Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

LinkedIn (Microsoft) is a company that previously used man-in-the-middle techniques to move people's private emails to its servers.[1]

People no longer give them the benefit of that doubt because of the reputational damage these previous violations have caused.

They should stop making "innocent" mistakes with other people's privacy and deal with this more professionally at the highest levels.

If they don't people will continue to jump to the conclusion that this sort of activity resembles criminal behaviour.

[1] http://www.pcwelt.de/news/LinkedIn_liest_Ihre_E-Mails_mit-In...



Sure, I get it. LinkedIn's email plugin thing was a security nightmare. But in this case, the code is right there!

Take a step back and look at the entire forest: The outrage is over an app accessing data specifically designed to be shared across applications. That's what Copy fundamentally means- make this thing globally available to all my programs. You can poll pbpaste/xsel in your terminal and generate a log of the clipboard buffer without any privileges. Does this mean an untrustworthy app could, in theory, snoop your plaintext password copied from a password manager? Sure, but that's a separate discussion.

Ask yourself, does it make sense to implement clipboard snooping in a way that polls the pasteboard on every keystroke while an input form remains in focus? No, that's weird, there's obvious bug stench. LinkedIn may be nefarious, but defaulting to instant outrage and lack of critical thinking is the real concern here.


> That's what Copy fundamentally means- make this thing globally available to all my programs

Wouldn't that be:

Copy means- "make this thing go into MY clipboard".

Paste means- "make my clipboard available to THIS application".


Copy and paste are application-level interfaces; the operating system holds the data, but has always given it up on demand. I've actually seen some applications that use the clipboard as an IPC mechanism (most recently, a Python application, I don't recall what for, was wiping URLs from my clipboard to see if it was already running)


Historically, yes. But in a world of mobile OS with permissions everywhere, it would make sense to deny full read access by default.

I may be wrong but I thought that even websites cannot access clipboard content except in write mode. Even, I remember that long ago, a Flash script was commonly used to be able to copy stuff into it.


No it's not, and your thinking is completly bad from privacy standpoint.

PASTE operation is where I give consent, to MY clipboard content. Not COPY. Thinking that COPY gives consent is like all the ideas that i-take-user-date-unlsess-user-opts-out . It is not fine.

You shall NOT paste without my permission.


I am describing how things are; you are describing how you want them to be.


Do not forget the hiQ Labs case where they have alleged CFAA violations against someone scraping public data.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: