Hacker News

How is probing your browser for installed extensions not "scanning your computer"?

Calling the title misleading because they didn't breach the browser sandbox is wrong when this is clearly a scenario most people didn't think was possible. Chrome added extensionId randomization with the change to V3, so it's clearly not an intended scenario.

> vs. something inherently sinister (e.g. “they’re checking to see if you’re a Muslim”)

They chose to put that particular extension in their target list, how is it not sinister? If the list had only extensions to affect LinkedIn page directly (a good chunk seem to be LinkedIn productivity tools) they would have some plausible deniability, but that's not the case. You're just "nothing ever happens"ing this.

> I’ve come to mostly expect this behavior from most websites that run advertising code and this is why I run ad blockers.

Expecting and accepting this kind of thing is why everyone feels the need to run an ad-blocker.

An ad-blocker also isn’t full protection. It’s a cat and mouse game. Novel ideas on how to extract information about you, and influence behavior, will never be handled by ad-blockers until it becomes known. And even then, it’s a question of if it’s worth the dev time for the maker of the ad-blocker you happen to be using and if that filter list gets enabled… and how much of the web enabling it breaks.

> this is why I run ad blockers.

It's pretty wild that we live in a world where the actual FBI has recommended we use ad blockers to protect ourselves, and if everyone actually listened, much of the Internet (and economy) as we know it would disappear. The FBI is like "you should protect yourself from the way that the third largest company in the world does business", and the average person's response is "nah, that would take at least a couple of minutes of my time, I'll just go ahead and continue to suffer with invasive ads and make sure $GOOG keeps going up".

I disagree, I think we should push back hard on behavior like this. What business is it of LinkedIn's what browser extensions I have installed? I think the framing for this is appropriate.

This has been covered several times including reverse engineering of the code. The list of extensions they check for doesn’t include common extensions like ad blockers. It’s exclusively full of LinkedIn spamming and scraping type of extensions.

They also logically don’t need to fingerprint these users because those people are literally logging in to an account with their credentials.

By all appearances they’re just trying to detect people who are using spam automation and scraping extensions, which honestly I’m not too upset about.

If you never install a LinkedIn scraper or post generator extension you wouldn’t hit any of the extensions in the list they check for, last time I looked.

> I’m not deeply familiar with what APIs are available for detecting extension

Here is what the article says:

Method 1

    async function c() {
      const e = [],
        t = r.map(({id: t, file: n}) => {
          return fetch(`chrome-extension://${t}/${n}`)
        });
      (await Promise.allSettled(t)).forEach((t, n) => {
        if ("fulfilled" === t.status && void 0 !== t.value) {
          const t = r[n];
          t && e.push(t.id);
        }
      });
      return e;
    }

    async function(e) {
      const t = [];
      for (const {id: n, file: i} of r) {
        try {
          await fetch(`chrome-extension://${n}/${i}`) && t.push(n);
        } catch(e) {}
        e > 0 && await new Promise(t => setTimeout(t, e));
      }
      return t;
    }

    chrome-extension://${store_id}/${file_name}

It looks like the user has the freedom to manage this by launching chrome with this flag: --disable-extensions

It also seems there is an extension for extension management to deny extension availability by web site: https://superuser.com/questions/1546186/enable-disable-chrom...

It is likely in response to scraping. Linked in is heavily scraped by scammers who do the BEC scams. So linked in is trying to find ways to link together banned accounts, to handle their ban evasion.

I run a site which attracts a lot of unsavoury people who need to be banned from our services, and tracking them to reban them when they come back is a big part of what makes our product better than others in the industry. I do not care at all about actually tracking good users, and I am not reselling this data, or anything malicious, it's entire purpose is literally to make the website more enjoyable for the good users.

