Indicate LinkedIn is protecting its data, not being nefarious

[gkoberger]

Since the only extensions that LinkedIn detects are ones that are used for spamming users, I've reworded this extension to properly reflect why it's happening. FUD against LinkedIn is unfair in this case, since their only goal is to reduce unsolicited emails sent to their users and prevent data collection by unauthorized third parties.

[typedefstructer]

How is linkedin protecting users if they had one of those extensions? what will it do?

[vkwitshana]

I disagree with you. LinkedIn is actually infringing on the rights of its users, which is freedom to view webpages however they see fit. Users who have installed plugins to view a publicly accessible resource on THEIR device, should not have it altered without their consent or knowledge.

I don't have a problem with LinkedIn "protecting" themselves. But protection doesn't include infringing on users right to free expression on the open web.

[SunflowerFuchs]

They're not infringing on any of the users rights, because the users don't have that right to begin with. All the extensions that are being checked for are for scraping users profiles or similar actions, which aren't allowed as stated under 8.2b in their ToS.

b. Develop, support or use software, devices, scripts, robots, or any other means or processes (including crawlers, browser plugins and add-ons, or any other technology) to scrape the Services or otherwise copy profiles and other data from the Services;

[gkoberger]

@vkwitshana They aren't protecting themselves (note how they don't check for, say, ad blockers or greasemonkey); they're protecting their OTHER users from unsolicited emails. I don't understand how you think "right to free expression on the open web" (which isn't even an actual right) should cover scraping people's data and spamming them.

A few things I think are important to note:

• LinkedIn isn't a publicly accessible resource
• Nothing is necessarily being altered (as far as I can tell)
• There is no right for any user to "view webpages however they see fit"
• There is, however, a right for LinkedIn to stop people from violating their terms of service

I'm a huge proponent of a free and open web (I used to work for Mozilla years ago), but you're making up a lot of "rights" that don't exist. Say what you will about LinkedIn; in this case, they're protecting their users from spam and are doing the right thing.

[nukeop]

repo lands on hackernews and it's already full of plants defending disgustingly intrusive spying by Microsoft, color me surprised

[sinstein]

@nukeop So if someone does not agree with your POV on this, they are all "plants"?

[nukeop]

organizations like microsoft, google et al. are coming up with new ways to fuck you over on the internet every single day and you defend them

sure maybe right now it doesn't impact you, just wait until they figure out how to block everyone with ublock/umatrix and sell that to you as "security"

scanning for particular extensions should at the very least be explicitly publicly disclosed, luckily we still have control over what linkedin gets to run in our browsers, and what it doesnt get to

[qaemma]

• Regardless of the purpose, it's still LinkedIn trying to track whether an user is having some browser extensions installed.
• We don't know what they are going to do with that information. What is your reasoning for saying it's for protecting their users? If it's about spamming email, they actually charge people (through their paid subscriptions) for getting into your mailbox.

[sinstein]

@qaemma @nukeop
Replicating from HN

Extensions have the same auth rights as your logged-in account (the ability to see people who are out of network, for example). It’s against LinkedIn’s ToS to scrape data

[nukeop]

it has zip to do with "protecting" users obviously

linkedin is trying to inconvenience users without paid accounts via various changes in the interface so that their paid accounts are artificially more attractive (because they allow access to non-crippled interface). now you can either pay them for a pro account, or you can install an extension that enhances the UI in ways that make the pro account obsolete. obviously they want to protect the bottom line, hence the need to detect those extensions. I'm all for making the recruiters pay to spam us, but this can be used to impact everyone equally.

[qaemma]

@qaemma @nukeop
Replicating from HN

Extensions have the same auth rights as your logged-in account (the ability to see people who are out of network, for example). It’s against LinkedIn’s ToS to scrape data

@sinstein

I get the idea that it's against the ToS to scrape data. But it has nothing to do with LinkedIn tracking users.

[nukeop]

I'm just glad that the time invested into developing these tracking methods will be completely wasted by a trivial change that generates the names of divs and assets randomly.

[laurent22]

I don't think there's a need to take a stand and replace "nefarious" by "helpful" (which makes it look like PR for LInkedin). Just state what Linkedin does, what these extensions are for, and let people make their own opinion. NPOV as Wikipedia would say.

[gkoberger]

@laurent22 Good call, I just used a thesaurus and went with an antonym for the sake of symmetry

[quantumpacket]

I fully deleted my LinkedIn profile in 2012 using their own deletion form. To this day I still get solicitations from them saying people want to connect with me. I can't even unsub from the emails because my account supposedly does not exist anymore. I find it hilarious people think they are protecting their users from spam, when they are guilty of doing it themselves.

[udnaan]

nefarious does sound like a click-baity title; however since linked in has not documented this practice, it's fair to call it shady at the least, no matter the excuse.

As for protecting the xyz; please spare the xyz from your protection.
Spend whatever resources are being spend to protection instead on properly documenting any such practices and hiring a privacy advocate within the organization.

[revskill10]

Lol on this. You can do whatever you want to the users, as soon as you request permission from the users. No excuse on this.

[gkoberger]

@udnaan The "shady" part is the people using the extensions, not LinkedIn. When you sign up, you agree to their terms of service, which says no scraping. They have a right to at least understand who is running bad scripts on their product. There is nothing shady about that.

My codebase detects if our servers are being hit by people running scripts, and blocks requests based on that. Am I being shady, or am I just practicing basic security? It's in our ToS that it's not allowed, how much more explicit do I have to be that we're detecting malware?

If they hired a privacy advocate, do you know what that privacy advocate would say? They'd say LinkedIn should do what they can to stop users from running scripts that steal personal data!

[udnaan]

@gkoberger Calm down and lower the TOS gun. I'll ask all the phantoms to stop trampling your lawn with their scriptz.

[quantumpacket]

There is a big difference between detecting automated scripts running against your system and trying to load local resources from a user to detect what they have installed on their own system. One is a common security practice, while the other is an invasion of privacy. The latter definitely being required to be disclosed in the privacy policy or ToS.