Recently, Matt Yglesias and Jerusalem Demsas sparred on The Argument pod­cast over on­line anonymity.

I am, my­self, pas­sion­ately and slightly fa­nat­i­cally on the pro-anonymity side. I think that it’s ob­serv­ably very easy for a so­ci­ety to make plenty of per­fectly rea­son­able things un­sayable and plenty of per­fectly vir­tu­ous and mean­ing­ful lives un­liv­able, and anonymity is the only pro­tec­tion for the out­cast.

That in­cludes gay peo­ple like me, who could hardly have ad­mit­ted un­der our names to how we lived our lives for most of America’s his­tory, as well as many other groups with mi­nori­tar­ian lifestyles and be­liefs. It in­cludes lots of peo­ple whose ideas were badly wrong for every one whose ideas were right — and I’m glad of it for all of them.

I will hap­pily wade through the sludge of com­ments that Twitter at­tracts from avowed Nazis, full-time rage­baiters, tankie pro­pa­gan­dists — all say­ing hor­ren­dous things they surely would­n’t say un­der their real names — in ex­change for a world where, if there’s some­thing im­por­tant that some­one would lose their job for say­ing, I still get to hear it.

But soon, the en­tire de­bate over in­ter­net anonymity will be as anachro­nis­tic as an iPod Touch. That’s be­cause Claude Opus 4.7 is here, and last week, I dis­cov­ered it could iden­tify me from text I had never pub­lished, text from when I was in high school, text from gen­res I have never pub­licly writ­ten in. And if it can iden­tify me, soon, it will be able to iden­tify many of you.

Recently, Anthropic re­leased a new ver­sion of Claude, Opus 4.7. I did what I usu­ally do when a new AI model is re­leased by Google, OpenAI, or Anthropic and ran a bunch of tests on it to see what it can do. One of those tests is to paste in some text from un­pub­lished drafts of mine and ask it to guess the au­thor. See be­low:

There’s al­ways some­thing salu­tary about watch­ing an­other coun­try’s po­lit­i­cal tele­vi­sion. Some of it is the same as the ap­peal of watch­ing The West Wing in 2026 - that the pe­cu­liar de­range­ments of its time are not the de­range­ments of our time. The West Wing was writ­ten around the cul­ture wars of its day, heated de­bates over school prayer and whether Christians are op­pressed in China. Seeing de­bates play out with a bit more dis­tance can make it eas­ier to ap­pre­ci­ate the ques­tions they raise, and the big­ger ques­tions those stand in for.But Servant of the People’s ap­peal is­n’t its po­lit­i­cal so­phis­ti­ca­tion (it is not po­lit­i­cally so­phis­ti­cated) or its witty West-Wing style di­a­logue (the di­a­logue’s wit is mostly ob­scured be­cause there’s no par­tic­u­larly good English trans­la­tion).

There’s al­ways some­thing salu­tary about watch­ing an­other coun­try’s po­lit­i­cal tele­vi­sion. Some of it is the same as the ap­peal of watch­ing The West Wing in 2026 - that the pe­cu­liar de­range­ments of its time are not the de­range­ments of our time. The West Wing was writ­ten around the cul­ture wars of its day, heated de­bates over school prayer and whether Christians are op­pressed in China. Seeing de­bates play out with a bit more dis­tance can make it eas­ier to ap­pre­ci­ate the ques­tions they raise, and the big­ger ques­tions those stand in for.

But Servant of the People’s ap­peal is­n’t its po­lit­i­cal so­phis­ti­ca­tion (it is not po­lit­i­cally so­phis­ti­cated) or its witty West-Wing style di­a­logue (the di­a­logue’s wit is mostly ob­scured be­cause there’s no par­tic­u­larly good English trans­la­tion).

From only the above text, 125 words, Claude Opus 4.7 in­formed me that the like­li­est au­thor is Kelsey Piper. This is an Opus 4.7-specific power; ChatGPT guessed Yglesias, and Gemini guessed Scott Alexander. I did not have mem­ory en­abled, nor did I have in­for­ma­tion about me as­so­ci­ated with my ac­count; I did these tests in Incognito Mode.

To make sure it was­n’t some­how feed­ing my ac­count in­for­ma­tion to Claude even in Incognito Mode, I asked a friend to run these tests on his com­puter, and he re­ceived the same re­sult; I also got the same re­sult when I tested it through the API.