> expect to find in modern browser fingerprinting

No. Don't need extensions for that. See how Cloudflare Turnstile does it, recently popped up at https://news.ycombinator.com/item?id=47566865 cause ChatGPT uses it now:

Layer 1: Browser Fingerprint WebGL (8 properties): UNMASKED_VENDOR_WEBGL, UNMASKED_RENDERER_WEBGL, WEBGL_debug_renderer_info, getExtension, getParameter, getContext, canvas, webgl

Screen (8): colorDepth, pixelDepth, width, height, availWidth, availHeight, availLeft, availTop

Hardware (5): hardwareConcurrency, deviceMemory, maxTouchPoints, platform, vendor

Font measurement (4): fontFamily, fontSize, getBoundingClientRect, innerText. Creates a hidden div, sets a font, measures rendered text dimensions, removes the element.

DOM probing (8): createElement, appendChild, removeChild, div, style, position, visibility, ariaHidden

Storage (5): storage, quota, estimate, setItem, usage. Also writes the fingerprint to localStorage under key 6f376b6560133c2c for persistence across page loads.

Scanning for 6000 extensions is anti-competitive, surveillant and immoral.

> I’m not deeply familiar with what APIs are available for detecting extensions, but the fact that it scans for specific extensions sounds more like a product of an API limitation (i.e. no available getAllExtensions() or somesuch) vs. something inherently sinister

This seems like a really weird argument to make. The fact that the platform doesn't provide a privacy-violating API is not an extenuating circumstance. LinkedIn needed to work around this limitation, so they knew they're doing something sketchy.

For the record, I don't think they're being evil here, but the explanation is different: they're don't seem to be trying to fingerprint users as much as they're trying to detect specific "evil" extensions that do things LinkedIn doesn't want them to do on linkedin.com. I guess that's their prerogative (and it's the prerogative of browsers to take that away).

The bigger problem I see here is browser security and Javascript as a whole. Browsers should not be allowed to extract and send such vast amounts of information in the first place, especially without the user's consent. At most, they should return a few broad things such as browser type (major version), language perhaps, and device type (mobile/desktop). That's it. Other things, such as exact resolutions, time zones, and other hardware identifiers make it trivially easy to track users across the Internet. Now that it's too late to revise Web standards, browsers should default to return spoofed values for all the rest.

> The scan probes for thousands of specific extensions by ID, collects the results

Why exactly does Chrome even allow this in the first place!? This is the most surprising takeaway for me here, given browser vendors' focus on hardening against fingerprinting.

> But I do take some issue with the alarmist framing of what's going on.

On the contrary, your framing is quite defeatist IMO. The fact that stores get robbed frequently does not mean we should just normalize that and accept it as a fact of life.

Why is JavaScript running in a page even allowed to know what extensions I have? Is this also what sites use to see I've got an ad blocker?

Just run everything in a safe environment that it can't look out of.

How does this scan happen. AFAIK there is no API for a webpage to scan for extensions. The most a page could do is try to figure out indirectly if an extension exists if that extension leaks info into the page.

> sounds more like a product of an API limitation (i.e. no available getAllExtensions() or somesuch) vs. something inherently sinister (e.g. “they’re checking to see if you’re a Muslim”)

Then why search for PordaAI or Deen Shield? Or more specifically, since getAllExtensions() would return them, why would they be on the "scan list", instead of just ignored?

linked in is scummy but yes I was puzzled by how linked in could scan your comouter from the browser. when i saw they meant extensions I thought aha.

Just because someone lets the electrician (LinkedIn) into their home (browser) doesn't mean they can do whatever the hell they want that isn't expressly prohibited. If the electrician wants to rifle through my desk drawers, they should ask for permission, and I will politely tell them to leave.

I worked for a company that sold b2b contact data and they had (maybe still have) a linkedIn extension. It basically enriched the linkedIn profile. I wonder if linkedIn is trying to block these, or heavily target, in some way, these types of users to push folks towards their sales navigator.

> I’m certainly not endorsing it, do think it’s pretty problematic, and I’m glad it’s getting some visibility. But I do take some issue with the alarmist framing of what’s going on.

Speaking has someone who shares the same lack of surprise, perhaps some alarm is warranted. Just because it’s ubiquitous doesn’t mean it’s ok. This feels very much frog in boiling water for me.

Why do you think the alarmist framing is unwarranted?

