LinkedIn is searching your browser extensions
digitalWestie
1641 points
693 comments
April 02, 2026
Related Discussions
Found 5 related stories in 50.2ms across 3,471 title embeddings via pgvector HNSW
- LinkedIn uses 2.4 GB RAM across two tabs hrncode · 684 pts · March 29, 2026 · 50% similar
- Microsoft Copilot Update Hijacks Default Browser Links miohtama · 42 pts · March 10, 2026 · 46% similar
- Tell HN: Chrome says "suspicious download" when trying to download yt-dlp joering2 · 274 pts · March 31, 2026 · 46% similar
- Addfox: A new open-source browser extension framework gxy5202 · 11 pts · March 22, 2026 · 42% similar
- I audited the privacy of popular free dev tools, the results are terrifying WaitWaitWha · 52 pts · March 03, 2026 · 42% similar
Discussion Highlights (20 comments)
free_bip
They only mention this being a potential violation of the DMA. How about north american countries? US and Canada?
foxes
It seems it scans your extensions not your system - reading the details. The intro made it a bit unclear.
josefritzishere
Why can't we have nice things?
_pdp_
The title is a complete nonsense.
andersonpico
this is a massive violation of trust > The scan doesn’t just look for LinkedIn-related tools. It identifies whether you use an Islamic content filter (PordaAI — “Blur Haram objects, real-time AI for Islamic values”), whether you’ve installed an anti-Zionist political tagger (Anti-Zionist Tag), or a tool designed for neurodivergent users (simplify).
z3ratul163071
why would the browser ever expose extensions api to a web page. does firefox does this as well?
haswell
The headline seems pretty misleading. Here’s what seems to actually be going on: > Every time you open LinkedIn in a Chrome-based browser, LinkedIn’s JavaScript executes a silent scan of your installed browser extensions. The scan probes for thousands of specific extensions by ID, collects the results, encrypts them, and transmits them to LinkedIn’s servers. This does seem invasive. It also seems like what I’d expect to find in modern browser fingerprinting code. I’m not deeply familiar with what APIs are available for detecting extensions, but the fact that it scans for specific extensions sounds more like a product of an API limitation (i.e. no available getAllExtensions() or somesuch) vs. something inherently sinister (e.g. “they’re checking to see if you’re a Muslim”). I’m certainly not endorsing it, do think it’s pretty problematic, and I’m glad it’s getting some visibility. But I do take some issue with the alarmist framing of what’s going on. I’ve come to mostly expect this behavior from most websites that run advertising code and this is why I run ad blockers.
hcfman
I hate the way they just started saying you have a new message when you really don't. Now I'm going to miss when I really have new messages for a while because I'm not going to go to that site anymore when they say that. And not letting you read your messages when on your mobile phone unless you use their app is particularly mean. Considering again where they are sending all the information they scrape.
acorn221
This gave someone the opportunity to add in "Jeffery_Epstein_did_not_kill_himself" to linkedin's client facing code base through this. If you open dev tools -> network tab -> network search icon (magnifying glass) -> search for "epstein" and load up linkedin, you should see it for yourself too! I really don't think they're "illegally" searching your computer, they're checking for sloppy extensions that let linkedin know they're there because of bad design.
seamossfet
I wonder how much of this is also used for audience segmentation for their advertisements? Linkedin ads are some of the most expensive out of any social media platform, but they also tend to have the highest conversion since you can get pretty niche with your targeting.
mikkupikku
LinkedIn has been overtly evil for decades, and their power users are the most insufferable sort of middle management yuppy scum. I know job searching can be hard, but I don't go near LinkedIn with a ten foot pole.
hjk2
How a web site can search one's computer?
knollimar
Reminder for windows control alt shift windows L
ericyd
I don't like any of this, but I'm not totally clear how this is substantially different from other fingerprinting technologies which I assume are used by every large tech company. Could anyone elaborate? The post isn't very clear why this is different from other data surveillance.
Joeboy
The most obvious reason for this is browser fingerprinting, right? So your visits to other websites can be linked to your Linkedin identity? Or no?
mentalgear
Interesting. I didn't know a extension’s web-accessible resource (e.g. chrome-extension://<id>/...) could be abused to learn about the user's installed extensions by checking whether it resolves or not.
gburgett
The “how it works” page suggests it only works on chrome based browsers. Anyone able to determine if firefox or safari are affected too?
maplethorpe
Doesn't it depend how they're storing the data? If it's sufficiently transformed, it could be considered fair use.
sumanep
Bait, just look at browser addons, millons of site do it as well
everdrive
Sounds like containers and potentially adblocking and js blocking prevent this. For my part, I use linked in on my "god dammnit I hate corporate websites so much" browser which is used only for medical bill pay and amazon / wal mart purchases and then monthly bills. Could LinkedIn get something from me there? Potentially, but they're also not really following me around the web. I think given this I'll go install a 3rd browser for linkedin only, or maybe finally just delete my account. It never got me a job and it's a cesspool.