[lemax]

This is fairly standard practice for device fingerprinting. LI is probably using this to protect its platform from scraping etc, and extension lists have sufficient enough entropy to help identify users and form a useful component of a fingerprint.

[ghm2180]

Its already pretty easy to oneshot an extension aiding scraping and LI can do nothing about it. I've seen people build and install a local chrome extension in a couple of days and have an AI inject itself into devtools and scrape pretty much any website. And that was a few months ago. I don't think there is an easy way to defend against such things anymore. Its a matter of time that defensive programming measures like this become useless.