I get the point you're making, but to be clear, "they’re checking to see if you’re a Muslim" vs "they’re checking to see if your fingerprint matches that of known Muslims in our ever-expanding database" are not too far off.

Javascript can query chrome extensions [1] and much more [2].

[1] - https://browserleaks.com/chrome

[2] - https://browserleaks.com/javascript

I've been avoiding Chrome-based browsers for many years now but have only recently become aware of how catastrophically low the Firefox market share is. I'm kind of shocked that more people aren't choosing to avoid Chrome.

> It also seems like what I’d expect to find in modern browser fingerprinting code.

Time to figure out if I can make FireFox pretend to be Chrome, and return random browser extensions every time I visit any website to screw up browser fingerprinting...

> the fact that it scans for specific extensions sounds more like a product of an API limitation (i.e. no available getAllExtensions() or somesuch) vs. something inherently sinister (e.g. “they’re checking to see if you’re a Muslim”).

Your computer is your private domain. Your house is your private domain. You don't make a "getAllKeysOnPorch()" API, and certainly don't make "getAllBankAccounts()" API. And if you do, you certainly don't make it available to anyone who asks.

It absolutely is sinister.

> I’ve come to mostly expect this behavior from most websites that run advertising code and this is why I run ad blockers.

We should not normalise nor accept this behaviour in the first place.

I agree. The first paragraph on the page implies the javascript can natively search your machine (vs. via Browser Extensions)

> no available getAllExtensions()

Well great there is no avalable 'getAllFiles()' or such either because they'd be scanning your files for "fingerprinting" as well.

> alarmist framing

Well they literally searching your computer for applications/extensions that you have installed? (and to an extent you can infer what are some of the desktop applications you have based on that too)

>this is why I run ad blockers.

It's important to note that this isn't fixed by ad blockers. To avoid this kind of fingerprinting, you need to disable JavaScript or use a browser like Firefox which randomizes extension UUIDs.

The tracking described is extremely invasive. You say you are not endorsing it but you are certainly normalizing it. This is unacceptable.

The people behind this URL are trying to hold Microsoft accountable. The power to them.

I wonder if their motivation for doing this is to detect the LinkedIn automation tools that power all the spam messaging and connection requests?

> i.e. no available getAllExtensions() or somesuch) vs. something inherently sinister (e.g. “they’re checking to see if you’re a Muslim”

But I bet they could reliably guess your religious affiliation based on the presence of some specific browser extensions.

The next step for a forensic investigator, is to found out how many of those extensions, are actually from a partner or fully owned subsidiary from LinkedIn... When you see a cockroach...

> this is why I run ad blockers.

What's been really obnoxious lately is the number of sites I try to do things on that are straight up broken without turning off my ad-blocker.

Your expectations do not matter here frankly. This reads like CFAA to me, unauthorized access.

> The scan probes for thousands of specific extensions by ID, collects the results, encrypts them, and transmits them to LinkedIn’s servers.

Why is this even possible in the first place? It's nobodies business what extensions I have installed.

Which browsers in which mode (normal/private) are affected?

>vs. something inherently sinister

This is inherently sinister.

this is obviously not fingerprinting code to anyone with a brain, it's about scraping

But what would be the benefit of them doing that?

My biggest gripe is why these JS APIs even exist in the first place

> The headline seems pretty misleading.

Yes. I was expecting LinkedIn was connecting to extensions that are using their exhanced privileges to scan your computer, per the "LinkedIn Is Illegally Searching Your Computer" headline.

Instead, LinkedIn is scanning for extensions.

But I do take some issue with the alarmist framing of what’s going on.

I’ve come to mostly expect this behavior from most websites that run advertising code

We should be alarmed that websites we go to are fingerprinting us and tracking our behavior. This is problematic, full stop. The fact that most websites are doing this doesn't change that.

Your post sounds like "it sounds bad, but it's no different from what others do, so it's not that bad."

I would put it more like: it sounds bad, and it's no different from what others do, so they're all that bad.

The fact that they're working around an API limitation doesn't make this better, it just proves that they're up to no good. The whole reason there isn't an API for this is to prevent exactly this sort of enumeration.

