| ▲ | LinkedIn scans for 6,278 extensions and encrypts the results into every request(404privacy.com) |
| 309 points by un-nf 4 hours ago | 132 comments |
| |
|
| ▲ | un-nf 4 hours ago | parent | next [-] |
| LinkedIn runs an extension scan against a hardcoded list of 6,278 Chrome extensions on every visit. Detected results are packaged into encrypted telemetry and injected as an HTTP header into every subsequent API request during your session. This data can be used to identify your religious affiliations, tax-bracket, job search intent, and more. I verified this myself and traced the implementation. Details and the technical breakdown in the article. |
| |
| ▲ | Lerc an hour ago | parent | next [-] | | Can you confirm that the title is correct and that it encrypts rather than hashes? Both are concerns, but sending interpretable data is a more serious concern. I scanned through the article and did not see an example of the header it added. | | |
| ▲ | stingraycharles an hour ago | parent [-] | | It says RSA public key encryption in the article, so I’m going to assume that it’s not a typo. |
| |
| ▲ | gedy 2 hours ago | parent | prev | next [-] | | LinkedIn without the news/post feed would be fine | | |
| ▲ | ricardonunez 2 hours ago | parent | next [-] | | There’s an extension called News Feed Eradicator that does that for you. | | | |
| ▲ | em-bee an hour ago | parent | prev | next [-] | | i just don't open the main page with the feed. i practically don't notice it's there. i have the messages view open, and i check notifications. i also don't follow anyone (except my contacts) | |
| ▲ | bluedino an hour ago | parent | prev [-] | | And the useless notifications |
| |
| ▲ | kyleee 2 hours ago | parent | prev | next [-] | | And certainly fingerprint you right? | | |
| ▲ | flomo 11 minutes ago | parent | next [-] | | Probably mostly for abuse prevention. Lots of extensions like this one: https://addons.mozilla.org/en-US/firefox/addon/linkedin-data... | | | |
| ▲ | WJW 2 hours ago | parent | prev [-] | | I guess that's what they're hoping for. With my admittedly biased opinion of the average linkedin user, about 99% will have the default set of extensions installed and so will not be very useful. Those users might have other identifiers of course, so who knows. | | |
| ▲ | jwpapi an hour ago | parent | next [-] | | I’m pretty sure it’s not 99% you would wonder how many differences there are along with user-agent resolution and ip range... I think 99% are identifiable | | |
| ▲ | flomo 9 minutes ago | parent [-] | | Ideally about 99% of LinkedIn users are using their professional name, occupation, and location. |
| |
| ▲ | RobRivera an hour ago | parent | prev [-] | | Oh man time to see if there is a chrome Bonzai Buddy extension |
|
| |
| ▲ | echelon 2 hours ago | parent | prev [-] | | Can someone here please create a LinkedIn replacement for developers that 1. Doesn't have the spam 2. That doesn't look like it's from 2008 3. That only developers / engineers / tech folks can join 4. Doesn't try to log into your email to steal your contact list 5. That doesn't track you or your extensions / browser fingerprint 6. That doesn't have a bunch of fake "linkedinmaxxing" garbage content 7. that doesn't have marketers and recruiters, etc. 8. ... | | |
| ▲ | jszymborski 2 hours ago | parent | next [-] | | Just type about:blank in your browser, and you'll get what you're asking for ;) | | | |
| ▲ | traderj0e an hour ago | parent | prev | next [-] | | I thought the whole point of LinkedIn was getting a job, but that would run afoul of #7. You can ignore the rest of the crap on their website. | | |
| ▲ | slater an hour ago | parent [-] | | How ever did people get jobs before recruiters? /s | | |
| ▲ | traderj0e an hour ago | parent | next [-] | | Well, how? Recruiters got me job offers when I graduated college. I had no connections otherwise. | | | |
| ▲ | pimeys an hour ago | parent | prev [-] | | Getting a job across the border is easier with LinkedIn... |
|
| |
| ▲ | kevin_thibedeau 15 minutes ago | parent | prev | next [-] | | Stack Exchange sort of tried to do this. It never seemed to get off the ground. | |
| ▲ | recursivegirth 2 hours ago | parent | prev | next [-] | | IRC has existed for decades. | | |
| ▲ | yrcyrc an hour ago | parent | next [-] | | I met some of my girlfriends through irc :) | |
| ▲ | echelon 2 hours ago | parent | prev [-] | | And it's a ghost town. | | |
