Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Microsoft Privacy The Courts Apple

iPhone User Sues Microsoft's LinkedIn For Spying Through Apple's 'Clipboard' (reuters.com) 39

"Microsoft's LinkedIn was sued by a New York-based iPhone user on Friday for allegedly reading and diverting users' sensitive content from Apple Inc's Universal Clipboard application," reports Reuters. According to Apple's website, Universal Clipboard allows users to copy text, images, photos, and videos on one Apple device and then paste the content onto another Apple device. According to the lawsuit filed in San Francisco federal court by Adam Bauer, LinkedIn reads the Clipboard information without notifying the user. LinkedIn did not immediately respond to Reuters request for comment.

According to media reports from last week, 53 apps including TikTok and LinkedIn were reported to be reading users' Universal Clipboard content, after Apple's latest privacy feature started alerting users whenever the clipboard was accessed with a banner saying "pasted from Messages..."

A LinkedIn executive had said on Twitter last week that the company released a new version of its app to end this practice... According to the complaint, LinkedIn has not only been spying on its users, it has been spying on their nearby computers and other devices, and it has been circumventing Apple's Universal Clipboard timeout.

This discussion has been archived. No new comments can be posted.

iPhone User Sues Microsoft's LinkedIn For Spying Through Apple's 'Clipboard'

Comments Filter:
  • by rewindustry ( 3401253 ) on Sunday July 12, 2020 @11:38AM (#60289964)

    that linkedin are up to no good.

    i don't have any observable proof of this, however this article helps, thanks.

  • Hah (Score:5, Insightful)

    by the_skywise ( 189793 ) on Sunday July 12, 2020 @11:48AM (#60290000)

    You installed the app when the website worked perfectly fine! Caveat Emptor!

    • Re:Hah (Score:5, Insightful)

      by Spamalope ( 91802 ) on Sunday July 12, 2020 @12:55PM (#60290248)
      And that's why FB makes the website unusable at least from mobile. (and if you need to do that to compel app usage, there is not chance I'd ever load it)
      • by antdude ( 79039 )

        And they force you to use their Messenger app instead of in its own Facebook app. :(

      • Can't use browser google maps on my iphone. Have to install app. No thanks.

        • by tsa ( 15680 )

          Facebook works fine again on my iPhone 6, even in Firefox. There was a time when they wanted you to install the Messenger, but not anymore.

          And Google maps also works, but it keeps nagging you about installing the app and Google has done its best to make the experience as cringeworthy as possible. Luckily Maps works fine these days.

  • "... LinkedIn has not only been spying on its users, it has been spying on their nearby computers and other devices, and it has been circumventing Apple's Universal Clipboard timeout."

    I wonder about LinkedIn management. Why would they want that? Why would they think they would never get caught.

    Or, was it LinkedIn employees who decided to spy, and LinkedIn management has no technical knowledge?
    • by rtb61 ( 674572 )

      Interesting, when they were spying on nearby devices, they were not spying, according to law they were illegally attacking a private computer network and criminal offence with severe penalties. You are not allow to attack private computer networks, and the connections between your devices at home, are a private computer network and by law protected from attack by severe criminal penalties. It sounds like a class action law suit against government authorities for their failure to act is also required.

  • by Fly Swatter ( 30498 ) on Sunday July 12, 2020 @12:00PM (#60290030) Homepage
    The lawyers found their gullible plaintiff. The plaintiff will get a coupon good at chuck-e-cheese, and the lawyers will have to rent multiple armored trucks to haul away their fees.
  • ... you've really already given up all of your information in one way or another. Expecting any sort of "privacy" on a phone is like expecting to stay dry while swimming.
    • Going for +1 pedantic mod here - at least if you want to stay dry while swimming you can wear a suit.

      • by DogDude ( 805747 )
        That's true. I don't know of any way to use an Apple or an Android phone without giving up all of your email and text messaging data, at the very least.
        • Since email and (SMS) text messages aren't necessarily encrypted, in general there is no way to use them from any device without giving up all your data if someone is in a position to read it between the sender and recipient. I'm not sure why you think Apple or Android devices are any worse in this respect; are you suggesting that the built-in email and messaging apps in the mobile OSes are actively forwarding your messages to someone other than the intended recipient?

          • by DogDude ( 805747 )
            No, I'm saying that using these OS's gives Apple and Google the rights to 100% of the contents of your email that passes through those devices.

            I use email on computers running Windows, and Microsoft doesn't have access to all of my emails.
            • No, I'm saying that using these OS's gives Apple and Google the rights to 100% of the contents of your email that passes through those devices.

              I'm not sure what you mean here, but what you actually wrote is clearly not true. For example, in my country, any legal agreement purporting to grant them such a right would likely be unenforceable, and attempting to access the contents routinely anyway through their control of the software would potentially result in a huge fine from the regulators and potentially huge legal liability to individual users through civil actions as well.

    • by MobyDisk ( 75490 ) on Sunday July 12, 2020 @01:07PM (#60290300) Homepage

      That attitude is what causes this problem! It is a victim blaming cop-out. Just because the user gave some information to company A does not mean that it is acceptable that company B can steal that same information.

      I am posting this from a smart phone. So I acknowledge that Google knows my location. That does not mean I consent to LinkedIn stealing my clipboard contents. (But yes, I am not foolish enough to install the LinkedIn app. I am unclear why people install apps like that.)

