. Appreciate you raising this. We've traced this to a code path that only does an equality check between the clipboard contents and the currently typed content in a text box. We don't store or transmit the clipboard contents.
An example of this is in a library we have open sourced, and you can find the fix here [https://github.com/linkedin/Hakawai/ (https://github.com/linkedin/Hakawai/pull/161/files/3881de368...). We will follow up once the fix is live in our app.
the code and and comments are here:
People no longer give them the benefit of that doubt because of the reputational damage these previous violations have caused.
They should stop making "innocent" mistakes with other people's privacy and deal with this more professionally at the highest levels.
If they don't people will continue to jump to the conclusion that this sort of activity resembles criminal behaviour.
Take a step back and look at the entire forest: The outrage is over an app accessing data specifically designed to be shared across applications. That's what Copy fundamentally means- make this thing globally available to all my programs. You can poll pbpaste/xsel in your terminal and generate a log of the clipboard buffer without any privileges. Does this mean an untrustworthy app could, in theory, snoop your plaintext password copied from a password manager? Sure, but that's a separate discussion.
Ask yourself, does it make sense to implement clipboard snooping in a way that polls the pasteboard on every keystroke while an input form remains in focus? No, that's weird, there's obvious bug stench. LinkedIn may be nefarious, but defaulting to instant outrage and lack of critical thinking is the real concern here.
Wouldn't that be:
Copy means- "make this thing go into MY clipboard".
Paste means- "make my clipboard available to THIS application".
I may be wrong but I thought that even websites cannot access clipboard content except in write mode. Even, I remember that long ago, a Flash script was commonly used to be able to copy stuff into it.
PASTE operation is where I give consent, to MY clipboard content. Not COPY. Thinking that COPY gives consent is like all the ideas that i-take-user-date-unlsess-user-opts-out . It is not fine.
You shall NOT paste without my permission.
If you’re a shitty company (TikTok, LinkedIn) people are going to assume you’re acting shitty when it looks like you’re acting shitty.
The reaction from people in this thread is the result of occam's razor.
If site is caught doing shady things repeatedly over the years and then another shady thing is revealed.
Most likely/simple explanation is that they are doing jet another shady thing.
Same goes for TikTok and Zoom for me.
Not sure what DDG saga you mean, i must have missed that.
DDG's is specifically based around providing services without surveillance.
So if DDG make a mistake I give them the benefit of the doubt because I can see it's in the their interests to fix that.
If LinkedIn make a mistake, based on previous behaviour, I assume that the mistake was getting caught and that another mistake will be announced any time now.
I don't use LinkedIn for this reason.
I didn't even assume malice when i read the article title, i assumed incompetence.
I have long wanted to build a secure multi-clipboard, one where you can copy with Ctrl+shift+1, ctrl+shift+2 etc and paste with Ctrl+1 and Ctrl+2
It would keep those hidden from any app until explicitly pasted. I was thinking you could co-opt the system keyboard to get the same functionality, but it clears the system clipboard instantly after any copy/paste.
This reads for me like:
As an example of this I go to the shooting range every Friday, just for fun, as you can see it on this picture I published on FB, that's why I didn't shoot my neighbour.
He may be right, but that's not an evidence. And we are talking about a company acting like a con man since ages.
I don't have any reason to not believe their explanation. And I don't think my clipboard is useful to them for anything else. Many other apps are doing it as well and a few of them gave the same explanation.
But, that doesn't mean that copying clipboard is a good idea. I don't like any app to copy my clipboard. I also don't like it that apps/companies don't respect any boundaries unless it's forced/blocked by the OS. They just try too hard to reach where they don't need to reach.
If there wasn't enough restriction from the OS, surely someone has already came up with a "creative" idea to detect spammers using front camera or reading device storage and a lot of apps were using it. I don't like it that companies aren't sensitive about user rights and what users feel about what they are doing.
Why not? They've been engaging in very, very dark gray area things before.
> And I don't think my clipboard is useful to them for anything else.
Don't you ever copy paste anything mildly interesting, like email-addresses, phone numbers to add to your address book, form contents before submitting a form in case the site is terrible and resets the form on error etc? I'm sure they'd love to get their hand on that information, as it'll allow for data mining to better "understand you".
My preferred news reader Feedly uses the out of process embedded WebView so its a moot point.
