· 190 comments · Save ·
News & Current Events Apr 7, 2026 at 9:31 AM

One of the largest corporate espionage and data breach scandals in digital history: New "BrowserGate" report claims LinkedIn secretly scans user browsers

Posted by BendicantMias

New "BrowserGate" report claims LinkedIn secretly scans user browsers
TechRadar
New "BrowserGate" report claims LinkedIn secretly scans user browsers
LinkedIn calls it a smear campaign, but does not deny scanning people's browsers for extensions.
🚩 Report this post

190 Comments

Sign in to comment — or just click the box below.
🔒 Your email is never shown publicly.
BendicantMias 4 days ago +512
>A new report is alleging LinkedIn uses hidden JavaScript to scan its visitors’ browsers for installed extensions, looks for those that compete with its own sales tools, and then twists its users’ arms until they stop using those and pick LinkedIn’s products, instead. >"LinkedIn scans for over 200 products that directly compete with its own sales tools, including Apollo, Lusha, and ZoomInfo. Because LinkedIn knows each user's employer, it can map which companies use which competitor products. It is extracting the customer lists of thousands of software companies from their users' browsers without anyone's knowledge,' the report states. >"Then it uses what it finds. LinkedIn has already sent enforcement threats to users of third-party tools, using data obtained through this covert scanning to identify its targets." >Apparently, the scanning part is true - BleepingComputer ran an independent test and saw a JavaScript that checked for exactly 6,236 browser extensions.
512
ledow 4 days ago +132
I'm more interested in how a browser extension can be detected by a page that it's used on, to be honest.
132
adzm 3 days ago +126
Simply by checking chrome-extension:// URLs with the extension id and a path to a resource. You can see a demo and more info here https://browserleaks.com/chrome
126
ledow 3 days ago +98
Sounds like something they should be fixing in all browsers, as it allows data leakage and browser fingerprinting.
98
OldSchoolSpyMain 3 days ago +19
This trick has been around for over 15 years when iOS first started letting web links open iOS apps (think: amazon.com link in the safari web browser opening up the Amazon app). I think it's called "Universal Links". So for example, back then, you could use Objective C code to check to see if an Amazon.com link would successfully open the Amazon app or not. Clever devs figured out that if they made a master list list of *all* of the apps that had registered web URLs that opened apps (facebook, delta airlines, new york times, myspace, etc...), they could use that list to check to see which apps the users had on their phones, thus taking inventory of an unwitting user's cell phone. A long time ago, Apple promptly patched that when news got out. But, that seems to be the same thought process here. This is the equivalent of putting a new device on your home network, and that device taking inventory of every other device on your network...oh wait. They try that shit now, too. ...so do some robot vacuums which inventory the stuff in your home that it can see with its camera.
19
adzm 3 days ago +21
Well, the extension author can enable use_dynamic_url which randomizes that URL and prevents this kind of thing. Very few extensions really need to be accessible through a URL like that.
21
alelo 3 days ago +7
so, if you use FF you are safe?
7
randomnameicantread 3 days ago +13
Lmao. No. It takes serious countermeasures to avoid browser fingerprinting and even then you become identifiable as someone employing avoidance measures
13
alelo 3 days ago +14
yes but, asking about extensions, i cant find a FF extensions checker on the site, only chrome
14
randomnameicantread 3 days ago +15
Oh, yeah, I think Firefox may not actively tell websites your extensions. Safari doesn't either. They can still use literally hundreds of variables — from your GPU to your viewport size to your installed fonts — to identify you uniquely when you use Firefox. Not to mention it's possible to run js scripts to identify extensions based on what they insert, to a high degree of accuracy.
15
tirdg 3 days ago +8
Yea, honestly, most of this stuff seems impossible to hide from the user side. I mean extensions do things to the DOM that you can just look for after the fact. I have no idea how you'd stop any js running on your page from...reading the page.. You may as well consider the details of your browser and anything a browser exposes about your PC/device to be public information. As such, anyone can (and probably will) collect it. Security needs to start elsewhere. Probably at the browsers themselves.
8
randomnameicantread 3 days ago +6
You can disable JS (tor does by default) but then immediately show up as a user that disabled JS, which gets you dinged by a lot of anti bot scripts. Most of the info can also be spoofed if you try, but even if you're trying your absolute best some things will either identify you or flag you as someone that's employing countermeasures (see: canvas fingerprinting)
6
tirdg 2 days ago +3
Yea. Anything you do just becomes part of the unique collection of traits that make up your fingerprint. By participating in "The Internet" you're effectively in public and any expectations of privacy were naive from the start. The real answer, if we want privacy (and I'm not convinced that we even do), is that it would need to be approached through regulatory channels. Basically, reverse the current incentive structure around the collection of private data. Data is a huge business because we haven't said, as a society, that it's no longer allowed. But we could do that any time we want and the practice would stop over night. It's amazing how far we'll go, how much money we'll spend, etc.. to not even come close to solving a real problem. We have a huge number of gigantic organizations devoted entirely privacy and fending off its adversaries one by one through the development of browsers, browser extensions, communications protocols, encryption techniques, etc.. All because we can't just say: "people's data is private and you can't collect it anymore and anyone caught collecting, purchasing, or otherwise consuming private data will pay substantial fines on a per-incident basis." Data collection may actually be the prime mover of many things deranging society in the digital realm. If you turned it off, all the perverse incentives that turned social media into a cesspool would practically evaporate.
