Every time you open LinkedIn, it searches your browser for 6,222 software products you might have installed. Without asking. Without telling you.
The technique is straightforward. LinkedIn's JavaScript fires thousands of fetch() requests to chrome-extension:// URLs, one for each extension in a hardcoded list. If the request succeeds, that extension is installed. If it fails, move on. The whole thing runs during idle CPU cycles so you never notice the lag.
They call the system AED. Active Extension Detection. As if giving surveillance an acronym makes it architecture.
But here's what makes it more than a privacy story. LinkedIn knows your name. Your employer. Your job title. So when the scan finds a job-search extension on your browser, that data point isn't anonymous. It's attached to you, at your company, in your role. Your current employer's HR team uses the same platform.
The list reveals political opinions through extensions like "Anti-woke" and "No more Musk." Religious beliefs through content-filtering tools. Neurodivergence through accessibility aids. Competitor intelligence through which sales tools your team runs. All matched to real identities at real organizations.
They even collect your Do Not Track setting!! Then exclude it from the fingerprint hash. They record that you asked not to be tracked. Then they track you.
The scan list grew from 38 extensions in 2017 to over 6,000 in 2026. Twelve new extensions added per day. Someone is maintaining this. Someone is optimizing it.
We built professional networking so we could find each other. The platform decided to use that same infrastructure to search our machines while we weren't looking.
What other platforms already know about your browser that they haven't disclosed yet?