| ▲ | antiframe an hour ago | parent [-] | | I suppose that depends on where you go and what you expect. Older communities are better populated than younger ones. (Not age-wise but topic-wise). | | |
|
| |
| ▲ | skeeter2020 an hour ago | parent | prev | next [-] | | what exactly do you want this for? I think HN satisfies all of these (#2 - HN has a mid 90's aesthetic) | |
| ▲ | WD-42 2 hours ago | parent | prev | next [-] | | I feel like Github became this in the last 10-15 years. | | |
| ▲ | traderj0e 44 minutes ago | parent [-] | | Yes. But now we need a replacement for what the old GitHub used to do. | | |
| ▲ | HoldOnAMinute 34 minutes ago | parent [-] | | You need a new type of corporation. Only a Public Benefit Corporation will get the software to a usable state and refuse enshittification | | |
| ▲ | traderj0e 31 minutes ago | parent [-] | | Well the challenge is also gatekeeping. Gotta keep non-technical people or intentions off of it for #3 |
|
|
| |
| ▲ | zeafoamrun 2 hours ago | parent | prev | next [-] | | Seriously. We need some kind of federated replacement. Who is building this? | | |
| ▲ | WJW 2 hours ago | parent | next [-] | | Be the change you want to see mate. | | |
| ▲ | reg_dunlop 2 hours ago | parent [-] | | It's odd, yeah? We have the ability to vibe these things over a weekend, yet getting to the critical mass/tipping point of adoption is something else. Whatever happened to: if you build it, they will come? | | |
| ▲ | HWR_14 an hour ago | parent | next [-] | | It only took a weekend to build a social network preAI | |
| ▲ | jll29 an hour ago | parent | prev | next [-] | | If you want it to happen, we should talk requirements - what would you want from a LinkedIn NextGen? - A professional profile page - Contacts - Introductions/referrals - Ask my (sub-)network? Anything else? | | |
| ▲ | bix6 an hour ago | parent [-] | | A way for you to make money that isn’t ads / harvesting my data. Exportable format so I can leave if needed. | | |
| ▲ | eptcyka 37 minutes ago | parent | next [-] | | You want the unemployed to pay? Or do you want the employers to pay? If you want the employers to pay, how do you attract enough attractive unemployed to your site? | | |
| ▲ | traderj0e 3 minutes ago | parent [-] | | Employers pay, unemployed will go where there are places to get jobs. But this assumes employers are unsatisfied with LinkedIn somehow. Are they? |
| |
| ▲ | reg_dunlop an hour ago | parent | prev [-] | | It's tough to generate revenue that isn't through ads. That said, if the users could organize into special interest groups and create a walled-garden with default no ads, and then gate-keep advertisers to a permitted white-list. I dunno, I'm just spit-ballin |
|
| |
| ▲ | conductr an hour ago | parent | prev [-] | | Works for baseball fields, not websites |
|
| |
| ▲ | johnecheck 16 minutes ago | parent | prev [-] | | sifa.id aspires to that. Wishing Guido (gui.do) the best. |
| |
| ▲ | avaer an hour ago | parent | prev | next [-] | | How much would you pay for this? | |
| ▲ | Klayy 2 hours ago | parent | prev | next [-] | | Maybe that's what the new Friendster should be | |
| ▲ | FridgeSeal an hour ago | parent | prev | next [-] | | LinkedIn is a cesspool, but it’s almost worthless to me without the recruiters. They’re basically the only reason I’m there. | | |
| ▲ | pizzly 42 minutes ago | parent [-] | | Also a lack of LinkedIn account makes you more suspicious and less likely to get hired. So this is additional value in having an account. For appearances. |
| |
| ▲ | ImJasonH 2 hours ago | parent | prev | next [-] | | Can you create it? | |
| ▲ | jachee 2 hours ago | parent | prev | next [-] | | You’re already looking at it, buddy. | | | |
| ▲ | metalliqaz an hour ago | parent | prev [-] | | Except for #2 I think you're looking for Hacker News. | | |
| ▲ | skeeter2020 an hour ago | parent [-] | | didn't see your comment when I said basically the same thing. #2 is good though, bc HN has a pre-2008 look |
|
|
|
|
| ▲ | SpyCoder77 3 minutes ago | parent | prev | next [-] |
| > Users who had no idea their software was being inventoried, no idea the inventory was being used against them, and no way to know it was happening because none of it appears in LinkedIn's privacy policy. As if users are actually reading the privacy policy... |
|
| ▲ | nokya 3 hours ago | parent | prev | next [-] |
| "What is not a question is that a criminal investigation is now open."
