They have! It's these developers either not knowing or not caring about it which is the issue! I did a blog post about this a while back showing how they do it, and how you can get around it, it's not very complex for the devs.

https://www.linkedin.com/pulse/how-linkedin-knows-which-chro...

▲

victor106 6 hours ago | parent | next [-]

> Chrome have fortunately recently released a "extension side panel" mode, and since only DOM changes can be easily identified, using the chrome extension side panel would be virtually un-detectable however this is far less intuitive to use and requires the user to perform some action to open the sidepanel every time they want to use the extension.

As an end user I could not find an option to open the side panel

	▲	acorn221 5 hours ago \| parent [-]
		Yeah I mean it's not very commonly used by extensions. I quite like it as it's completely isolated and not detectable. I built my first extension which uses it as the primary interface yesterday: https://github.com/Am-I-Being-Pwned/PGP-Tools

▲

Ajedi32 6 hours ago | parent | prev [-]

`use_dynamic_url` seems like it should be enabled by default, maybe with a phase-out period for backwards compatibility with older extensions.

	▲	acorn221 6 hours ago \| parent [-]
		Yeah I agree. All new extensions should have this for their web_accessible_resources. With that said, the chrome web store ecosystem has bigger problems infront of them. For example, loads of extensions outright just send every URL you visit (inc query params) over to their servers. Things like this just shouldn't happen, imagine you installed an extension from a few years back and you forgot about it, that's what happened to me with WhatRuns, which also scraped my AI chats. I'm working on a tool to let people scan their extensions (https://amibeingpwned.com/) and I've found some utterly outrageous vulnerabilities, widespread affiliate fraud and widespread tracking.