I managed many marketing campaigns on Linkedin over the years and spent thousands each month on the platform as a corporate user. If you think that paying for the service you'd be excluded from their shitty ads and get more granular opt-out features than under a free-subscription model - but nope.
they have literally done nothing to deserve any trust from their users. People still use it because they tell themselves "I might need it one day when I look for a job". That's also wrong - if you're doing it right you build good social connections in the real world because most (if not the only things) you get from LinkedIn is scams.
The only upside where I find LinkedIn useful is for OSINT purposes. It's very easy to find all types of people there and get a rough picture how companies are run (what their employees are working on and what security problems that might imply) and build what the recruiting industry calls talent-maps (competiter analysis) which can be useful in infosec for threat & counter-intel. But it has 0 value for any legitimate purposes (that they advertise the service for).
We had to pay around ~5,00EUR for each and every click on "Apply" to our job posting, which doesn't mean they even filled out the form.
And now, where LinkedIn is full of Indian scammers (not meant in a racist way, but it is definitely perceived that way) we had costs for a "Local Area" limited job posting for hundreds of people from India because they seem to use LinkedIn via proxy.
When we had costs of over 2800EUR for an ad that was displayed less than 8 days, where literally 100% of people were not even from Europe, we decided to fuck this shit and move on to other platforms.
LinkedIn is absolutely useless. Use University job sites, local meetups (during non COVID times, of course), or open source projects to identify devs that actually care about code.
Also, stackoverflow talents is useless. Their "special startup package" of getting access to the platform for 2500EUR is only for one user, limited per email and phone number, not allowed to login in parallel. Every job posting costs additional 400EUR even if nobody applies for it.
You get nothing, as over 90% of people we have actively talked to are not even looking for a job and never clicked that on any stackexchange platform.
I didn't realize how fucked recruiting is. Srsly, somebody needs to fix this.
I've lost count of the number of devs I've spoken to, over multiple decades, who are convinced recruitment is ripe for disruption. I'm sure everyone else has the same experience.
And yet, recruitment's still here, more or less unchanged. At this point I'm pretty sure recruitment has always been terrible, and will always be terrible. There's some perverse incentive buried deep in the process that can't be shaken out. Or something.
It probably won’t be solved by tech folk as it’s a squishy people problem that’s hard to quantify (case in point: threads on HN bemoaning robotic HR processes att FAANG)
And where incentives to game the process are just too high for everyone involved. Ref standard practices like CV inflation, lying about what the role will really be, hiding salary rates from both sides, manipulating entitlements, etc etc.
These problems are as old as humanity and I don't think you can really fix them with code.
They all have stories like this. I was desperate needed to rent the place and the against my better judgement rented to this this family with no nothing. Ten years later they move out and I do the walk through and the place is spotless.
Rent another place to two lawyers with spotless credit and references and 18 months later they ghost. Break the locks and go in and.. The roof leaked. For a long time. Moldy sheet rock. Holes in the walls and literal shit ground into the carpets.
Good luck with disruption.
Though I guess you could earn "trust points" for making payments on time, and landlords for fixing maintenance issues submitted within the app in a reasonable amount of time, there's a lot of other factors that count for a "good" tenant or landlord.
What invalidates me as a good tenant?
Then given my requirements above, each time dealing with rental market in any even marginally desirable city in EU, it's like being hit by a train driving at full speed...
Sure it's better to rent short term to some banana youngsters from Germany, Scandinavia or other rich countries, who come over to get wasted and get free sex, then to wreck the place. Yet it's me - a person from post-Communist country, so perceived as poor, who have a bad reputation.
Nothing, I believe you are a good tenant. But this competitive market with limited resources has "perfect is the enemy of good" situation. Landlords can choose and they want perfect.
The same applies to (online) dating and recruitment. The life fundaments of a perfectly average individual - housing, life partner, and employment are becoming out of reach for most. We've got a deadlock situation over here.
Honestly, I have had the same issues as a Frenchman in France, in Canada and in Belgium. I don't think it's really (or not only at least) tied to your country of origin being formerly communist or poor.
(I'm not Indian but) the non-racist way to say that is 'full of scammers', since the scammers' nationality has nothing to do with your distaste for their behaviour.
In the case of discussing LinkedIn, it doesn’t matter where the scammers are from. The adjective is redundant in this context.
In this thread, almost any other adjective would have allowed the main meaning of the sentence to continue uninterrupted (“filthy scammers”, “frustrating scammers”, “purple scammers”, “fearless scammers”). “Scammers” already includes a negative connotation. By adding a redundant adjective to an already pejorative noun, you run the risk of imparting some of that negativity onto the adjective as well. This easily leads to the perception of racism.
