> What the article describes sounds like what many devs would land on given the browser APIs available.

> To reiterate, at no point am I saying this is good or acceptable. I think there’s a massive privacy problem in the tech industry that needs to be addressed.

These two sentences highlight the underlying problem: Developers without an ethical backbone, or who are powerless to push back on unethical projects. What the article describes should not be "what many devs would land on" naturally. What many devs should land on is "scanning the user's browser in order to try to fingerprint him without consent is wrong and we cannot do it."

To put it more extreme: If a developer's boss said "We need to build software for a drone that will autonomously fly around and kill infants," The developer's natural reaction should not be: "OK, interesting problem. First we'll need a source of map data, and vision algorithm that identifies infants...." Yet, our industry is full of this "OK, interesting technology!" attitude.

Unfortunately, for every developer who is willing to draw the line on ethical grounds, there's another developer waiting in the recruiting pipeline more than willing to throw away "doing the right thing" if it lands him a six figure salary.

> I think most people would interpret “scanning your computer” as breaking out of the confines the browser and gathering information from the computer itself.

That is exactly how I interpreted it, and that is why I clicked the link. When I skimmed the article and realized that wasn't the case, I immediately thought "Ugh, clickbait" and came to the HN comments section.

> To reiterate, at no point am I saying this is good or acceptable. I think there’s a massive privacy problem in the tech industry that needs to be addressed.

100% Agree.

So, in summary: what they are doing is awful. Yes, they are collecting a ton of data about you. But, when you post with a headline that makes me think they are scouring my hard drive for data about me... and I realize that's not the case... your credibility suffers.

Also, I think the article would be better served by pointing out that LinkedIn is BY FAR not the only company doing this...

> I think most people would interpret “scanning your computer” as breaking out of the confines the browser and gathering information from the computer itself.

Yes, but I also think that most people would interpret "Getting a full list of all the Chrome extensions you have installed" as a meaningful escape/violation of the browser's privacy sandbox. The fact that there's no getAllExtensions API is deliberate. The fact that you can work around this with scanning for extension IDs is not something most people know about, and the Chrome developers patched it when it became common. So I don't think describing it as something everybody would expect is totally fine and normal for browsers to allow is correct.

> Alongside thousands of other extensions. If they were scanning for a dozen things and this was one of them, I’d tend to agree with you. But this sounds more like they enumerated known extension IDs for a large number of extensions because getting all installed extensions isn’t possible.

To take a step back further: what you're saying here is that gathering more data makes it less sinister. The gathering not being targeted is not an excuse for gathering the data in the first place.

It's likely that the 'naive developer tasked with fingerprinting' scenario is close to the reality of how this happened. But that doesn't change the fact that sensitive data -- associated with real identities -- is now in the hands of MS and a slew of other companies, likely illegally.

> But the authors have chosen to frame this in language that is hyperbolic and alarmist, and in doing so I thing they’re making people focus on the wrong things and actually obscuring the severity of the problem, which is certainly not limited to LinkedIn.

The article is not hyperbolizing by exploring the ramifications of this; and it's true that this sort of tracking is going on everywhere, but neither is it alarmist to draw attention to a particularly egregious case. What wrong things does it focus on?

> I think most people would interpret “scanning your computer” as breaking out of the confines the browser and gathering information from the computer itself. If this was happening, the magnitude of the scandal would be hard to overstate.

But at the end of the day, the browser is likely where your most sensitive data is.

> I think most people would interpret “scanning your computer” as breaking out of the confines the browser and gathering information from the computer itself.

Which they would, if they could.

They are scanning users' computers to the maximum extent possible.

> making people focus on the wrong things and actually obscuring the severity of the problem, which is certainly not limited to LinkedIn.

No, LinkedIN has much more sensitive data already. Combined with which the voracious fingerprinting, this stands out as a particularly dystopian instance of surveillance capitalism

> Alongside thousands of other extensions. If they were scanning for a dozen things and this was one of them, I’d tend to agree with you. But this sounds more like they enumerated known extension IDs for a large number of extensions because getting all installed extensions isn’t possible.

If that's all it takes to fool you then its pretty trivial way to hide your true intentions.