alt Hacker NewsLinkedIn is illegally searching your computer
Comments
seems like clickbaiting, browser can't 'scan' your computer...
> The headline seems pretty misleading.
No it isn't. Performing fingerprinting on user's devices, to ultimately profit of financially or worse is misleading. Especially doing this while knowing the user isn't aware what this really means and just deciding it for them.
The headline is just an exaggerated way of saying what is really happening.
Is there evidence that they use that information for anything other than browser fingerprinting or fraud detection?
That seems like the most obvious use case? Or maybe I missed something in the write up.
i dont like that i pay them $79 a month for them to scrape my extensions
I don’t understand how browser security would allow linkedin to search my computer?
LinkedIn has been overtly evil for decades, and their power users are the most insufferable sort of middle management yuppy scum. I know job searching can be hard, but I don't go near LinkedIn with a ten foot pole.
Sounds like containers and potentially adblocking and js blocking prevent this. For my part, I use linked in on my "god dammnit I hate corporate websites so much" browser which is used only for medical bill pay and amazon / wal mart purchases and then monthly bills. Could LinkedIn get something from me there? Potentially, but they're also not really following me around the web. I think given this I'll go install a 3rd browser for linkedin only, or maybe finally just delete my account. It never got me a job and it's a cesspool.
Deleted my account. Fixed!
Directly on the landing page:
> Microsoft has 33,000 employees
this should probably be LinkedIn, not Microsoft.
LinkedIn is full of lunatics, does not surprise me at all.
This gave someone the opportunity to add in "Jeffery_Epstein_did_not_kill_himself" to linkedin's client facing code base through this. If you open dev tools -> network tab -> network search icon (magnifying glass) -> search for "epstein" and load up linkedin, you should see it for yourself too!
I really don't think they're "illegally" searching your computer, they're checking for sloppy extensions that let linkedin know they're there because of bad design.
The real story is what's going on behind the scenes. The charges are relatively flimsy (for the reason I mentioned in my other comment). But here's the cool thing: the site is basically taken from Microsoft's playbook. For years, they pretty transparently bankrolled shadowy, single-issue "grassroots advocacy" groups that went after their competitors under flimsy pretenses. These organizations attacked others but somehow never had an opinion about stuff like Windows Copilot.
This feels very similar, except now it's taking a swing at Microsoft. It's apparently paid for by some mysterious "trade association and advocacy group for commercial LinkedIn users" that runs out of a private PO box in a small German town - uh huh. I'm not going to feel bad for Microsoft, but I would love to read some investigative reporting down the line.
I run ad blockers and pihole, does that help?
It seems it scans your extensions not your system - reading the details. The intro made it a bit unclear.
I hate the way they just started saying you have a new message when you really don't. Now I'm going to miss when I really have new messages for a while because I'm not going to go to that site anymore when they say that.
And not letting you read your messages when on your mobile phone unless you use their app is particularly mean. Considering again where they are sending all the information they scrape.
some of these things are just an effect of using chromium browsers.
use safari or Firefox. and chrome only for incognito web app testing.
Amazing work, but it’s not surprising, I think anyone in cybersec space knows that LinkedIn is the number one source of information when it comes to track or ID someone, and I don’t mean just OSINT given the real data you have, but also three letters agencies love it, it’s a gold mine, wasn’t the silkroad owner was busted because of the same personal email used on LinkedIn? So yeah, delete it, never use it, it’s full of corporate cringy nonsense anyway
linkedin is full of dark patterns, it's really unfortunate it became the business default, all other social platforms get more criticism while being only a fraction as bad
I can't say I needed yet another reason to hate the current state of LinkedIn, but I am not surprised in the slightest.
Despite the misleading headline, I really don't understand why anyone uses linkedin, there will inevitably be a trailing rely of comments claiming it has some irreplaceable value in professional networking, but I don't buy it. Nobody I've ever talked to has been able to articulate any actual value provided by "connecting" to another person on a social networking site. If you want to build professional connections go to lunch, join community calls, attend professional events, and go to conferences.
The fact that every job application wants a link to my profile on a platform that tries to push "brain training puzzle and games" on me just makes me angry every single time. I really hate LinkedIn and my active rebellion against it is hurting my ability to find a new job.
I know there has been other LinkedIn hate on HN this week. I know they have some good tools for job searching and hiring. I still wish we as a society could move on and leave this one with MySpace.
This is https://news.ycombinator.com/item?id=46904361, right?
Chrome: lets website scan what extensions you have installed for some reason.
This is result of browser fingerprinting.
My guess, Linkedin is used for years as source of valuable information for phishing/spear-phishing.
Maybe their motive is really spying. But more important for them is to fight against people botting Linkedin.
Imho, browser fingerprinting should be banned and EU should require browser companies to actively fight against it, not to help them (Fu Google)
I can’t take an article seriously that starts:
> Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software
and then proceeds not to explain how it’s doing that to me, a Safari user.
Because, spoiler: it isn’t. Or, it might try to search, and fail, and nothing will be collected.
Deleted my LinkedIn account. Fixed.
The headline seems pretty misleading
Exactly how is it "illegal" to run code that exercises some aspect of the legitimate browser API surface? Are there functions marked as legal, and others marked as illegal?
This is true/valid in many ways, but the signs of significant AI gen are pretty obvious. And now I wonder how much of the overblown narrative is here.
This reminds me of the slop bug reports plaguing the curl project.
Just use Safari, it won't even load the page half the time.
Browsers almost need a firewall against websites for the functions and scans being run on it by websites.
Different browsers have various settings available, but do we have a little snitch for a web browser?
Another good reason not to use extensions, and leave whatever they do for utility apps.
If they are genuinely only using the information to detect bad actors and maintain site stability as the affidavit states, and if they can prove it, this seems like potentially a non-issue?
I am not a lawyer, but site stability seems like a GDPR "Legitimate Interest" in my book anyway.
Typical microsoft
When Aaron Swartz does it, it is the threat of life in prison leading to suicide. When a multibillion dollar company does it, it is just capitalism.
HOLD EXECS LEGALLY ACCOUNTABLE, CRIMINALLY AND CIVILLY, FOR THE CRIMES OF THER CORPORATIONS.
>The user is never asked. Never told. LinkedIn’s privacy policy does not mention it.
OMG is literally every article written with LLMs these days I just can't anymore. It's all so tiring.
[dead]
The only explanation of linkedin being worth 44B is the prominent appearance of both bill gates (who started spending a day a week at MS after nadella became ceo), and reid hoffman appear prominently in epstein files. The deal itself was finalized during Trump's first term. So everything checks out
[dead]
[dead]
[dead]
[flagged]
Bait, just look at browser addons, millons of site do it as well