and they sell data to apollo io
And I especially hate Persona. LinkedIn fell out of my favor ever since it started creating shadow profiles with user IDs and information. Persona stores almost all user data within its own infrastructure.
Good thing I haven't visited the site since before the Microslop acquisition then.
All very "secret" and "hidden" in cleartext javascript. These titles need to chill.
Ah yes, who doesn't read through the minified bundles of every page they open. I fucking love reading through megabytes of uglified code!
And your point is what exactly? Nobody does, but it still is not a secret. My point is that any assumption that your extensions are not detected is a delusion, if one wants to put in the effort it is not overly complicated to understand what minified js is doing and one can expect any major social media to do such things.
It is absolutely a secret! Based on the discussions I've seen, many people in the field were quite surprised that this technique works. So just like Meta's recent-ish WebRTC scandal, this was a secret, even if the code always showed what it does.
My point is that any assumption that your extensions are not detected is a delusion
It is? How are these websites detecting my Firefox extensions?
By doing things the extensions are interacting with. You can see if an ad is served and displayed or not, you can detect if an iteraction was originated by an user or automatic, you can see if letters were pasted or input at a speed no human can match.
You can see if an ad is served and displayed or not
This doesn't tell you which specific extensions a user has installed. First, the filter lists are mostly shared between ad blockers, so you can at best tell that some adblock extension is installed, but not which one. Second, the ad might fail to load for a variety of other reasons (e.g. user is offline, firewall blocking URLs/endpoints, network-level DNS adblock, ...), so all you can tell is that the user might have an adblock extension installed. That's far milder than your initial premise: "My point is that any assumption that your extensions are not detected is a delusion[...]"
you can detect if an iteraction was originated by an user or automatic
Sure, and how does this help with detecting the installed extensions? Knowing that the click event wasn't triggered by the user doesn't tell you who triggered it.
you can see if letters were pasted or input at a speed no human can match
Again, how does this help with detecting the installed extensions?
I mean, I was listing stuff one person can do on their site to detect if visitors have a type of extension or not. If I can do that with a couple hours of work I am not surprised at all whith what a major social network like linkedin can implement. I don't know what linkedin does and I don't plan to read their code, I did not even read the article tbh
Well, that's a pretty useless approach for tech discussions, because this kind of attack is explicitly not possible on Firefox.
Also, extrapolating such a broad statement from the simple fact that it's possible to unreliably detect the presence of a single broad category of extensions is a huge reach.
Linkedln being a walled garden just makes this funnier to me.
Isn't it standard for a website to be able to detect browser/extensions?
Funny that the name dropping of Chrome in the link summary implies Firefox users are safe.
No, not really. Unless it's your own extension you're trying to communicate with.
It's like a security guy doing a full body search on everyone entering a club. It's beyond inappropriate.
Funny that the name dropping of Chrome in the link summary implies Firefox users are safe.
Well, the article does actually state that in the text...
I deleted my linkedin account (as much as they would allow, anyway). I visited about twice a year, usually on accident.
Good riddance.
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
Community Rules
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world