Speaker A
Welcome back to another episode of Bro Press's F12. Today I'm looking for a job.
This video exposes LinkedIn's hidden browser extension scanning, revealing privacy violations and corporate espionage risks.
Key Takeaways
- LinkedIn conducts covert browser extension scans without user consent, violating privacy.
- This data collection extends to organizational profiling, potentially aiding corporate espionage.
- The practice is illegal in some jurisdictions and raises serious ethical and legal concerns.
- Users can mitigate risks by switching browsers or applying specific filters to block the scans.
- LinkedIn's data gathering capabilities make it a potent but controversial OSINT tool.
Summary
- LinkedIn runs hidden JavaScript on linkedin.com that scans users' browsers for installed Chrome extensions without consent.
- The scan runs on every page load and sends data to LinkedIn and third-party companies, including an American-Israeli cybersecurity firm.
- LinkedIn searches for thousands of extensions, including productivity tools, VPNs, ad blockers, political and religious extensions.
- Detected extensions are linked to users' employers, mapping software infrastructure of companies without their knowledge.
- This practice is considered illegal in Germany and likely elsewhere due to privacy violations.
- LinkedIn bypasses security boundaries set by extension developers to prevent such scans.
- The scanning began in 2017 with 38 extensions and now targets over 6,000 extensions.
- Users can avoid this Chrome-exclusive exploit by using Firefox or blocking specific URLs like chunk.905.
- LinkedIn's extensive data gathering makes it a powerful OSINT tool but also a privacy threat to users and organizations.
- The video encourages awareness and provides resources like browsergate.eu for further information and mitigation.
Full Transcript — Download SRT & Markdown
Speaker A
But first I got to press F12.
Speaker A
Oh wow, imagine my shock.
Speaker A
All right, so we have a bunch of invalid requests all going to the browser's extension protocol, and a nonprofit organization called Fairlink figured out why.
Speaker A
LinkedIn is illegally searching your computer. Microsoft is running one of the largest corporate espionage operations in modern history.
Speaker A
Now, I always knew that LinkedIn was a psyop, but this is pretty ridiculous.
Speaker A
Every time any of LinkedIn's one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn's servers and to third-party companies including an American-Israeli cybersecurity firm.
Speaker A
Why? The user is never asked, never told. LinkedIn's privacy policy does not mention it.
Speaker A
Well, based on the request, it looked like it was just scanning my extensions, which I don't have any. I installed the Chromium browser just for the sake of this video.
Speaker A
All right, what is BrowserGate?
Speaker A
Every time you visit linkedin.com, a JavaScript program embedded in the page scans your browser for installed Chrome extensions.
Speaker A
The program runs silently without any visible indicator to the user, unless you press F12.
Speaker A
It does not ask for consent, it does not disclose what it is doing, it reports the results to LinkedIn's servers.
Speaker A
This is not a one-time check, the scan runs on every page load for every visitor.
Speaker A
Really? Yes, I mean, I guess it doesn't matter if you've already logged into LinkedIn and you visit multiple times a day.
Speaker A
It's just going to scan your PC every time you visit, which is kind of inefficient.
Speaker A
The code attempts to contact the extension directly using Chrome's externally_connectable messaging API.
Speaker A
The code attempts to fetch a known file from the extension using its web_accessible_resources.
Speaker A
This is the equivalent of checking whether a door is unlocked by trying the handle.
Speaker A
The code monitors for changes to the page structure that are characteristic of specific extensions injecting elements into LinkedIn's interface.
Speaker A
Okay, so this is actually pretty common if you've ever gotten one of those turn off your ad blocker messages, that message would appear if it detects something changing the page.
Speaker A
So it's not too uncommon, unfortunately.
Speaker A
When an extension developer explicitly disables externally_connectable, they are setting a security boundary. They are saying, websites should not be able to communicate with this extension.
Speaker A
LinkedIn's code treats that boundary as an obstacle to route around. Yeah, so unsurprisingly, it goes on to say that this is illegal, specifically in Germany, but obviously I'm willing to bet it's illegal elsewhere too.
Speaker A
And what's crazy is that when this started in 2017, it started with them looking for 38 extensions.
Speaker A
Now they look for over 6,000 all at once.
Speaker A
LinkedIn-specific tools, extensions built for LinkedIn productivity, content creation, and networking.
Speaker A
Extensions from companies that compete with LinkedIn's own Sales Navigator product, scanning for VPNs, ad blockers, and security tools.
Speaker A
Religious extensions that identify Muslim users, political extensions, anti-woke, anti-Zionist, no more Musk, disability and neurodivergent tools.
Speaker A
Okay, so basically if you're autistic, have political opinions, and use an ad blocker, you're not getting hired.
Speaker A
Disclaimer, that's a hyperbolic joke.
Speaker A
The scanning does not stop at individuals because LinkedIn knows each user's employer, job title, and department, every detected extension is attributed to an organization.
Speaker A
So if you access LinkedIn from a work computer and you have custom extensions for your work, that is mostly what it's interested in.
Speaker A
That's crazy.
Speaker A
This amounts to mapping the software infrastructure of millions of companies, institutions, and government agencies, assembled without any organization's knowledge or consent.
Speaker A
Yeah, so I mean it's funny because as an OSINT tool for information gathering, LinkedIn is overpowered.
Speaker A
Anytime a bad actor wants to social engineer their way into a company's infrastructure, they go to LinkedIn because everything they need to know about someone is right there.
Speaker A
Their entire work history, their connections, their education history, and I guess it's not too far-fetched that LinkedIn themselves is doing the information gathering too.
Speaker A
I know I've already said this about other applications, but man, like LinkedIn is a perfect example of an actual op against its users.
Speaker A
Crazy.
Speaker A
All right, so basically if you want to stop this, this is a Chrome exclusive exploit, so you can just use Firefox, or you can create a filter for chunk.905.
Speaker A
And then if we look, we actually have the entire list of extensions they look for.
Speaker A
So I don't know, let's search for education. Which education extensions are they interested in?
Speaker A
Yeah, so some AI stuff, some things that help you write, just what you would typically expect.
Speaker A
And then let's see, things you can do to help stop BrowserGate. A lot of these are EU specific, like writing letters and such.
Speaker A
But if you want to take a look, again, the URL is browsergate.eu.
Speaker A
If you want to stop this for yourself, just use Firefox.
Speaker A
Actually, I'm curious, since I use Brave pretty often in my videos, I wonder if Brave automatically blocks those.
Speaker A
Uh, nope.
Speaker A
Anyway, hope you guys got something out of this video, and until I press F12 again, I'll catch you guys in the next one.
Topics:LinkedInBrowserGateprivacy violationbrowser extension scanningcorporate espionageOSINTMicrosoftChrome extensionsdata collectioncybersecurity
![[EN/ES] สามี ภรรยา | Beginner Slow Thai Stories | Thai … — Transcript](https://i.ytimg.com/vi/oLGs6oxoVSc/maxresdefault.jpg)
