But how is this data accessible to the extension? I ‘m not an expert, but it seems that this data has to publicly available for an extension to find and parse it. Extensions don’t have magic Auth rights or credentials.
Extensions have the same auth rights as your logged-in account (the ability to see people who are out of network, for example). It’s against LinkedIn’s ToS to scrape data.
True, and I accept this is a potentially good legal refutation of this kind of argument. However, I do consider ToS-es untenable and unjust because of this power asymmetry.
If my computing node is interacting with your computing node, we should either both be able to put restrictions on the use of obtainable information or neither.
And they can avoid me storing their data by not offering it to me. Both are rather lazy arguments.
This is besides the fact that many sites (LinkedIn included) aren't very upfront about what exactly they collect. Also, after a certain point, it gets impractical to have to make this decision for each and every site you visit.
Yes, I get that the extension operates within the user's auth realm. But still it should not be able to access data you as a user cannot access. Maybe this is already enough to do damage though.
