Microsoft Sued for LinkedIn Clipboard Snooping Scare

LinkedIn got caught reading personal data from iPhone clipboards. And now an (ahem) “enterprising” user is suing the Microsoft-owned business social network.

But the company claims it did nothing wrong. Just a bug in the app, y’see.

We were just trying to improve the UX. Nothing shady, honest.

Tell it to the judge, perp. In today’s SB Blogwatch, we pedal harder.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: The fastest way to chill a beverage.


Sneaky Paste

What’s the craic? Aishwarya Nair reports—“LinkedIn sued over allegation it secretly reads Apple users’ clipboard content”:

 Microsoft Corp’s LinkedIn was sued by a New York-based iPhone user on Friday for allegedly reading and diverting users’ sensitive content from Apple Inc’s Universal Clipboard application. … According to the lawsuit filed in San Francisco federal court by Adam Bauer, LinkedIn reads the Clipboard information without notifying the user.

LinkedIn … released a new version of its app to end this practice. … The lawsuit seeks to certify the complaint as class action based on alleged violation of the law or social norms, under California laws.

And Ryan Lovelace adds—“LinkedIn sued, accused of spying on users”:

 Clipboards hold information that users copy-and-paste and sometimes contain private information such as passwords and messages. [It] may contain data that is valuable to advertisers and marketing companies.

LinkedIn attributed its reading of users’ clipboards to a technical error [that] LinkedIn vice president of engineering Erran Berger … said was fixed in a new version of the app available July 4. … Neither LinkedIn nor Apple responded to requests for comment.

Context? Don Morton spotted the problem earlier this month—“Please leave our clipboards alone”:

 Our clipboards … see a lot: passwords, bank account information, credit cards, private crypto keys, etc. … Over the past week, IOS 14 has given us some insight into what apps are doing behind the scenes. The new operating system (which is still in beta), will notify you every time your clipboard is accessed.

[What] scares me is the fact that ANY app has the ability to access the clipboard without permission. … Think of all the apps your parents or your siblings use; if you’re reading this you are probably informed enough, [but they] are the real targets here.

Wait. Pause. Is this really a huge deal? fingerlocks finks not:

 Take a step back and look at the entire forest: The outrage is over an app accessing data specifically designed to be shared across applications. That’s what Copy fundamentally means—make this thing globally available to all my programs.

Does this mean an untrustworthy app could, in theory, snoop your plaintext password copied from a password manager? Sure, but that’s a separate discussion.

Does it make sense to implement clipboard snooping in a way that polls the pasteboard on every keystroke while an input form remains in focus? No, that’s weird, there’s obvious bug stench. LinkedIn may be nefarious, but defaulting to instant outrage and lack of critical thinking is the real concern here.

So why the outrage? Fly Swatter swishes around:

 It’s a class action! The lawyers found their gullible plaintiff. The plaintiff will get a coupon good at Chuck-E-Cheese, and the lawyers will have to rent multiple armored trucks to haul away their fees.

Apple users v Microsoft? I’m sure the discussion will be fair and balanced. imnotthewalrus proves me wrong:

 I personally was always a little suspicious of LinkedIn. I quit using the app years ago, but would continue to get “invites” from friends who, after i asked them about it, said they had never sent one to me. The “bug” argument, however, with a good lawyer could get them off the hook. Just IMO but it seems like justice anymore is subject to the highest bidder.

Yeah, but has Bauer demonstrated harm? Here’s Mld53a:

 That’s the purpose of the lawsuit. The Discovery process should reveal what they are doing with that data. [But] the actual complaint [seems] pretty egregious.

So an open-and-shut case? Far from it, thinks gnasher729:

 No privacy is violated unless the data is moved from the application to some other place, without the user intending it. These lawyers will have a very, very hard time proving this … because it is very unlikely to happen.

And yes, there are plenty of good reasons to examine the clipboard. First, in iOS … it is absolutely required if you want to implement “Paste” into anything other than text views and text fields. Second, you want to know what’s in there so you don’t have for example a “Paste” button if there is stuff that you can’t paste.

And Steve Davies 3 is not hopeful of a class payout:

 Little chance of this going anywhere but down the toilet. Against Microsoft’s army of lawyers his team will get tied up in a legal minefield that will last years and years.

Meanwhile, Futurepower(R) answers this FAQ:

 Q: Why don’t sharks eat lawyers?
A: Professional courtesy.

And Finally:

This actually works?

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or sbbw@richi.uk. Ask your doctor before reading. Your mileage may vary. E&OE. 30.

Image sauce: Greg Bulla (via Pixabay)

Featured eBook
The Dangers of Open Source Software and Best Practices for Securing Code

The Dangers of Open Source Software and Best Practices for Securing Code

More and more organizations are incorporating open source software into their development pipelines. After all, embracing open source products such as operating systems, code libraries, software and applications can reduce costs, introduce additional flexibility and help to accelerate delivery. Yet, open source software can introduce additional concerns into the development process—namely, security. Unlike commercial, or ... Read More
Security Boulevard

Richi Jennings

Richi is a foolish independent industry analyst, editor, writer, and fan of the Oxford comma. He’s previously written or edited for Computerworld, Petri, Microsoft, HP, Cyren, Webroot, Micro Focus, Osterman Research, Ferris Research, NetApp on Forbes and CIO.com. His work has won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 203 posts and counting.See all posts by richi