By John Q. Hosedrinker 
A report alleges that LinkedIn uses hidden JavaScript to scan users’ browsers for installed extensions, particularly those that compete with its own sales tools, and uses this data to pressure users to switch to LinkedIn’s products. While the company confirms it scans for extensions, it claims this is done to prevent violations of its terms of service and to protect user privacy, refuting the accusations as a smear campaign by a developer who lost a German court case. The report, published by Fairlinked e.V., claims LinkedIn harvests corporate information and customer lists without user knowledge, a practice confirmed by independent testing which also revealed the collection of extensive browser and device data.
Read the original article here
It appears we’re discussing a rather significant development concerning LinkedIn, with a new report alleging what could be characterized as corporate espionage and a substantial data breach. The core of the issue revolves around claims that LinkedIn is secretly scanning user browsers, specifically looking for installed extensions. The intention behind this scanning, according to the report, is to identify software that directly competes with LinkedIn’s own sales tools. This practice, if true, raises serious questions about user privacy and fair business practices, especially given LinkedIn’s vast user base and the sensitive professional data it holds.
The report suggests that LinkedIn maintains a list of over 200 competing products, including well-known names like Apollo, Lusha, and ZoomInfo. By knowing who employs each user, LinkedIn can then map which companies are utilizing these rival tools. This allows them to effectively extract customer lists from thousands of software companies, all without the users’ knowledge or consent, by accessing data through their browsers. The implications of such a clandestine data grab are profound, potentially impacting competitive landscapes and the livelihoods of numerous software providers.
Furthermore, the report indicates that LinkedIn isn’t just passively collecting this information; it’s actively using it. There are claims that LinkedIn has already issued enforcement threats to users of these third-party tools. By leveraging the data acquired through this covert scanning, LinkedIn is identifying and targeting individuals and companies that use competitor products, thereby pressuring them to switch to LinkedIn’s offerings. This constitutes a clear use of acquired intelligence to gain a commercial advantage, which is where the “corporate espionage” aspect truly comes into play.
The truthfulness of the scanning aspect itself has been independently investigated. A reputable tech publication, BleepingComputer, conducted a test and confirmed the presence of JavaScript code designed to check for a remarkably large number of browser extensions – specifically, 6,236 were identified in their test. This independent verification lends significant weight to the allegations, moving them from mere speculation to a more concrete reality. The scale of this operation, as indicated by the sheer number of extensions scanned, is quite staggering.
It’s understandable why such revelations would spark outrage and calls for severe consequences. Many feel that financial penalties, which have historically been levied against corporations, have proven ineffective as deterrents. The sentiment is that executives making these kinds of decisions should face more stringent repercussions, like jail time, to truly discourage such behavior. The idea is that only real consequences, beyond a slap on the wrist with a fine, can create a meaningful deterrent against widespread corporate misconduct.
The acquisition of LinkedIn by Microsoft seems to be a recurring theme in discussions around these new allegations. Many observers link the alleged aggressive, anti-consumer behavior to this acquisition, suggesting that Microsoft’s influence may have contributed to a shift in LinkedIn’s operational practices. Some even go so far as to describe LinkedIn as “next to useless” as a platform, implying that if its primary function is diminished, then monetizing user browser data might be seen as a desperate or opportunistic move.
This isn’t the first time LinkedIn has faced scrutiny regarding user data and privacy. There are memories of the company being caught, nearly two decades ago, mass-emailing entire contact lists without explicit consent. This was achieved through manipulative “dark patterns” that tricked users into sharing their contacts during the registration or login process. This historical precedent, for some, makes the current allegations less surprising and more of a continuation of a concerning pattern of behavior.
The notion that browsers should not grant websites access to a list of installed extensions is a logical one for many users. In response to concerns about privacy, some individuals have adopted strategies like using separate browsers for different activities, isolating work-related browsing from personal browsing, and employing ad-blocking extensions. For those who prioritize privacy and security, the ability for a website to surreptitiously detect and leverage information about their installed extensions is a significant concern.
The fact that LinkedIn is owned by Microsoft, a company with its own history of aggressive business practices, further fuels skepticism. The comparison to Microsoft’s own perceived “aggressive anti-consumer behavior” suggests a belief that the parent company’s culture might be influencing LinkedIn’s approach to user data. This perspective paints a picture of a large tech conglomerate leveraging its various platforms for data acquisition and competitive advantage, regardless of user privacy.
Some commentators express a sense of disappointment rather than surprise, suggesting that this development was almost inevitable after the “Microslop acquisition,” a derogatory term used for Microsoft. This viewpoint implies that the potential for such issues was present from the moment the acquisition took place, and it was only a matter of time before these concerns manifested in a significant scandal.
