John Regehr18h ago

fuck the browsers for making this even possible. do I have to go and disable all .js???

https://browsergate.eu/

LinkedIn Is Illegally Searching Your Computer

Microsoft is running one of the largest corporate espionage operations in modern history. Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm. The user is never asked. Never told. LinkedIn’s privacy policy does not mention it. Because LinkedIn knows each user’s real name, employer, and job title, it is not searching anonymous visitors. It is searching identified people at identified companies. Millions of companies. Every day. All over the world.

BrowserGate
Show threadPascal Costanza18h ago
@regehr The linked page explicitly mentions only Chrome. Are other browsers also affected?
Show threadJohn Regehr18h ago
@pascal_costanza I don't know!
Show threadAlison Chaiken18h ago

@regehr @pascal_costanza Has anyone heard of browsergate.eu? Are we sure that the allegation is correct?

I don't use Chrome or visit linkedin.com and I block javascript, so I'm not losing any sleep over the matter.

Show threadShafik Yaghmour18h ago

@alison @regehr @pascal_costanza

This is not new technology and folks have been talking about this for a while:

https://www.usenix.org/conference/usenixsecurity22/presentation/solomos

Browsers have basically become and extension of ad infrastructure and open up a huge surface area for fingerprinting that was not available w/o the browser aiding and abetting.

Extensions are particularly dangerous b/c they can reveal a lot of sensitive and identifying information about a user.

This is 💯 a symptom of too much concentration, monopsony power and a total abdication of lawmakers to set regulations.

The Dangers of Human Touch: Fingerprinting Browser Extensions through User Actions | USENIX

Show threadAlison Chaiken18h ago
@shafik @regehr @pascal_costanza Browsers are all but dead on phones already, replaced by dozens of mostly crappy "apps." A similar fate may await the desktop.
Show threadShafik Yaghmour

@alison @regehr @pascal_costanza

the problem is that most apps use ad frameworks and these frameworks do all the same kind of stuff and so app users are no better off. Unless you 💯 eschew apps that have ads but that level of discipline is too high for most people.

Even if they don't have ads there are non ad frameworks that also do this and feed their data to malicious players. I think the app stores try to weed these out but it is cat and mouse.

W/o laws will real penalties this will not stop.

404 media does a good job of covering a lot of this stuff.

Apr 2 at 9:06pmWeb
Show threadAlison Chaiken18h ago
@shafik @regehr @pascal_costanza I agree that apps are no better, but simply wonder if browsers will dwindle into insignificance. Also, even programs with no ads may sell or process user data for their own ends: consider Github.