LinkedIn is scanning your browser extensions: what AI developers need to know
Yesterday, a story hit the top of Hacker News with 1,540 points: LinkedIn is actively scanning your installed browser extensions.
For most developers, the reaction was visceral. Not surprised �� but still unsettled. Because this isn't just about LinkedIn.
The pattern is everywhere
Big Tech products have quietly expanded their data collection to include:
- Browser extension inventories (LinkedIn)
- Clipboard contents (TikTok, caught in 2020)
- Installed app lists (various mobile apps)
- Keystroke patterns (some "productivity" tools)
The AI tools you use every day are no exception.
What this means for your AI coding tools
If you're using a cloud-based AI coding assistant, consider what telemetry it might collect:
✓ Your file contents (to provide context)
✓ Your terminal commands ("for functionality")
✓ Your git history ("for better suggestions")
? Your other installed tools
? Your usage patterns across sessions
? Your error messages and stack traces
The first three are expected and necessary. The last three are increasingly common in enterprise AI tools — and rarely disclosed clearly.
The ANTHROPIC_BASE_URL approach: what stays local
One way to reduce your data exposure is to control where your AI requests go.
Claude Code supports a simple environment variable:
export ANTHROPIC_BASE_URL=https://simplylouie.com
This routes your Claude API calls through a proxy rather than directly to Anthropic. The difference in terms of data:
| Direct to Anthropic | Via proxy |
|---|---|
| Anthropic collects all metadata | Proxy operator controls logging |
| Subject to Anthropic's data policies | Subject to proxy's privacy policy |
| Enterprise tier required for no training | Depends on proxy |
The proxy I use for my own Claude Code setup is SimplyLouie — ✌️2/month flat, no rate limits, and the operator (a solo indie developer) isn't building a surveillance business. The source isn't open but the model is simple: flat fee, no upsells, 50% of revenue to animal rescue.
Checking your AI tool's telemetry
For any AI tool you use, here's a quick audit checklist:
# Check network traffic while using the tool
sudo tcpdump -i any -n host api.example.com
# Check what processes are running
ps aux | grep -i ai
# Check extension permissions in Chrome
chrome://extensions/
For VS Code extensions specifically:
# List all installed extensions
code --list-extensions
# Check extension telemetry settings
cat ~/.config/Code/User/settings.json | grep -i telemetry
You can disable most VS Code telemetry:
{
"telemetry.telemetryLevel": "off",
"extensions.autoCheckUpdates": false
}
The deeper issue: consent vs. disclosure
The LinkedIn story is alarming not because scanning extensions is necessarily malicious — but because it wasn't disclosed.
Developers are used to tools collecting data. We accept it as the cost of free services. But when the scanning happens silently, it crosses from data collection into surveillance.
For AI tools specifically, the stakes are higher:
- Your codebase is confidential
- Your API keys appear in context windows
- Your architecture decisions are visible
- Your debugging sessions reveal vulnerabilities
Any AI tool that phones home more than necessary is a liability — not just a privacy concern.
Practical steps
- Audit your AI tools — check their privacy policies for "telemetry", "analytics", and "usage data" sections
- Use ANTHROPIC_BASE_URL to route Claude calls through a proxy you understand
- Check browser extension permissions — if an extension doesn't need to read all sites, revoke that permission
- Use .claudeignore to keep sensitive files out of Claude Code's context
- Set VS Code telemetry to off — it doesn't affect functionality
# .claudeignore — keep secrets out of context
.env
.env.*
*.pem
*.key
node_modules/
.git/
secrets/
credentials/
The trend won't reverse
LinkedIn won't stop scanning extensions because of bad press — they'll just make the disclosure harder to find.
The AI tools market is moving in the same direction. More data collection, more telemetry, more "usage analytics" that fund the next model training run.
Your best defense is choosing tools where the operator's business model doesn't depend on your data.
For $2/month alternatives to the surveillance-funded AI stack: simplylouie.com
Claude Code users: set ANTHROPIC_BASE_URL=https://simplylouie.com in your shell profile. 7-day free trial, no rate limits.
Top comments (0)