HN

Comments (346)

• Menu

  haswell
  The headline seems pretty misleading. Here’s what seems to actually be going on:> Every time you open LinkedIn in a Chrome-based browser, LinkedIn’s JavaScript executes a silent scan of your installed browser extensions. The scan probes for thousands of specific extensions by ID, collects the results, encrypts them, and transmits them to LinkedIn’s servers.This does seem invasive. It also seems like what I’d expect to find in modern browser fingerprinting code. I’m not deeply familiar with what APIs are available for detecting extensions, but the fact that it scans for specific extensions sounds more like a product of an API limitation (i.e. no available getAllExtensions() or somesuch) vs. something inherently sinister (e.g. “they’re checking to see if you’re a Muslim”).I’m certainly not endorsing it, do think it’s pretty problematic, and I’m glad it’s getting some visibility. But I do take some issue with the alarmist framing of what’s going on.I’ve come to mostly expect this behavior from most websites that run advertising code and this is why I run ad blockers.
• Menu

  VladVladikoff
  >The user is never asked. Never told. LinkedIn’s privacy policy does not mention it.OMG is literally every article written with LLMs these days I just can't anymore. It's all so tiring.
• Menu

  andersonpico
  this is a massive violation of trust> The scan doesn’t just look for LinkedIn-related tools. It identifies whether you use an Islamic content filter (PordaAI — “Blur Haram objects, real-time AI for Islamic values”), whether you’ve installed an anti-Zionist political tagger (Anti-Zionist Tag), or a tool designed for neurodivergent users (simplify).
• Menu

  lxgr
  All I'm seeing is that Chrome apparently is failing to properly sandbox websites against extension fingerprinting.Sure, this can be solved at the legal layer, but in this case, there seems to be a much simpler and more effective technical solution, so why not pursue that instead?
• OhMeadhbh
  Fwiw... I now run personal and professional browser profiles from two different jails / cgroups. It's a pain in the arse to set up, and I have to verify my config still works after every update, but I get a good feeling knowing my personal chocolate is not mixing in with my professional peanut butter.I set up the cgroups hack so I could route traffic from a dev profile into a VPS vpn, and may not be that useful for everyone.But I think this is a reminder that you may want to have at least two profiles: one public and the other private. Do you really want Microsoft to know you installed the "Otaku Neko StarBlazers Tru-Fen Extendomatic" package to change every picture of a current political figure to an image from the cast of Space Battleship Yamato?
• Menu

  jamesgill
  https://browsergate.eu/extensions/It seems to not scan for Privacy Badger and uBlock Origin, two extensions I rely on. That's...surprising.
• Menu

  arafeq
  the part about scanning for 509 job search extensions is especially nasty. imagine getting flagged to your employer because linkedin detected you had a job board extension installed.
• Menu

  hmokiguess
  Separate question, why isn't this kind of stuff something the browser restricts access to or puts behind an approval gate to the end user?
• Menu

  z3ratul163071
  why would the browser ever expose extensions api to a web page. does firefox does this as well?
• Menu

  gburgett
  The “how it works” page suggests it only works on chrome based browsers. Anyone able to determine if firefox or safari are affected too?
• tiku
  I remember the LinkedIn app that got all your contacts from your phone and tried to add them to your network. I had random people from internet-deals (local craigslist) that where popping up. So strange that this was allowed.
• searls
  Read this:> Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s serversAnd thought, "no way in hell this gets by Safari."And then, under "The Attack: How it Works":> Every time you open LinkedIn in a Chrome-based browserShocker. If you use a Chromium-based browser, you should expect to be trading away your privacy, IME.
• charles_f
  It will sound like finessing on details, but details are important in these kind of claims, and this seems incorrect> Microsoft has 33,000 employees and a $15 billion legal budgetMicrosoft has more than 220k employees (it's hard to follow with all the layoffs), and the G&A in which bankrolls legal expenses (but not only - it also contains basically every employee who's not engineering or sales) was only 7B in 2025 - so legal budget is much lower than that.
• Menu

  devy
  LinkedIn has been a weirdest social network for a long time.https://hn.algolia.com/?q=linkedin+weird
• two_handfuls
  That's on brand. I remember their phone app asking for contacts permission and just taking them all and uploading them to their server.
• seamossfet
  I wonder how much of this is also used for audience segmentation for their advertisements? Linkedin ads are some of the most expensive out of any social media platform, but they also tend to have the highest conversion since you can get pretty niche with your targeting.
• Menu