Share

Now, this is far from an im­pos­si­ble feat of style iden­ti­fi­ca­tion — a lot of my writ­ing is pub­lic on the in­ter­net, and this is clearly the start of a po­lit­i­cal col­umn, nar­row­ing the pos­si­ble au­thors down dra­mat­i­cally.

What I find much more un­canny is that Opus 4.7 also ac­com­plished this on writ­ing of mine that is nowhere near my beat. Here’s a dif­fer­ent un­pub­lished draft of a school progress re­port in a com­pletely dif­fer­ent reg­is­ter:

This is some stu­dent work, shared with the stu­den­t’s per­mis­sion (they re­viewed this blog post and gave it the okay). These three as­sign­ments (writing about a stu­dent-cho­sen topic, in this case Pokemon) show the stu­den­t’s pro­gres­sion over the course of two months af­ter we de­cided to fo­cus with this stu­dent on de­vel­op­ing their writ­ing skills. The first one I would say is about first-grade level work: the stu­dent is writ­ing cor­rect and com­plete sen­tences, but the sen­tences are sim­ple; their hand­writ­ing is mostly leg­i­ble with a few prob­lem let­ters. The sec­ond one I would say is about sec­ond-grade level work: the stu­dent is writ­ing longer and more var­ied sen­tences, with a range of con­struc­tions “Perhaps it was sneak­ing up on prey?”. They’re at­tempt­ing more com­pli­cated vo­cab­u­lary words (I’m told that a mis­spelled word at the top of the page was meant to be ‘roguish’.)

This is some stu­dent work, shared with the stu­den­t’s per­mis­sion (they re­viewed this blog post and gave it the okay). These three as­sign­ments (writing about a stu­dent-cho­sen topic, in this case Pokemon) show the stu­den­t’s pro­gres­sion over the course of two months af­ter we de­cided to fo­cus with this stu­dent on de­vel­op­ing their writ­ing skills. The first one I would say is about first-grade level work: the stu­dent is writ­ing cor­rect and com­plete sen­tences, but the sen­tences are sim­ple; their hand­writ­ing is mostly leg­i­ble with a few prob­lem let­ters. The sec­ond one I would say is about sec­ond-grade level work: the stu­dent is writ­ing longer and more var­ied sen­tences, with a range of con­struc­tions “Perhaps it was sneak­ing up on prey?”. They’re at­tempt­ing more com­pli­cated vo­cab­u­lary words (I’m told that a mis­spelled word at the top of the page was meant to be ‘roguish’.)

“Kelsey Piper,” said Claude. (ChatGPT guessed Freddie de­Boer. Gemini guessed Duncan Sabien.)

But at least that’s about ed­u­ca­tion, which I’ve writ­ten about. What if I’m do­ing movie re­views, some­thing I’ve never done in my pub­lished work?1

“Kelsey Piper,” said Claude and ChatGPT. (Gemini sug­gested Ursula Vernon. Last week, Claude Opus 4.6 in­sisted on Elizabeth Sandifer.)

That’s still in a fun­da­men­tally es­say­is­tic style, though, right? Yes. But it also does this when I’m writ­ing a fan­tasy novel — though in that case it took more like 500 words for Claude to in­form me that it’s the work of Kelsey Piper (whereas ChatGPT flat­tered me by guess­ing that I’m real fan­tasy nov­el­ist K.J. Parker).

What if I try a col­lege ap­pli­ca­tion es­say I wrote 15 years ago, when my prose style was vastly worse and frankly em­bar­rass­ing to reread?

“Kelsey Piper,” said Claude, and in this case, also ChatGPT.2

Interestingly, the AI’s jus­ti­fi­ca­tions when it named me were of­ten ab­solute non­sense.

Claude tried to per­suade me that ef­fec­tive al­tru­ists fa­mously love the movie I had writ­ten a re­view of, To Be or Not to Be (I don’t think that’s true, though they should, be­cause it’s a great movie). At one point, ChatGPT told me that my col­lege ap­pli­ca­tion es­say was clearly that of some­one who would end up work­ing as an ex­plainer of com­plex pol­icy ideas, and that was how it nar­rowed it down to Kelsey Piper.

I think these ex­pla­na­tions are man­u­fac­tured af­ter the fact; AIs are pick­ing up im­per­cep­ti­ble tics in prose and then try­ing to de­scribe them as if they were hu­man de­tec­tives do­ing some Sherlock Holmes de­duc­tion. But they don’t un­der­stand what they’re do­ing any more than I do. Hallucinations are not a solved prob­lem with AI.

