[acorn221]

So these extensions allow linkedin to do this though, it's literally them saying "yes, this site can ping this resource" - called "web_accessible_resources".

This is fair from Linkedin IMO as I've seen loads of different extensions actually scraping the linkedin session tokens or content on linkedin.

[entropyneur]

It's not the extension developer who should decide this, but the browser user.

[Hackbraten]

On what would the browser user base their decision?

If an extension injects an icon into the DOM of the page, then the resulting `img` tag needs to put something in its `src`.

The extension author may choose to use the `data:` scheme, but that's a development-time decision.