LinkedIn's JS Scans Installed Extensions: GDPR Alarm Bells Ringing Over Browser Snooping
JavaScript executing within Chrome-based browsers is allegedly conducting silent, non-consensual data collection on a user's installed browser extensions. Specific analyses allege LinkedIn probes for extensions by ID, encrypts this data, and transmits it to third parties. One technical breakdown even pointed to LinkedIn searching for a specific count of extensions from the Chrome Extension Store.
Commenters split sharply on whether this crosses a legal line. Some users, like [Nooodel], claim the data collection constitutes a direct GDPR violation because the processing reason lacks consent. Conversely, others, such as [KairuByte], argue that merely using a browser API endpoint might not be technically illegal in most jurisdictions. Meanwhile, high-scorer arguments from [Feyd] confirmed the JavaScript executes this scan on Chrome-based browsers, while others, like [HubertManne], emphasized the silent, ID-based data probing.
The core friction point remains legality versus ethics. While many users distrust the practice outright, the technical debate pits legal precedent against perceived invasion. The consensus points toward highly suspect activity involving data scraping, regardless of its current legal status, leading some users to advise abandoning Chromium-based browsers entirely.
Key Points
LinkedIn silently scans installed browser extensions using JavaScript.
Multiple accounts, including [Feyd] and [HubertManne], detailed that the JavaScript executes this probe without apparent user knowledge.
The data collection potentially violates GDPR rules.
[Nooodel] cited GDPR concerns, arguing the data saving lacks legitimate, disclosed purpose.
The technical act of reading extension data might not be illegal.
[KairuByte] argued that using the browser API endpoint is not inherently illegal in most jurisdictions.
The process involves detailed, encrypted transmission of extension data.
[StealthLizardDrop] provided technical specifics regarding the searching, encrypting, and transmitting mechanism.
Users should avoid Chromium-based browsers.
Several users advised against using Chrome or similar browsers altogether due to the inherent risk.
Source Discussions (3)
This report was synthesized from the following Lemmy discussions, ranked by community score.