3
leparlon2 3 days ago +1
Yep. Even if you reject everything, you’re still leaving "crumbs" behind. I played around with this idea on a ludumdare game where the player can actually see these data points, and it’s kind of silly how much can be inferred from normal browser behavior. I had to explicitly say that the game sends nothing my way, since it really felt like tracking
1
Rotund-Pear2604 3 days ago +1
Best way to avoid being identified is to feed them so much garbage data that you disappear in the noise. Harden your browser and you end up sticking out even more.
1
Aristo_Cat 3 days ago -3
No, but safari does a decent job and Brave is arguably the best
-3
queen-adreena 3 days ago +2
Brave is just crypto-bloated c*** from a very sketchy company. [Helium](https://helium.computer) is far better.
2
kapparrino 1 day ago +1
I use brave to get rid of ads on every page, however I disabled all crypto stuff and rewards.
1
rot26encrypt 3 days ago +46
>I'm more interested in how a browser extension can be detected by a page that it's used on, to be honest. Browsers reveal a shocking amount of information about your system. To the degree that it is possible to fingerprint and track most users individudally regardless of using VPN or tracking prevention. Let this page load (takes a few seconds) and see what they know and how unique you are: [My Fingerprint- Am I Unique ?](https://amiunique.org/fingerprint) (list of your plugins is #19 on the list).
46
ledow 3 days ago +9
Yes, browser fingerprinting is widespread. But a page shouldn't be able to (reliably) query what extensions you do or do not have active.
9
rot26encrypt 3 days ago +14
It shouldn't be able to query a lot of the information shown on that page, but today they can, across browsers. That it can query this is what fingerprinting is.
14
ledow 3 days ago +17
Most of that information is available because the BROWSER allows it, not because they're doing anything sneaky. e.g. you can pretty much hide your user-agent string if you want, etc. There's no reliable way to tell if I'm Windows or Linux without the user-agent string, but we literally GIVE THAT INFORMATION AWAY (for ancient historical reasons when websites would render differently depending on your browser, because early IE was such a borked browser), which is very different to them doing anything nefarious. But there's no need to be advertising (and to my knowledge no specific piece of "given away" information that allows) what extensions you have enabled or not. The other link the other guy posted explains itself - it literally uses timing differences when certain extension URLs are queried and... even goes so far as to say that Brave doesn't allow that information to be fingerprintable. This is the point. You're giving away what browser / OS / version you're using, obviously. Javascript enabled or not? Trivial to detect (run some Javascript, see what happens). But extensions aren't being broadcast to my knowledge, and that is a) far more nefarious and b) something the browser is doing and should be able to fix for ALL websites.
17
rot26encrypt 3 days ago +3
>Most of that information is available because the BROWSER allows it, not because they're doing anything sneaky. Exactly the same with plugins (it is #19 on the fingerprinting page results, nothing sneaky being done by that page to get that). That browsers *shouldn't* expose much of this information we agree on.
3
DuncanHynes 3 days ago +2
I am unique among 4980630 others... soo. whats that mean?
2
rot26encrypt 3 days ago +2
>I am unique among 4980630 others... soo. whats that mean? It means that it is possible to track you individually and build a profile of *you* across all the sites you use that use the same fingerprint tracking system on the website.
2
DuncanHynes 3 days ago +2
Drats.
2
Swarna_Keanu 3 days ago
Except that it didn't identify my browser correctly, just to start.
0
waverider85 3 days ago +10
That just shows what your browser is claiming to be. Usually it'll just be the most common browser in a given "family" for compatibility reasons. Fingerprinting is more concerned that your setup is unique than whether or not your browser is lying.
10
rot26encrypt 3 days ago +5
This is how browser detection work, most browsers identify as something else for compatibility reasons and that is enough to track you, doesn't matter if it is "correct".
5
Aleyla 3 days ago +8
One way: If that browser extension is known to make a change to the html, then all you need to do is check if the html you sent was changed.
8
MeChameAmanha 3 days ago +3
Isn't that what all the "It seems you are using adblock pls dont" sites do?
3
bottlecandoor 3 days ago +1
I'm not sure, but If they have some way of interacting with the page the website could watch for the interactions or make honey pots to activate them.
1
dontknow_anything 4 days ago +35
Having seen my profile on Zoominfo and other platforms where I didn't create the profile, I can understand that. Those platforms extract profiles out of linkedin, when they are set not be accessible from the internet. How are they capturing data that would be against privacy laws in lot of country? I can request linkedin to remove my data, but why do I need to reach out and then find out who else extracted my profile from Linkedin. Linkedin should be preventing my profile being extracted out of their website.
