digitalWestie4d ago

LinkedIn Is Illegally Searching Your Computer

https://browsergate.eu/

LinkedIn Is Illegally Searching Your Computer

Microsoft is running one of the largest corporate espionage operations in modern history. Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm. The user is never asked. Never told. LinkedIn’s privacy policy does not mention it. Because LinkedIn knows each user’s real name, employer, and job title, it is not searching anonymous visitors. It is searching identified people at identified companies. Millions of companies. Every day. All over the world.

BrowserGate
Show threadhaswell4d ago

The headline seems pretty misleading. Here’s what seems to actually be going on:

> Every time you open LinkedIn in a Chrome-based browser, LinkedIn’s JavaScript executes a silent scan of your installed browser extensions. The scan probes for thousands of specific extensions by ID, collects the results, encrypts them, and transmits them to LinkedIn’s servers.

This does seem invasive. It also seems like what I’d expect to find in modern browser fingerprinting code. I’m not deeply familiar with what APIs are available for detecting extensions, but the fact that it scans for specific extensions sounds more like a product of an API limitation (i.e. no available getAllExtensions() or somesuch) vs. something inherently sinister (e.g. “they’re checking to see if you’re a Muslim”).

I’m certainly not endorsing it, do think it’s pretty problematic, and I’m glad it’s getting some visibility. But I do take some issue with the alarmist framing of what’s going on.

I’ve come to mostly expect this behavior from most websites that run advertising code and this is why I run ad blockers.

Show threadreplwoacause4d ago
I disagree, I think we should push back hard on behavior like this. What business is it of LinkedIn's what browser extensions I have installed? I think the framing for this is appropriate.
Show threadAurornis4d ago

> What business is it of LinkedIn's what browser extensions I have installed?

The list of extensions they scan for has been extracted from the code. It was all extensions related to spamming and scraping LinkedIn last time this was posted: Extensions to scrape your LinkedIn session and extract contact info for lead lists, extensions to generate AI message spam.

That seems like fair game for their business.

Show threadtartoran
And instead LinkedIn is scraping all users computers?
Apr 2 at 2:18pmWeb
Show threadAurornis4d ago

This doesn’t fit the description of scraping by any normal definition. It’s a classic feature probe structure, where the features happen to be scraping extensions.

I think it’s kind of funny that HN has gone so reactionary at tech companies that the comments here have become twisted against the anti-spam measures instituted on a website that will never trigger on any of their PCs, because HN users aren’t installing LinkedIn scrape and spam extensions.

Show threadImPostingOnHN4d ago

HackerNews users used to be the type that would do the scraping, so they could Hack the data into whatever format or integration they desired.

It's unfortunate to see folks here who don't support that – interoperability is at the heart of the Hacker Ethic. LinkedIn (along with any other big tech companies locking down and crippling their APIs) is wrong to even try to block it.

Is it an issue of the resources scrapers consume? No: Even ordinary users trying to get API access on a registered persistent account linked to their name are stymied in accessing their own data. LinkedIn simply doesn't want you to access your own data via API, or in any manner that isn't blessed by them. That ain't right.

Show threadwarkdarrior4d ago

LinkedIn has an API you can use at your convenience:
https://learn.microsoft.com/en-us/linkedin/

Accessing other users' LinkedIn data via the API requires their OAuth consent, as it should be. But you are welcome to access your own data via the API.

LinkedIn API Documentation - LinkedIn

Explore LinkedIn API documentation for Compliance, Consumer, Learning, Marketing, Sales, and Talent Solutions