the user with download-prompt dialogs.

Robee? Na! 🌈4h ago

@metin I thought April fools was yesterday? 🤔

Metin Seven 🎨4h ago

@RobeeShepherd Sorry, we've reached April Reality Day. 😅

Robee? Na! 🌈3h ago

@metin Citation needed 😂

Green Hombre 4h ago

@metin
The day I retired, deleting my LinkedIn account felt like getting a tumor removed from my brain. What a monstrous circle jerk that place is.

Metin Seven 🎨4h ago

@greenhombre My thoughts exactly!

Green Hombre 4h ago

@metin
Networking is why God created Happy Hour. Fuck LinkedIn for trying to monetize human interaction and business cards.

@metin tbh I'm not gonna read all this but I am curious how JavaScript would be capable of doing this

Metin Seven 🎨3h ago

@swellbastion Yeah, good question.

@metin hm maybe when they say installed software they mean browser extensions. I guess that would technically be an accurate descriptor but it's not what I imagine in my head when they say installed software

Metin Seven 🎨3h ago

@swellbastion I think so too.

Jennifer Moore 😷1h ago

@metin @swellbastion

It says "LinkedIn scans for over 200 products that directly compete with its own sales tools, including Apollo, Lusha, and ZoomInfo."

- are those three things browser extensions? or is it more like, they _have_ browser extensions? I'm not sure I fully understand what's being claimed.

Metin Seven 🎨1h ago

@unchartedworlds @swellbastion Yes, browser extensions:

https://hachyderm.io/@dalias/116336835254561308

Cassandrich (@[email protected])

@[email protected] @[email protected] It is browser extensions, and they do it via some backdoors Chrome intentionally leaves to poke at extensions that don't take measures to block this, along with profiling changes made to the DOM by extensions and correlating those with known behavior of particular extensions. They have some nasty exfiltration-obfuscation techniques going on to get the data back to them indicating that they know what they're doing is unethical and illegal.

Hachyderm.io

Cassandrich 1h ago

@swellbastion @metin It is browser extensions, and they do it via some backdoors Chrome intentionally leaves to poke at extensions that don't take measures to block this, along with profiling changes made to the DOM by extensions and correlating those with known behavior of particular extensions. They have some nasty exfiltration-obfuscation techniques going on to get the data back to them indicating that they know what they're doing is unethical and illegal.

Mark B Tomlinson 3h ago

@metin Not mine, already dumped Chrome and LinkedIn

@metin doubt they deleted my user data, but I’m glad to have deleted my account on there

Metin Seven 🎨3h ago

@GraemeMcAllen Yeah, same. These days your account is "deactivated", but not deleted. 😖👎

It's like Hotel California: "We are programmed to receive. You can check out any time you like, but you can never leave!" 😓

Jimmothy Baggins 3h ago

@metin this is why I am glad I don’t use anything chromium …

Gytis Repečka 3h ago

@metin How exactly does "hidden code searches their computer for installed software"?

blobcatthinking

Metin Seven 🎨2h ago

@gytisrepecka Good question. Maybe through Chrome extensions and/or other sneaky gateways inside Chromium?

Gytis Repečka 2h ago

@metin Website alone should not be sufficient to facilitate that without installed browser extension/add-on

blobcatthinking

Metin Seven 🎨1h ago

@gytisrepecka Yes:

https://hachyderm.io/@dalias/116336835254561308

Cassandrich (@[email protected])

@[email protected] @[email protected] It is browser extensions, and they do it via some backdoors Chrome intentionally leaves to poke at extensions that don't take measures to block this, along with profiling changes made to the DOM by extensions and correlating those with known behavior of particular extensions. They have some nasty exfiltration-obfuscation techniques going on to get the data back to them indicating that they know what they're doing is unethical and illegal.

Hachyderm.io

Cassandrich 1h ago

@gytisrepecka @metin The software in question is browser extensions, which may reveal highly personal information.

Andrew McCarthy 2h ago

@metin From the site: "LinkedIn’s lead supervisory authority in the EU is the Irish Data Protection Commission (DPC)."

Let's not hold our breath anything will be done, so.

★Pope Miller the Defondor, SBI 2h ago

@metin Nope. Not mine.

Sassinake!2h ago

nope. I escaped a couple years ago.

1) if they don't have it for other browsers yet, they'll make it, gleaning as much info as technically possible. DOM scanning would work on any browser, I suppose.

2) if they do it, others will be doing it too.

3) you have to assume a web page gains more knowledge about you than you from it when you visit it.

4) areas of the Internet have become the digital equivalent of bandit country, except that you don't always know you're being robbed. And it's hard to avoid said bandit country.