My point is that it's the same because the 'personal opinion/attitude towards certain people' is that all of them are Indian.
It's as racist as saying 'I'm sick of these Poles taking our jobs'. The truthful existence of Polish economic migration doesn't make it not a racist attitude.
B) Removing the context ("Indian") from OPs post does absolutely nothing to diminish your understanding of the problem (too many scammers dirtying the pool).
Also, there seems to be an Angular rickandmorty heroes-like tutorial somewhere available in the Indian speaking web, as literally all of the scammers had exactly the same codebase with various differing mistakes or variable names, but with identical structure in their github profile, and all uploaded it just a couple weeks ago.
(And they all claimed to have years of experience with it, of course)
That's not a LinkedIn problem, it's a "I've posted an attractive job ad" problem.
My first job was through recruiter page but my current job I got through a recruiter contacting me on LinkedIn. He even bumped my salary up by 15% from initial offer (because his cut was based on the salary and I also had another offer on the table).
It is a pretty valuable tool for a person moving countries for sure. Although I'm in Asia atm, I even got connected to a startup in SV while I were looking for jobs.
We should blame the real owner. Maybe they'll pay more attention if these practices become tied to their overall brand.
skype rocked after ms acquired it, fixed these types of problems by providing infrastructure, and it rocked for a decade. it stopped rocking only when they replaced it with the app-looking cut down app, and years later killed the desktop mode program.
Actually, as far as I can tell every mainstream† voip product right now has more latency than Skype used to. This sucks; it causes conversations to flow less naturally.
† aka not Mumble, which I will never convince friends to use.
Ask not what your country can do for you, but what you can do for your country.
They conveniently forget your mail settings periodically, too, forcing you to opt-out of various garbage again, or to just trash all the mail. They're at least as scummy as FB, if not worse.
My (related) new rule: if your site demands a phone number for an account, I will not create an account on your site.
For email I use <site>JGM.io (my own domain). If I see that address being used elsewhere I know who's being a bad boy
Now, they have support for TOTP apps which we can use without giving LinkedIn our phone number and they claim 'Mobile phone numbers added here won't be displayed on your LinkedIn profile.'; But I'm not willing to test it, not entering my phone number in LinkedIn ever.
Probably half the interviews I’ve had over the past decade have come from LI, and I think at least 4 or so jobs (including my last and most recent) started there.
It was largely useless in the aughts for me, but not lately.
Why won't LinkedIn let me see contacts that are 2nd-degree contacts via only him? I have no idea. But this mentor specifically asked me to go through his contacts and look for people I'd like to be introduced to, and I literally can't see a single new person as a result of connecting to him.
The more people see this user-hostile practice in action, the faster we'll be rid of it.
I would agree with this one most of the time, but even their desktop web is horrible in Firefox. It wouldn't load the pages/header with buttons, wouldn't show new messages from time to time.
I might dislike the platform but it helps me keep contact with my past coworkers and keeps valuable offers come to me for basically no cost.
This is likely why LinkedIn thinks they can be shitty to their users, because their users are motivated to stay.
I have had many job discussions/offers come through my LinkedIn mailbox from competitor companies.
It also is a great place to add the colleagues when they or you depart with the same idea to "keep in touch".
Of course, the responsible part of me knows that’s a bad idea. Sigh.
For querying content type, there are pre-existing APIs (e.g. `hasStrings` ), which AFAIK don't trigger the banner. In fact, the documentation already recommended using those methods over querying the actual clipboard contents, for performance reasons. But they're relatively new compared to the rest of the UIPasteboard API, having been added in iOS 10.
For going beyond content type, there are new APIs in iOS 14 that let you check if the clipboard contents are a "ProbableWebSearch" or "ProbableWebURL" without triggering the banner.  Doesn't seem like there's more flexibility beyond those two options, although I found a thread  suggesting that more might be added in the future. I wonder what ProbableWebSearch does.
I expect to see an actual clipboard permission at some point.
When I want to login I have to paste my password, when I want to paste an email address into a Linkedin chat I need the clipboard.
So everyone would just grant that permission anyway as it makes a lot of apps useless without and they'd just continue their harvesting after that. It would be a very small percentage to selectively enable/disable the clipboard permissions for certain tasks.
