mhoyeSome magnificently sinister antipatternist interface bullshit from Linkedin here.
Notifications _before_ I log in?
How, please explain, do you know?
eclexic
David Zaslavsky@mhoye I've seen it done on other sites by setting a cookie
Kevin P. Fleming
Ben Zanin@mhoye that company has cultivated a work environment that gives people license to build repugnant contraptions.
https://www.infosecurity-magazine.com/news/researchers-linkedin-intro-is-a-man-in-the-middle/
I do not believe LinkedIn/Microsoft can be fixed.
Researchers: LinkedIn Intro is a Man-in-the-Middle Attack
LinkedIn has released a new product called Intro, which shows users' LinkedIn profiles from inside the native iPhone mail client. Members can, at-a-glance, see the profile picture of the person who’s emailing, learn more about their background, and connect on LinkedIn. It sounds like another step in the march to hyper-connected convenience, but at least one research group has raised security concerns over the functionality.
Tim Farley@[email protected]@mastodon.social @[email protected]@cosocial.ca not to defend LinkedIn by ANY means but that post is over 12 years old and they shut down that email intercept functionality after a huge backlash.
@krelnik @mhoye yes, thank you, that is exactly my point.
That they shut down the feature because of the backlash and not because it should never have been created is the notable takeaway.
The age of the post is specifically to demonstrate that they have been off the rails for over a decade, and are still making product decisions in line with a company culture that is not tracking towards improvement. I am not engaging in scholarship of their misbehaviour this morning, but one could, easily.
here for making friends and learning 🏳️⚧️ 🏳️🌈♾️
Sasha Akhavi@mhoye just as pure UX affordance, what this says to me is “Ye must answer our questions four, ere the other side you see.” Like, we’re gonna make you fight four CAPCHAs first to see what you’re made of. Which oddly feels a bit welcome to me, like, yeah, we’re in a scrap from the get-go, this is my relationship with LinkedIn.
Boyd Stephen Smith Jr.@mhoye (a) It's not your data, it's theirs; so, it is not secured by your password/credentials (b) they save your (public) username in a cookie and look up the number of notifications based on that.
They do not consider the *number* of notifications worth hiding behind your password. They probably do hide the content of the notifications behind your password, tho that's not technically required (it's unlikely to actually be encrypted by a key generated/unlocked by your password), but it is "expected" behavior.
MS doesn't care about you.