Browse > Home / Aggregation, Business intelligence, Data mining, Database, News / Microsoft and Its Magic Touch: Slurp, Slurp, Slurp

Microsoft and Its Magic Touch: Slurp, Slurp, Slurp

April 28, 2026

green-dino_thumbAnother dinobaby post. No AI unless it is an image. This dinobaby is not Grandma Moses, just Grandpa Arnold. I find it interesting that AI detectors identify my writing style as AI output. I suppose I should be flattered, but I just don’t care.

I read “LinkedIn Is Illegally Searching Your Computer.” No, I don’t know if the write up is a confection or concrete. The publisher is “BrowserGate”. The title is snappy. I want to take a quick look at what the essay (news report?) asserts. I personally believe everything I read on the Internet. You may take a a different road in the “yellow woods.”

The main point of the article strikes me as:

Microsoft is running one of the largest corporate espionage operations in modern history. Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm. The user is never asked. Never told. LinkedIn’s privacy policy does not mention it. Because LinkedIn knows each user’s real name, employer, and job title, it is not searching anonymous visitors. It is searching identified people at identified companies. Millions of companies. Every day. All over the world.

This is a thought provoking series of statements, and my first thought is that the legal eagles in Microsoft / LinkedIn hangers are putting on their flight suits. Ground crews are checking the verbal ammunition. The air traffic control professionals are clearing air space. The lawyers will be going aloft.

image

Moving the cash from data sales is a big business but boring. Thanks, Venice.ai, aside from one employee going the wrong way the image is good enough.

I noted the statement “one of the largest corporate espionage operations in modern history.” I would agree that Microsoft is in the data collection business. But if the firm is using these data for corporate espionage, one must act, “With all that information, how could the estimable firm foul up its artificial intelligence service, image, and mindshare? Something does not compute for me.

The second point is that a distinctly American company is not outputting information about what it does, is doing, did do, and will do. Evidence of this approach may be gleaned from the firm’s former president’s testimony in a trial in Europe and the marketing information about the firm’s relationship with its Number One AI partner, OpenAI.

The third point is that cross correlation is as commonplace as hitting a drive-through for a cup of coffee on the way to work. Of course, those with access to data find relationships, map them, and process the analytics outputs for signals. Now at first glance, the entire process seems sketchy. I assure you that it is the equivalent of hitting speed dial to see if a lunch date with a colleague is okay for today. No big deal. Why make a standard operating procedure a hair-on-fire event. Folks, cross correlation has been a thing for decades in policeware, intelware, and regular software. I know these statements may be surprising to some people, but that’s where the idea of life-long learning shows that most people do not keep up.

The write up continues with yellow lights blinking and sirens sounding. It offers up this gems:

LinkedIn’s scan reveals the religious beliefs, political opinions, disabilities, and job search activity of identified individuals…. Under EU law, this category of data is not regulated. It is prohibited. LinkedIn has no consent, no disclosure, and no legal basis. Its privacy policy does not mention any of this.

Okay, what’s the problem? For those in the EU, just embrace Linux as France is doing and stop using US social media. Most of the US outfits really don’t recognize countries, blocs, and royal edicts. The US companies do what is necessary to generate revenue, capture and hold user attention, and sell advertising. Believe me, the data slurpers know that selling advertising is a darned good business.

The link reveals that this “essay” is quite a lengthy white paper. I will leave it to you to work through the entire document. I had to break my reading into separate segments. I know that my interest in reports that BAIT outfits (big AI tech firms) are making people unhappy. Sure, some kids kill themselves because of certain outputs. Sure, US messaging services allow bad actors to coordinate. (Keep in mind that the coded-in-the-snow Telegram Messenger is in this game too.) Of course, the price gouging, dark patterns, and “Senator, thank you for that question” transparency puts some fire in the eyes of otherwise rational people. But the process has been chugging along for a quarter of century, and what do we have. BAIT.

One assertion is:

LinkedIn’s code uses a three-stage fallback chain to detect whether a specific extension is installed in your browser.

Stage 1: Direct communication. The code attempts to contact the extension directly using Chrome’s externally_connectable messaging API. If the extension developer has explicitly disabled this channel in their manifest.json, this method fails, and LinkedIn moves to stage 2.

Stage 2: Resource probing. The code attempts to fetch a known file from the extension using its web_accessible_resources. This is the equivalent of checking whether a door is unlocked by trying the handle. If the extension developer has not exposed any web-accessible resources, this also fails, and LinkedIn moves to stage 3.

Stage 3: DOM mutation detection. The code monitors for changes to the page structure that are characteristic of specific extensions injecting elements into LinkedIn’s interface. This catches extensions that modify what you see on the page.

This strikes me as a variant on the methods used by some Telegram Messenger bots. I don’t want to label the method malware, but one might be able to find some similarities. In fact, in my upcoming Telegram lecture I walk through one approach that performs similar functions just within the mini app and dApp environments. My example is a fake job posting but operates via a smart contract with the payloads stored in the TON blockchain. The approach makes detection and removal somewhat more difficult that the approach used by Microsoft LinkedIn. I suppose their approach can be upgraded, but for now, it’s lagging behind the state of the art in sporty container activity.

The essay ends with a call for action. There’s a list of “extensions.” There is a — heaven help me — WhatsApp group. There is a call for the readers of the essay to talk with a journalist. But the big request is “Support the Browsergate Legal Fund.”

Several observations:

  1. What data are public facing AI companies acquiring and monitoring when a person needs hallucinating smart software to be more productive and increase one’s chances for brain fry?
  2. What data are cross correlated in most major cities by government agencies, financial institutions, private companies, and capable black hat hackers? Where do those data end up?
  3. What is the revenue generated by repackaging such collected data and offered to marketers on different financial terms via third party data brokers or subsidiaries of BAIT outfits that provide advertisers with market data?

I appreciate and enjoy the reaction to a reality that has been chugging along for decades. My question is, “Where have you been?” The Browser Gate Web site provides a link. Click it and you get updates. That’s called “sticky.”

Stephen E Arnold, April 28, 2026

Written by Stephen E. Arnold · Filed Under Aggregation, Business intelligence, Data mining, Database, News 

Comments

Got something to say?





  • Archives

  • Recent Posts

  • Meta