Being able to read the clipboard without the user knowing would.
I'm honestly amazed and horrified to learn that smartphone apps on the 2 OSs have this capability. This capability, used legitimately, can only bring a very, very slight UX improvement.
At this point, we know smartphone apps exploit any avenue they have to extract data from their users, regardless of the perceived ethicality of their vendor. The smartphone vendors more than any others know this. If there's an entity to direct the blame towards it's Apple and Google for allowing this, when fixing it on their part would be so trivial.
The web is not an operating system, for goodness' sake. A browser is itself an application no different from a terminal emulator + shell (which also is capable of running arbitrary other applications within its context).
> I'm honestly amazed and horrified to learn that smartphone apps on the 2 OSes have this capability.
Prepare to be even more "amazed" and "horrified": I am willing to bet that whatever desktop OS/distro you use does the same damn thing (providing apps with programmatic access to the clipboard or clipboards).
If you don't want other applications to access some data, for heaven's sake don't put it in what is literally a shared buffer between applications.
I understand the outrage over programs abusing the resources they have access to, but frankly this is just approaching hysteria. This is the equivalent of reading an article about an app snooping at documents you didn't open for sensitive data and jumping to the conclusion that operating systems should not support programmatic access to the filesystem.
using the components in the UIKit and AppKit SDKs
Yes, if you want to provide a native feel, with native features like clipboards, and native accessibility features, use the native widgets. They usually tend to be stylable any way you want (my UI experience is with HTML, Qt, Swing, Win32, Winforms, and Gtk; I'd be very surprised if Android and iOS don't support widget styling). Just like on the web, it's a big problem when people reimplement a text input box from scratch.
operating systems should not support programmatic access to the filesystem.
This is the direction desktops are going, and it's where Android and iOS started. I shouldn't have to give a chat app access to all of my photos, videos, music, and documents just to let it download messages. And to upload a photo, both Android and iOS provide system file pickers. Desktop/laptop OS sandboxes should also provide file pickers to give an app access to one file or one directory.
An app doesn't need to access my clipboard until I'm trying to paste something in that app, or I know that it does something useful (and nothing nefarious) with clipboard snooping. It looks like iOS has provided clipboard notification events for different media types so that apps can show a Paste button without having to read the actual contents until the user is ready.
Yes, I am pretty moved, because this is ostensibly a technical audience and the level of sheer "I don't know how my operating system works" I'm seeing here is quite alarming indeed.
I don't have to have a particular use case to point out that "applications should not be able to access the filesystem at all" is plain silly.
> Yes, if you want to provide a native feel, with native features like clipboards, and native accessibility features, use the native widgets.
So basically any application that does not use native widgets should have zero accessibility or platform functionality. That's most of the gaming industry out the window then, as well as anybody building user interfaces that an operating system does not (yet) support. Additionally, god forbid you be able to copy and paste on operating systems that don't have native widget toolkits (such as, say, Linux), or even implement toolkits for such platforms in the first place.
Am I permitted to call this a hysterical overreaction yet?
> This is the direction desktops are going, and it's where Android and iOS started.
Neither Android nor iOS have ever prevented programmatic access to the filesystem. You seem to constantly conflate programmatic access and permissions/sandboxing, which is precisely the sort of mistake that "moves" me to see from people who develop software.
> Desktop/laptop OS sandboxes should also provide file pickers to give an app access to one file or one directory.
I'm _very_ interested in how exactly the command-line tools you use would work with using file pickers to grant them access to single files and folders.
Also very interested in how Linux, an operating system that explicitly does not provide a widget toolkit, is supposed to provide file pickers to the variety of programs that run on it.
> An app doesn't need to access my clipboard until I'm trying to paste something in that app
A clipboard is a shared buffer. If something is supposed to be secret, don't put it in the shared buffer between all applications. Applications will continue to have the ability to query/read clipboards they have access to (for, amongst other things, actually implementing a paste), much like computers will continue to have the ability to read/query network drives that they have access to - that's the literal point of having a clipboard/network drive.
Discussing permissions and sandboxing (which most clipboard implementations already do, with app-local and/or named clipboards distinct from the system-wide clipboard) is one thing, but claiming that programs should not be able to interact with clipboard contents via code is frankly rather ridiculous.
