Hacker News new | past | comments | ask | show | jobs | submit login

This should be higher, above all of the mobs teething for vengeance. It’s an innocuous comparison of text input to the pasteboard to prevent unwanted autocorrect insertions.[0] Probably the same code used by TikTok too.

the code and and comments are here: [0] https://github.com/linkedin/Hakawai/pull/162/commits/c3f8958...

LinkedIn (Microsoft) is a company that previously used man-in-the-middle techniques to move people's private emails to its servers.[1]

People no longer give them the benefit of that doubt because of the reputational damage these previous violations have caused.

They should stop making "innocent" mistakes with other people's privacy and deal with this more professionally at the highest levels.

If they don't people will continue to jump to the conclusion that this sort of activity resembles criminal behaviour.

[1] http://www.pcwelt.de/news/LinkedIn_liest_Ihre_E-Mails_mit-In...

Sure, I get it. LinkedIn's email plugin thing was a security nightmare. But in this case, the code is right there!

Take a step back and look at the entire forest: The outrage is over an app accessing data specifically designed to be shared across applications. That's what Copy fundamentally means- make this thing globally available to all my programs. You can poll pbpaste/xsel in your terminal and generate a log of the clipboard buffer without any privileges. Does this mean an untrustworthy app could, in theory, snoop your plaintext password copied from a password manager? Sure, but that's a separate discussion.

Ask yourself, does it make sense to implement clipboard snooping in a way that polls the pasteboard on every keystroke while an input form remains in focus? No, that's weird, there's obvious bug stench. LinkedIn may be nefarious, but defaulting to instant outrage and lack of critical thinking is the real concern here.

> That's what Copy fundamentally means- make this thing globally available to all my programs

Wouldn't that be:

Copy means- "make this thing go into MY clipboard".

Paste means- "make my clipboard available to THIS application".

Copy and paste are application-level interfaces; the operating system holds the data, but has always given it up on demand. I've actually seen some applications that use the clipboard as an IPC mechanism (most recently, a Python application, I don't recall what for, was wiping URLs from my clipboard to see if it was already running)

Historically, yes. But in a world of mobile OS with permissions everywhere, it would make sense to deny full read access by default.

I may be wrong but I thought that even websites cannot access clipboard content except in write mode. Even, I remember that long ago, a Flash script was commonly used to be able to copy stuff into it.

No it's not, and your thinking is completly bad from privacy standpoint.

PASTE operation is where I give consent, to MY clipboard content. Not COPY. Thinking that COPY gives consent is like all the ideas that i-take-user-date-unlsess-user-opts-out . It is not fine.

You shall NOT paste without my permission.

I am describing how things are; you are describing how you want them to be.

Do not forget the hiQ Labs case where they have alleged CFAA violations against someone scraping public data.

Seeing the mob mentality surrounding this is honestly scary. All the top voted comments have pretty much decided that this is used for nefarious purposes, with absolutely zero evidence. Same goes for TikTok and the DDG favicon saga from yesterday. Whatever happened to Occam’s (edit: Meant Hanlon's) razor?

Eh. It’s like I already punched you in the face 9 times. The 10th time I’m making a punching motion, you’re probably going to duck away. Even if I wasn’t going to punch you, but instead giving you an ice cream.

If you’re a shitty company (TikTok, LinkedIn) people are going to assume you’re acting shitty when it looks like you’re acting shitty.

Yeah, it's like The Boy that Cried Wolf - sure, people shouldn't jump to conclusions, but if we're shown something enough times it's easy to become conditioned to a particular expectation.

> Whatever happened to Occam’s razor?

The reaction from people in this thread is the result of occam's razor.

If site is caught doing shady things repeatedly over the years and then another shady thing is revealed. Most likely/simple explanation is that they are doing jet another shady thing.

Same goes for TikTok and Zoom for me.

Not sure what DDG saga you mean, i must have missed that.

LinkedIn's business model is base around surveillance.

DDG's is specifically based around providing services without surveillance.

So if DDG make a mistake I give them the benefit of the doubt because I can see it's in the their interests to fix that.

If LinkedIn make a mistake, based on previous behaviour, I assume that the mistake was getting caught and that another mistake will be announced any time now.

I don't use LinkedIn for this reason.

Linkedin has been doing lots of bad things before, like asking for users' email passwords. Occam's razor applies, and it's to Linkedin's disadvantage. By the way, maybe you mean Hanlon's razor (never attribute to malice that which is adequately explained by stupidity).

I uninstalled the Linkedin app like 30 minutes after first trying it a couple years ago because it was bombarding me with useless notifications.

Then on the Microsoft purchase they redid their site in some crap javascript framework that keeps reloading elements and is 3x as slow as the previous version of the site.

I didn't even assume malice when i read the article title, i assumed incompetence.

Just, no. There is NO possible excuse for accessing my private clipboard buffer without my involvement - as a result of a direct action I have overtly initiated.

If there is no legitimate reason for it to happen, should this be prevented at the OS level?

Yes. People copy passwords, SSNs, crypto wallet secrets, and more in a clipboard that pretty much any app or website or system service can see without permission. I'm surprised we haven't seen more attacks on it, honestly.

I have long wanted to build a secure multi-clipboard, one where you can copy with Ctrl+shift+1, ctrl+shift+2 etc and paste with Ctrl+1 and Ctrl+2

It would keep those hidden from any app until explicitly pasted. I was thinking you could co-opt the system keyboard to get the same functionality, but it clears the system clipboard instantly after any copy/paste.

Hmm good idea, maybe you can integrate that into Klipper:


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact