It’s scanning for 5,634 extensions that may violate their Terms of Service (ToS).

My friend received a LinkedIn warning about automation via browser extensions, so I looked at how LinkedIn detects them.

LinkedIn built a simple but effective detection. Their script iterates through a list of 5,634 extension IDs and attempts to fetch a known file from each (e.g., index.html). If a probe succeeds, LinkedIn knows you have it installed.

If you want to learn more about LinkedIn bot detections, read the excellent analysis by Antoine Vastel from Castle.io.

What are these 5,634 (5,054 active) "bad guys" that LinkedIn is policing?

My thoughts:

  1. ❤️ LinkedIn continues its battle against scrapers, bots, and automation, and it’s good for feed quality and authentic interactions.
  2. LinkedIn leverages users to pressure vendors. By warning users that their accounts are at risk, LinkedIn effectively forces them to uninstall risky extensions and Claude Code their own (like my friend, who dropped Kondo and phantombuster to build their own).
  3. It is unlikely LinkedIn will restrict accounts solely for having one of the extensions installed. It’s hard to imagine banning 331M Adobe and 43M Grammarly extension users.
  4. The high demand for LinkedIn automation will push vendors to obfuscate their presence and promise "detection safety" to their users.
  5. Finally, I appreciate the LinkedIn Trust & Safety efforts, but scanning for 5K extensions is massive fingerprinting similar to the techniques malicious actors use to profile targets.

Check if you have any extensions installed that are on the LinkedIn watch list or just chat over the findings with a custom GPT.

Detecting browser extensions for bot detection, lessons from LinkedIn and Castle

Browser Extension Researcher

Chrome Extension Scanner

LinkedIn ToS