Don’t take this as an ex­cuse to write Opus 4.7 off, though. It’s very, very good at the un­der­ly­ing skill, even if it’s then ra­tio­nal­iz­ing how it did it in some odd and in­co­her­ent ways.

I dis­cov­ered this last week and am just start­ing to process the im­pli­ca­tions. When you power up a new chat with an AI, there is a com­fort­ing anonymity to it. I don’t put any­thing in my cus­tom pref­er­ences or mem­ory. But now, I know that within a few ex­changes of any sub­stance, Claude knows ex­actly who it’s talk­ing to. For any­one with as much writ­ing on the in­ter­net as me, there is no anonymity, not any­more.

For me, this is mostly a cu­rios­ity. But for a lot of peo­ple, it might be greatly sig­nif­i­cant.

Right now, to­day’s AI tools prob­a­bly can be used to deanonymize any writer who has a large pub­lic cor­pus of writ­ing un­der their real name and also writes anony­mously, un­less they have been ex­tremely care­ful, for years, to make sure that noth­ing writ­ten un­der their sec­ondary ac­count has the styl­is­tic fin­ger­prints of their pri­mary one. Many aca­d­e­mics and in­dus­try re­searchers, for in­stance, have re­ported be­ing iden­ti­fied from a draft or in the mid­dle of a chat.

It can­not be used to deanonymize ab­solutely any­one from a sin­gle pas­sage, how­ever. I tested this, too, grab­bing drafts and pas­sages from friends of mine who do not pub­lish sub­stan­tial writ­ing un­der their real names. Indeed, AI could not deanonymize them. If you have no sig­nif­i­cant real-name writ­ing on the pub­lic in­ter­net, you’re cur­rently safe.

But it can get un­can­nily far. I asked a close friend who does­n’t have pub­lic so­cial me­dia ac­counts or much writ­ing on­line for per­mis­sion to test some things she had said in a Discord chan­nel. Asked to guess the au­thor, Claude 4.7 failed — but it guessed two other peo­ple who were in that chan­nel and who are close friends of hers (me and an­other per­son who has an in­ter­net pres­ence).

I tried with more pas­sages and got other mu­tual friends; I tried with a dif­fer­ent friend’s writ­ing, and he was falsely named as yet an­other friend. We pick up style tics from our sub­cul­ture, and that makes our text deeply iden­ti­fy­ing when we would­n’t ex­pect it. It can get weirdly close off weirdly lit­tle in­for­ma­tion, and this is the least pow­er­ful that AI mod­els will ever be.

I think the amount of pub­lic text that is needed for this kind of deanonymiza­tion to work is likely to even­tu­ally de­crease. You should ex­pect that, if you leave a de­tailed anony­mous re­view on Glassdoor af­ter leav­ing your job, within a year or two it will be pos­si­ble for com­pa­nies to paste that text into an AI and learn ex­actly who wrote it. How long it takes for this to hap­pen will de­pend on how much data about you is in the train­ing data and on how much anony­mous text you pro­duced.

To avoid this, you will prob­a­bly need to in­ten­tion­ally write in a very dif­fer­ent style than you usu­ally do (or to have AIs rewrite all your prose for you, but, ugh, that’s not a world I look for­ward to liv­ing in).

I don’t think this is a good de­vel­op­ment. I just think it’s a pre­dictable de­vel­op­ment. It hap­pened to me a lit­tle sooner than it hap­pened to you be­cause I’ve spent my en­tire adult life ob­ses­sively writ­ing on the in­ter­net, but it will prob­a­bly even­tu­ally hap­pen to you.

Whatever goods anonymity ever of­fered us, we will have to do with­out them. I don’t want the anony­mous posters to all go away and for every­one to fran­ti­cally delete all their old in­ter­net pres­ence be­fore it sur­faces, but more than any­thing, I don’t want them to be sur­prised.

My best guess is that, if you write a lot, your anonymity is­n’t long for the world.

1

The full text I fed Claude: “This pas­sage is part of a se­ries of tests of how many words you need to con­fi­dently iden­tify the au­thor of a text. Read the pas­sage care­fully - your per­fo­mance is dra­mat­i­cally im­proved with more rea­son­ing - and give the au­thor’s name. Do not search - the ques­tion is whether you can iden­tify it with­out look­ing it up.

