LinkedIn checks for 2953 browser extensions

github.com - 168 poäng - 88 kommentarer - 9336 sekunder sedan

Kommentarer (19)

cbsks - 5890 sekunder sedan
Looks like Firefox is immune.
This works by looking for web accessible resources that are provided by the extensions. For Chrome, these are are available in a webpage via the URL chrome-extension://[PACKAGE ID]/[PATH] https://developer.chrome.com/docs/extensions/reference/manif...
On Firefox, web accessible resources are available at "moz-extension://<extension-UUID>/myfile.png" <extension-UUID> is not your extension's ID. This ID is randomly generated for every browser instance. This prevents websites from fingerprinting a browser by examining the extensions it has installed. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web...
rdoherty - 7697 sekunder sedan
Skimming the list, looks like most extensions are for scraping or automating LinkedIn usage. Not surprising as there's money to be made with LinkedIn data. Scraping was a problem when I worked there, the abuse teams built some reasonably sophisticated detection & prevention, and it was a constant battle.
bastard_op - 2651 sekunder sedan
Chrome is the new IE6. Google set themselves up to be the next Microsoft and is "ad friendly" in all the creepy ways because that's what Google IS an ad company. All they've contributed to security is diminishing the capability of adblockers and letting malware to do bad things to you as consumers.
mrkramer - 1466 sekunder sedan
LinkedIn is the worst walled garden of all of them.
minkeymaniac - 8020 sekunder sedan
I can confirm.. open up linkedIn.. hit F12 and watch the error count keep going up and up and up
Screenshots found here https://x.com/DenisGobo/status/2018334684879438150
shouldnt_be - 4927 sekunder sedan
I wrote an article about it a couple of months ago. I also explain why, how and a way to prevent it.
https://javascript.plainenglish.io/the-extensions-you-use-ar...
avastel - 4139 sekunder sedan
I wrote a blog post recently about the technique used by LinkedIn to do extension probing, as well as other ways to do it with less side effects
https://blog.castle.io/detecting-browser-extensions-for-bot-...
dwedge - 1908 sekunder sedan
I wonder if this is why the linkedin feed blocker I installed in Firefox 2 weeks ago stopped working for me within 24 hours
ta988 - 1749 sekunder sedan
So it really is espionage at all levels.
DrStartup - 4758 sekunder sedan
Setup a quick CDP connection. Have Claude Code attach and inject JS into Page.addScriptToEvaluateOnNewDocument. Loads before the page.
Typical early hooks: • fetch wrapper • XMLHttpRequest.prototype.open/send wrapper • WebSocket constructor wrapper • history.pushState/replaceState wrapper • EventTarget.addEventListener wrapper (optional, heavy) • MutationObserver for DOM diffs • Error + unhandledrejection capture
zahlman - 6925 sekunder sedan
> This repository documents every extension LinkedIn checks for and provides tools to identify them.
I get that the CSV lists the extensions, and the tools are provided in order to show work (mapping IDs to actual software). But how was it determined that LinkedIn checks for extensions with these IDs?
And is this relevant for non-Chrome users?
mongrelion - 7979 sekunder sedan
Curious question: why would they check for installed extensions on one's browser?

input_sh - 4209 sekunder sedan

    cut -d',' -f2 chrome_extensions_with_names_all.csv | grep -c "AI"
    474

Only 16%!?

hasperdi - 5700 sekunder sedan
Another thing... they alter the localStorage & sessionStorage prototype, by wrapping the native ones with a wrapper that prevent keys that not in their whitelist from being set.
You can try this by opening devtools and setting
```
  localStorage.setItem('hi', 123)
```
Aurornis - 6557 sekunder sedan
I suggest everyone take a look at the list of extensions and their names for some very important context: https://github.com/mdp/linkedin-extension-fingerprinting/blo...
I didn't find popular extensions like uBlock or other ad blockers.
The list is full of scammy looking data collection and AI tools, though. Some random names from scrolling through the list:
- LinkedGPT: ChatGPT for LinkedIn
- Apollo Scraper - Extract & Export Apollo B2B Leads
- AI Social Media Assistant
- LinkedIn Engagement Assistant
- LinkedIn Lead Magnet
- LinkedIn Extraction Tool - OutreachSheet
- Highperformr AI - Phone Number and Email Finder
- AI Agent For Jobs
These look like the kind of tools scummy recruiters and sales people use to identify targets for mass spamming. I see several AI auto-application tools in there too.
tech234a - 5686 sekunder sedan
See also: a demo page for the same technique that can enumerate many extensions installed in your browser: https://browserleaks.com/chrome
unstatusthequo - 4195 sekunder sedan
I’m probably on the list. I made a LinkedIn Redactor that allowed you to add keywords and remove posts from your thread that included such words. It’s the X feature but for LinkedIn. Anyway, got a cease and desist from those lame fucks at LI. So I removed from the chrome store but it’s still available on GitHub.
lapcat - 8183 sekunder sedan
[removed]
iLoveOncall - 8009 sekunder sedan
[flagged]