It's clear that companies will do as much bad stuff as they can to make money. The fact that you can do this to work around extension enumeration limits should be treated as a security bug in Chrome, and fixed. And, while it doesn't really make a difference, LinkedIn should be considered to be exploiting a security vulnerability with this code.

There is clear rules around what you can and can't do to fingerprint users. if it's being done overtly, covertly, obscurely, indirectly, all for the same result through direct or indirect or correlated metadata it ends up with the same outcome.

My understanding is the rules and laws are to prevent the outcome, by any means, if it's happening.

I wonder if this is part of the reason why LinkedIn tabs seem to use so much ram, and sometimes run away CPU processes.

> "they're checking to see if you're a Muslim"

This could be easily inferred from the depth, breadth, and interconnectedness of data in the website.

By downplaying it, it's allowing it to exist and do the very thing.

The issue here is this stuff is working likely despite ad blockers.

Fingerprinting technology can do a lot more than just what can be learned from ads.

From the site:

"The scan doesn’t just look for LinkedIn-related tools. It identifies whether you use an Islamic content filter (PordaAI — “Blur Haram objects, real-time AI for Islamic values”), whether you’ve installed an anti-Zionist political tagger (Anti-Zionist Tag), or a tool designed for neurodivergent users (simplify). Under GDPR Article 9, processing data that reveals religious beliefs, political opinions, or health conditions requires explicit consent. LinkedIn obtains none." https://browsergate.eu/extensions/

> The scan probes for thousands of specific extensions by ID, collects the results, encrypts them, and transmits them

And probably also vibe-coded therefore 2 tabs of LinkedIn take up 1GB of RAM (was on the front page a few days back).

Of all the reading I've done on this story, your comment so far is the only post which would explain why linkedin is even doing this.

If anyone else as any more info on the why, please share.

What's the path for that to even happen?

Are companies now commonly uploading lists of employees to LinkedIn? Is this happening automatically because you got an e-mail account from the company and the company runs on MS Office? What triggered it?

This seems like somewhat of a scandal that deserves its own post, but it also needs a lot more details to be trustworthy and for people to understand what exactly is happening.

Also, was there some way for you to take ownership of the profile? Did it depend on verifying a certain e-mail address? Does it require you to get the company to remove it, or could you take ownership and then delete the LinkedIn account/profile yourself?

Many extensions designed to scrape data from social media websites are disguised as simple extensions that do something else.

If I had to guess: I sought that automatic content blurrer, neurodivergent website simplifier, or anti-Zionist tagger actually work. They’re all just piggybacking on trending topics to get users to install them and then forget about them, then they exfiltrate the data when you visit LinkedIn.

It's for fingerprinting and possibly ad targeting.

It's no different from when you visit an Islamist or anti-Zionist website that has analytics/trackers/ads on it.

It's bad, but this "massive violation of trust" is happening everywhere and has been for decades. There's nothing that's unique to Microsoft here.

> this is a massive violation of trust

This is not. To violate trust, there should have been some.

Almost certainly they are using that for audience segmentation and ad targeting. Clever and disgusting. This isn't the invention of some evil moustache-twirling executive, this was the invention of an employee or group of employees who value money more than morals. We should think of such employees as henchmen.

If you mean by the website, then - surely not. What basis do you have to trust websites you visit? Especially a social network that owned by Microsoft to boot?

If you mean the _browser_, then I agree in principle, but - it is a browser offered to you by Alphabet. And they are known to mass surveillance and use of personal information for all sorts of purposes, including passing copies to the US intelligence agencies.

But of course, this is what's promoted and suggested to people and installed by default on their phones, so even if it's Google/Alphabet, they should be pressured/coerced into respecting your privacy.

