LinkedIn Is Illegally Searching Your Computer (browsergate.eu)

submitted 3 weeks ago by rssbot@lemmy.bestiver.se to c/hackernews@lemmy.bestiver.se

15 comments fedilink hide all child comments

top 15 comments

sorted by: hot top new old

[-] mlfh@lemmy.sdf.org 24 points 3 weeks ago

Since this is being posted fucking everywhere with the same sensational headline that makes it look like linkedin is jumping out of the browser to scan your actual filesystems, here's an exerpt from the site linked:

The Attack: How it works
Every time you open LinkedIn in a Chrome-based browser, LinkedIn’s JavaScript executes a silent scan of your installed browser extensions. The scan probes for thousands of specific extensions by ID, collects the results, encrypts them, and transmits them to LinkedIn’s servers. The entire process happens in the background. There is no consent dialog, no notification, no mention of it in LinkedIn’s privacy policy.

It's enumerating the browser extensions you have installed.

[-] LodeMike@lemmy.today 12 points 3 weeks ago

Why does Chrome give websites this ability?

[-] ActualGrapesTasteGreen@piefed.zip 9 points 3 weeks ago* (last edited 3 weeks ago)

This should be top comment in every post of this article. It doesn't make what they're doing ok, but it's less sensational.

Honestly I'm surprised any browsers let arbitrary websites list installed extensions.

[-] OwOarchist@pawb.social 5 points 3 weeks ago

Still could be quite damaging to your privacy, especially since LinkedIn usually also knows your real name and your employer, so they can easily match this list of extensions up with a precisely identified person.

[-] scytale@piefed.zip 16 points 3 weeks ago

LinkedIn loads an invisible tracking element from HUMAN Security (formerly PerimeterX), an American-Israeli cybersecurity firm, zero pixels wide, hidden off-screen, that sets cookies on your browser without your knowledge. A separate fingerprinting script runs from LinkedIn’s own servers. A third script from Google executes silently on every page load. All of it encrypted. None of it disclosed.

Can’t uBO block this with custom filters?

[-] floofloof@lemmy.ca 8 points 3 weeks ago

I don't know, but I just added a DNS override on my home network to resolve *.linkedin.com to 0.0.0.0.

[-] workerONE@lemmy.world 7 points 3 weeks ago

Do browsers actually allow code execution which can provide a list of installed programs?

[-] OwOarchist@pawb.social 2 points 3 weeks ago

Chromium-based ones do, apparently.

Another common W for Firefox.

[-] Tim_Bisley@piefed.social 7 points 3 weeks ago* (last edited 3 weeks ago)

I'd like to know how this functions because if MS is doing it than others are as well. Metadata in your browser is one thing but being able to see past that is unacceptable.

[-] LodeMike@lemmy.today 3 points 3 weeks ago* (last edited 2 weeks ago)

LinkedIn breaks the law without consequence all the fucking time. See their un-unsubscribable emails.

[-] LammaLemma@lemmy.ca 3 points 3 weeks ago

So is there a way to restrict this for LinkedIn or any other site for that matter?

[-] rando@sh.itjust.works 4 points 3 weeks ago* (last edited 3 weeks ago)

One Linux you could, I.E. for a flatpak you could use flatseal (or manually do it via command line) to lock down what folders the flatpak can operate in. I just did this for Brave Browser.

There is also the software Bubblewrap that accomplishes the same. These are at the application level for the entire browser though.

[-] Hawke@lemmy.world 3 points 3 weeks ago

No, I don’t think they are.

[-] earlstilt@feddit.uk 3 points 3 weeks ago

Not mine

[-] Bluegrass_Addict@lemmy.ca 2 points 3 weeks ago

you mean microslop

this post was submitted on 02 Apr 2026

45 points (89.5% liked)

Hacker News

4753 readers

480 users here now

Posts from the RSS Feed of HackerNews.

The feed sometimes contains ads and posts that have been removed by the mod team at HN.

Source of the RSS Bot

founded 2 years ago

MODERATORS

patrick@lemmy.bestiver.se

rssbot@lemmy.bestiver.se