Microsoft is running one of the largest corporate espionage operations in modern history. Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm. The user is never asked. Never told. LinkedIn’s privacy policy does not mention it. Because LinkedIn knows each user’s real name, employer, and job title, it is not searching anonymous visitors. It is searching identified people at identified companies. Millions of companies. Every day. All over the world.

Microsoft is running one of the largest corporate espionage operations in modern history.

Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm.

The user is never asked. Never told. LinkedIn’s privacy policy does not mention it.

Because LinkedIn knows each user’s real name, employer, and job title, it is not searching anonymous visitors. It is searching identified people at identified companies. Millions of companies. Every day. All over the world.

  • Alberat@lemmy.worldEnglish
    183·
    3 days ago

    it’s misleading to say its searching your computer tho…? this invokes the thought of LinkedIn getting to rifle through your files like it has access to ~/Documents/ or smth.

    but yeah tracking you over the internet is similarly bad

    • stroz@infosec.pubEnglish
      102·
      3 days ago

      it’s misleading to say its searching your computer tho…?

      Wait, your browser extensions aren’t on your computer?

      • Armok_the_bunny@lemmy.worldEnglish
        12·
        3 days ago

        It’s misleading because saying “search the computer” implies a breadth of scan that isn’t present. That’s like saying a website “searches the computer” to grab cookies generated by that site; technically true but worded to be misleading.

        To be clear this is bad, but it’s important to be clear when explaining why it is bad to avoid creating resentment when the person you are explaining it to looks deeper into it themself and finds that it’s not as bad as your explanation was implying.

      • partofthevoice@lemmy.zipEnglish
        1·
        3 days ago

        I believe the point they’re trying to make is that they have access to APIs which describe particular software on your PC. You can argue based on the fact that, yes, the software is persisted on your filesystem. However, the API they access brokers [meta]data about the software. It’s not a filesystem API. If I add arbitrary files to an extension directory under my browsers path for extension persistence, they probably cannot see those arbitrary files unless the extension is built to allow it.

        There is a big difference between having direct and broad read access to the filesystem, versus the much smaller volume of data they can infer about your filesystem using APIs for browser extension data.

        • FooBarrington@lemmy.worldEnglish
          2·
          2 days ago

          There isn’t an API for browser extension data. They are searching for the existence of thousands of specific addresses to perform the search.