It scans thousands so in thousands, some of them have these weird names

Well, the developers of Chrome aren't exactly incentivized to prevent tracking (though perhaps tracking done by their competitors). But anyway, you can try to prevent it with a technical solution while also being outraged that they did it. If someone has their home broken into, perhaps they should have better locks, but the burglar is still responsible for their actions.

that's basically how it already works...

extensions choose on which site they're active and if they provide any available assets (e.g. some extensions modify CSS of the website by injecting their CSS, so that asset is public and then any website where the extension is active can call fetch("chrome-extension://<extension_id>/whatever/file/needed.css" if it knows the extension ID (fixed for each extension) and the file path to such asset... if the fetch result is 404, it can assume the extension is not installed, if the result is 200 it can assume the extension is installed.

This is what LinkedIn is doing... they have their own database of extension IDs and a known working file path, and they are just calling these fetches... they have been doing it for years, I've noticed it a few years back when I was developing a chrome extension which also worked with LinkedIn, but back then it was less than 100 extensions scanned, so I just assumed they want to detect specific extensions which break their site or their terms of use... now it's apparently 6000+ extensions...

I... I searched for this extension.

> I now run personal and professional browser profiles from two different jails / cgroups. It's a pain in the arse to set up, and I have to verify my config still works after every update

You may be interested in Qubes OS. My daily driver. Can't recommend it enough.

Several years ago I heard the company I worked for say they had a way to get notified if it seemed like an employee might be thinking of leaving, so they could take some kind of action. I now wonder if LinkedIn, or various job sites, were selling them data.

It is pretty easy to signal stuff on linkedin without intending to do so. For example whenever I get an old coworker adding me on linkedin, they are 100% of the time job seeking. Inevitably they start a new role some weeks later.

All one has to do is just measure employees linkedin activity. I mean truthfully people don’t use the site at all if they aren’t actively looking for work. It is corporate dystopia otherwise. It is trivial to find these signals.

LinkedIn is a job board so that seems unlikely.

https://support.mozilla.org/en-US/kb/resist-fingerprinting works.

Chrome is adware.

The "The Attack: How it works" section explains how it works. It's not an API.

I am a little surprised something like CORS doesn't apply to it, though.

> Every time you open LinkedIn in a Chrome-based browser, LinkedIn’s JavaScript executes a silent scan of your installed browser extensions.

It's not clear though, either they only tested against chrome-based browsers or Firefox isn't enabling them to do so.

edit: I answered before I go fully through the article but it does say it's only Chrome based.

> The extension scan runs only in Chrome-based browsers. The isUserAgentChrome() function checks for “Chrome” in the user agent string. The isBrowser() function excludes server-side rendering environments. If either check fails, the scan does not execute.

> This means every user visiting LinkedIn with Chrome, Edge, Brave, Opera, Arc, or any other Chromium-based browser is subject to the scan.

I was under the impression Firefox randomises extension IDs on install, so hopefully not?

The answer to "why would Chrome ever undermine privacy and security?" is always "Google's revenue stream".

I'm happy to see that this doesn't hit firefox. I wonder if safari is impacted.

they seem to be calling `chrome-extension://.....` so i don't think it applies to firefox

Firefox-based browsers not affected.

> The “how it works” page suggests it only works on chrome based browsers. Anyone able to determine if firefox or safari are affected too?

The code filters out non-chrome browsers: >The extension scan runs only in Chrome-based browsers. The isUserAgentChrome() function checks for “Chrome” in the user agent string. The isBrowser() function excludes server-side rendering environments. If either check fails, the scan does not execute.

Because what they're scanning for is scrapers. So much linkedin scraping. And I'd bet that the majority of the innocuous-looking extensions are scrapers hidden as other extensions to get users to unknowingly use them.

Also: stop installing random extensions

What scanning for browser extensions taught me about B2B sales

It's a call for funding. I suspect the answer they want, is click on a donation link; regardless of which browser you're using.

TFA explains it is looking for installed browser extensions (which sites are allowed to do)

it can in the fantasy world of incorrect headlines

While you're at it, you should also find out why a website can scan your internal network...

The title is clickbaity. The website scans the browser for installed extensions.

They also try to profile for things like political beliefs.

no, it's about scraping.

For you personally, to solve this issue in particular? Use Firefox. Google is evil, and there's a good chunk of the Chrome team who are actively enemy combatants.

