alt Hacker NewsProbably compromised extensions or misleading extensions.
It’s common for malware extensions to disguise themselves as something simple and useful to try to trick a large audience into installing them.
That’s why the list includes things like an “Islamic content filter” and “anti-Zionist tagger” as well as “neurodivergent” tools. They look for trending topics and repackage the scraper with a new name. Most people only install extensions but never remove them if they don’t work.
Replies
To think that there's any one class of behavior motivating them is missing the point. This was all pretty well-documented a couple of months ago. (Previously: <https://github.com/mdp/linkedin-extension-fingerprinting> 244 comments. 2026 February 5. 534 points. <https://news.ycombinator.com/item?id=46904361>)
They're doing a lot more than scanning for "compromised or misleading extensions"; there are a lot of scummy/spammy extensions on the list, but among the extensions included in the list of those they probe are also extensions such as:
- "LinkedNotes" (basically the Personal Note feature from Mastodon, but on LinkedIn profiles) <https://chromewebstore.google.com/detail/neefoldancbjljnnnpn...>
- "Highlight multiple keywords in a web page", an extension that re-implements the equivalent Firefox's "Highlight All" findbar button in Chrome—and happens to mention LinkedIn in the description when describing one use case <https://chromewebstore.google.com/detail/ngkkfkfmnclhjlaofbh...>
- "Delayed gratification Research", a study/focus extension created "for OS semester at CODE University of Applied Sciences" to "Temporarily Block distracting websites"—with all of 4 active users <https://chromewebstore.google.com/detail/mmibdgeegkhehbbadeb...>
It's pretty clear that LinkedIn, like many website operators, don't think of themselves as a source of information that it will send to your UA upon request. It's not even just that they want total visibility into your habits like the worst of the advertising/tracking companies. What they want is as control as they can manage to wrangle over the experience of what it's like when you're "on" their site (i.e. looking at something on your computer that came from their site)—not least of all so they can upsell their userbase on premium features. LinkedIn doesn't care so much that people are inundating other users/orgs that might not appreciate that they're being treated as a "lead", so much as LinkedIn cares that the people doing the inundating are doing it with tools where LinkedIn wasn't able to get a cut.
Probably compromised extensions or misleading extensions.
You'll have to do better than "Probably."
What is it about the tech bubble that compels people to proactively apologize for and excuse the bad behavior of trillion-dollar companies?
well if they have evidence why they dont report it? why are these extensions on the store? im sure linkedin has enough motion to report it directly to google
also, having a PQC enabled extension doesnt seem like a good "large user base capture" tactic.
the source code is as usual obfuscated react but that doesnt mean its malicious...
EDIT: i debuged the extension quickly and it doesnt seem to do anything malicious. it only sends https://pqc-extension.vercel.app/?hostname=[domain] request to this backend to which it has permissions. it doesnt seem to exfiltrate anything else. it might get triggered later but it has very limited permissions anyway so it doesnt seem to be a malicious extension. (but im no expert)