LinkedIn is secretly scanning users’ browsers for over 6,000 Chrome extensions and harvesting device data, according to a new report by Fairlinked e.V. The company is injecting a JavaScript fingerprinting script into every page load that probes visitors’ browsers for installed extensions, CPU core count, available memory, screen resolution, time zone, language settings, and battery status.
The report claims the script works by attempting to access file resources tied to specific extension IDs, a technique used to detect whether extensions are installed in Chromium-based browsers. The findings have raised concerns about LinkedIn’s data collection practices and potential security risks.
LinkedIn has stated that it uses the scanning technology to detect extensions that scrape data or violate its terms of service. However, the company denies using the collected data to infer sensitive information about users.
This is not the first major platform to use aggressive client-side fingerprinting. In 2021, eBay was found to be performing automated port scans on visitors’ devices, and Citibank, TD Bank, and Equifax were also found to have used similar scripts. The practice has sparked debate about data protection and security.
Source: https://www.tomshardware.com/software/browsers/linkedin-scans-visitors-browsers-for-over-6000-chrome-extensions-and-collects-device-data