Good. These companies deserve each and every stone thrown at them, and much more. |
|
| ▲ | ro_bit 2 hours ago | parent | prev | next [-] |
| Why is my Chrome telling random websites which extensions I have installed? |
| |
| ▲ | kimos 2 hours ago | parent | next [-] | | It isn’t exactly. They created a list of known extensions by their id and a file which is known to exist in that extension. The site iterates over each pair and tries to load that file, if it doesn’t error it knows the extension is installed. It’s a clever and difficult manual process, but it does bypass the security trying to prevent this kind of thing. I read that their reasoning is it exists to block users that use known scraper extensions which bypass their terms of use. But don’t entirely buy that. | | |
| ▲ | FridgeSeal an hour ago | parent | next [-] | | So the follow up question, is why is a random website, allowed to try and load arbitrary files? | | |
| ▲ | stingraycharles an hour ago | parent | next [-] | | This is how I interpreted the original question and indeed it makes no sense, JavaScript from a website should not be allowed to interact with extensions like this. | | |
| ▲ | flomo 25 minutes ago | parent [-] | | It's actually the extension injecting itself into the webpage, often to interact with it. (I imagine much of this is just looking for global ExtensionName objects.) |
| |
| ▲ | sigmoid10 an hour ago | parent | prev | next [-] | | Chrome exposes these files via a URL that you can fetch in javascript like you would any other file on a normal website. These local extension files usually contain code, styles or images that your browser needs to run the extensions. | |
| ▲ | mschuster91 34 minutes ago | parent | prev [-] | | Because extensions can and often do contain stuff like images or JS bundles that they inject into a target page's DOM. Not allowing a tab's context to load files from the chrome-extension:// namespace would break a lot of things. |
| |
| ▲ | emporas an hour ago | parent | prev [-] | | Does the same scan is happening on firefox? Random websites invoking extensions do seem to be a security hole to me. | | |
| ▲ | dminik 8 minutes ago | parent [-] | | This was posted before and it seems that Firefox randomizes the extension URLs. |
|
| |
| ▲ | pyrophane 26 minutes ago | parent | prev | next [-] | | Here's the relevant bit from the original source: "Chrome extensions can expose internal files to web pages through the web_accessible_resources field in their manifest.json. When an extension is installed and has exposed a resource, a fetch() request to chrome-extension://{id}/{file} will succeed. When the extension is not installed, Chrome blocks the request and the promise rejects. LinkedIn tests every extension in the list this way." | |
| ▲ | hbn 2 hours ago | parent | prev | next [-] | | Is that information available to websites? I figured they were doing some kind of novel hackery to self-detect extensions based on behaviour that would only happen if X extension was installed. But that would be a lot of work for 6,300 extensions. Unless someone offers that as a service? | |
| ▲ | sethops1 2 hours ago | parent | prev | next [-] | | Can ask the same question about so many horrible security blunders web browsers have made over the decades. | | | |
| ▲ | p_stuart82 38 minutes ago | parent | prev | next [-] | | because Chrome lets sites probe "installed", and LinkedIn turns that into telemetry. | |
| ▲ | AndroTux 2 hours ago | parent | prev | next [-] | | Brave explicitly blocks this | |
| ▲ | gib444 2 hours ago | parent | prev [-] | | Chrome is a browser produced by an advertising company. Its reason for existence is to track you. | | |
| ▲ | lucb1e 2 hours ago | parent [-] | | Not that I disagree but Google's tracking motivation in making the browser seems irrelevant to why it lets competitors do this fingerprinting | | |
| ▲ | gdulli 2 hours ago | parent [-] | | They want fingerprinting to work for everyone because the more effective it is, the higher the value of the ad inventory they sell. |
|
|
|
|
| ▲ | pyrophane 24 minutes ago | parent | prev | next [-] |
| Here's the most relevant section I could find from the original source: "Chrome extensions can expose internal files to web pages through the web_accessible_resources field in their manifest.json. When an extension is installed and has exposed a resource, a fetch() request to chrome-extension://{id}/{file} will succeed. When the extension is not installed, Chrome blocks the request and the promise rejects. LinkedIn tests every extension in the list this way." |
|
| ▲ | 3dsnano 2 hours ago | parent | prev | next [-] |
| friends, WHEN you are asked to implement something like this at your job, which will you choose: object (& hold ground, loose job) OR comply (& keep job) as practitioners, where do we hold the line between telemetry and surveillance? |
