Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
hsuduebc2 4 hours ago

Well it would be more appropriate headline if it would be about broken browser behavior.

But this is about major corporation sneakily abusing this to ilegally extract specific sensitive data which they are abusing.

forgotaccount3 2 hours ago | parent | next [-]

What law is it breaking?

If a company leaks my sensitive data, I get some nice junkmail offering me some period of time of credit monitoring or whatever so what are browsers doing to prevent this?

The issue should never be 'We want entities to have this data but only use it in some constrained and arbitrary manner that we can't even agree about it's definition.' instead 'This data shouldn't be made available to X'

tomwheeler 3 hours ago | parent | prev [-]

It's possible to write a headline that directs blames at both parties: "Major Browsers Fail to Block Websites that Invade Your Privacy"

The fact that the website is doing this is a bigger problem than the browser not preventing it. If someone breaks into a house, it's the burglar who is prosecuted, not the company that made the door.

If you scanned LinkedIn's private network, you'd be criminally charged. Why are they allowed to scan yours with impunity? And why is this being normalized?

The best solution is a layered defense: laws that prohibit this behavior by the website and browsers that protect you against bad actors who ignore the law.

haswell 3 hours ago | parent [-]

> If you scanned LinkedIn's private network, you'd be criminally charged. Why are they allowed to scan yours with impunity? And why is this being normalized?

First, I think it’s a major issue that Chrome is allowing websites to check for installed extensions.

With that said, scanning LinkedIn’s private network is not analogous to what is going on here. As problematic as it is, they’re getting information isolated to the browser itself and are not crossing the boundary to the rest of the OS much less the rest of the internal network.

Problematic for privacy? Yes. Should be locked down? Yes. But also surprisingly similar to other APIs that provide information like screen resolution, installed fonts, etc. Calling those APIs is not illegal. I’m curious to know what the technical legal ramifications are of calling these extension APIs.