Mastodawn

Holy shit this is detailed. Can you believe the hubris to silently collect all this information on users?

The Attack: How it works

Every time you open LinkedIn in a Chrome-based browser, LinkedIn’s JavaScript executes a silent scan of your installed browser extensions. The scan probes for thousands of specific extensions by ID, collects the results, encrypts them, and transmits them to LinkedIn’s servers. The entire process happens in the background. There is no consent dialog, no notification, no mention of it in LinkedIn’s privacy policy. This page documents exactly how the system works, with line references and code excerpts from LinkedIn’s production JavaScript bundle.

BrowserGate

Show thread

Jet-B 1d ago

@paco

I don't understand why LinkedIn wants to know someone's browser extensions. What could be the purpose?

Show thread

Colby Russell

@jet @Littlebobbytables LinkedIn sells premium plans.

Ostensibly, they want to be able to detect and disable the accounts of people using what are essentially poweruser tools for enabling seedy behavior (e.g. by recruiters). In reality, it's because they want to sell recruiters those tools, which is obv. difficult if their premium features (e.g. advanced filtering) can be provided instead by a browser extension.

@b_cavello 👆 (the "benign motivation" is, predictably, maximizing revenue).