top | item 46904750

(no title)

rdoherty | 24 days ago

Skimming the list, looks like most extensions are for scraping or automating LinkedIn usage. Not surprising as there's money to be made with LinkedIn data. Scraping was a problem when I worked there, the abuse teams built some reasonably sophisticated detection & prevention, and it was a constant battle.

discuss

cxr|24 days ago

In order to create the data source that LinkedIn's extension-fingerprinting relies on to work, someone (at LinkedIn*?) almost certainly violated the Chrome Web Store TOS—by (perversely*) scraping it.

* if LinkedIn didn't get it from an existing data source

direwolf20|24 days ago

Programmers don't appreciate the fact that you can just violate terms of service. You can just do it. It's okay. The police won't come after you. Usually.

bastawhiz|24 days ago

3000 extensions is few enough that a small team could download each extension manually over a few months. You don't need to scrape at all.

winddude|24 days ago

a problem for linkedin != "a problem". The real problem for people is the back room data brokering linkedin and others do.

bryanrasmussen|24 days ago

from the code doesn't look like they do anything if they have a match, they just save all the results to a csv for fingerprinting?

cxr|24 days ago

"The code" here you're referring to (fetch_extension_names.js[1]) isn't and doesn't claim to be LinkedIn's fingerprinting code. It's a scraper that the researcher behind this repo wrote themselves in order to create the CSV of the data that they're publishing here.

LinkedIn's fingerprinting code, as the README explains, is found in fingerprint.js[2], which embeds a big JSON literal with the IDs of the extensions it probes for. (Sickeningly enough, this data starts about two-thirds of the way through the file* and isn't the culprit behind the bulk of its 2.15 MB size…)

* On line 34394; the one starting:

    const r = [{
                id: "aacbpggdjcblgnmgjgpkpddliddineni",
                file: "sidebar.html"

1. <https://github.com/mdp/linkedin-extension-fingerprinting/blo...>

2. <https://github.com/mdp/linkedin-extension-fingerprinting/blo...>

tlogan|24 days ago

By looking the list it seems like it is not really “sophisticated”. It is just list based on names (if there is a “email” in the name). Majority of extensions do not even ask for permissions to access linkedin.com.

RHSman2|24 days ago

I had the pleasure of scraping LinkedIn for a client. Great fun.

hsbauauvhabzb|24 days ago

Wont someone think of poor little LinkedIn, a subsidiary of one of the largest data brokers in the world?

charcircuit|24 days ago

Why frame what you are trying to say like that? Businesses of all sizes deserve the ability to protect their businesses from abuse.

xp84|24 days ago

I mean, regardless of who they are or even if you don’t like what LinkedIn does themselves with the data people have given them, the random third parties with the extensions don’t additionally deserve to just grab all that data too, do they?

dumbo23|24 days ago

[deleted]