| |
| ▲ | zulban 2 hours ago | parent | next [-] | | There's a third choice. Say you'll do it but do it poorly, or drag your feet forever. Hard to prove you intentionally did a bad job. If that's the game you're playing tho, maybe time to find another job too ;) | |
| ▲ | frogperson 2 hours ago | parent | prev | next [-] | | I choose not to work at places like linked in, meta, or any place that accepts Saudi or Israeli funding. It makes it a little harder to find a job, but i sleep better at night. | | |
| ▲ | aryonoco 19 minutes ago | parent | next [-] | | For similar reasons, I have been working in the public sector (Australian state government) for the past 5 years and couldn’t be happier. I’m lucky that I’m in a team which is hands on and does a lot of very interesting things. From building CRUD apps which are used in management and response to bushfires (wildfires) to more interesting things like building a datalake which amalgamates and stores weather data from multiple sources to building near real time CDC pipelines and making our transactional data available to our in house team of data scientists who then use that data to do fascinating stuff that eventually results in for example making sure that our response to bushfires takes into account the impact and safety of endangered species. And when I look at the underlying data and the trends and and projections of just how bad bushfires are going to get in the next 30 years and how we must be so much nimbler and smarter just to survive, the work takes on a whole new level of meaning. Don’t get me wrong, there are times the internal bureaucracy absolutely drives me mad. And I am aware that I could be earning much more in the private sector. But I get to work with a team who are really passionate and enthusiastic about their job, and I get to sleep at night knowing that unlike my previous jobs, this time I am not just making someone who is already uber rich, richer. If you had told the teenage Utilitarian me that I would one day work for, and enjoy working for, government, I would have thought hell must have frozen over. | |
| ▲ | HerbManic 2 hours ago | parent | prev | next [-] | | In years to come you will be so thankful that you took that path. As they say, better to be a poor master than a rich slave. | |
| ▲ | vehemenz an hour ago | parent | prev [-] | | I wouldn’t lump in Israel in, but good for you. | | |
| ▲ | bravetraveler an hour ago | parent [-] | | I got you covered, boo. I will! For sport. Anyway, for those in this situation, some anecdotes. I've outright refused to do questionable things and kept my job. I've also played incompetent so the sharks look elsewhere. Point being... options exist, don't negotiate [only] with yourself. Would be remiss if I missed the opportunity to quote Louis Rossman: "don't accept the premise of assholes" |
|
| |
| ▲ | ulimn 40 minutes ago | parent | prev | next [-] | | I think it's also an option to anonymously tell the world what will happen. That way you keep your job and still people are at least aware. Unless if you are one of like 3 people who know about it and they would immediately know it was you. | |
| ▲ | lucb1e 2 hours ago | parent | prev | next [-] | | I wonder the same. Maybe it's made by people who feel like they wouldn't easily find another job and need the job for healthcare or financial reasons (living paycheck to paycheck)? And it's ordered by managers in similar situations, whose managers want to see increased revenue and don't care how? Somewhere in the chain it feels like there should be someone who says 'wtf are we doing'. It's strange To answer your question though: I'd object of course, I'm very lucky to be well enough off that I can currently make that choice without serious repercussions. Do you think someone would come out on HN and say "oh sure yeah I have no morals!", at least without it being a throwaway where you'd have no idea if it's real? | |
| ▲ | traderj0e an hour ago | parent | prev [-] | | Honestly I would implement this. Chrome's fault for telling every website what extensions are installed. User isn't harmed anyway. | | |
|
|
| ▲ | StilesCrisis 2 hours ago | parent | prev | next [-] |
| Is this a hallucination? I can't find this quote anywhere else. > According to browsergate, Milinda Lakkam confirmed this under oath, saying, "LinkedIn took action against users who had specific extensions installed." |
| |
| ▲ | GrinningFool an hour ago | parent | next [-] | | Huh, kind of. That's not the actual quote. Note I haven't followed the chain further back than this: https://browsergate.eu/the-evidence-pack/ LinkedIn’s systems “may have taken action against LinkedIn users that happen to have [XXXXXX] installed.”