35
Adinnieken 2 days ago +5
It's worth noting that the company behind this report apparently sells a competing tool that does exactly the same thing. They were kicked off of LinkedIn for this reason. So, in effect, they are upset because LinkedIn is doing it for their own benefit on their service, but this company can't make money offering their services to do the same thing to people on LinkedIn. So, yes. LinkedIn is doing this, but the company behind this report is butt hurt because LinkedIn won't allow them to do it to LinkedIn users or permit their tool use by other LinkedIn customers. Understanding that when you use a free service provided by a company you are the product, but LinkedIn is also stopping other companies from gathering this information about their users. One certainly should be disclosed, while the other definitely should not be permitted. I think it's audacious for a company that's trying to gather this information for use by users of the service (legitimate or nefarious) to come forward and claim wrong doing by the company behind the service, when the company making the claim would have profited from selling their capabilities to any user around the globe, and they in turn could have used that capability to target users with ads, or for intrusion purposes. You might not like what LinkedIn is doing, but in this case they are also trying to protect their users from potentially bad players. I realize they can get this info via another website if they can get users directed toward it, and they can craft exploits targeted at poorly written extensions, but using LinkedIn they can identify specific targets and that is a concern. Whether Google, Apple, Facebook, LinkedIn or any other company providing a site with a free service does this for their own internal use, is one thing, which should be disclosed, but it's an entirely different thing for a third party trying to use a platform to either sell that data or sell the tool to gather that data from that first party service. I don't use LinkedIn, but I really would not want a third party gathering this data on me while I was using LinkedIn. Same goes with Listnook, Facebook, or any other online service. If that company that I'm in a user agreement with does it, and it has been disclosed, fine, that's my choice to use that service. However, a third-party using that data could be using it for multiple reasons that negatively impact me without disclosure and without me knowing who was getting that information. When I first heard about this, the LinkedIn part is the first thing that was presented, then it was slipped in that the company behind the report was butt hurt because they wanted to make money by selling the same info or the capability to generate it, to third parties. Not sure I like either evil, but I'll take the lesser of the two, if I have a choice.
5
Pseudanonymius 4 days ago +1312
When are the executives deciding to do these kinds of things going to be sent to jail for once? We all know fines have no effect at all. Let's create a real deterrent. 
1312
FenrisCain 4 days ago +276
We could at least set fines as a percentage of revenue or profit rather than flat values where its easy to just make more breaking the rules and pay them off
276
iguessitdidgothatway 4 days ago +152
Jail for all leadership! Accountability is in the company culture so they will understand.
152
UpsetKoalaBear 3 days ago +21
It’s funny, the Online Safety Act in the UK is one of the only laws in the Western world that holds executives criminally accountable. They did that via a loophole, which is age estimation. The government has a statutory duty of care to children, hence they can take parents away from kids. After Zuckerberg failed to show up to a parliamentary inquiry 3 times after Cambridge Analytica, and Elon Musk also failed to show up recently (instead mocking the request) the government decided that enough was enough. The amount of misinformation around the act is crazy. It specifically mandated age estimation for large platforms with >35m UK users and which have content recommendation systems. It didn’t target small platforms or forums, who have no such requirement legally. Anyone who says it does, is outright wrong. [Ofcom define the categories pretty explicitly](https://www.ofcom.org.uk/online-safety/illegal-and-harmful-content/additional-duties-for-categorised-online-services) and it is only platforms with more than 50% of the UK population and with recommendation algorithms. In fact, the “lobbying” efforts by Meta to add age verification was specifically to add verification on the OS/App Store level so they didn’t have to do it. The government here ruled that out earlier on. They specifically targeted it towards big tech companies who previously had no legal reason to take accountability. Next time you see a post about it, ask yourself why you are seeing it. They’re trying to get it repealed in its entirety because they don’t want to be held criminally responsible for the content on their platforms.
21
Patient_Bet4635 3 days ago +64
Fines should always be set at some percentage over 100%, because you’re unlikely to catch all of them, so the fines should be so bad that a company wouldn’t even think of doing it, since even if they got caught 10 years later, they would become near bankrupt.
64
idontlikeflamingos 3 days ago +34
Also because it can't be a sum that can be seen as a "cost of doing business". A fine should be large enough so that the punishment is much larger than the possible gain, otherwise it's worth the risk for the companies.
34
CP_Chronicler 3 days ago +17
Fines should be proportional to what happens to someone working for minimum wage: the fine destroys their finances and livelihood. So an extremely high percentage coming from the CEO. If it can be proved that it was done without the CEO’s knowledge, then great, let the C-Level eat each other alive over it.
17
Haplo12345 3 days ago +12
Fines should be 100% of the profit gained from any sale (if applicable/traceable), plus 2% of annual company revenue (not profits) for every month the action was perpetrated. The person ultimately responsible for that business decision with awareness of it should forcibly lose their job, lose any golden parachute or severance packages they had lined up, and serve some jail time if the offense is serious or caused harm to people.
12
Mchlpl 3 days ago +8
We did. That's how GDPR violations are fined.
8
FenrisCain 3 days ago +5
>We did. Some people did for some specific fines... I talking more of a systemic approach for all corporate fines
5
Haplo12345 3 days ago +2
GDPR doesn't apply to the United States.
2
Mchlpl 3 days ago +2
It does apply to any company that wants to process EU citizens' data.
2
Haplo12345 3 days ago +2
Only if the EU can get the US to play ball regarding it, which it typically doesn't. Without a physical or at least _bank_ presence in the EU they usually have no ability (not to mention no interest, for smaller orgs) to enforce their rules on foreign companies. The EU is still a far cry from the US when it comes to enforcing its own laws on other nations.
