iPhone User Sues Microsoft's LinkedIn For Spying Through Apple's 'Clipboard' (reuters.com) 39
"Microsoft's LinkedIn was sued by a New York-based iPhone user on Friday for allegedly reading and diverting users' sensitive content from Apple Inc's Universal Clipboard application," reports Reuters.
According to Apple's website, Universal Clipboard allows users to copy text, images, photos, and videos on one Apple device and then paste the content onto another Apple device. According to the lawsuit filed in San Francisco federal court by Adam Bauer, LinkedIn reads the Clipboard information without notifying the user. LinkedIn did not immediately respond to Reuters request for comment.
According to media reports from last week, 53 apps including TikTok and LinkedIn were reported to be reading users' Universal Clipboard content, after Apple's latest privacy feature started alerting users whenever the clipboard was accessed with a banner saying "pasted from Messages..."
A LinkedIn executive had said on Twitter last week that the company released a new version of its app to end this practice... According to the complaint, LinkedIn has not only been spying on its users, it has been spying on their nearby computers and other devices, and it has been circumventing Apple's Universal Clipboard timeout.
According to media reports from last week, 53 apps including TikTok and LinkedIn were reported to be reading users' Universal Clipboard content, after Apple's latest privacy feature started alerting users whenever the clipboard was accessed with a banner saying "pasted from Messages..."
A LinkedIn executive had said on Twitter last week that the company released a new version of its app to end this practice... According to the complaint, LinkedIn has not only been spying on its users, it has been spying on their nearby computers and other devices, and it has been circumventing Apple's Universal Clipboard timeout.
my instinct tells me (Score:4, Insightful)
that linkedin are up to no good.
i don't have any observable proof of this, however this article helps, thanks.
Hah (Score:5, Insightful)
You installed the app when the website worked perfectly fine! Caveat Emptor!
Re:Hah (Score:5, Insightful)
Re: (Score:2)
And they force you to use their Messenger app instead of in its own Facebook app. :(
Google maps too (Score:2)
Can't use browser google maps on my iphone. Have to install app. No thanks.
Re: (Score:2)
Facebook works fine again on my iPhone 6, even in Firefox. There was a time when they wanted you to install the Messenger, but not anymore.
And Google maps also works, but it keeps nagging you about installing the app and Google has done its best to make the experience as cringeworthy as possible. Luckily Maps works fine these days.
I wonder about LinkedIn management. (Score:2)
I wonder about LinkedIn management. Why would they want that? Why would they think they would never get caught.
Or, was it LinkedIn employees who decided to spy, and LinkedIn management has no technical knowledge?
Re: (Score:2)
Interesting, when they were spying on nearby devices, they were not spying, according to law they were illegally attacking a private computer network and criminal offence with severe penalties. You are not allow to attack private computer networks, and the connections between your devices at home, are a private computer network and by law protected from attack by severe criminal penalties. It sounds like a class action law suit against government authorities for their failure to act is also required.
its a CLASS ACTION! (Score:4, Insightful)
Sharks recognize equals. (Score:4, Funny)
A: Professional courtesy.
lawyers (Score:3)
The purpose of a class action is not to reimburse the class for damages. Why? Because the amounts are typically to small. It's to punish the perp company with a large fine higher than the profits from the activity. If that money didn't mostly go to the lawyers, then class actions couldn't happen. Then Charter would continue ripping people off without much chance of recourse.
If you're using a "smart" phone... (Score:2)
Re: If you're using a "smart" phone... (Score:3)
Going for +1 pedantic mod here - at least if you want to stay dry while swimming you can wear a suit.
Re: (Score:2)
Re: (Score:2)
Since email and (SMS) text messages aren't necessarily encrypted, in general there is no way to use them from any device without giving up all your data if someone is in a position to read it between the sender and recipient. I'm not sure why you think Apple or Android devices are any worse in this respect; are you suggesting that the built-in email and messaging apps in the mobile OSes are actively forwarding your messages to someone other than the intended recipient?
Re: (Score:2)
I use email on computers running Windows, and Microsoft doesn't have access to all of my emails.
Re: (Score:2)
No, I'm saying that using these OS's gives Apple and Google the rights to 100% of the contents of your email that passes through those devices.
I'm not sure what you mean here, but what you actually wrote is clearly not true. For example, in my country, any legal agreement purporting to grant them such a right would likely be unenforceable, and attempting to access the contents routinely anyway through their control of the software would potentially result in a huge fine from the regulators and potentially huge legal liability to individual users through civil actions as well.
Re: If you're using a "smart" phone... (Score:5, Insightful)
That attitude is what causes this problem! It is a victim blaming cop-out. Just because the user gave some information to company A does not mean that it is acceptable that company B can steal that same information.
