LinkedIn’s Bad Behaviors, The Data Exfiltration Gambit

Bad Behaviors should not be tolerated… Behold, and examine, if you will, the data exfiltrated (in this case, the inventory of extensions installed in your broweser, and data contained therein) by Linkedin (Nasdaq: LNKD) when the user authenticates at the company’s primary public-facing site. Utilizing tools authored by the inimitable Corey Prophitt it’s a revelation of the worst kind. Simply Astounding (and certainly bad behavior by a Microsoft Corporation (Nasdaq MSFT) owned company).
Hat Tip.

“How would you feel if you opened a program and the program started to check your file system to see what other programs you had installed? You would probably feel the software was overstepping. This is essentially what LInkedIn does when you visit their website. LinkedIn will scan your local browser files in an attempt to identify a number of different browser extensions you may have installed. The data collected by LinkedIn is then exfiltrated from the browser.” – via Corey Prophitt, writing at Prophitt.me

Recent Articles By Author

• USENIX Security ’23 – GAP: Differentially Private Graph Neural Networks with Aggregation Perturbation
• Daniel Stori’s ‘WC’
• USENIX Security ’23 – Inductive Graph Unlearning

More from Marc Handelman

*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://www.infosecurity.us/blog/2019/6/18/linkedins-bad-behaviors