"allowed" by the web browser, but almost certainly not by the end user. The law is pretty clear on this in the US:

> 'the term “exceeds authorized access” means to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter;'

The problem, of course, is that by clicking on a LinkedIn link, you agree to a non-negotiated contract that can change at any time, and that you have never seen. If that weren't allowed, then this sort of crap would correctly be considered "unauthorized access":

https://www.law.cornell.edu/uscode/text/18/1030

Allowed to do? Not prevented from by technical measures, but certainly not allowed to do.

Considering the goal is to identify people, this is undeniably PII. As the article demonstrates, it also pertains sensitive information.

https://browsergate.eu/how-it-works/: “Every time you open LinkedIn in a Chrome-based browser, LinkedIn’s JavaScript executes a silent scan of your installed browser extensions”

⇒ which Chrome allows sites to do.

TFA goes into a lot of detail explaining why they "allegedly" aren't actually allowed to do so in the EU.

Well, they're able to do it; “allowed” to do it is an ambiguous enough phrasing that it's practically begging to have an argument whose crux is fundamentally about a differing interpretation.

Can you build a version of chromium where this will just return false always?