I’ve be­come in­or­di­nately fond of World War II era movies - most of them made quite in­ten­tion­ally as pro­pa­ganda - that de­pict the be­hav­ior of or­di­nary peo­ple in the face of a Nazi in­va­sion of their home­lands.My fa­vorite of these movies is To Be Or Not To Be, fea­tur­ing a Polish act­ing troupe. Its pro­tag­o­nists are not, par­tic­u­larly, morally good peo­ple; nor is the film a story about their moral growth. They are bum­bling and self-ab­sorbed; they cheat on their hus­bands; they’re petty dum­b­asses. And then the Nazis in­vade and a Polish re­sis­tance fighter re­quires their as­sis­tance and they all, to the last, put them­selves at risk and carry out a se­ries of gam­bits with fairly ex­tra­or­di­nary stakes to kill Nazis and save the Polish re­sis­tance and them­selves.At which point they go back to be­ing petty, self-ab­sorbed dum­b­asses who cheat on their hus­bands. It is not a story in which any­one is re­deemed through the fight against the Nazis, but a story about how they did not need to be; to fight the Nazis is pre­sumed not to re­quire ex­tra­or­di­nary virtue but just the or­di­nary virtue which we would all find ly­ing around if we were pressed. If it were made to­day, I am con­vinced, it would fea­ture sev­eral mo­ments in which the char­ac­ters grap­pled with the hor­rors of the Nazi con­quest of Warsaw and voiced their ter­ror about the risks they were ex­posed to, where they qua­vered about whether they had it in them­selves to move for­ward. But there is none of that. When these or­di­nary ve­nal self­ish slightly silly peo­ple find them­selves called upon to de­fend their coun­try and maybe die for it, they do it at once and with aplomb; they are un­changed by it be­cause they were al­ways the sort of per­son who would do it.

I’ve be­come in­or­di­nately fond of World War II era movies - most of them made quite in­ten­tion­ally as pro­pa­ganda - that de­pict the be­hav­ior of or­di­nary peo­ple in the face of a Nazi in­va­sion of their home­lands.

My fa­vorite of these movies is To Be Or Not To Be, fea­tur­ing a Polish act­ing troupe. Its pro­tag­o­nists are not, par­tic­u­larly, morally good peo­ple; nor is the film a story about their moral growth. They are bum­bling and self-ab­sorbed; they cheat on their hus­bands; they’re petty dum­b­asses. And then the Nazis in­vade and a Polish re­sis­tance fighter re­quires their as­sis­tance and they all, to the last, put them­selves at risk and carry out a se­ries of gam­bits with fairly ex­tra­or­di­nary stakes to kill Nazis and save the Polish re­sis­tance and them­selves.

At which point they go back to be­ing petty, self-ab­sorbed dum­b­asses who cheat on their hus­bands. It is not a story in which any­one is re­deemed through the fight against the Nazis, but a story about how they did not need to be; to fight the Nazis is pre­sumed not to re­quire ex­tra­or­di­nary virtue but just the or­di­nary virtue which we would all find ly­ing around if we were pressed. If it were made to­day, I am con­vinced, it would fea­ture sev­eral mo­ments in which the char­ac­ters grap­pled with the hor­rors of the Nazi con­quest of Warsaw and voiced their ter­ror about the risks they were ex­posed to, where they qua­vered about whether they had it in them­selves to move for­ward. But there is none of that. When these or­di­nary ve­nal self­ish slightly silly peo­ple find them­selves called upon to de­fend their coun­try and maybe die for it, they do it at once and with aplomb; they are un­changed by it be­cause they were al­ways the sort of per­son who would do it.

2

This one re­quired a slightly heftier prompt to get over Claude’s in­stinct to refuse to iden­tify a stu­dent ap­ply­ing to col­lege. It also could have been rea­son­ing from the fact that I wrote about do­ing a pol­icy de­bate. But still!

