HN
Today

LinkedIn checks for 2953 browser extensions

LinkedIn is silently checking for nearly 3,000 Chrome extensions on every page load, a deeply invasive act of fingerprinting. This GitHub repository exposes the extensive list of probed extensions and the technical method employed. The revelation sparked a contentious debate on corporate control over user data versus platform protection against scraping and automation.

129
Score
73
Comments
#4
Highest Rank
7h
on Front Page
First Seen
Feb 5, 8:00 PM
Last Seen
Feb 6, 2:00 AM
Rank Over Time
441212101012

The Lowdown

A new GitHub repository reveals that LinkedIn is actively fingerprinting its users by silently probing for 2,953 Chrome browser extensions on every page load. This clandestine practice leverages a known aspect of Chrome's architecture to detect installed extensions without explicit user consent.

  • The repository provides a comprehensive list of all 2,953 extension IDs that LinkedIn checks for, meticulously extracted from their fingerprint.js script.
  • It includes tools to cross-reference these IDs with extension names and links from the Chrome Web Store or, for unavailable extensions, via Extpose.
  • Approximately 78% of the identified extensions are still found on the Chrome Web Store, while the remaining 22% are located through Extpose, suggesting they may be removed or unavailable.
  • The method exploits the ability of a website to attempt to load web-accessible resources from known extension IDs, observing success or failure to determine presence.

This documentation casts a harsh light on LinkedIn's aggressive data collection and platform control strategies, forcing a discussion on user privacy and browser security vulnerabilities.

The Gossip

Browser Breakdowns and Built-in Blockers

The discussion quickly clarified the technical mechanism behind LinkedIn's fingerprinting: it probes for web-accessible resources using known Chrome extension IDs, rather than checking the Chrome Web Store. Commenters noted that Chrome's architecture, unlike Firefox's, currently allows this. Firefox explicitly thwarts such fingerprinting by randomizing extension IDs for web-accessible resources on each browser restart, leading many to advocate for Chrome to adopt similar privacy-enhancing measures.

Corporate Control and Contentious Catalogs

A significant portion of the debate centered on LinkedIn's motivations. Many pointed out that the list of 2,953 extensions predominantly includes tools for scraping, automation, lead generation, and 'AI assistants'—all potentially undermining LinkedIn's business model or terms of service. While some sympathized with LinkedIn's need to protect its platform from abuse and data exfiltration, others argued it was more about maintaining control over data monetization and forcing users to rely on LinkedIn's own, often criticized, features.

Privacy Predicaments and Platform Power Plays

The community expressed strong concerns about the ethical and privacy implications of LinkedIn's actions. Many found it hypocritical for a platform, owned by Microsoft, which is itself a major data aggregator, to engage in such extensive user fingerprinting while simultaneously blocking third-party access to its data. This fueled a broader discussion on corporate power, data ownership, and the rights of users versus platforms, with some sharing personal anecdotes of LinkedIn's aggressive enforcement tactics against user-created tools.