173

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions (cybersecuritynews.com)

submitted 2 days ago by gokayburucdev@lemmy.world to c/cybersecurity@sh.itjust.works

13 comments fedilink hide all child comments

all 14 comments

sorted by: hot top controversial new old

[-] bazinga@discuss.tchncs.de 6 points 1 day ago

I am linkedout, I don't care anymore.

[-] lka1988@sh.itjust.works 4 points 1 day ago

I deleted my linkedin account (as much as they would allow, anyway). I visited about twice a year, usually on accident.

Good riddance.

[-] Eggymatrix@sh.itjust.works 7 points 1 day ago

All very "secret" and "hidden" in cleartext javascript. These titles need to chill.

[-] FooBarrington@lemmy.world 8 points 1 day ago

Ah yes, who doesn't read through the minified bundles of every page they open. I fucking love reading through megabytes of uglified code!

[-] Eggymatrix@sh.itjust.works 0 points 16 hours ago

And your point is what exactly? Nobody does, but it still is not a secret. My point is that any assumption that your extensions are not detected is a delusion, if one wants to put in the effort it is not overly complicated to understand what minified js is doing and one can expect any major social media to do such things.

[-] FooBarrington@lemmy.world 5 points 13 hours ago

It is absolutely a secret! Based on the discussions I've seen, many people in the field were quite surprised that this technique works. So just like Meta's recent-ish WebRTC scandal, this was a secret, even if the code always showed what it does.

My point is that any assumption that your extensions are not detected is a delusion

It is? How are these websites detecting my Firefox extensions?

[-] Eggymatrix@sh.itjust.works 1 points 34 minutes ago

By doing things the extensions are interacting with. You can see if an ad is served and displayed or not, you can detect if an iteraction was originated by an user or automatic, you can see if letters were pasted or input at a speed no human can match.

[-] xxce2AAb@feddit.dk 16 points 2 days ago

Good thing I haven't visited the site since before the Microslop acquisition then.

[-] RedSnt@feddit.dk 4 points 1 day ago

Linkedln being a walled garden just makes this funnier to me.

[-] cerebralhawks@lemmy.dbzer0.com 4 points 2 days ago

Isn't it standard for a website to be able to detect browser/extensions?

Funny that the name dropping of Chrome in the link summary implies Firefox users are safe.

[-] Cyber@feddit.uk 2 points 1 day ago

Funny that the name dropping of Chrome in the link summary implies Firefox users are safe.

Well, the article does actually state that in the text...

[-] x_pikl_x@lemmy.world 14 points 2 days ago

No, not really. Unless it's your own extension you're trying to communicate with.

[-] hoshikarakitaridia@lemmy.world 13 points 2 days ago

It's like a security guy doing a full body search on everyone entering a club. It's beyond inappropriate.

this post was submitted on 09 Apr 2026

173 points (99.4% liked)

Cybersecurity

9809 readers

167 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social