Microsoft is running one of the largest corporate espionage operations in modern history. Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm.
The user is never asked. Never told. LinkedIn’s privacy policy does not mention it.
Because LinkedIn knows each user’s real name, employer, and job title, it is not searching anonymous visitors. It is searching identified people at identified companies. Millions of companies. Every day. All over the world.
To me, this seems like a security flaw in Chromium. Websites should not be able to access any of it (yes, even just the extensions) regardless of what code they’re running.
Not great for LinkedIn, but a critical failure of Chromium.
Reminds me of how any app in Android can see all the other installed apps. Great for fingerprinting.