  llacb47
  This title should be changed as no court found this is illegal, and this is pretty standard, if extensive, browser fingerprinting, however disagreeable it is
• chad_strategic
  I run ad blockers and pihole, does that help?
• hmokiguess
  This website was difficult to follow but I found that this page https://browsergate.eu/extensions/ was the most helpful to understand what they were talking aboutEssentially, they are labelling you, like most do, but against some interesting profiles given the kinds of extensions they are scanning for
• Menu

  hjk2
  How a web site can search one's computer?
• Menu

  Joeboy
  The most obvious reason for this is browser fingerprinting, right? So your visits to other websites can be linked to your Linkedin identity? Or no?
• pizzuh
  i dont like that i pay them $79 a month for them to scrape my extensions
• nticompass
  > Every time you open LinkedIn in a Chrome[actually Chromium]-based browserThere's a reason I continue to use Firefox (with uBlock Origin) and will never switch.Also, when I got laid off from a previous job, I made a LinkedIn profile to help find a new job. Once I found a new job, I haven't logged into LinkedIn since - that was almost 2 years ago.
• Menu

  ericyd
  I don't like any of this, but I'm not totally clear how this is substantially different from other fingerprinting technologies which I assume are used by every large tech company. Could anyone elaborate? The post isn't very clear why this is different from other data surveillance.
• red_admiral
  "searching your computer" -> using standard web fingerprinting techniques. They don't actually get to read your home directory, and the authors should be honest about this!
• Menu

  arndt
  Is there a way to disable the ability for websites to scan for extensions in Chrome?
• Menu

  mentalgear
  Interesting. I didn't know a extension’s web-accessible resource (e.g. chrome-extension://<id>/...) could be abused to learn about the user's installed extensions by checking whether it resolves or not.
• Menu

  hnburnsy
  Go check out QueryAllPackages permission on Android and see which of your apps can scan and know about all the other apps on your Phone. Thanks Google!
• syn0x
  LinkedIn is full of lunatics, does not surprise me at all.
• jacquesm
  Not mine. And why do we say LinkedIn, it is just Microsoft, just like Github is Microsoft and a whole raft of other companies are just Microsoft in a trenchcoat.
• Menu

  pier25
  I alway use LinkedIn and Meta websites in a different browser altogether.I hope browsers in the future will need to ask for permission before doing any of that.
• Menu

  AmazingTurtle
  6 months ago I already posted about thishttps://news.ycombinator.com/item?id=45349476
• zephyrwhimsy
  The context window is not just a cost concern — it is an information density problem. With 128K tokens you can fit 6 raw web pages or 32 clean Markdown pages.
• chromacity
  The real story is what's going on behind the scenes. The charges are relatively flimsy (for the reason I mentioned in my other comment). But here's the cool thing: the site is basically taken from Microsoft's playbook. For years, they pretty transparently bankrolled shadowy, single-issue "grassroots advocacy" groups that went after their competitors under flimsy pretenses. These organizations attacked others but somehow never had an opinion about stuff like Windows Copilot.This feels very similar, except now it's taking a swing at Microsoft. It's apparently paid for by some mysterious "trade association and advocacy group for commercial LinkedIn users" that runs out of a private PO box in a small German town - uh huh. I'm not going to feel bad for Microsoft, but I would love to read some investigative reporting down the line.
• anon
  undefined
• Menu

  free_bip
  They only mention this being a potential violation of the DMA. How about north american countries? US and Canada?
• daft_pink
  I don’t understand how browser security would allow linkedin to search my computer?
• Menu

  sumanep
  Bait, just look at browser addons, millons of site do it as well
• dzonga
  some of these things are just an effect of using chromium browsers.use safari or Firefox. and chrome only for incognito web app testing.
• Menu

  mikkupikku
  LinkedIn has been overtly evil for decades, and their power users are the most insufferable sort of middle management yuppy scum. I know job searching can be hard, but I don't go near LinkedIn with a ten foot pole.
• anon
  undefined
• laughing_snyder
  Directly on the landing page:> Microsoft has 33,000 employeesthis should probably be LinkedIn, not Microsoft.
• anon
  undefined
• liyu-aka-lukyu
  Deleted my account. Fixed!
• bitfilped
  Despite the misleading headline, I really don't understand why anyone uses linkedin, there will inevitably be a trailing rely of comments claiming it has some irreplaceable value in professional networking, but I don't buy it. Nobody I've ever talked to has been able to articulate any actual value provided by "connecting" to another person on a social networking site. If you want to build professional connections go to lunch, join community calls, attend professional events, and go to conferences.
• Menu

