I do think a degree of alarm is appropriate.

But it’s critical to sound the correct alarm.

To me, it seems like the authors pulled the fire alarm for a single building when in reality there’s a tornado bearing down.

And by doing so, everyone is scrambling about a fire instead of the response a tornado siren would cause.

They’re both dangerous and worthy of an immediate reaction, but the confusion and misdirection this causes seems deeply problematic.

When people realize the fire wasn’t real, they start to question the validity of the alarm. The tornado is still out there.

I realize this analogy is a bit stretched.

As someone who has spent quite a lot of time steeped in security/privacy research, the stuff described in the article has been happening pervasively across the industry.

People absolutely should be alarmed. Many of us have been alarmed for quite some time. Raising the alarm by saying “LinkedIn is searching your computer” isn’t it.

I think this is a great analogy. I read quite a bit of the site and it's wildly blown out of proportion and severely lacking in context.

How many phone apps do you think are trying to detect what else is installed on your phone? I was part of an acquisition of a company with a very large mobile user base and our new parent was shocked we weren't trying to passively collect device information like this. They for sure were.

And on the flip side, as others have done well to point out, there are a LOT of legitimate reasons to fingerprint users for anti-fraud/abuse and I am 100% convinced that we're all better off for this.

Maybe thats all this story is about, maybe not, but this article leaves out an incredible amount of complexity.