      • by DogDude ( 805747 )
        Google not only knows your location, they also have 100% of your emails, your texts, and your phone calls. You have no idea what Google is doing with your information. Every other app you've installed on your phone is probably doing the same thing. So why would you (or anybody else) care that Linkedin is taking some inconsequential information from your copy buffer?
        • they also have 100% of your emails, your texts, and your phone calls.

          Any proof of this?

        • by MobyDisk ( 75490 )

          Irrelevant. Even if what you say is true, it does not mean that we should ignore LinkedIn stealing our data.

          Every other app you've installed on your phone is probably doing the same thing.

          No, not every other app we have installed is doing the same thing. The LinkedIn app is. And we will hold them accountable. And that is how we will STOP every other app from doing the same thing. If the situation is truly as bad as what you say, it is your very own attitude that is causing it. In one post you manage to decry the state of affairs, while simultaneously telling us to ignore it!

        • by cusco ( 717999 )

          Google only knows your location if you turn Location services on (mine are off). They only have your emails if you use Gmail (and you agreed to that when you signed up for their free service.) They do not have your texts or phone call information unless you are getting cellphone service through them, and even then it's just the source/destination info and not the contents.

          Face it, you're really not interesting enough that they would want to actively monitor everything you do. That might be a blow to your

    • by tsa ( 15680 )

      Yeah yeah, we know. Not get back in your cave, ok?

  • Why anyone installs this shite on their phone where it can potentially make off with a treasure trove of personal information (that they've chosen not to deliberately share) boggles them mind.

    Personally, other than using it as a lazy way to curate my resume, I hardly use LinkedIn at all. And now I'm re-thinking even that.

  • This mysterious "clipboard" is what implements Copy & Paste. This has been available for 40 years. Apps are _supposed_ to look at the clipboard and process its contents when you press a "Paste" button.

    Apps also _have to_ look at the clipboard to decide whether they can paste its contents. That is normal behaviour. Nothing mischievous about that.

    And if I wrote an iOS app that wants to copy clipboard data and send it home to my servers, I'd be able to do that without any warnings showing up.
    • by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Sunday July 12, 2020 @12:27PM (#60290144) Homepage Journal

      Apps are _supposed_ to look at the clipboard and process its contents when you press a "Paste" button.

      Yes, but not otherwise. And apps have been doing that. You don't even know what the argument is, but that doesn't stop you from arguing.

      • Yes, but not otherwise. And apps have been doing that. You don't even know what the argument is, but that doesn't stop you from arguing.

        As I said, idiots out in force. iOS can paste into text fields on its own. Any other paste operation must be done by the app, and gives a warning in iOS 14 (meaning that the same thing happens in apps everywhere but without warning). And apps have always looked at the clipboard to change their UI according to the contents, without invading anyone's privacy.

        And as I said, extracting text contents from the iOS clipboard and sending it off _without warning_ is very easily done. If there's anyone spying on y

      • Looking at the API for the UIPasteboard class, I see that it has a method to test if the pasteboard contains data of a given type:

        open func contains(pasteboardTypes: [String]) -> Bool

        So, if the clipboard was being accessed to enable/disable a paste button, there wouldn't be a need to see the actual data, unless you were looking for a specially formatted string. But, it might be a bug or ignorance.
    • However spying on what you're pasting between other apps is another matter entirely!
    • by Dynedain ( 141758 ) <slashdot2&anthonymclin,com> on Sunday July 12, 2020 @04:01PM (#60290842) Homepage

      You donâ(TM)t understand the problem. Apps are able to listen to the clipboard without the user explicitly pasting.

      Watch the video where the user is authoring a message and every 3 characters iOS 14 beta shows a security alert that TikTok is copying the contents of the clipboard.

      If you use a password manager and are in the habit of copy/pasting complex passwords, this means your passwords have been compromised (probably as plain text) into who knows what kind of tracking data.

    • Comment removed based on user account deletion
    • Apps are _supposed_ to look at the clipboard and process its contents when you press a "Paste" button.

      Shouldn't this be handled by the operating system itself (exactly to prevent this kind of abuse...)?

      Apps also _have to_ look at the clipboard to decide whether they can paste its contents.

      How wouldn't this be possible? (barring a bug...) And why not simply forge ahead, and deal with an error when it happens?

  • by bill_mcgonigle ( 4333 ) * on Sunday July 12, 2020 @12:30PM (#60290156) Homepage Journal

    They know the clipboard was read, not that the data was exfiltrated. LinkedIn says it wasn't. Absence of evidence is not evidence of absence, but "a suspicion" is no basis for a lawsuit.

    The claim of spying sounds like defamation from here. If they can prove it, they should prevail, of course. If they cannot, or the proof is determined to the contrary, they should owe damages.

    I wonder if LinkedIn was smart enough to make reproducible builds.

  • Meanwhile, Apple (who makes 30% off every transaction done in apps, but 0% off the open web) refuses to implement a bevy of app-like web platform features, citing "Privacy Concerns"...
  • by Anonymous Coward
    Just say no to apps. Like fucking duh.

    -Caveman
  • LinkedIn always nags me to install the mobile app rather than using the browser. This is not because the experience is any better, but because they can nose around my contacts and hoover up any other information they can infer from the device e.g. location, work routine etc.

    All these social media apps are the same. The best advice is don't install them, and if you must then restrict the permissions they have on the device and adjust the privacy settings to their maximum which I guarantee they won't be by

You know you've landed gear-up when it takes full power to taxi.

Working...