[Aurornis]

Probably compromised extensions or misleading extensions.

It’s common for malware extensions to disguise themselves as something simple and useful to try to trick a large audience into installing them.

That’s why the list includes things like an “Islamic content filter” and “anti-Zionist tagger” as well as “neurodivergent” tools. They look for trending topics and repackage the scraper with a new name. Most people only install extensions but never remove them if they don’t work.

[honzaik]

well if they have evidence why they dont report it? why are these extensions on the store? im sure linkedin has enough motion to report it directly to google

also, having a PQC enabled extension doesnt seem like a good "large user base capture" tactic.

the source code is as usual obfuscated react but that doesnt mean its malicious...

EDIT: i debuged the extension quickly and it doesnt seem to do anything malicious. it only sends https://pqc-extension.vercel.app/?hostname=[domain] request to this backend to which it has permissions. it doesnt seem to exfiltrate anything else. it might get triggered later but it has very limited permissions anyway so it doesnt seem to be a malicious extension. (but im no expert)

[Aurornis]

> well if they have evidence why they dont report it? why are these extensions on the store?

We had a browser extension for our product. A couple times a month someone would clone it, add some data scraping or other malware to it, and re-upload it with the same or similar name.

We set up automated searches to find them. After reporting it could take weeks to get them removed, some times longer. That’s for extensions with clear copyright problems!

The extensions may not be breaking any rules of the extension stores if they’re just scraping a website. Many of the extensions on the list are literally designed to do that as their headline feature.

If you think sending data from a page to a server would disqualify an extension from an extension store then think again. Many of the plugins listed even have semi-plausible reasons for uploading the scraped data, like the “anti-Zionist tagger” extension on the list or the ones that claim to blur things that are anti-Islam. Manufacturing a reason to send data to their servers gives them cover.

[honzaik]

I am aware that google will take looong time to act. that is why I mentioned that it is LinkedIn (Microsoft) or its contracted fingerprinting/"monitoring" partner who may have more direct ways to report this if they actually investigate malicious extensions.

but that doesn't really matter. for the sake of the argument assume the extensions are not malicious (as evidenced e.g. by the PQC one with ?16 users?) does that change the situation?

[reaperducer]

Probably compromised extensions or misleading extensions.

You'll have to do better than "Probably."

What is it about the tech bubble that compels people to proactively apologize for and excuse the bad behavior of trillion-dollar companies?

[cxr]

To think that there's any one class of behavior motivating them is missing the point. This was all pretty well-documented a couple of months ago. (Previously: <https://github.com/mdp/linkedin-extension-fingerprinting> 244 comments. 2026 February 5. 534 points. <https://news.ycombinator.com/item?id=46904361>)

They're doing a lot more than scanning for "compromised or misleading extensions"; there are a lot of scummy/spammy extensions on the list, but among the extensions included in the list of those they probe are also extensions such as:

- "LinkedNotes" (basically the Personal Note feature from Mastodon, but on LinkedIn profiles) <https://chromewebstore.google.com/detail/neefoldancbjljnnnpn...>

- "Highlight multiple keywords in a web page", an extension that re-implements the equivalent Firefox's "Highlight All" findbar button in Chrome—and happens to mention LinkedIn in the description when describing one use case <https://chromewebstore.google.com/detail/ngkkfkfmnclhjlaofbh...>

- "Delayed gratification Research", a study/focus extension created "for OS semester at CODE University of Applied Sciences" to "Temporarily Block distracting websites"—with all of 4 active users <https://chromewebstore.google.com/detail/mmibdgeegkhehbbadeb...>

It's pretty clear that LinkedIn, like many website operators, don't think of themselves as a source of information that it will send to your UA upon request. It's not even just that they want total visibility into your habits like the worst of the advertising/tracking companies. What they want is as control as they can manage to wrangle over the experience of what it's like when you're "on" their site (i.e. looking at something on your computer that came from their site)—not least of all so they can upsell their userbase on premium features. LinkedIn doesn't care so much that people are inundating other users/orgs that might not appreciate that they're being treated as a "lead", so much as LinkedIn cares that the people doing the inundating are doing it with tools where LinkedIn wasn't able to get a cut.