> How is probing your browser for installed extensions not "scanning your computer"?

I think most people would interpret “scanning your computer” as breaking out of the confines the browser and gathering information from the computer itself. If this was happening, the magnitude of the scandal would be hard to overstate.

But this is not happening. What actually is happening is still a problem. But the hyperbole undermines what they’re trying to communicate and this is why I objected to the title.

> They chose to put that particular extension in their target list, how is it not sinister?

Alongside thousands of other extensions. If they were scanning for a dozen things and this was one of them, I’d tend to agree with you. But this sounds more like they enumerated known extension IDs for a large number of extensions because getting all installed extensions isn’t possible.

If we step back for a moment and ask the question: “I’ve been tasked with building a unique fingerprint capability to combat (bots/scrapers/known bad actors, etc), how would I leverage installed extensions as part of that fingerprint?”

What the article describes sounds like what many devs would land on given the browser APIs available.

To reiterate, at no point am I saying this is good or acceptable. I think there’s a massive privacy problem in the tech industry that needs to be addressed.

But the authors have chosen to frame this in language that is hyperbolic and alarmist, and in doing so I thing they’re making people focus on the wrong things and actually obscuring the severity of the problem, which is certainly not limited to LinkedIn.

I personally think its misleading and even when you start reading the page it links to is even more misleading in my opinion.

>Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm.

When I read that, I think they have escaped the browser and checking which applications I have installed on my computer. Not which plugins the browser has in it. Just my 2cents.

When "the browser is the OS", scanning that is a pretty big chunk of "your computer".

Scanning your computer is an entirely different thing than scanning browser extensions. By maximizing the expectation via "Illegally searching your computer", the truth suddenly appears harmless.

>Calling the title misleading because they didn't breach the browser sandbox is wrong

By this logic we could also say that LinkedIn scans your home network.

It 100% implies that it's looking for locally installed binaries.

>How is probing your browser for installed extensions not "scanning your computer"?

The same way taking a photo of a house from the street is not the same as investigating the contents of your pantry.

Because "scanning your computer" technically could include scanning plugins, but it could also include scanning your files, your network or your operating system.

While "scanning your browser" would be more accurate and would exclude the interpretation that it scans your files.

The reason the latter is not used is that, even though more precise and more communicative, it would get less clicks.

There are rules and laws about fingerprinting too, I thought.

In the same way that scanning and identifying your microwave for food you put inside it is not the same as scanning your house and reading the letters in your postbox.

Your browser is a subset of your computer and lives inside a sandbox. Breaching that sandbox is certainly a much more interesting topic than breaking GDPR by browser fingerprinting.