Michał "rysiek" Woźniak · 🇺🇦1d ago

There is a fresh thing going around about LinkedIn scanning extensions installed in Chrome/Chromium:
https://browsergate.eu/

The website claims "LinkedIn is Illegally Searching Your Computer", and implies the purpose is to find "religious beliefs, political opinions, disabilities".

tl;dr:
- yes, LinkedIn is scanning through a list of 6k+ extensions on Chrome;
- yes, this is bad;
- but the website is disingenuous in making unnecessarily overblown claims.

🧵

#LinkedIn #BrowserGate #Privacy

LinkedIn Is Illegally Searching Your Computer

Microsoft is running one of the largest corporate espionage operations in modern history. Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm. The user is never asked. Never told. LinkedIn’s privacy policy does not mention it. Because LinkedIn knows each user’s real name, employer, and job title, it is not searching anonymous visitors. It is searching identified people at identified companies. Millions of companies. Every day. All over the world.

BrowserGate
Show threadMichał "rysiek" Woźniak · 🇺🇦1d ago

LinkedIn loads a lot of JS. In that JS there is a list of over 6.000 extensions, identified by their ids and with a single file path provided.

The JS then checks if it is running in Chrome or a Chromium-based browser, and cycles through that list, checking if these extensions are installed by doing a fetch() to "chrome-extension://<extension_id>/<file_path>".

If the fetch() succeeds, the extension is installed. If not, it isn't.

🧵

Show threadMichał "rysiek" Woźniak · 🇺🇦1d ago

Is this bad? Yes. It could allow fingerprinting users, and a specific set of installed extensions (say, a lot related to particular religion) could be revealing, and arguably is illegal based on GDPR.

Is this "Searching Your Computer"? No, this is not what we generally think of when "searching your computer" is mentioned. This framing is way overblown and unnecessary.

BrowserGate site also implies LI's purpose might be to gather this kind of protected data. I don't think this is warranted.

🧵

Show thread*_jߍyrope
@Michał "rysiek" Woźniak · 🇺🇦 Can you explain "BrowserGate" to me. Sorry, not a professional here. Thank you!
Apr 2 at 9:37pmWeb