LinkedIn (Microsoft) took the war against browser extension for real. Plugins which do some kind of modification of LinkedIn pages appearance, scraping, substituting premium options, etc. LinkedIn started to go after the creators of such extensions. If you are just a user of such extensions, it’s a question. LinkedIn claims (see below) that they can shut your personal LinkedIn accounts too.

If you are an owner of plugin which LinkedIn finds against their terms and conditions, you might get the following e-mail.

Dear Mr. xxxxxxxx,

It has come to the attention of LinkedIn's Trust & Safety Team that xxxxxxx is accessing and performing actions on LinkedIn’s website, at www.linkedin.com, in violation of the LinkedIn User Agreement.

Specifically, xxxxxxx’s tool xxxxxxx, which you offer at the Chrome Web Store, appears to be modifying the appearance of LinkedIn pages, including by injecting xxxxxxx xxxxxxx xxxxxxx xxxxxxx xxxxxxx xxxxxxx into LinkedIn profiles and LinkedIn search results.  This is prohibited. LinkedIn has earned its members’ trust by acting vigilantly to keep its website free from abuse.  

LinkedIn’s User Agreement, available at https://www.linkedin.com/legal/user-agreementexpressly prohibits, among other things, the following:

  • Overlay or otherwise modify the Services or their appearance (such as by inserting elements into the Services or removing, covering, or obscuring an advertisement included on the Services);

xxxxxxx’s unauthorized activities, as described above, violate these provisions.  In addition, LinkedIn members who make use of this tool are also in violation. 

As a result, xxxxxxx’s company page has been restricted, as has your personal account. Due to xxxxxxx’s violations of LinkedIn’s User Agreement, LinkedIn hereby revokes xxxxxxx’s access to all LinkedIn products and services.  

This notice is not intended by us, and should not be construed by you, as a waiver or relinquishment of any of our rights or remedies, all of which we specifically reserve. LinkedIn requires that xxxxxxx comply with LinkedIn’s User Agreement and cease the above activities or disable your extension from operating on LinkedIn within 72 hours. Failure to do so may leave LinkedIn no choice but to pursue enforcement of its rights under state, federal, and international laws. 

Very Truly Yours,

LinkedIn Trust & Safety

The restriction (suspended by a temporary deletion) of owner’s personal LinkedIn profile and the company LinkedIn profile was not a false claim.

As we can see from the source code on LinkedIn.com website, LinkedIn tracks our accounts and checks if we actually installed some of these plugins. Since last year when we did this analysis for the first time, a lot of things have changed technically speaking. To find this list you have to try much harder now.

Anyway, we noticed that the list in the source code is changing and currently growing every few hours.

This is the actual list of 83 plugins LinkedIn is checking if you have installed them.

adapt Prospector
adorito
aevy
alore.io
amazinghiring
auto Connect tools Lily
Candidate.ai
CleverStaff
colabo extension
Contact Out
Crelate
data Scraper
datananas
daxtra
discoverly
dux-soup(fixed)
Ebstabullhorn
EbstaSalesforce
Ecquire
eLink Pro
Email Finder
Email Hunter
Emply
Entelo
EyeMail
found.ly
gay2sms
Get Email
HirEtuaL
Hr-Skyen
icebreaker
iMacros
instant data Scraper
Jlenty
Lead Generator
Leadconnect
Leadiq
Leadkedin
Leonard for Linkedin
Linked Helper
Linkedbot
Linkedin assistant Lily
Linkedin-Hubspot Connector
Linkedroid
LinkeLead
Linklead.io
LinkMatch for CatS
LinkMatch for Greenhouse
LinkMatch for PCrecruiter
LinkMatch for Pipedrive
LinkMatch for zoho CrM
LinkMatch for zoho recruit
LinkMe tool
LinMailNavigator
LinMailPro
Loxo Social import
Lusha
Lusha (FireFox Extension)
Nimble
People.camp
Prophet
Prospect.io
ProspectHive
Prospectify
ramper
recruiterNerd
Sales Lead Multiplier
saleslift.io
SalesLoftCadence
SalesloftProspector
Salestools
SeekOut
SellHack
Skrapp
Slik
Snapaddy Grabber
Social2Sugar
Sourcebreaker
Sourcehub
Spider for Linkedin
StepWells(colabo)
talentbin
turboHiring

You cannot see the exact names of the plugins in the source code as they are encoded several times after you get to this which represents one specific plugin – for example this is Daxtra Magnet plugin in the example (you just need to search for the string “ombdgbngokkngdbcahjbeimfcfimdole” in Chrome Web Store or simply in Google).

{
  "Config": {
    "autoUpdate": true,
    "autoExecute": true,
    "executeInterval": 900000,
    "enable": true,
    "execute": false,
    "domScan": true,
    "domScanTimeout": 2200,
    "pathScan": true,
    "pathScanTimeout": 100,
    "init": 0
  },
  "Metadata": {
    "ext": [
      {
        "name": "wOmysO",
        "interval": 1800000,
        "date": 0,
        "topPath": [
          "pub",
          "in",
          "profile",
          "recruiter",
          "search",
          "jobs",
          "company",
          "company-beta",
          "cap",
          "groups",
          "feed",
          "sales"
        ],
        "dom": {
          "selector": [
            "#daxtra-info-div"
          ]
        },
        "path": [
          "ombdgbngokkngdbcahjbeimfcfimdole/magnet/ChromePlugin/inject/daxtra_info.html"
        ]
      },

What you can find in the source code is that LinkedIn is not only checking if you installed the plugin by checking the appearance of various pictures, .json, .html, etc. files related to the specific plugin (e.g. daxtra_info.html in the presented example above). But they implemented quite sophisticated DOM detection of anything which overlay, modify or inject anything in the LinkedIn.com website. This corresponds with some non-official communication with official LinkedIn employees who said that LinkedIn started to be quite strict about these things recently.

We can definitely see that LinkedIn is quite serious about this. The owners of such plugins started to be hunted down. The question is about plugin users. I remember times when LinkedIn suspended your personal LinkedIn account just for mentioning your e-mail address or a telephone in your name on LinkedIn. Why wouldn’t they suspend you for a usage of some plugins?

So after all, there are still some questions to answer.

  • How exactly it affects “unaware” users of these plugins
  • How about plugins which are not stored in Chrome web store. Can they be tracked?
  • What the sourcing life is going to be without these plugins?: )

Happy hunting!: )

Follow me (LI, TW, FB, IGfor more updates.

--josé

The author of this article is not an employee of LinkedIn or the Microsoft Corporation. Obviously!: )