  everdrive
  Sounds like containers and potentially adblocking and js blocking prevent this. For my part, I use linked in on my "god dammnit I hate corporate websites so much" browser which is used only for medical bill pay and amazon / wal mart purchases and then monthly bills. Could LinkedIn get something from me there? Potentially, but they're also not really following me around the web. I think given this I'll go install a 3rd browser for linkedin only, or maybe finally just delete my account. It never got me a job and it's a cesspool.
• anon
  undefined
• acorn221
  This gave someone the opportunity to add in "Jeffery_Epstein_did_not_kill_himself" to linkedin's client facing code base through this. If you open dev tools -> network tab -> network search icon (magnifying glass) -> search for "epstein" and load up linkedin, you should see it for yourself too!I really don't think they're "illegally" searching your computer, they're checking for sloppy extensions that let linkedin know they're there because of bad design.
• hcfman
  I hate the way they just started saying you have a new message when you really don't. Now I'm going to miss when I really have new messages for a while because I'm not going to go to that site anymore when they say that.And not letting you read your messages when on your mobile phone unless you use their app is particularly mean. Considering again where they are sending all the information they scrape.
• anon
  undefined
• dboreham
  Exactly how is it "illegal" to run code that exercises some aspect of the legitimate browser API surface? Are there functions marked as legal, and others marked as illegal?
• liyu-aka-lukyu
  Deleted my LinkedIn account. Fixed.
• trey-jones
  The fact that every job application wants a link to my profile on a platform that tries to push "brain training puzzle and games" on me just makes me angry every single time. I really hate LinkedIn and my active rebellion against it is hurting my ability to find a new job.I know there has been other LinkedIn hate on HN this week. I know they have some good tools for job searching and hiring. I still wish we as a society could move on and leave this one with MySpace.
• da_grift_shift
  This is https://news.ycombinator.com/item?id=46904361, right?
• Fokamul
  This is result of browser fingerprinting.My guess, Linkedin is used for years as source of valuable information for phishing/spear-phishing.Maybe their motive is really spying. But more important for them is to fight against people botting Linkedin.Imho, browser fingerprinting should be banned and EU should require browser companies to actively fight against it, not to help them (Fu Google)
• Menu

  foxes
  It seems it scans your extensions not your system - reading the details. The intro made it a bit unclear.
• secretsatan
  Just use Safari, it won't even load the page half the time.
• Menu

  knollimar
  Reminder for windows control alt shift windows L
• Menu

  jen729w
  I can’t take an article seriously that starts:> Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed softwareand then proceeds not to explain how it’s doing that to me, a Safari user.Because, spoiler: it isn’t. Or, it might try to search, and fail, and nothing will be collected.
• EdoardoIaga
  The headline seems pretty misleading
• j45
  Browsers almost need a firewall against websites for the functions and scans being run on it by websites.Different browsers have various settings available, but do we have a little snitch for a web browser?
• JoelMcCracken
  This is true/valid in many ways, but the signs of significant AI gen are pretty obvious. And now I wonder how much of the overblown narrative is here.This reminds me of the slop bug reports plaguing the curl project.
• bethekidyouwant
  Chrome: lets website scan what extensions you have installed for some reason.
• pjmlp
  Another good reason not to use extensions, and leave whatever they do for utility apps.
• buellerbueller
  When Aaron Swartz does it, it is the threat of life in prison leading to suicide. When a multibillion dollar company does it, it is just capitalism.HOLD EXECS LEGALLY ACCOUNTABLE, CRIMINALLY AND CIVILLY, FOR THE CRIMES OF THER CORPORATIONS.
• donatj
  If they are genuinely only using the information to detect bad actors and maintain site stability as the affidavit states, and if they can prove it, this seems like potentially a non-issue?I am not a lawyer, but site stability seems like a GDPR "Legitimate Interest" in my book anyway.
• DanDeBugger
  [dead]
• Menu

  josefritzishere
  Why can't we have nice things?
• sourcegrift
  The only explanation of linkedin being worth 44B is the prominent appearance of both bill gates (who started spending a day a week at MS after nadella became ceo), and reid hoffman appear prominently in epstein files. The deal itself was finalized during Trump's first term. So everything checks out
• Caum
  [dead]
• razkaplan
  [dead]
• anon
  undefined
• surcap526
  [dead]
• ccgb
  [dead]
• Menu

  esses
  [flagged]
• Menu

  _pdp_
  The title is a complete nonsense.
• nxm
  Nothing but click-bait.
• anon
  undefined
• Menu

  maplethorpe
  Doesn't it depend how they're storing the data? If it's sufficiently transformed, it could be considered fair use.
• zephyrwhimsy
  The proliferation of AI coding assistants is shifting the bottleneck from writing code to reviewing code. The developers who will thrive are those who develop strong code review instincts.