For the broader issue of not wanting to give even the information you'd need to choose to share to LinkedIn? Network the good ol' fashioned way: talking to random strangers in San Francisco bars.

This is why the EU regulates them (or pretends to) as a public utility. The individual action I took was to donate to Fairlinks‘ legal fund.

I’d suggest having an adblocker first.

Second not having a ton of extensions. Extensions can do fishy things.

This is Chrome’s broken model. Before installing an extension, one should be able to see all the domains an extension talks to.

The domains should be listed in manifest. But that’s not how it works.

In Android, every app you open needs a gazillion default permissions.

Some of the spiciest:

* Anti-Zionist Tag (directly inferring political opinion)

* PordaAI (Islamic content filter)

* simplify (browsergate.eu specifically called out as a neurodivergent accessibility tool. Job search autofill that markets itself as particularly useful for people who struggle with forms)

* No more Musk ("Hides digital noise related to Elon Musk")

* Political Circus ("Politician -> Clown AI Filter")

* Job application trackers and utils ("Job Follow-Up Tracker" etc)

* Various "Distraction Blocker" type addons

LinkedIn scanning for tools that scrape LinkedIn:

* LinkedIn Cookie Sync for Headhunting Agent

* LinkedIn Cookie importer for Derrick (lol "for Derrick")

* MailMatics Cookie Grabber

* LinkedIn Fake Job Post Detector. Yes, they're detecting an addon that exposes fake job postings on their own platform.

*NOT* in the list, if you were wondering:

* Shinigami Eyes

* Dark Reader

* Adblockers

* Password managers

* FoxyProxy

* User-Agent spoofers, request modification tools, etc

* Most privacy/security tools (no uBO, no Privacy Badger, no FoxyProxy, no NoScript, etc.

For the latter category, the most interesting things there we found *were* searched-for are BuiltWith Technology Profiler, and some browser addons bundled from scanners (e.g. "Malwarebytes Browser Guard Beta").

If other people collect data like that it's probably also illegal.

the difference is intent. regular fingerprinting identifies your browser for ad tracking. linkedin is scanning for 509 specific extensions including job search tools, and they sell recruiter products to your employer. that's not fingerprinting, that's workplace surveillance with extra steps.

You would need to use use_dynamic_url: true in the manifest to create a unique one.

https://www.firefox.com/

Nope, which is why Chrome exists, to allow Google to do this. Which is why you should avoid chromium.

I agree.

I'm not convinced by their page explaining "Why it's illegal and potentially criminal" [0]. It's written by security researchers and non-attorneys.

For example, this characterization seems overly broad:

> The Court of Justice of the European Union has ruled, in three separate cases, that data which allows someone to infer or deduce protected characteristics is covered by this prohibition, regardless of whether the company intended to collect sensitive data.

[0] https://browsergate.eu/why-its-illegal/

All apps can do that right

If you use both from the same IP without using a VPN… the profiles are most certainly grouped. There are commercial datasets on IP addresses with almost 100% accuracy with tags like “school”, “house”, “apartment block” etc. Furthermore, if you ever logged into both sites from within the same browser by accident, the link by fingerprinting was made right there and then. The final profile on you may not be 100% accurate, but certainly is in the 98% range.

Since the list of extensions they query targets certain religious groups and medical conditions, it's almost certainly in violation of US federal employment and hiring law.

I'm shocked, shocked to find that a Microsoft product will actively do a bunch of horrible invasive stuff while simultaneously not caring about security of this private data.

Lol, you forgot the /s

If you hadn’t written that post using AI, it might’ve received more attention. Also, (1) if you’d put LinkedIn in the title, rather than the very bottom of the post, and (2) if you’d provided any insight, rather than just speculation, as to what the data might be being used for.

Therefore it’s okay, is that your point? Because I don’t think it is.

We can hypothesize that there may exist some for-profit companies that deserve the benefit of the doubt. Microsoft is not one of them.

I really like going to linkedin daily to play minisudoku and a couple of other puzzles, then never engage the feed or other features

You can use Firefox with different profiles and configure it to launch particular profile directly, without launching default profile and using about:profiles.

