this post was submitted on 03 Apr 2026
33 points (100.0% liked)

Privacy

9464 readers
1039 users here now

A community for Lemmy users interested in privacy

Rules:

  1. Be civil
  2. No spam posting
  3. Keep posts on-topic
  4. No trolling

founded 2 years ago
MODERATORS
iopq@lemmy.world
33
BrowserGate: Technical breakdown of LinkedIn’s covert browser extension fingerprinting (the.unknown-universe.co.uk)
submitted 4 days ago* (last edited 4 days ago) by TheIPW@lemmy.ml to c/privacy@lemmy.world
11 comments fedilink hide all child comments
 

LinkedIn is using hidden JS to scan your browser for over 6,000 specific extension IDs via a known Chromium vulnerability. By inventorying your local software, they can infer highly sensitive "Special Category" data like health status, religion, and political advocacy without consent.

I’ve joined the dots on why Chromium-based "Shields" fail here and how to harden your home lab/network to stop the leak.

you are viewing a single comment's thread
view the rest of the comments
[–] TheIPW@lemmy.ml 3 points 4 days ago

Thanks for the feedback. You’re right, it’s really just scanning for known extension IDs, not poking around your entire computer. Saying “computer scan” might sound a bit dramatic, but the privacy risk is still pretty serious given what info they can guess from those extensions.

About the home lab and network side — I get that LinkedIn isn’t scanning your whole network or anything. What I meant is more about how you can block or filter those sneaky requests at the network level, like with DNS blocking or firewall rules, so they never even get sent out. It’s not a classic home lab threat, but if you’re running your own DNS or network filters, it’s a handy extra layer to keep things tighter.

Sure, switching browsers or faking your user agent works too, but not everyone wants to give up Chromium or LinkedIn completely. That’s why I mentioned a few different ways to protect yourself.

Appreciate the note on wording — I just wanted to show why this isn’t just some minor browser oddity and why it’s worth thinking about from a privacy and network defence angle.