Just to clarify my perspective on the situation: I have developed a significant amount of software for DOS, Win9x, WinXP and later, cross-platform JVM (UI and server-side), Linux (CLI, framebuffer, X11, Gtk, Qt, OpenGL, kernel modules, backend servers), HTML5+JS, embedded devices in ASM, Oracle/MySQL/Postgres/MSSQL DBs with stored procedures, probably other things I've forgotten, and a tiny bit of mobile native. I have worked with a few sandboxing/containerization systems like Docker, simple chroot, etc. Cloud hosting, AWS, OpenStack, bare metal, local systems. I have seen viruses, worms, hacks, spyware, malware, etc. affect anything with a network connection or a floppy disk drive.
I know what I am saying is possible when I say that arbitrary code should not have arbitrary access to the system-wide clipboard or filesystem until the user grants it, and that the usecases that require such broad grants are extremely uncommon.
Android provides Intents instead of FS access, but app devs all have to have their "custom experiences" that just conveniently give them significant fingerprinting, snooping, and tracking abilities.
Some Linux GUIs will already use the Gtk file picker in GNOME, and the Qt file picker in KDE.
X11 though I love it (I am working on an Xlib project right now in fact) is already a security nightmare, never mind that even highlighting text without choosing "copy" puts it into one of the system clipboards, or at least used to do so.
Even Signal now wants to force everyone to add a (likely easily brute forced by unsavory intruders) PIN so they can upload your contacts to their servers.
So yes, all the evidence points to a safer system for filesystems and clipboards and contacts and whatever else is possible, and all the evidence in threats points to it being necessary.
There's a huge difference in usage between apps on desktop OSs, which are often of less commercial nature, open-source, and more carefully vetted by centralized gatekeepers, and the mobile app ecosystem, where any random fast food chain will entice you to install their app to make an online order. The smartphone app ecosystem has to be low trust, like the web.
Yes, obviously, arbitrary code that is executed from over the network at a time you can't fully control and programs that you install and run on the device that you own have different levels of trust. Are you seriously making the argument that code from https://facebook.com running within your browser cannot access your filesystem then that means every single executable on your machine should be incapable of doing that as well? Wasn't this the same site that complained to high heavens about the constant permission prompts in macOS Catalina?
> which are often of less commercial nature, open-source, and more carefully vetted by centralized gatekeepers
I'm sorry, this is just blatantly false (as literally decades of malware on the desktop can attest).
Most people would click "accept" on the permission and never think about it. "Oh of course I need the ability to copy/paste on tiktok, how else will I paste 90sMusicChallenge in the search bar?"
Apple claims that you consented you this when you agreed to the App Store TOS.
E.g. a phone dialer app that asks if you want to dial the number in the clipboard when you start it, an image editor that asks if I want to create a new image size the dimensions of the clipboard, a torrenting program that when I choose to import a torrent automatically grabs it from the clipboard before I even get the choice to pick another option (though I still can).
I would be very surprised if this wasn't originally part of something like that, and maybe the feature was removed but the detection function wasn't.
Because if we put down our pitchforks for a second, LinkedIn is owned by Microsoft, which also owns a major browser and the world's most popular operating system. Microsoft sure as hell doesn't need to sniff your clipboard in LinkedIn, if it wanted to do something for nefarious purposes.
Never attribute to malice that which is adequately explained by stupidity.
The original report is a combination of iOS and MacOS so Microsoft does not have any kernel level leverage.
I don’t doubt it’s not malicious. More likely a holdover from an older or related feature.
The real story here is how easy it’s been for apps to spy on your clipboard. Seeing it in something by a large company like Microsoft just adds to the sensationalism. The TikTok version of this story is the real deal.
Well you're wrong about that.
> Nobody is ever going to touch it until something like this happens.
And that's the problem. A problem a company like Microsoft has the cash to avoid. They could hire more QA staff, but instead they've sacked tons.
Note that malice on the part of the corporation does not necessarily imply any individual at the corporation had malicious intent, although that can never be ruled out. Specifically, I am not claiming the intern who wrote the shitty code and forgot about it had malicious intent. Rather the organization itself is malicious, because it's a paperclip maximizer.
Somebody had to scramble to remove the clipboard code ASAP: https://github.com/linkedin/Hakawai/commit/fa7e8497040f5c36e...
Edit: Don't do mobile, but seems like it was a hack to distinguish between text that was pasted and text added by autocorrect
 "How popular apps can read your phone's clipboard without permission": https://www.mysk.blog/2020/03/10/popular-iphone-and-ipad-app...