Edit: nice! I just notice indent-formatted text is now wrapping on mobile browsers. (Or at least ffm.) I wonder how long that's been fixed... | | |
| ▲ | Lerc an hour ago | parent [-] | | Saying 'I may have taken a shower' instead of 'I took a shower' makes my wife use her disapproving look. | | |
| |
| ▲ | chirau an hour ago | parent | prev [-] | | Source: https://browsergate.eu/downloads/Lakam-affidavit-redacted.pd... Paragraph 4
Document: Eidesstattliche Versicherung / Affidavit.
Declarant: Milinda Lakkam, Senior Manager, Software Engineering and Machine Learning, LinkedIn Corporation
Filed: February 6, 2026, Mountain View, California
Court reference: Anlage AG 4 |
|
|
| ▲ | pino83 32 minutes ago | parent | prev | next [-] |
| What's the actual problem? I mean, yeah, time passed by... And nowadays everyone assumes that all these services are kind of fine, just because time passed by. Back then we all knew: You are the product there. Technically, it's not a big surprise at all that this is possible. There is nothing novel at all. And non-technically, yeah, as I said... You tried to weather a storm. You know that these services are problematic. You all know since day 1. Nobody can actually be stupid enough to not instantly see that. It's impossible to not understand it. Your strategy so far was to just wait. Who of you has expected a better result, given this "mediocre" strategy, to say it veeeeeery friendly? |
| |
| ▲ | Severian 21 minutes ago | parent | next [-] | | What's the reason you asked this question? I mean, yeah, you could have stayed silent, and nowadays everyone assumes that pointing out obvious things in a condescending tone is kind of insightful, just because you used enough ellipses. Back then we all knew: vague rhetorical questions aren't arguments. Technically, it's not a big surprise at all that someone would restate "you are the product" like it's a revelation. There is nothing novel at all. And non-technically, yeah, as you said... You tried to weather a paragraph of empty meaning. You know that this comment says absolutely nothing actionable. You've known since word one. Nobody can actually be stupid enough to not instantly see that. It's impossible to not understand it. Your strategy so far was to just scold. Who of you has expected a productive outcome, given this "mediocre" contribution, to say it veeeeeery friendly? | | |
| ▲ | pino83 12 minutes ago | parent [-] | | On the one hand, this really sounds frustrated, and I know why you are (bcs we both know that I'm right). But beyond that unhappy story, your comment actually made me smile. Linguistically, let's say. And there is no sarcasm at all. It was funny to read!! |
| |
| ▲ | downrightmike 10 minutes ago | parent | prev [-] | | "What's the actual problem? I mean, yeah, time passed by... And nowadays everyone assumes that all these services are kind of fine, just because time passed by." no no no no no no no, These sites go on the blacklist. |
|
|
| ▲ | maelito 2 hours ago | parent | prev | next [-] |
| Well, I deleted my Linkedin account and life is better now. |
| |
| ▲ | booi 2 hours ago | parent [-] | | That's big talk coming from someone who currently has a job. getting a job without a linkedin account isn't that straightforward. | | |
| ▲ | traderj0e an hour ago | parent [-] | | I get why people without jobs need a LinkedIn, but I don't get why they post there constantly. Like reposting stuff, writing random thoughts, posting rocket ship emojis, has anyone ever gotten a job that way? | | |
| ▲ | Eji1700 an hour ago | parent [-] | | I've heard it makes you more visible on things like search results. Linkdin, of course, is trying to encourage interaction on their site so sounds believable that they'd do that, but i've been lucky enough to not need to care. | | |
| ▲ | traderj0e 41 minutes ago | parent [-] | | That makes sense. I'm curious if it's proven though. Guess I'm lucky to have a job and credentials, recruiters are contacting me despite 0 public LinkedIn activity. |
|
|
|
|
|
| ▲ | Aurornis an hour ago | parent | prev | next [-] |