2
Mchlpl 3 days ago +6
Meta - close to 3B over six different violations Amazon - $815M in July 2021 ByteDance - $377M in September 2023 Uber - $324M in August 2024 Microsoft - $390M in October 2024 (this was for LinkedIn violations BTW) Yeah, I'd say we're doing pretty ok
6
Haplo12345 2 days ago +1
Those orgs are all *huge* and all have physical and/or financial presences in the EU and significant interests in continuing to be able to do business there. They are not even US companies operating in the EU, they are EU-based subsidiaries of their US parent company.
1
donald7773 3 days ago +5
Have a financial forensic team the combs through all of their money and determines exactly how much they profited off of this decision. Fine them 3x
5
ijordison 3 days ago +3
Plus the cost of that teams analysis.
3
pocketchange2247 3 days ago +3
The fine should include 100% of the *revenue* made off of it, 100% of what they made off of investments from the revenue they made off of it, PLUS a major fine on top of that. Then throw in the possibility of jail time for those within the organization who greenlit the decision.
3
FoulMoodeternal 3 days ago +2
Yes. As in 100% if revenues
2
Mourdraug 4 days ago +48
The answer is never, as long as we don't treat lobbying as a corruption
48
boersc 3 days ago -17
Lobbying in itself isn't bad. Our representatives should know what's going on in society. However, it's the enrichment or financial gain that lobbyists offer that is the real problem.
-17
[deleted] 3 days ago +20
[deleted]
20
boersc 3 days ago +1
That's exactly what I am saying. It's not the lobbying, but the money involved what is the problem.
1
Swarna_Keanu 3 days ago +9
No, lobbying is bad, in that it comes from outside, rather than from inside, and with a loaded agenda. Always. Politicians can *invite* experts, or *pay* for research to gain information what's going on in society. They can be contacted and addressed through communication channels. You can create petitions and invite them for debates. Lobbying is something completely different.
9
boersc 3 days ago
That way, public interest groups would have no way of letting politicians know what people find important, as they would not be invited. NGOs lobby just as much as fossil fuel lobbyists, but those last ones don't lobby with closed wallets.
0
Swarna_Keanu 3 days ago +7
Which is the point I am making. Read my post again. Petitions are something *different* from Lobbying and wouldn't vanish if we outlaw *lobbying practice*. Researchers sent out on a fact finding mission would - if they are anything decent - TALK to all stakeholders, consider evidence etc. Their value and their purpose is and would be tied to being as accurate and methodically about their data as possible. If they are paid well and audited you limit corruption creeping in. Certainly more democratic than relying on data from people who's financial interest is aligned with whom they represent. Lobbying is nothing like that. And note that there are a good number of NGOs who engage in greenwashing or in being only partially factual; even if they do less damage to society overall.
7
gunsandgardening 3 days ago +2
Hey we dont do nuance here
2
Devadeen 3 days ago +27
Nationalisation of shares. It scares shareholders and CEOs. I'm convinced few % of nationalisation is the true punishment that capital would fear, while giving wealth to the country and keeping the government interested in the success of the business.
27
Beautiful_Welcome_33 3 days ago +10
That's what Norway has done and it works well.
10
apocalypsebuddy 3 days ago +2
They will literally go to war with the populace before they allow their shares to be nationalized. They own the government, it’s already corporatized 
2
Old_Leopard1844 3 days ago -8
Would you like to live on a minefield?
-8
dr1fter 3 days ago +4
Pardon?
4
TheTwoOneFive 3 days ago +5
Hey now, those fines also come with an admittance of no wrongdoing!
5
InconspicuousRadish 3 days ago +4
If the Sacklers haven't done jail time for an entire opioid epidemic, then nobody at Microsoft will be held liable for data theft.
4
iwatchppldie 3 days ago +7
Wealthy people don’t face consequences.
7
romaraahallow 3 days ago +2
It's the two tiered justice system in action! C Suite nobility doesn't have to worry about little laws and consequences as long as they aren't taking money from other nobles.
2
elh0mbre 3 days ago +2
When we pass criminal statutes against this behavior.
2
FastFingersDude 3 days ago +1
They need to be put in jail. Consequences ffs.
1
ImportanceLarge4837 3 days ago +1
“Monopoly money I kinda think it’s funny…”
1
C-Redd-it 3 days ago +1
As long as they own our government we are their wage slaves in this dystopian feifdom we call emloyment in America.
1
Tight-Shallot2461 3 days ago +1
Exactly. It's long past due that executives receive jail time. No more fines, just jail time!
1
TheSecondEikonOfFire 3 days ago +1
They’re the ones with the money, so never. It’s clearer now more than ever (although let’s be real, ever since organized society first started it has ALWAYS been this way) that the rules are different for the ones with the wealth. Whatever form that wealth takes
1
SenseisSifu 3 days ago +1
Jail is only for poor people.
1
Kalthiria_Shines 3 days ago +1
> When are the executives deciding to do these kinds of things going to be sent to jail for once? We all know fines have no effect at all. Let's create a real deterrent. You'd have to make it a crime first. As it stands I'm not even sure it's actually illegal.
1
FoulMoodeternal 3 days ago +1
Fine them a trillion dollars taken from the personal assets of the C suite
1
nullpotato 3 days ago +1
We need to bring back stockades. These people getting shamed in a public center would be pretty satisfying, not that they can feel shame.
