GoKawiilWhen companies get caught doing this sort of thing, the response is almost always the same: "we're using this technology to combat fraud," or "ensure positive user experience," or "save computing resources," or some other hog wash.
The simple truth, there's no reason to be collecting data that can be used to identify a user across the web if they're not signed in to your service.
The harm of companies like Experian or LinkedIn being able to correlate all of your web traffic back to you is not hard to imagine. Though, it begs a simple question: should a company involved in my professional life have access to my personal information obtained without my explicit consent?
No. End stop.
This is not new
According to records documented by browsergate.eu and a GitHub repository tracking the extension list, LinkedIn's extension scanning dates to at least 2017, when the list contained 38 entries. My count? As of April 2026, LinkedIn has identified and tracks 6,278 extensions.
The list is actively maintained and expanding.
At this scale the catalog was not built by hand. Someone wrote tooling to crawl Chrome Web Store extension packages, parse each manifest for web-accessible resources, identify a probe target, and add the entry to the list. This is infrastructure that has been in place for nearly a decade.
I verified this myself
I opened LinkedIn in Chrome. I opened developer tools (F12 or Inspect) and the console filled with errors.
... continue reading