Microsoft is running one of the largest corporate espionage operations in modern history.
Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm.
The user is never asked. Never told. LinkedIn’s privacy policy does not mention it.
Because LinkedIn knows each user’s real name, employer, and job title, it is not searching anonymous visitors. It is searching identified people at identified companies. Millions of companies. Every day. All over the world.
Surely functionality affecting display can be standardized to the point of making them useless for fingerprints? I don’t really care what font my browser uses, as long as I don’t notice it. Similarly, other details should either be randomized, mocked, jittered, or outright blocked. Fingerprinting only works because they’re operating in a rather non-adversarial space. The weakness with their current approach is the huge set of variables, which I’m sure we can leverage to reduce the algorithms determinism.
We can either all appear the same, or appear completely unique every time. Either approach should work.
I don’t know a lot about how fingerprinting works, but some of what i’ve read is pretty insidious. Some things could probably be obfuscated, but some of what the trackers use has legitimate purposes as well. Your application may serve different content based on the screen size, or fall back to an older library if such-and-such API isn’t supported.
Personally I’d rather make targeting advertising and tracking illegal, and gut the whole thing to avoid the arms race.