Firefox with a non-default profile can be created like that:

  ./firefox -CreateProfile "profile-name /home/user/.mozilla/firefox/profile-dir/"
  # For linkedin that would be:
  ./firefox -CreateProfile "linkedin /home/user/.mozilla/firefox/linkedin/"

  ./firefox -profile "/home/user/.mozilla/firefox/profile-dir/"
  # For linkedin that would be:
  ./firefox -profile "/home/user/.mozilla/firefox/linkedin/"

    - create a copy of it, say, /usr/bin/firefox-linkedin
    - adjust the relevant line, adding the -profile argument

Of course, "./firefox" from examples above should be replaced with the actual path to executable. For default installation of Firefox the path would be in /usr/bin/firefox script.

So, you can have a separate profiles for something sensitive/invasive (linkedin, shops, etc.) and then you can have a separate profile for everything else.

And each profile can have its own set of extensions.

LinkedIn is far from the only actor doing this. Browser extension fingerprinting is not new. LinkedIn‘s size, scope, network effects make this especially concerning.

Still pretty annoying browsers haven't patched that yet.

This has been going on for at least 5 years. It pops up on HN every so often.

Seems like it. Which is serious but far from what I thought when I read the title. I suspect 90% of LinkedIn users don't even have a single browser extension installed.

Pretty sure that if they could they would, but browsers sandboxing security prevent this to go unnoticed.

I get it — it can be frustrating to encounter so much low effort AI content these days. But I think it’s worth looking at the bright side here: the increase in our production of entropy from GPU consumption will hasten the heat death of the universe.

Would you like me to suggest some AI summarizer tools you could use to more efficiently read AI generated content in the meantime?

This is incredibly normal language and quite close to how I would write this quote, so what makes you think this is LLM text?

Reading (and even more so, using the tools to produce) a bunch of LLM-output writing also affects one’s writing style. Ever sat down and blown through 3-4 books by a favorite author, then written something and found yourself using similar structure, word choice, style…? This could very well be a human author that’s been exposed to a lot of LLM output (ie 95% of this site’s audience).

I find myself doing this a lot, and I’m sure even more slips without my notice.

> It's all so tiring.

What's tiring is a comment like this. If you don't like the article don't read it -- and don't comment.

I agree that that line reads GPT-like, but it's far from a conclusive tell. One option that I wonder about is if frequent interaction with AI will begin to influence people's organic writing style.

Who cares if it’s LLM written or assisted writing?

What matters is the content!

Nothing in this sentence is evidence of AI.

What's next? "There's punctuation in the sentence, must be AI" ?

LLMs didn't invent the "Rule of Three".

How is that quote in any way demonstrative of this being written by LLM? You do know that LLMs were trained on the internet and every digitized text they could get their hands on? You are jumping at shadows, calm down already.

what makes you think that? and what sets your comment appart from beeing created by an llm?

How can you tell?

I don’t like AI slop as much as the next guy, but that part doesn’t seem so bad? Sounds like something anyone could write.

Ehh… this quote alone is pretty benign. If you didn’t mention it, I wouldn’t have even considered the possibility of AI.

That's the intention. Make the internet so unbelievably shit that you just accept and move on.

because corporate greed corrupts every nice thing: it pushes the other (maybe more moral) 'nice thing' alternatives out of the ecosystem by subsiding using VC funding to provide 'NiceThing!' for free until 'NiceThing!' is the monopoly or bought by another entity to become part of the monopoly (due to weak/not enforced antitrust laws).

Because we let them get away with it. Take something they're going to miss and can't replace (e.g. their freedom or their head) and it will stop as long as enforcement is reliable enough that they expect to get caught.

These aren't good people, but if you make the fine to the organisation much more expensive than the expected return, lock up the whole board and leave their families without a pot to piss in we will see this become the exception instead of the norm.

Unbounded capitalism.

So is this comment.

Yeah I agree

Copyright isn't relevant here.

For my curiosity what would the fair use be?

No?