1
theddj 3 days ago +1
The justice system is just there to do the bare minimum to keep people from rioting in the streets.
1
kryptoneat 3 days ago
Some responsibility should fall upon the computer programmers too. They should refuse illegal orders. And they are usually not living paycheck to paycheck (though not necessarily rich).
0
Pseudanonymius 3 days ago +1
It is unconscieable if the people giving the orders are not held accountable while the people who execute the orders are.  If we get lucky enough to live in a world where the executives actually are being held responsible, I would completely agree with you. 
1
_Soup_R_Man_ 3 days ago +77
Everyone get ready for your $5 class action check! Woohoo! 🤣
77
panorambo 3 days ago +60
The same company that was caught almost two decades ago mass-emailing (spamming) your entire contact list -- without your explicit consent _or_ even knowledge to such an "option" -- by employing dark-patterns (like "confirmshaming") to get you to share your [email] contacts with them (through Google acting as identity provider) when you register or log in? Colour me surprised indeed.
60
studentblues 3 days ago +13
> Colour me surprised *indeed*. Hmmm
13
panorambo 3 days ago +3
Grammatically-semantical blunder?
3
chunmunsingh 4 days ago +80
After Microsoft bought LinkedIn, anything could have happened, Linkedin is next to useless platform, so it is not surprising that they may choose to monetize browser data.
80
TxM_2404 4 days ago +62
Microsoft is the real problem here, they need to be broken up into at least a dozen smaller companies. Otherwise this is gonna happen again and again.
62
jikt 3 days ago +2
I agree. Let's start small and work our way up to whatever other shit people care about. Here's the final list: 1: Give java Minecraft back to mojang. 2: I don't give a f***.
2
DueDisplay2185 3 days ago +1
But it would simply become a monopoly again further down the line, voiding the entire premise of breaking up one company to make a dozen. This 200 year old game of monopoly exists for a reason - control
1
sioux612 3 days ago +21
Breaking up a monopoly does work, politicians have just been to cowardly to do it again Last time they actually broke a proper monopoly they created basically the entirety of the current oil market. And then they decided that work was hward and being corrupt was easy and paid better, so they stopped breaking them up and isntead started getting paid by them
21
subnautus 3 days ago +17
Small correction: the last time the USA broke a proper monopoly was forcing AT&T to break its stranglehold on the telecommunications industry, which immediately lowered costs for calling long distance and opened the door for the diversity of cell phone and internet services available today. In many ways, we owe the internet age to the government having the eggs to break up AT&T. Breaking monopolies is a good thing. We should do more of it.
17
Worth-Lead-5944 3 days ago +4
Fun fact, the game of monopoly isn't intended to be fun. It's intended to lead the players to the conclusion "wow, this sucks, one person owns everything and the rest of us can't survive".
4
DueDisplay2185 3 days ago +1
Yeah the best solution I've got is sid meiers civilization, Where it's MMO and we all vote about how the world turns out but I digress. Let's bring this problem to other planets and then sort it out
1
BendicantMias 4 days ago +7
>monetize browser data. Well in this case it seems they're using it to try to suppress competition.
7
moreesq 3 days ago +8
I use LinkedIn all the time to identify information about law firm consultants. It is invaluable for that and I can message people there when I cannot otherwise locate an email address. Why do you say it is useless? What source is better for finding information out about people in the business world?
8
Swarna_Keanu 3 days ago +5
Their websites. And the question is how much information you need. We had pre-linked-in society that functioned without all that extra info.
5
dr1fter 3 days ago +1
I mean, we also had a lot of info in a pre-linked-in society, but it was available in places other than LinkedIn. After all, society functioned without the internet, so we don't really need it now, right? You can always dial through the phone tree and try to get their secretary if you have other questions...?
1
Swarna_Keanu 3 days ago +2
My point was specifically pre Linked-in. You jump to extremes and put stuff in my argument that isn't there. Pretty much all the info on Linked-in is found elsewhere on the internet easily. So again - the question is *how much* information do you need? What is the time saved searching for someone on Google, vs. searching on Linked-in. I often find what is on Websites to be far more in-depth than a general CV even.
2
dr1fter 3 days ago +1
Well yeah, the previous commenter already said it's info they "cannot otherwise locate" so I'm taking at face value that they care about some part of the information that isn't otherwise easily available on the internet. I'm not u/moreesq and can't speak to how important that info is, nor how often they might encounter someone who publishes it exclusively on LinkedIn. But I don't buy the argument that because we once survived in a world where you could work harder to get *most* of the same information, that means we could just go back to that at any time.
1
BoardroomStroke 3 days ago
Most people looking for work go to sensible platforms like indeed or monster now. LinkedIn is for narcissists who want to show off their network.
0
smilbandit 3 days ago +11
if you think this is limited to Linkedin well...
11
selfiecat 3 days ago +9
"I'm so excited to inform that my browsing history was being scanned. Here's the top 10 things that I learned from this exprience"
9
rsmithlal 3 days ago +7
Wow, awful! No wonder their f****** garbage front end bloats like nothing else. Takes forever to load and eats between 500 mb and 2 gb of ram per tab. Wild.