| This is re-posted article from the author's Substack that does a pretty bad job of explaining the situation. The second link in the article is supposed to take you to a "GitHub repository tracking the extension list" but it goes to a GitHub page for a plugin that hasn't been updated in 9 years. It has a lot of hallmarks of LLM writings ("It's not this, it's that" and feeling like a lot of empty words rehydrated from an outline) while missing the real updates in the story like the German affidavit filed by a LinkedIn engineer who worked on these tools. A key piece of information that this article omits is that the list of extensions being scanned for doesn't include anything you'd recognize or anything you'd even think to install. It's full of data extraction tools, scrapers, AI spam and recruiting tools (remember all those automated spammy LinkedIn messages you got?), and plugins masquerading as simple things that have been pulled from the extension store for violations. A lot of articles have been trying hard to distract from this fact by highlighting that the list of extension includes things like a plugin designed to simplify web pages for neurodivergent users or an "anti-Zionist political tagger" to imply that they're trying to do fingerprinting based on those attributes, but they neglect to mention that those plugins were pulled from the extension store most likely because they were data exfiltrators dressed up as simple plugins to get people to install them. An updated list is available here: https://browsergate.eu/extensions/ But read that site carefully and actually try to click the links. In this section they're trying to direct your attention away from all of the AI spam and data extraction tools with this section: > The scan doesn’t just look for LinkedIn-related tools. It identifies whether you use an Islamic content filter (PordaAI — “Blur Haram objects, real-time AI for Islamic values”), whether you’ve installed an anti-Zionist political tagger (Anti-Zionist Tag), or a tool designed for neurodivergent users (simplify). But click the links. They've all been pulled from the store. Extensions like that are often bait to get people to install scrapers that will use your computer and LinkedIn login to extract data and send it back to their servers. So regardless of where you stand on probing for the presence of these scammy extensions, you should at least understand the facts rather than the story that companies like this are trying to sell you to drive traffic to their product. I suggest cutting through the ragebait journalism and reading more directly from a recent source, like this affidavit filed in Germany by a LinkedIn engineer familiar with the project: https://browsergate.eu/downloads/Lakam-affidavit-redacted.pd... |
| |
| ▲ | tadfisher 33 minutes ago | parent [-] | | > But click the links. They've all been pulled from the store. I did that with the first five extensions in the list; only one was removed from the store. So you should qualify this statement. Maybe they are all scammy extensions, and maybe this is a weird LLM-driven astroturfing campaign, but let's try to at least root our arguments in a shared reality. |
|
|
| ▲ | stevenicr 2 hours ago | parent | prev | next [-] |
| and, recently while trying to decipher why computer was at 98% memory and 65% cpu one of the culprits is https://li.protechts.net taking 2GB ram and 8% cpu. DDG searches say this is something for linkedin. - I had two tabs for linkedin open but left behind as I opened other tabs to research. So I had not reopened these tabs in over 9 hours and they are still just humming along sucking down almost 10% of cpu and a couple gigs of ram for what? This is firefox with ublock origin - quick searches saw malwarebytes browser guard considered it (protechts.net) malware for a bit and then took it off the list of things it blocked / warned about. Not sure this is related to the scan mentioned, but it may be related to the overall concerns about data and unknown usage of resources. I'm considering blocking this at the dns hosts level at this point. repost of my comment 28 days ago |
| |
| ▲ | tpurves 7 minutes ago | parent [-] | | Thanks for flagging this, I was literally seeing the same thing with protechts.net in my activity tab this morning as I was trying to understand why firefox was aggressively draining my battery. |
|
|
| ▲ | dctoedt an hour ago | parent | prev | next [-] |
| Seems to do this in Microsoft Edge, too.* * I use Edge bcs of the vertical tabs — Safari's equivalent is a poor substitute. Firefox didn't seem to have vertical tabs last time I checked. |
| |
|
| ▲ | mkw5053 3 hours ago | parent | prev | next [-] |
| Interesting, so would Safari prevent this? I tried moving to Safari and honestly loved everything except I use my google accounts now for authenticating with to many services and that was a pain compared to chrome. |
| |
| ▲ | NoahZuniga 3 hours ago | parent | next [-] | | Even better! Moving to firefox fixes this. Chrome for some reason (still!) gives extensions static ids. Firefox has the id change per firefox instance. | |
