this post was submitted on 02 Apr 2026
114 points (95.2% liked)

Privacy

9595 readers
341 users here now

A community for Lemmy users interested in privacy

Rules:

  1. Be civil
  2. No spam posting
  3. Keep posts on-topic
  4. No trolling

founded 2 years ago
MODERATORS
iopq@lemmy.world
114
LinkedIn Is Illegally Searching Your Computer (browsergate.eu)
submitted 2 weeks ago by floofloof@lemmy.ca to c/privacy@lemmy.world
12 comments fedilink hide all child comments
 

cross-posted from: https://lemmy.bestiver.se/post/1024319

Comments

all 13 comments
sorted by: hot top controversial new old
[–] Feyd@programming.dev 72 points 2 weeks ago (2 children)

Every time you open LinkedIn in a Chrome-based browser, LinkedIn’s JavaScript executes a silent scan of your installed browser extensions.

Still wrong, but but not quite as scary as "searches their computer for installed software" which makes it sound like it broke out of browser sandbox

[–] Atelopus-zeteki@fedia.io 17 points 2 weeks ago

Jokes on them, I never use chrome, and never go to Link'in. I guess they'll never know who I really am, by extension.

[–] null@lemmy.org 2 points 2 weeks ago

Isn't that what most mainstream sites try to do anyway?

[–] Nollij@sopuli.xyz 25 points 2 weeks ago (1 children)

To me, this seems like a security flaw in Chromium. Websites should not be able to access any of it (yes, even just the extensions) regardless of what code they're running.

Not great for LinkedIn, but a critical failure of Chromium.

[–] Dave@lemmy.nz 6 points 2 weeks ago

Reminds me of how any app in Android can see all the other installed apps. Great for fingerprinting.

[–] French75@slrpnk.net 14 points 2 weeks ago (1 children)

Isn't this what every major social media site does? It's certainly what security and privacy experts have been warning us about for years.

Once can hope LinkedIn pays a heavy price for this, but they've probably done it intentionally knowing the value 100x exceeds the likely penalty. This will probably end up with all of us being offered to join a class action where our settlement is a free month of LinkedIn premium.

[–] plz1@lemmy.world 5 points 2 weeks ago

What penalty? What illegal thing are they even doing? If the browsers allow this, they should expect it to happen. Prevent it, or expect it. Websites shouldn't be able to "scan" for these extensions in the first place.

At best, they might get a slap on the wrist fine they pay to the FTC or FCC, and admit no fault.

[–] HubertManne@piefed.social 13 points 2 weeks ago

Every time you open LinkedIn in a Chrome-based browser, LinkedIn’s JavaScript executes a silent scan of your installed browser extensions. The scan probes for thousands of specific extensions by ID, collects the results, encrypts them, and transmits them to LinkedIn’s servers. The entire process happens in the background. There is no consent dialog, no notification, no mention of it in LinkedIn’s privacy policy.

[–] StealthLizardDrop@piefed.social 3 points 2 weeks ago (1 children)

laughs in linux

[–] solrize@lemmy.ml 3 points 2 weeks ago (2 children)

People run Chrome on Linux.

[–] StealthLizardDrop@piefed.social 2 points 2 weeks ago

So this is a more in depth explanation of what it actually does. In the end it only searches a specific number of extensions from chrome extension store, encrypts it and sends it off to 3rd party.

https://browsergate.eu/how-it-works/

But i also don't use chrome based browser and don't visit LinkedIn. Il live

[–] altphoto@lemmy.today 1 points 2 weeks ago

Installed software! Oh installed software! Where are you! LOL! This guy is using scripts he wrote himself and the combination number #24356357954689 of possible software, desktop GUI and kernel. Okay let's drive our malicious scan!.... Oh sudo password, we need the root password to do anything malicious! Look at this, it even has a welcome screen asking for you to scan as much as it is possible in that image! Darn!