7
drifting_signal 3 days ago +7
It looks like they're scanning for plugins that would/could be used to automate things on Linkedin. It still doesn't make it okay, especially when they start scanning for systems specs. It's a pretty intrusive way to prevent people from exploiting your terrible web site. Of course after they got busted doing it, they blame it on a 'disgruntled plugin author' and call it a smear campaign lol https://github.com/mdp/linkedin-extension-fingerprinting/blob/main/chrome_extensions_with_names_all.csv https://gist.github.com/jeremy-hyde/8a4db2280d3076ab99d958b83dccc1d2
7
Make1984FictionAgain 3 days ago +3
they also look for Muslim-themed extensions and send your data to a Israeli cyber security firm, etc.. https://browsergate.eu/executive-summary/
3
SingLyricsWithMe 3 days ago +7
#LET'S HAVE A CLASS ACTION LAWSUIT
7
Thrillog 4 days ago +33
Such a garbage site, wouldn't touch it with a snooker cue.
33
WrapHistorical8580 3 days ago +2
Can you inform me about better sites
2
SpeedyTurbo 3 days ago -3
No (he’s unemployed)
-3
devilpiglet 3 days ago +2
Is this really a joke 1) at the expense of the unemployed 2) so you can vainly flail for karma on Listnook 3) by glazing LinkedIn? your life, your choices...woof
2
SpeedyTurbo 2 days ago +1
No it’s just 1) a joke Hope that helps
1
TCsnowdream 2 days ago
Holy shit. Take the snooker cue out of your arse.
0
Holiday_Context5033 4 days ago +1
How about a pole vault stick?
1
Thrillog 4 days ago +6
Never held one actually, seems quite heavy and over the top..
6
Wingthor 3 days ago +3
You’ve really raised the bar with that one.
3
mdr1384 2 days ago +1
Our company keeps harping on about everyone signing up for LinkedIn. I never did. Wonder what they'll say about it now?
1
Thrillog 2 days ago +1
It only matters if you care about "blending in" with other sheep. I never did and I'm healthier for it - it's a cesspool of a website...
1
switch-words 3 days ago -5
^ this site is the real crime here people, poles aside.
-5
williamgman 3 days ago +10
LinkedIn became Facebook years ago. Used to be where folks found jobs and employers found workers. No more.
10
srandrews 3 days ago +1
I refer to this as AOLification.
1
doolpicate 3 days ago +9
Between the fake job posts, the AI slop posts, the linkedin lunatics and this, it's time for Linkedin to be put away for good.
9
Calculon123456 3 days ago +1
Linked in lunatics, love it. 
1
mangelito 3 days ago +1
There's a very entertaining sub with the same name
1
Calculon123456 3 days ago +1
No more, please! I've had enough for a lifetime with my brief job hunting visits.
1
Coz131 4 days ago +15
Feels like browsers should not have access to extension list.
15
PaleontologistNo2625 4 days ago +11
Would be hard for a browser not to know its own extensions, no?
11
frankster 3 days ago +7
I guess he's saying that a webpage should be sandboxed from knowledge of the extensions in the browser
7
bobdobalina 3 days ago +3
not from the website's perspective... like your allow/block/notifications/cookie permissions etc.. once they've granted access though...yea not so much I think...but I'm more of a system engineer than a web guy
3
panorambo 3 days ago +7
They don't _make_ the list accessible to a random website. But a script running on a page -- which is already sand-boxed so that e.g. asking for user's location at least, isn't acknowledged or answered without user's explicit consent -- may determine whether a particular extension is running _indirectly_ because most extensions _modify_ the page, adding variables etc. So this "fingerprinting" is done _despite_ the browser's otherwise diligent refusal to allow random scripts (as in, from a random website or one you didn't explicitly mark as trusted) to ask where you are, or an image from your camera or a sample from your microphone etc. Despite the locked-down APIs, fingerprinting is trivial unfortunately (because a lot of Web APIs are broken by design too), look at https://amiunique.org -- LinkedIn does much of the same thing, for their own purposes of course. They aren't necessarily as interested in your fingerprint in this case, more in which extensions you are running so they can aggressively sell you their own (or outright force you to install).
7
adzm 3 days ago +5
While true, in this case they are mostly just checking if certain chrome-extension URLs return anything. See https://browserleaks.com/chrome for an example.
5
panorambo 3 days ago +1
Very interesting. I stand corrected (didn't think of that trick). The Web platform is so idiotically designed, in a sense. Or maybe not idiotically designed but for all the good intentions, there is no locking it down it seems. URLs are ubiquitous and so are extension- or Chrome-specific URL schemes, but the hole made by permitting whatever to just obtain a response for e.g. `chrome://...` makes you ponder who and where stepped in the salad, and how.
1
smilbandit 3 days ago +1
they don't directly but it sounds like they systematically load them and check for interactions and then log successful or not.
1
ManyAreMyNames 3 days ago +4
One of my coworkers was telling me she got off LinkedIn years ago because she was tired of men using it as a dating site. I'm guessing she's not regretting that decision right now.
4
busterghost65 4 days ago +11
I use a seperate browser for Google and other stuff like LinkedIn which unfortunately I have to use for work. Personal browsing is all done in firefox with ublock. I also use Linux so nothing funny can be done by corpos on my computer. So 1. No or minimal personal information for them to take 2. They cant use that to influence me as I dont see any ads.