The performance aspect of LinkedIn’s platform has also been brought up, with some users noting its tendency to be a “garbage front end” that loads slowly and consumes excessive amounts of RAM. This criticism, while tangential to the core espionage issue, adds to a general dissatisfaction with the user experience and potentially suggests that the underlying infrastructure might be burdened by extensive data-gathering operations.
However, there is a counterargument that the scanning of browser extensions by sophisticated websites is not entirely new or unique. Some suggest that this practice is akin to how other websites collect cookies and browser metadata. This perspective frames the LinkedIn situation as less of a groundbreaking scandal and more of a common, albeit perhaps ethically questionable, practice among advanced web platforms. The advice given is to use browsers that are not designed as advertising engines to mitigate metadata leakage.
The characterization of LinkedIn as a “business circle jerk platform” reflects a strong negative sentiment towards its perceived purpose and user base. For those who already dislike the platform, this report serves as further validation of their negative opinions and provides another reason to avoid it altogether. The idea of a “totalitarian capitalism” is also invoked, suggesting a system where even personal browsing habits are subject to corporate exploitation.
The act of putting extensive personal and professional information on a public site like LinkedIn is seen by some as inherently risky, akin to self-doxxing. The concern is that this information can be exploited for identity theft and the destruction of credit history. Given the existing prevalence of stolen credit card information, making one’s entire work history public is viewed as an easy avenue for malicious actors to exploit personal data.
The thought of having been entirely free of LinkedIn’s data collection practices, especially after a previous massive data breach, brings a sense of relief to some. The current allegations, therefore, reinforce their decision to avoid the platform and highlight the ongoing risks associated with it. For these individuals, LinkedIn is viewed as either a poorly conceived idea or, in a more conspiratorial vein, a “psyop” designed for information theft.
A point of clarification is made that the primary concern is the scanning of extensions, not necessarily the historical data already on the profile. However, the underlying principle of unauthorized data access remains. The comparison is made to a pen being used to “scribble” on a sent letter, implying that once data is on a device, its usage by third parties becomes a complex issue.
The question of setting precedents for client-side usage terms of service is raised, suggesting that this incident could lead to class-action lawsuits against crawler bots, including Microsoft’s. The potential to sue for AI training data scraping is mentioned, highlighting a growing concern about how online content is being utilized by emerging technologies.
The discussion touches upon the apparent lack of accountability for white-collar criminals, referencing a book that details why the Justice Department often fails to prosecute executives. This points to a systemic issue where powerful individuals are perceived to evade consequences, further fueling frustration with corporate misconduct.
The ability of a webpage to detect browser extensions leads to a comparison with how sites like YouTube block ad-blocking software. It’s argued that this detection is a common practice across many platforms for various purposes, including fraud prevention and identifying duplicate accounts. This suggests that LinkedIn’s behavior, while potentially unethical in its application, is technically feasible and not entirely unprecedented in the broader web ecosystem.
The idea that this “isn’t new news” and has been happening “for at least a decade basically everywhere” is a significant point raised by some commenters. This suggests that while the LinkedIn situation is particularly egregious due to the platform’s nature and the specific allegations, the underlying practice of websites probing user browsers for information is more widespread than commonly acknowledged.
Concerns about data sharing extend beyond just extension detection, with one comment mentioning results being shared with “fucking Israel,” indicating a distrust of data handling practices and international data flows. The call for fines to be a percentage of revenue or profit, rather than flat amounts, is a recurring theme, aiming to make penalties truly impactful for large corporations.
The role of lobbying in influencing legislation and corporate behavior is also brought up, suggesting that it’s a barrier to effective regulation. The irony of fines coming with an “admittance of no wrongdoing” is pointed out, highlighting how legal settlements can sometimes shield companies from true accountability. The radical suggestion of nationalizing shares is proposed as a punishment that capital would truly fear.
The fundamental issue of wealthy individuals not facing consequences is a powerful undercurrent. The call for jail time and accountability is strong, with the suggestion that fines should be proportional to the impact they have on someone working minimum wage, meaning they should be financially ruinous. The idea of financial forensic teams determining profit from unethical decisions and imposing multi-fold fines is also put forward.
Ultimately, the “BrowserGate” report on LinkedIn’s alleged secret browser scanning opens a Pandora’s Box of issues concerning corporate ethics, user privacy, data security, and the effectiveness of current regulatory and legal frameworks. The widespread outrage and the diverse range of perspectives shared underscore the deep-seated concerns about how technology companies handle personal information and their pursuit of competitive advantage in the digital age. The call for meaningful consequences for executives and a fundamental re-evaluation of corporate accountability remains a central theme in the ongoing discussion.