 "Popular iPhone and iPad Apps Snooping on the Pasteboard": https://www.telegraph.co.uk/technology/2020/03/30/popular-ap...
They didn't say it was. They're saying they're looking forward to the next major release which alerts the user when this happens. That's why all these stories are coming out right after the release of the beta.
In Chrome on Android, the flag you want is under Settings | Site Settings | Clipboard | Ask before allowing sites to read text and images from the clipboard, and I think it's on by default.
The current feature being added allows this to happen, for awareness to be raised.
To be honest, I'm surprised we haven't heard of more snoopy apps already, but, I guess that will come when the feature's out of beta.
That's, one way to implement it...
Alternatively, and how I'm pretty sure it already works, is that on paste the clipboard could insert content directly into the control, never involving the app in the process.
Apps with completely custom inputs would need to see the contents, but that's both rare and usually a bad idea in the first place.
What do you expect when the CEO holds an MBA?
Screw permissions flags. Clipboard-sniffing is never justified. Moving data out of the clipboard should only ever happen by direct user request via the OS interaction layer.
I understand the outrage over apps abusing their access to the clipboard but what I don't understand is the people acting as though the OSes they use on the daily don't have the exact same "flaw".
> 1) does not break common programming techniques (e.g. an application rolling its own GUI, or implementing its own modes/keybindings)
A callback method that you can define to do anything you want in your program when the OS hands you the result of a user initiated paste operation because your program had focus. If you want custom keybindings to initiate the paste operation, you can register that desire with the OS. Want something perpetually backgrounded that exists exclusively to steal your secrets? Make _that_ a special permission if you must. Or just don't allow it.
> * 2) is not trivially spoofable by the enterprising developer?*
Ignoring the _minor_ contradiction of mixing "trivially" and "enterprising", rolling your own GUI and defining keybindings doesn't mean that you control access to the interface. The operating system mediating the hardware does that.
Could someone root your system and blahblahblah? Sure. But let's stop making "steal my secrets" part of the fucking standard system API and start working toward a brighter tomorrow.
Wonderful! Now how does this brilliant little solution account for applications that don't centre their operations on the keyboard?
How does this work for clicking on a UI element to paste?
How does this work for using non-tactile forms of input - say, a voice command?
How does this work for any method of interaction that's not "press a combination of keys"?
How does this interact with the very real and undebatable need to allow programs to simulate keyboard events?
What happens to operating systems that have the implementation of a system clipboard as out of scope (like a little-known operating system called Linux)? How does, say, the X window server then manage to implement a clipboard on top of it?
> rolling your own GUI and defining keybindings doesn't mean that you control access to the interface. The operating system mediating the hardware does that.
I am very curious indeed: what, exactly, do you think happens when (for example) a C program calls `getchar()`?
> But let's stop making "steal my secrets" part of the fucking standard system API and start working toward a brighter tomorrow.
If you consider something a secret, then may I suggest that you don't (both as a user and as a developer) put it in the general shared buffer for applications? The whole point of a buffer for temporarily storing and transferring data between applications is for said applications to actually access it. You are doing the equivalent of saving your "secret" in plaintext in your home folder and then complaining about the OS if/when a program peeks through your generally accessible home folder and finds it.
The same way as designating keybindings. Registration with the OS. I don't care if you have to do it by defining hotspot outlines for bespoke-from-raw-pixels interface elements.
> How does this work for using non-tactile forms of input - say, a voice command?
Voice interface is mediated by the OS. Register your desired custom paste command.
> the very real and undebatable need to allow programs to simulate keyboard events?
False. I'm happy to debate it. But before we do, I have to ask you to try to not be stuck in the "how things are done now" mindset.
> What happens to operating systems that have the implementation of a system clipboard as out of scope"
Then they have decided to punt on user safety. Be angry at them and demand better. Also, you're derailing.
> what, exactly, do you think happens when (for example) a C program calls `getchar()`?
What do YOU think happens? You think that your program talks directly to your keyboard buttons? And why do you think that this question is relevant?
> If you consider something a secret, then may I suggest that you don't (both as a user and as a developer) put it in the general shared buffer for applications?
Frankly, I think this is a bullshit user-hostile copout. Treating the clipboard as "general shared buffer between applications" is exactly what caused this madness. The clipboard is an extension of the user, like writing something down on paper so they can then reading it back later, and should be treated as such with sanctity.
