I presume they’re talking about an element with something like this: position: absolute; left: -50px; width: 0px; height 0px;

Very commonly used for elements like skip to content links that are hidden off screen and shown on screen once they receive focus.

Details are here: https://browsergate.eu/how-it-works/

pray that we do not alter them any further…

“Yes, LinkedIn was probing for a lot of extensions, but there was no scanning of your computer and no malicious code, just a simple JavaScript technique to determine if the extension was there.”

Reguly decided to test the resource probing and results obtained on a sample 10% of the 6,000+ extensions. “One extension refused to have its tab closed and reopened itself every time I closed it. Others changed my home screen, the about:blank page, and added bookmarks.” Another Rickrolled him, playing the ‘Never Gonna Give You Up’ video every time he opened his browser. “To say that a lot of these are the worst of the worst extensions out there is not an understatement.”

What’s more, statistically from his sample testing, he believes only around 2,000 could be detected by LinkedIn, when even 6,000 is just a small sub-set of the total number of extensions that exist. If LinkedIn was intent on fingerprinting or profiling its users, there are better methods than this.

“I don’t see anything that indicates malicious intent here,” he told SecurityWeek “It is discovering some information, yes, but I don’t think it crosses the threshold to malicious – I think that’s a very sensationalized view of what’s going on.”

Asked why LinkedIn is doing this, he replies, “I don’t know. But for me, a common trend across these extensions is that they have data scraping functionality and are not well known. And they were problematic at times. Many of them gave me that used-car-salesman vibe that you see in the movies,” he continued.

“I can’t help but wonder if LinkedIn wanted to know if these extensions were there to try and defend against them. I certainly wouldn’t want one of my LinkedIn contacts to be running these extensions and visit my page with these scrapers installed. I feel that a user with these extensions installed visiting my LinkedIn page is more of an affront to my privacy than LinkedIn checking to see if I have these extensions.”

Of course, depending on interpretation, this still may not be appropriate or legal in the EU. However, it does seem that BrowserGate’s claims are a bit on the exaggerated side.

OP’s link with Google’s AMP nonsense removed: securityweek.com/browsergate-claims-of-linkedin-s…

I think the argument is that since some of the extensions that are probed can be political in nature, which can reveal political identity, which is potentially unlawful in the EU. However, it really needs to be up to a judge to make a decision on that.

In general what they’re doing is legal, and the BrowserGate people are using niggling little details, a handful of extensions out of the 6000 probed, to justify this argument. I couldn’t say, especially as someone from outside the EU, whether this is actually illegal or not, but it’s definitely in a nebulous area at the moment.

Though I agree it’s sensationalized in terms of claiming it’s “searching your computer” and doing “corporate espionage.”

it does NOT scan applications on your computer

technically browser extensions are considered applications under EU’s GDPR

It DOES scan which browser extensions you have running (if they affect page loading).

as per their report:

Why two detection methods

Method	Technique	What it catches
AED	fetch() against known resource paths	Extensions that are merely installed, even if they inject nothing into the current page
Spectroscopy	Full DOM tree walk	Extensions that actively modify the page, even if they are not in LinkedIn’s hardcoded list

Yeah but still sick of this shit

<img alt="" src="https://startrek.website/pictrs/image/45eee434-5f8a-49ba-bd05-1d53fc339fce.png">