Well, they can try to enforce the rules; that's perfectly fair. At the same time, there are many methods of "trying" which I would not consider valid or acceptable ones. "Enforcing the rules" does not give a carte blanche right to snoop and do "whatever's necessary." Sony tried that with their CD rootkits and got multiple lawsuits.
I think they framed it this way because they don't consider scraping abuse (to be fair, neither do I, as long as it doesn't overload the site). Botting accounts for spam is clear abuse, however, so that's fair game.
No, I consider all data collection and scraping egregious. From that perspective, LinkedIn is hypocritical when Microsoft discloses every filesystem search I do locally to bing.
No. Firefox always randomizes the extension ID used for URLs to web accessible resources on each restart [1]. Apparently, manifest v3 extensions on Chromium can now opt into similar behavior [2].
That's a different form of defense. The original claim in this thread was that LinkedIn's fingerprinting implementation was making cross-site requests to Chrome Web Store, and that they were reading back the response of those requests.
Firefox isn't susceptible to that, because that's not how Firefox and addons.mozilla.org work. Chrome, as it turns out, isn't susceptible to it, either, because that's also not how Chrome and the Chrome Web Store work. (And that's not what LinkedIn's fingerprinting technique does.)
(Those randomized IDs for content-accessible resources, however, do explain why the technique that LinkedIn actually uses is is a non-starter for Firefox.)
An additional improvement added in manifest v3 in both Chromium and Firefox is that extensions can choose to expose web accessible resources to only certain websites. Previously, exposing a web accessible resource always made that resource accessible to all websites.
It doesn't work. The person who posted the comment you're responding to has absolutely no idea what he's talking about. He confabulated the entire explanation based on a single misunderstood block of code that contains the comment «Remove " - Chrome Web Store" suffix if present» in the (local, NodeJS-powered) scraper that the person who's publishing this data themselves used to fetch extension names.
I'm not sure how you'd patch that. Any request that’s made from the current open tab / window is made on behalf of the user. From my point of view, it's impossible for the browser to know, if the request is legit or not.
An ideal implementation of the same origin policy would make it impossible for a site (through a fetch call or otherwise) to determine whether an extension resource exists/is installed or the site simply lacks permission to access it.
Is there no browser setting to defend against this attack? If not, there should be, versus relying on extension authors to configure or enable such a setting.
I imagine that it would require browsers to treat web requests from JS differently from those initiated by the user, specifically pretending the JS-originating requests are by logged-out or "incognito" users (by, I suppose, simply not forwarding any local credentials along, but maybe there's more to it than that).
Which would probably wreak havoc with a lot of web apps, at least requiring some kind of same-origin policy. And maybe it messes with OAuth or something. But it does seem at least feasible.
Desire, convenience, and price are always in tension. Someone may desire to watch something, but it's too inconvenient. It may also be that there is not enough convenience for the price being paid. We see this issue regularly with DRM.
Do people need to watch the content? No. Are people entitled to the content? Is it "stealing" or not? That last one is probably up for date.
Regardless, the answers to those questions don't matter in the end. The public has made its demands clear time after time. The rightsholders can either deliver a convenient experience at a reasonable* price, or they can play whack-a-mole with pirates forever. Spotify managed to do it; Steam managed to do it. Only video media companies are so stubborn these days.
*There is always much debate on what constitutes a "reasonable" price, but it is certainly no more than a consumer is willing to pay. If that's less than the cost of producing the product, then perhaps the business model simply isn't viable.
If you work with lots of other entities who want full control over their own comms (e.g. other governments, other departments, other EU entities like European Parliament and Council, the UN, NATO, etc) then decentralisation or federation is a big deal.
In the public sector it's basically a requirement: it's bananas if your country's critical infrastructure ends up dependent on some a product effectively controlled by another country (e.g. Teams) - and you obviously want to be able to communicate with other govt entities rather than being stuck in an island.
Then it's a natural extension to the private sector - although for now, it feels more folks are on the "nobody got sacked for using Teams" train.
Counter-point. France has already kidnapped another social media CEO and forced him to give up the encryption keys. The moral difference between France (historically or currently) and a 3rd wold warlord is very thin. Also, look at the accusations. CP and political extremism are the classic go-tos when a government doesn't really have a reason to put pressure on someone but they really want to anyway. France has a very questionable history of honoring rule of law in politics. Putting political enemies in prison on questionable charges has a long history there.
"I can't see any difference between a country that has busted two companies that were known for hosting child porn, and a random cartel kingpin" isn't the flex you think it is
We are also talking about a country who wants to ban anonymous VPNs in the name of protecting the children and ask everyone to give their ID card to register account on Instagram, TikTok, etc.
Killing foreigners outside of the own country has always been deemed acceptable by governments that are (or were until recently) considered to generally follow rule of law as well as the majority of their citizen. It also doesn't necessarily contradicts rule of law.
It's just that the West has avoided to do that to each other because they were all essentially allied until recently and because the political implications were deemed too severe.
I don't think however France has anything to win by doing it or has any interest whatsoever and I doubt there's a legal framework the French government can or want to exploit to conduct something like that legally (like calling something an emergency situation or a terrorist group, for example).
People were surprised when the US started just droning boats in the Caribbean and wiping out survivors, but then the government explained that it was law enforcement and not terrorism or piracy, so everyone stopped worrying about it.
Seriously, every powerful state engages in state terrorism from time to time because they can, and the embarrassment of discovery is weighed against the benefit of eliminating a problem. France is no exception : https://en.wikipedia.org/wiki/Sinking_of_the_Rainbow_Warrior
The second Donald Trump threatened to invade a nation allied with France is the second anyone who works with Trump became a legitimate military target.
Like a cruel child dismembering a spider one limb at a time France and other nations around the world will meticulously destroy whatever resources people like Musk have and the influence it gives him over their countries.
If Musk displays a sufficient level of resistance to these actions the French will simply assassinate him.
You got that backwards. Greenpeace for all its faults is still viewed as a group against which military force is a no-no. Sinking that ship cost France far more than anything they inflicted on Greenpeace. If anything, that event is evidence that going after Musk is a terrible idea.
PS Yes, Greenpeace is a bunch of scientifically-illiterate fools who have caused far more damage than they prevented. Doesn't matter because what France did was still clearly against the law.
reply