Try approaching from the perspective that all of your "what if"s have a safe non-almost-100%-of-the-time-user-hostile solution. Because the freewheeling "steal my secrets" API is almost 100% of the time extremely user hostile and computers are meant for people to use.
Do you have some idea of a better, more secure way to share information between two apps the user alone has decided should be in communication?
To some extent, a solution does exist for arbitrary (iOS and Android) apps, which lets you explicitly pick what application you want to receive some data - the sharesheet. It's criminally underused in my opinion.
It's like people have either been gaslit into thinking that there's no sane alternative to the current nightmare or are so shortsighted that they don't understand the horrors lurking around every corner that wouldn't be there if they stopped to consider the consequences of [checks notes] "google maps doesn't require you to to paste the address in before it starts to route" and "dash can drop a markdown formatted link". Because saving you one click is surely _so_ important that it's worth giving up everything for.
Edit: Apparently it's Just A Thing: https://support.apple.com/guide/mac-help/copy-and-paste-betw...
But you can turn it off by turning off "Handoff", which luckily I already had. Nowhere is it mentioned in the settings UI that this extends to your clipboard.
Now how many other apps do this.
That's where we are with the market power of the big players. Google, facebook, apple, linkedin etc. Use the competition to linkedin in this space? You lose. The end.
The way we have always dealt with market power abuse in the past is via a combination of breaking up dominant players and regulation. The longer this wild abuse of market power goes on the more likely that this will be done in a bad way with pitchforks rather than a sensible, measured, outcome driven way carefully weighing the competing intrests to get what is best for the wider population in the medium and long term.
Also the fact this is legal at all is another case of everyone in law making, courts and enforcement having their brains fall out of their ears as soon as the words "using computers" are uttered. Do the exact same thing in any business where a computer is not used to do that thing and you are going to jail. It's break and enter. But "using a computer" so it's fine with the laws all no longer applicable.
Call it incompetence if you want, but there's a certain flavor of evil incompetence here.
I know it's Hacker News and it's easy to criticize LinkedIn for shady growth practices and get praise for it. They often deserve it, but assigning malicious/growth intent for every change they make is misguided.
Fixed by switching to firefox and blocking redirects.
The security excuse is used as a way to increase conversion.
There might be a thin guise of "security" (i.e. email isn't a secure place to send your top-secret inbound message) but I'm inclined to suspect the main motivation is to drive people back to the platform and drive up their stickiness metrics.
I'm sure in A/B tests it increased engagement...
Some other silly shit that come to mind - having the unsubscribe link after half/full page of white space, once you click on unsubscribe "give us 24 to 48 hours to remove your email" etc. Really? they need 24 hours to delete (or change a flag) in the database?
His book is also staggering insight into how little ability he has an executive and investor (some of the stuff is intern-level mistakes, like maybe juniors who are in their first week and got the job because of daddy...but even then...rare).
Give it a few weeks and people will start posting articles about how it happens on PC / Mac platforms too.
Though some apps I trust more with how they use the clipboard data or only restrict it to certain types, eg: image data for a photo viewer, urls for a browser, tracking code for a delivery app
All the limitations I found on web pages that asks me to download the app are artificial. What is reddit doing that requires an app? What is facebook doing that requires an app? There is even less reasons now to use the YouTube app.
I'm uninstalling this app from my phone now. This isn't acceptable!
Apple's Universal Clipboard may share your clipboard across devices.
GET parameters aren't usually visible to users; with the deemphasis of the URL bar, you'd have to have an incredibly short URL for that to even be a possbility. Right now I'm looking at
In the larger sense, where users can see the parameters if they intentionally look for them, despite the fact that they are normally invisible, POST parameters are just as visible.
Right click on the "crammed" icon area, pick "customize", and then you can drag and drop the icons crammed into the space into another bar (or out of the UI entirely if they are icons for things you never use), which should then recover much of the lost space.
I am curious what LinkedIn is actually doing with the data. Is it being exfilled somehow? Or is it just doing something in a really dumb way? I don't trust them at all to not be taking the data, but what purpose does it have?
They patiently read user's clipboard data and wait for a picture taken and copied to clipboard, then extract its EXIF geoloc tags and send the coordinates to the police.
Damn those non-chronological timelines.
if you agree with that premise, then it's no surprise that every possible source of data that can be collected upon, will be collected upon.
Every digital application that can be used for surveillance and control will be used for surveillance and control, irrespective of its originating intention.
Coined in the early 1980s, in The Age of the Smart Machine.