LinkedIn runs an extension scan against a hardcoded list of 6,278 Chrome extensions on every visit. Detected results are packaged into encrypted telemetry and injected as an HTTP header into every subsequent API request during your session. This data can be used to identify your religious affiliations, tax-bracket, job search intent, and more.
I verified this myself and traced the implementation. Details and the technical breakdown in the article.
mkw5053•25m ago
Interesting, so would Safari prevent this? I tried moving to Safari and honestly loved everything except I use my google accounts now for authenticating with to many services and that was a pain compared to chrome.
testfrequency•11m ago
Well if you’re a logged in to Google don’t you just SSO everywhere?
mkw5053•4m ago
I honestly kind of forget the exact annoyances because it has been some time. I want to say I had to reauth every time I wanted to SSO with my google account because it doesn't allow/deletes third party cookies.
NoahZuniga•11m ago
Even better! Moving to firefox fixes this.
Chrome for some reason (still!) gives extensions static ids. Firefox has the id change per firefox instance.
skeaker•11m ago
I would imagine using any non-Chromium browser would cause it to fail to find any Chrome extensions, yes.
mkw5053•7m ago
Sure, but Safari may or may not leak Safari extension signals in a similar fashion. I haven't actually investigated.
"What is not a question is that a criminal investigation is now open."
Good. These companies deserve each and every stone thrown at them, and much more.
friends, WHEN you are asked to implement something like this at your job, which will you choose: object (& hold ground, loose job) OR comply (& keep job)
as practitioners, where do we hold the line between telemetry and surveillance?
maelito•2m ago
Well, I deleted my Linkedin account and life is better now.
un-nf•1h ago
I verified this myself and traced the implementation. Details and the technical breakdown in the article.