CP
cyberpings
PrivacyHIGH

LinkedIn Privacy Alert - Hidden Code Scans Your Browser

Featured image for LinkedIn Privacy Alert - Hidden Code Scans Your Browser
CSCyber Security News
LinkedInBrowserGateGDPRdata privacyHUMAN Security
🎯

Basically, LinkedIn secretly checks your browser for installed extensions without telling you.

Quick Summary

LinkedIn's hidden JavaScript scans your browser for installed extensions without consent. This alarming practice affects over a billion users, raising serious privacy concerns. Regulators are now involved, and legal actions may follow.

What Happened

A recent investigation by the European advocacy group Fairlinked e.V. has revealed that LinkedIn employs hidden JavaScript code to scan users' browsers for installed extensions every time they access the site. This covert operation occurs without user consent or any mention in LinkedIn's privacy policy, raising significant ethical and legal questions.

The Mechanism

When a user loads a LinkedIn page in a Chromium-based browser, a fingerprinting script activates. This script checks for identifiers of over 6,167 browser extensions by attempting to access files that these extensions may expose. If the file is accessible, the extension is confirmed to be installed. This whole process is executed in milliseconds, leaving users unaware of the surveillance.

Who's Affected

The impact of this invasive practice is staggering. LinkedIn, with over one billion users, is scanning the browsers of those on Chrome, Edge, Brave, Opera, and Arc. Users of Firefox and Safari are currently not affected by this particular surveillance method. However, the data collected can create detailed profiles that include sensitive information about users' professional lives, interests, and affiliations.

What Data Was Exposed

The data harvested from these scans goes beyond mere software preferences. The BrowserGate investigation identified various high-risk categories among the extensions being tracked, including:

  • Job search tools: Extensions that indicate users may be looking for new employment, potentially exposing them to their current employers.
  • Religious and political indicators: Extensions that reveal users' beliefs and political leanings, classified as Special Category Data under GDPR.
  • Health-related tools: Extensions that assist users with disabilities or neurodivergence.
  • Competitor products: Extensions linked to rival sales intelligence platforms, giving LinkedIn insight into its competitors' user base.

Legal Implications

LinkedIn's actions may violate GDPR, which prohibits processing sensitive data without explicit consent. The investigation suggests that the data collection practices are not only unethical but potentially illegal across various jurisdictions. Regulatory bodies in the EU have been alerted, and legal proceedings may follow.

How to Protect Yourself

For users concerned about this invasive scanning, several immediate actions can be taken:

  • Switch to Firefox or Safari: These browsers do not use the same extension architecture as Chrome, thus avoiding detection.
  • Create a LinkedIn-only Chrome profile: This profile should have no extensions installed, breaking the surveillance chain.
  • Use Brave browser: Enable fingerprinting protection to block the detection mechanism entirely.
  • Audit installed extensions: Utilize BrowserGate’s public database to check if your tools are being tracked.

As this situation unfolds, it serves as a stark reminder of the importance of data privacy and the need for transparency from major platforms like LinkedIn.

🔒 Pro insight: The scale of this covert data collection could lead to significant regulatory penalties under GDPR, especially given the sensitive nature of the data involved.

Original article from

CSCyber Security News· Guru Baran
Read Full Article

Share

Related Pings

MEDIUMPrivacy

Inconsistent Privacy Labels - Users Left in the Dark

Data privacy labels for mobile apps are intended to inform users, but they're currently inconsistent and unclear. This leaves users unsure about how their data is being handled. It's crucial for developers to improve these labels to enhance user trust and security.

Dark Reading·
HIGHPrivacy

LinkedIn - Secretly Scans 6,000+ Chrome Extensions

LinkedIn is scanning over 6,000 Chrome extensions to collect user data, raising significant privacy concerns. This could expose sensitive information about users and their corporate affiliations. Stay informed and protect your privacy.

BleepingComputer·
MEDIUMPrivacy

Privacy's Defender - Cindy Cohn Hosts Events in D.C.

Cindy Cohn is hosting events in D.C. to discuss her new book on privacy battles. Learn about digital rights and data security. Join the fight for your privacy!

EFF Deeplinks·
MEDIUMPrivacy

Blocking Children from Social Media - A Misguided Approach

Governments are trying to protect children from social media with bans. However, these age-based restrictions may cause more privacy issues than they solve. The focus should shift to open conversations and responsible platform design.

Malwarebytes Labs·
HIGHPrivacy

WebinarTV - Secretly Recording Public Zoom Meetings

WebinarTV is recording and publishing public Zoom meetings without consent. This raises serious privacy concerns for participants. Users must be aware of their digital footprint.

Schneier on Security·
MEDIUMPrivacy

Messaging Apps - Analyzing Permissions on Android Devices

A new analysis compares Messenger, Signal, and Telegram's permission requests on Android. Telegram has the least permissions, while Messenger has the most. This impacts user privacy significantly.

Help Net Security·