LinkedIn Exposes Users' Digital DNA: How Browser Fingerprinting Targets GDPR-Protected Health and Politics
LinkedIn is reportedly exploiting Chromium's internal Resource API to scan local browser extensions, creating a direct pathway to harvesting sensitive user data.
The community is deeply split on the scope of the danger. TheIPW argues this is a grave threat, suggesting the data collection risks violating GDPR Article 9 by inferring 'Special Category' data like health status. Conversely, zer0squar3d argues the attack is narrowly constrained only to matching known browser extension IDs, asserting a simple User Agent change could stop it. Meanwhile, gibmiser warned beyond mere data points, claiming observers can compile a 'psychological profile of an employee’s home environment' just from the installed tool list.
The core consensus is that LinkedIn poses a significant, covert privacy risk through browser fingerprinting. The fault lines exist between those demanding drastic network hardening (firewalls, DNS blocking) and those suggesting targeted browser isolation (like Firefox Containers) as a defense.
Key Points
LinkedIn uses API access to scan local browser extensions.
TheIPW stated LinkedIn exploits a Chromium internal resource API to scan for specific extension IDs.
The data harvested risks violating GDPR Article 9.
TheIPW and gibmiser noted this data allows inference of 'Special Category' data, like health status or political advocacy.
The attack is limited strictly to extension IDs.
zer0squar3d insisted the vulnerability is narrow, targeting only 'browser addons/extensions' and not the whole system.
Defensive network hardening is a necessary layer of defense.
TheIPW suggested network measures like DNS blocking or firewall rules to stop tracking requests at the source.
Observing toolsets can build deep psychological profiles.
gibmiser pointed out the ability to create a 'psychological profile of an employee’s home environment' from installed tools.
Source Discussions (3)
This report was synthesized from the following Lemmy discussions, ranked by community score.