11
priortouniverse 4 days ago +10
Yet, if they deploy first party tracking, they can track you and still send data to marketing platforms without your knowledge. Do you control how companies handles your personal information (email, name, address) those can be used for tracking as well once uploaded manually to advertising platforms.
10
busterghost65 3 days ago +2
There's a limit to how much I can do. E.g. I have to use LinkedIn for job applications as it's where most of jobs are listed. I fully well know that they go through my CV and sell all of my data to companies and governments. It atleast have no idea about what my interests are and most of my personal details. Also, at least from marketing perspective, any information they have are effectively useless as I've blocked at in all my devices so there is no way for them to influence me.
2
redpandafire 3 days ago
Yet I control how useless it is.  I share a vpn with others, browse wildly different content, and constantly Nuke my tracking data. For fun, I’ll spoof my meta data around to f*** up their AI. I now get ads for retirement alongside baby products. Then I just block them. Advertisers are the real losers, burning their money into the abyss.
0
flypirat 3 days ago +8
Why should nothing funny be possible just because you use Linux? Linux isn't some magical shield.
8
busterghost65 3 days ago +7
OS is open source so I have more assurance that it doensn't have known OS level tracking and sharing of info (unlike Windows or MacOS). I try to use Flatpack applications as much as possible and use Flatseal to control what each app can do. So pretty secure.
7
Deep_Ad1959 4 days ago +2
separate browser is a good start but keep in mind each browser still accumulates its own autofill entries, saved addresses, and form history over time. even your "work only" browser eventually builds a pretty detailed profile of who you are just from the forms you fill out. worth periodically auditing what each browser has saved about you in settings, most people are shocked when they actually look.
2
busterghost65 3 days ago +2
Yes good point. Even in that browser there's cross site tracking protection and bunch of other stuff enabled. I clear browsing data about once a month and re login. Also There is a VPN and the location is changed about every week.
2
smilbandit 3 days ago +1
I have a firefox container for Linkedin specifically.
1
IonHDG 3 days ago +3
oh, just extensions and not my history. phew..
3
Robtism 3 days ago +3
LinkedIn has a profile of you before you ever sign up and it’s f****** creepy and accurate
3
KlingelbeuteI 4 days ago +5
Another reason to avoid and hate the business circle jerk platform that is linked in.
5
SanDiegoDude 3 days ago +13
Guys, it was collecting cookies and browser metadata. Same thing every other sophisticated website does. This is clickbait nonsense.... use browsers that aren't built as advertising engines (i.e. don't use Chrome) if you don't want them leaking your metadata.
13
bobdob123usa 3 days ago +13
Sounds like it is going a little further than typical. It is attempting to load a list of extensions, then recording which load successfully.
13
SanDiegoDude 3 days ago -4
Still perfectly normal (Facebook, Twitter, hell Gmail, all run similar analytics) - none of this is out of the norm for modern web analytics and UX analysis. Hate the game sure, but realize they're all playing it, nothing special about LinkedIn in this case.
-4
Teamfluence 3 days ago +10
No they are not. Read the complete thing not just the headline.
10
SanDiegoDude 3 days ago -5
I did. Did you? lol. I also have worked in the cybersecurity industry for 20+ years, focusing on network and data security. I'm going to say it again - **none of this is out of the norm for modern website data collection**.
-5
Mysterious-World-997 3 days ago +5
“The Chickenshit Club: Why the Justice Department Fails to Prosecute Executives” by Jesse Eisinger does a nice job detailing why the DOJ repeatedly lets white collar criminals off the hook
5
thedoc90 3 days ago +4
I'm begging everyone. Stop using Google Chrome, stop using Windows. The longer companies feel lile they can get away with this shit the closer we get to techno feudalism.
4
PreSuccessful 3 days ago +2
Is there anything the extension owners can do about this?
2
vipros42 3 days ago +2
Seems like less of a crime than how f****** awful LinkedIn is.
2
ZGadgetInspector 3 days ago +2
Quelle surprise! People just getting used by, and expecting a reach around from, Microsoft and Google always seem surprised when all they are left with are dirty sheets and a feeling of emptiness. LinkedIn is now exactly what happens when Microsoft sacks your village.
2
SirArthurPT 3 days ago +2
This also becomes possible because the browser reports installed extensions for unknown purposes, no?
2
permalink_save 3 days ago +2
> Here’s why: some extensions have static resources (images, javascript) available to inject into our webpages. Oh no, someone used a pen to scribble.kn a letter we sent them. Once the browser sends data to a device, the device can do whatever it wants to it. But go ahead and set this precedence of having client side usage TOS, give us a reason to class action all thr crawler bots including Microsoft's. Would be juicy to sue copilot for scraping my shitty recipe site to train AI. Because bots are now against my TOS you can only display it in a browser exactly as written. Oh man, and all the AMP links, there would be standing for Google hijacking articles now.
2
b3iAAoLZOH9Y265cujFh 3 days ago +2
Can't say I'm surprised. Disappointed, but not surprised. We all knew - or should have known - that it'd turn to shit after the Microslop acquisition, one way or the other.
2
incitatus-says 3 days ago +2
I am thrilled and humbled to announce this could be the end of LinkedIn. Please god? Allah? Hashem? Anyone?
