For those curious, here's a direct link to the evidence page. From the site: It should be noted that this appears to happen on Chrome specifically, though I'm unsure if Firefox wouldn't also be...
Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm.
The user is never asked. Never told. LinkedIn’s privacy policy does not mention it.
Because LinkedIn knows each user’s real name, employer, and job title, it is not searching anonymous visitors. It is searching identified people at identified companies. Millions of companies. Every day. All over the world.
It should be noted that this appears to happen on Chrome specifically, though I'm unsure if Firefox wouldn't also be vulnerable. Additionally, the jurisdictions in which this is said to be illegal are European ones; namely the EU itself, Norway, Iceland, Liechtenstein, the U.K. and Switzerland. Not the United States, unsurpisingly. Though I wonder if the CCPA would have an issue with this too.
Anyway, this is a time where I'm particularly happy to post to Tildes specifically: This page is very dramatic, and while the provided details do make some sense to me, the language surrounding it makes me suspicious and unsure if this is really so big of a deal as it's made out to be. I trust folks here more than other places not to fall for it if it is overselling itself, so I figured it might be worth posting here but wait before sharing elsewhere.
The tracking is real, and it is actually illegal. That being said, this reads more like a job-orientied lobbying group whos extensions were blocked by linkedin. I get the idea that these people...
The tracking is real, and it is actually illegal. That being said, this reads more like a job-orientied lobbying group whos extensions were blocked by linkedin.
I get the idea that these people just really want Linkedin to open their API so they can get a part of the profits (and I think linkedin should be forced into operability). It seems these guys are circumventing the api limitations through browser plugins, and MS is blocking them (I think MS should not be allowed to block this). So now they try to make a lot of fuss about "religion" / "sensitive data"/ etc... but the true target of this monitoring seems much more benign.
So yeah. Definitely not good and legal action is warranted. But it feels like a lobby group making a lot of noise for profit reasons.
The technical details, for those so inclined: https://browsergate.eu/how-it-works/ I'm inclined to believe the worst about LinkedIn at every turn, but the non-technical write-up is so full of...
I'm inclined to believe the worst about LinkedIn at every turn, but the non-technical write-up is so full of histrionic scare messaging that it's hard to know what to think.
We. Just. Need. The. Receipts.
Just the code and a few sentences about potential impact and severity score.
Edit: forgot my thoughts. This is not unique to LI. This is being used all over the web, and the browsers need to do something about it. What is definitely true is that LI has privileged information about you that many other sites may not, and this would enable them to make "richer business insights" (a term of art meaning "as invasive and illegal as we can possibly get away with" – business as usual for ad tech).
For those curious, here's a direct link to the evidence page.
From the site:
It should be noted that this appears to happen on Chrome specifically, though I'm unsure if Firefox wouldn't also be vulnerable. Additionally, the jurisdictions in which this is said to be illegal are European ones; namely the EU itself, Norway, Iceland, Liechtenstein, the U.K. and Switzerland. Not the United States, unsurpisingly. Though I wonder if the CCPA would have an issue with this too.
Anyway, this is a time where I'm particularly happy to post to Tildes specifically: This page is very dramatic, and while the provided details do make some sense to me, the language surrounding it makes me suspicious and unsure if this is really so big of a deal as it's made out to be. I trust folks here more than other places not to fall for it if it is overselling itself, so I figured it might be worth posting here but wait before sharing elsewhere.
The tracking is real, and it is actually illegal. That being said, this reads more like a job-orientied lobbying group whos extensions were blocked by linkedin.
I get the idea that these people just really want Linkedin to open their API so they can get a part of the profits (and I think linkedin should be forced into operability). It seems these guys are circumventing the api limitations through browser plugins, and MS is blocking them (I think MS should not be allowed to block this). So now they try to make a lot of fuss about "religion" / "sensitive data"/ etc... but the true target of this monitoring seems much more benign.
So yeah. Definitely not good and legal action is warranted. But it feels like a lobby group making a lot of noise for profit reasons.
The technical details, for those so inclined:
https://browsergate.eu/how-it-works/
I'm inclined to believe the worst about LinkedIn at every turn, but the non-technical write-up is so full of histrionic scare messaging that it's hard to know what to think.
We. Just. Need. The. Receipts.
Just the code and a few sentences about potential impact and severity score.
Edit: forgot my thoughts. This is not unique to LI. This is being used all over the web, and the browsers need to do something about it. What is definitely true is that LI has privileged information about you that many other sites may not, and this would enable them to make "richer business insights" (a term of art meaning "as invasive and illegal as we can possibly get away with" – business as usual for ad tech).