| ▲ | bigethan 2 hours ago | parent | prev | next [-] | | Seems to only happen Chrome per the dev of Wipr (a great safari privacy extension) https://mas.to/@mipstian/116341745221356805 | |
| ▲ | skeaker 3 hours ago | parent | prev | next [-] | | I would imagine using any non-Chromium browser would cause it to fail to find any Chrome extensions, yes. | | |
| ▲ | mkw5053 3 hours ago | parent [-] | | Sure, but Safari may or may not leak Safari extension signals in a similar fashion. I haven't actually investigated. |
| |
| ▲ | testfrequency 3 hours ago | parent | prev [-] | | Well if you’re a logged in to Google don’t you just SSO everywhere? | | |
| ▲ | mkw5053 2 hours ago | parent [-] | | I honestly kind of forget the exact annoyances because it has been some time. I want to say I had to reauth every time I wanted to SSO with my google account because it doesn't allow/deletes third party cookies. | | |
| ▲ | traderj0e an hour ago | parent [-] | | Yeah it's something like this. I have multiple Google accounts and am somehow always logged into the wrong one. |
|
|
|
|
| ▲ | flenserboy 2 hours ago | parent | prev | next [-] |
| Fun to have to spin up a whole VM just to use a particular website! |
|
| ▲ | ChrisArchitect 3 hours ago | parent | prev | next [-] |
| [dupe] Discussion: https://news.ycombinator.com/item?id=47613981 |
| |
|
| ▲ | rapnie 3 hours ago | parent | prev | next [-] |
| See also "LinkedIn is searching your browser extensions" (812 comments)
https://news.ycombinator.com/item?id=47613981 |
|
| ▲ | cynicalsecurity 26 minutes ago | parent | prev | next [-] |
| But how is this supposed to help against scraping? This is ridiculously ineffective against scraping. Just pretend to have a standard set of extensions and you are good to go. |
|
| ▲ | 0xAstro an hour ago | parent | prev | next [-] |
| Now the 1000s of spammy chrome web extension requests when I opened LinkedIn makes sense |
|
| ▲ | guluarte 3 hours ago | parent | prev | next [-] |
| I did that and got logged out of LinkedIn. |
|
| ▲ | 0xAstro an hour ago | parent | prev | next [-] |
| now it makes sense with the 1000s of spammy not found requests to chrome extensions i was seeing on linkedin and had claude code debug. |
|
| ▲ | GodelNumbering 2 hours ago | parent | prev | next [-] |
| I saw the following from linkedIn this morning > Update to our terms and data use As of November 3, 2025, we are using some of your Linkedin data to improve the content-generating Al that enhances your experience, unless you opt out in your settings. We also updated our terms. See what's new and how to manage your data. Frankly, it is unacceptable to tell a user "oh we have been using your personal data for 5 months already and will continue to do so unless you explicitly opt out". Are there any transparent alternatives to LinkedIn (not the trust me bro variant)? |
| |
| ▲ | sp1982 20 minutes ago | parent [-] | | I am building corvi.careers, its a job search engine not social network tho |
|
|
| ▲ | kmeisthax 2 hours ago | parent | prev | next [-] |
| Wasn't this specifically some lame-ass attempt to combat some click fraud or something these extensions were doing? And aren't these articles specifically coming from the person doing the fraud (which is why they know about the extension scanning)? To be clear, LinkedIn shouldn't be scanning your browser extensions, but still. The ultimate problem is that browser extensions are a powerful malware vector and there's a huge market of people buying little utilities off of solo developers to enshittify them. |
| |
| ▲ | dnnddidiej 2 hours ago | parent | next [-] | | > LinkedIn shouldn't be scanning your browser extensions. Correct Yes there are other problems in the world and we can JAQ the messanger too. | |
| ▲ | cxr 2 hours ago | parent | prev [-] | | > Wasn't this specifically some lame-ass attempt to combat some click fraud or something these extensions were doing? No. That you believed that was just an unfortunate consequence of HN's kneejerk tendency to upvote middlebrow dismissals to the top comment, which resulted in people rushing to craft apologetics for what is in reality bonafide scumminess on LinkedIn's part, which itself resulted in confabulations like the claim that, "It was all extensions related to spamming and scraping LinkedIn last time this was posted"—which is simply untrue. |
|
|
| ▲ | charcircuit 2 hours ago | parent | prev [-] |
| This is pure speculation. It is a million times more likely that this data is strictly used to combat scraping and fraud. |