2
sioux612 3 days ago +1
This could explain why LinkedIn has like 20x the amount of personell I expect
1
Traumatan 3 days ago +1
yea same as openai and facebook
1
Aryk93 3 days ago +1
Thanks for the reminder to uninstall LinkedIn from my phone. Somehow the worst social media app out there nowadays? Like how do you manage that?
1
drk_rvng 3 days ago +1
I'm not surprised. Whenever I open Linkedin, I see posts that are spot-on related to the problems that I am currently working on. The accuracy of the topics and posts are crazy.
1
RobinsShaman 2 days ago +1
Why are mine all about erectile dysfunction and rehab locations near me?
1
xX609s-hartXx 4 days ago
Just another example of totalitarian capitalism...
0
on_ 3 days ago +1
If a page can detect the extensions installed , why doesn’t YouTube block with anti ad suites.
1
platinumarks 3 days ago +5
They do this with varying levels of success, especially on Chromium browsers. There's been periods in the past where the detection was sufficient enough to break YouTube playback with the ad blockers enabled. It's just that the ad blockers are one step ahead of every change. It's partially why Google stopped supporting old versions of the Manifest API, which allowed extensions to edit pages before the page fully is parsed.
5
Mountain_rage 3 days ago +1
Owned by Microsoft so its no surprise its following their aggressive anti consumer behaviour.
1
zomboscott 3 days ago +1
Attention, Team! Moving forward, we will no longer be referring to scandals by adding "Gate" as part of the scandal's name. For example, "BrowserGate" will now be the "Browser Scandal." Thank you for your cooperation in this matter. Management
1
[deleted] 3 days ago -1
[deleted]
-1
Teamfluence 3 days ago +1
Read the whole thing not just the headline.
1
Previous-Height4237 3 days ago +1
This has been known for ages though
1
5kyl3r 4 days ago -4
i'd like to proudly state that i've never used linkedin. it's crazy to me to put all that info on a public site like that. talk about doxxing yourself. stolen credit card info is all over the place, but can be difficult to use without other info. putting your entire job history online for everyone to see sounds like the perfect way to get your identity stolen and your credit history destroyed and years later they had a massive data breach, and i was enjoying being completely free of that now this i still think linkedin is at best a bad idea that nobody asked for, and at worst, a psyop designed to steal your info (the tin foil hat option sounds more likely after this article)
-4
the_knower02 4 days ago +6
It's literally a site to find jobs are you dumb
6
5kyl3r 3 days ago -1
not really, it's more of a pubic accessible digital CV
-1
the_knower02 3 days ago +3
yes really
3
5kyl3r 3 days ago -1
i've never met anyone that used it to find a job. most people post their cv and reference it if asked. that and create a rule in their gmail to filter the headhunter spam it generates linkedin is a joke
-1
PhantasmologicalAnus 3 days ago +5
I used it. Once. To find a job. That was the single and only purpose it was used for. I got the job five years ago. Someone mentioned LinkedIn the other day and I went to check my account for the first time since then. And it's locked until I provide my ID, which isn't happening.
5
5kyl3r 3 days ago +6
yeah on top of me thinking it's dumb to put PII on a public site, it always felt like some really cringe corpo facebook, or at least that's the vibe i got from reading some of the posts on there but between data leaks, this new news on the plugin, and the ID stuff, still a hard pass from me. cool you found a job through it though
6
themoslucius 3 days ago +1
Working in a corporate environment LinkedIn is unfortunately necessary for networking. Even cybersecurity experts use it. It also is a solid place to find jobs, I got my last two via it. It's the best way to interact with recruiters and vendors, and the job listings on it are higher quality than dedicated job posting sites.
1
5kyl3r 3 days ago +3
i work in a corporate environment and i haven't needed it yet luckily speaking of cybersecurity, dumping PII onto a public linkedin is insane
3
the_knower02 3 days ago +4
You must not know many people, because it's how a majority of people find jobs. LMFAO
4
_Schrodingers_Gat_ 3 days ago -6
And shares the results with f****** Israel.
-6
platinumarks 3 days ago +1
Yeah, damn them Je--I mean, Israel *wink, wink*
1
_Schrodingers_Gat_ 3 days ago +1
No. I very much and very specifically mean some palantir like digital surveillance company coordinating with the Israeli government to steal data. One can be Jewish, support the Jewish people, and condemn the actions of the Israeli government as genocide and detrimental to the long term safety of the world’s population. Heck one could even go so far as to have empathy for our enemies, and for those too blinded by ignorance as to not know the difference.
1
Empty-Mulberry1047 3 days ago
how is it espionage or a data breach? knowing what extensions a user has is rather... innocuous and not overly useful..
0
jasonlitka 3 days ago
If you walk down the street wearing designer clothes with logos all over it you don’t have the right to tell everyone nearby to not look at you and not draw conclusions about you based on what they see. This isn’t espionage, more a digital-equivalent of “active listening”. If your browser is leaking information about you then your beef is with the people who made it.
0
Edgefactor 2 days ago -1
Secretly? How could anyone be surprised that LinkedIn did anything fishy at all? Shit is spyware at face value, let alone anything there doing behind the scenes.
-1
← Back to Board