I am posting this from a smart phone. So I acknowledge that Google knows my location. That does not mean I consent to LinkedIn stealing my clipboard contents. (But yes, I am not foolish enough to install the LinkedIn app. I am unclear why people install apps like that.)
Re: (Score:2)
Re: (Score:2)
they also have 100% of your emails, your texts, and your phone calls.
Any proof of this?
Re: (Score:2)
Irrelevant. Even if what you say is true, it does not mean that we should ignore LinkedIn stealing our data.
Every other app you've installed on your phone is probably doing the same thing.
No, not every other app we have installed is doing the same thing. The LinkedIn app is. And we will hold them accountable. And that is how we will STOP every other app from doing the same thing. If the situation is truly as bad as what you say, it is your very own attitude that is causing it. In one post you manage to decry the state of affairs, while simultaneously telling us to ignore it!
Re: (Score:2)
Google only knows your location if you turn Location services on (mine are off). They only have your emails if you use Gmail (and you agreed to that when you signed up for their free service.) They do not have your texts or phone call information unless you are getting cellphone service through them, and even then it's just the source/destination info and not the contents.
Face it, you're really not interesting enough that they would want to actively monitor everything you do. That might be a blow to your
Re: (Score:2)
Yeah yeah, we know. Not get back in your cave, ok?
Social media apps on your phone = own reward (Score:2)
Why anyone installs this shite on their phone where it can potentially make off with a treasure trove of personal information (that they've chosen not to deliberately share) boggles them mind.
Personally, other than using it as a lazy way to curate my resume, I hardly use LinkedIn at all. And now I'm re-thinking even that.
Idiots are out in strength. (Score:2)
Apps also _have to_ look at the clipboard to decide whether they can paste its contents. That is normal behaviour. Nothing mischievous about that.
And if I wrote an iOS app that wants to copy clipboard data and send it home to my servers, I'd be able to do that without any warnings showing up.
Re:Idiots are out in strength. (Score:5, Insightful)
Apps are _supposed_ to look at the clipboard and process its contents when you press a "Paste" button.
Yes, but not otherwise. And apps have been doing that. You don't even know what the argument is, but that doesn't stop you from arguing.
Re: (Score:2)
Yes, but not otherwise. And apps have been doing that. You don't even know what the argument is, but that doesn't stop you from arguing.
As I said, idiots out in force. iOS can paste into text fields on its own. Any other paste operation must be done by the app, and gives a warning in iOS 14 (meaning that the same thing happens in apps everywhere but without warning). And apps have always looked at the clipboard to change their UI according to the contents, without invading anyone's privacy.
And as I said, extracting text contents from the iOS clipboard and sending it off _without warning_ is very easily done. If there's anyone spying on y
Don't have to look at the data (Score:3)
open func contains(pasteboardTypes: [String]) -> Bool
So, if the clipboard was being accessed to enable/disable a paste button, there wouldn't be a need to see the actual data, unless you were looking for a specially formatted string. But, it might be a bug or ignorance.
Re: (Score:2)
Re: Idiots are out in strength. (Score:4, Informative)
You donâ(TM)t understand the problem. Apps are able to listen to the clipboard without the user explicitly pasting.
Watch the video where the user is authoring a message and every 3 characters iOS 14 beta shows a security alert that TikTok is copying the contents of the clipboard.
If you use a password manager and are in the habit of copy/pasting complex passwords, this means your passwords have been compromised (probably as plain text) into who knows what kind of tracking data.
Re: (Score:2)
Re: (Score:2)
Apps are _supposed_ to look at the clipboard and process its contents when you press a "Paste" button.
Shouldn't this be handled by the operating system itself (exactly to prevent this kind of abuse...)?
Apps also _have to_ look at the clipboard to decide whether they can paste its contents.
How wouldn't this be possible? (barring a bug...) And why not simply forge ahead, and deal with an error when it happens?
Fishing Expedition (Score:4, Insightful)
They know the clipboard was read, not that the data was exfiltrated. LinkedIn says it wasn't. Absence of evidence is not evidence of absence, but "a suspicion" is no basis for a lawsuit.
The claim of spying sounds like defamation from here. If they can prove it, they should prevail, of course. If they cannot, or the proof is determined to the contrary, they should owe damages.
I wonder if LinkedIn was smart enough to make reproducible builds.
Out of both sides of their mouth (Score:1)
Answer so simple even a caveman could do it (Score:2, Informative)
-Caveman
Not the only way it spies (Score:2)
All these social media apps are the same. The best advice is don't install them, and if you must then restrict the permissions they have on the device and adjust the privacy settings to their maximum which I guarantee they won't be by