Nicolas Vivant 1d ago

J'ai vérifié les allégations de https://browsergate.eu (LinkedIn scanne plus de 6000 extensions de Chrome au démarrage).

1. c'est vrai
2. Firefox n'est pas impacté

Vidéo du scan : https://video.echirolles.fr/w/2dqppRwX17JEdMWFRkHZhm

**Attention** : https://colter.social/@nicolasvivant/116347596162403178

cc @ploum @nitot

#LinkedIn #Browsergate

LinkedIn Is Illegally Searching Your Computer

Microsoft is running one of the largest corporate espionage operations in modern history. Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm. The user is never asked. Never told. LinkedIn’s privacy policy does not mention it. Because LinkedIn knows each user’s real name, employer, and job title, it is not searching anonymous visitors. It is searching identified people at identified companies. Millions of companies. Every day. All over the world.

BrowserGate
Show threadNicolas Vivant 
J'ai aussi récupéré le script chz0wee66axxwvysl0xusopqe.js et j'ai vérifié dans le code : effectivement, plus de 6000 IDs d'extensions sont testées, et elles correspondent à ce qui est indiqué sur https://browsergate.eu
LinkedIn Is Illegally Searching Your Computer

Microsoft is running one of the largest corporate espionage operations in modern history. Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm. The user is never asked. Never told. LinkedIn’s privacy policy does not mention it. Because LinkedIn knows each user’s real name, employer, and job title, it is not searching anonymous visitors. It is searching identified people at identified companies. Millions of companies. Every day. All over the world.

BrowserGate
Apr 4 at 12:32pmWeb
Show threadJulien W.1d ago
@nicolasvivant as-tu pu vérifier les extensions en question ? Il semble que ce soit que des trucs de merde (scrappers, ai, des trucs comme ça)
Show threadNicolas Vivant 1d ago

@julienw

Pas toutes, mais j'ai pris quelques IDs au hasard dans le script, et ils correspondaient effectivement à ce que le site indique ici : https://browsergate.eu/extensions/

Scanned Extensions Database

6,222 extensions. Zero consent. Every time you visit LinkedIn, a hidden JavaScript program scans your browser for installed Chrome extensions. No notice. No opt-in. No mention in their privacy policy. The scan doesn’t just look for LinkedIn-related tools. It identifies whether you use an Islamic content filter (PordaAI — “Blur Haram objects, real-time AI for Islamic values”), whether you’ve installed an anti-Zionist political tagger (Anti-Zionist Tag), or a tool designed for neurodivergent users (simplify). Under GDPR Article 9, processing data that reveals religious beliefs, political opinions, or health conditions requires explicit consent. LinkedIn obtains none.

BrowserGate
Show threadJulien W.1d ago
@nicolasvivant j'ai cherché rapidement certaines extensions connues , rien de spécial... On dirait que ce sont des extensions qui scrappent LinkedIn pour fournir des services supplémentaires (pas forcément shady d'ailleurs ? code source des extensions à étudier...)
Show threadJulien W.1d ago
@nicolasvivant mais pas de ublock, privacy badger, dark mode, etc
Show threadSeb 🇺🇦1d ago
@julienw @nicolasvivant la question c’est pourquoi LinkedIn fait ça !
Show threadNicolas Vivant 1d ago

@docteurslump @julienw

Le site donne quelques pistes dans le paragraphe « What we found » de la page principale.

Show threadJulien W.1d ago

@nicolasvivant
Ben je crois que le site browsergate est lui-même une campagne de gens qui font un de ces add-ons et qui se sont fait bannir de LinkedIn.

Quelques pistes par là : https://social.treehouse.systems/@vantiss/116336811478744261

@docteurslump

elle (@[email protected])

since that browsergate site about LinkedIn seems to be gaining traction I figure I should mention: - yes, LinkedIn does do what's being claimed (though, it's that it probes for *specific* extensions you're running, using features in chrome's API - it doesn't "search your computer") - it does seem to have been doing this since at least as far back as [2017](https://github.com/dandrews/nefarious-linkedin), and there has been intermittent reporting on it over the years - I'm fairly confident the copy on the site was generated by (or at least went through) an LLM, so idk that this site is the best way to spread the issue around edit: and as [someone else noted in the replies](https://not-brain.d.on-t.work/notes/akl6hp4gjqcp8d7h), looking through the list of extensions of scans for... they're [pretty much all "AI"/scraper/automation plugins](https://browsergate.eu/extensions/). so, should LinkedIn be doing this, or even *able* to do this in Chrome? no! but also, it does seem like the stuff they're scanning for is all extensions that shouldn't exist to begin with tbh edit 2: please see [this follow-up post](https://social.treehouse.systems/@vantiss/116342005257886265) which proves this is just a shitty campaign by people who made an addon called "Teamfluence" that got blocked by LinkedIn

Treehouse Mastodon
Show threadJulien W.1d ago

@nicolasvivant
Je suis pas sûr que LinkedIn soit vraiment à blâmer en l'occurrence, en fait...
S'il y a quelqu'un à blâmer ce devrait être chrome, qui propose cette API. (Mais je veux bien admettre que je suis biaisé 🤣)

@docteurslump

Show threadJess 1d ago
@nicolasvivant oui et déjà ça fout la trouille.
Je pense que l'allégation d'espionnage industriel n'est pas volée.
Je serai responsable politique je m'y intéresserais.
Mais bon.