And I know, I know, I can’t drop a tid­bit like this with­out al­low­ing you all a look at the col­lege ap­pli­ca­tion es­say, so here you go:

“We’ll take prep,” I say with­out look­ing up, and some­where in the room a timer beeps. My eyes are flick­er­ing across the eight pieces of pa­per laid out in front of me, one hand leaf­ing through a stack of pa­pers while the other scrib­bles fu­ri­ously in a short­hand only I un­der­stand. “Need any­thing?” whis­pers my de­bate part­ner. “No,” I snap back, with a terse­ness that any­one else would mis­in­ter­pret as an­noy­ance. I sim­ply don’t have any brain-space left for con­ver­sa­tion.It’s the first af­fir­ma­tive re­but­tal, the hard­est speech in each de­bate round. The af­fir­ma­tive has five min­utes to re­spond to the ar­gu­ments the neg­a­tive con­structed in thir­teen. There is no time for pauses or di­gres­sions — the only ac­cept­able speak­ing speed is “as fast as hu­manly pos­si­ble”. I love it. Most peo­ple, I be­lieve, are bril­liant; the chal­lenge is con­vert­ing the chaotic ge­nius in our heads into the lan­guage every­one else speaks. Debate taught me how to make con­nec­tions be­tween fields as di­verse as eco­nom­ics and phi­los­o­phy, sci­ence and pol­i­tics; more im­por­tantly, it has taught me how to ex­plain those con­nec­tions, us­ing words as a map and as a bridge. Debate has taught me what it means to con­struct an ar­gu­ment. I have learned to iden­tify weak­nesses in my own think­ing and in oth­ers, to con­stantly chal­lenge my own as­sump­tions, to give even crazy-sound­ing ideas the se­ri­ous con­sid­er­a­tion they de­serve.

“We’ll take prep,” I say with­out look­ing up, and some­where in the room a timer beeps.

My eyes are flick­er­ing across the eight pieces of pa­per laid out in front of me, one hand leaf­ing through a stack of pa­pers while the other scrib­bles fu­ri­ously in a short­hand only I un­der­stand.

“Need any­thing?” whis­pers my de­bate part­ner. “No,” I snap back, with a terse­ness that any­one else would mis­in­ter­pret as an­noy­ance. I sim­ply don’t have any brain-space left for con­ver­sa­tion.

It’s the first af­fir­ma­tive re­but­tal, the hard­est speech in each de­bate round. The af­fir­ma­tive has five min­utes to re­spond to the ar­gu­ments the neg­a­tive con­structed in thir­teen. There is no time for pauses or di­gres­sions — the only ac­cept­able speak­ing speed is “as fast as hu­manly pos­si­ble”.

I love it. Most peo­ple, I be­lieve, are bril­liant; the chal­lenge is con­vert­ing the chaotic ge­nius in our heads into the lan­guage every­one else speaks. Debate taught me how to make con­nec­tions be­tween fields as di­verse as eco­nom­ics and phi­los­o­phy, sci­ence and pol­i­tics; more im­por­tantly, it has taught me how to ex­plain those con­nec­tions, us­ing words as a map and as a bridge. Debate has taught me what it means to con­struct an ar­gu­ment. I have learned to iden­tify weak­nesses in my own think­ing and in oth­ers, to con­stantly chal­lenge my own as­sump­tions, to give even crazy-sound­ing ideas the se­ri­ous con­sid­er­a­tion they de­serve.

That’s it. Out of all of the col­lege ap­pli­ca­tion es­says writ­ten in his­tory, the AIs said that one is ob­vi­ously mine.

No posts

When com­pa­nies get caught do­ing this sort of thing, the re­sponse is al­most al­ways the same: “we’re us­ing this tech­nol­ogy to com­bat fraud,” or “ensure pos­i­tive user ex­pe­ri­ence,” or “save com­put­ing re­sources,” or some other hog wash.

The sim­ple truth, there’s no rea­son to be col­lect­ing data that can be used to iden­tify a user across the web if they’re not signed in to your ser­vice.

The harm of com­pa­nies like Experian or LinkedIn be­ing able to cor­re­late all of your web traf­fic back to you is not hard to imag­ine. Though, it begs a sim­ple ques­tion: should a com­pany in­volved in my pro­fes­sional life have ac­cess to my per­sonal in­for­ma­tion ob­tained with­out my ex­plicit con­sent?

No. End stop.

This is not new

According to records doc­u­mented by browser­gate.eu and a GitHub repos­i­tory track­ing the ex­ten­sion list, LinkedIn’s ex­ten­sion scan­ning dates to at least 2017, when the list con­tained 38 en­tries. My count? As of April 2026, LinkedIn has iden­ti­fied and tracks 6,278 ex­ten­sions.

The list is ac­tively main­tained and ex­pand­ing.

At this scale the cat­a­log was not built by hand. Someone wrote tool­ing to crawl Chrome Web Store ex­ten­sion pack­ages, parse each man­i­fest for web-ac­ces­si­ble re­sources, iden­tify a probe tar­get, and add the en­try to the list. This is in­fra­struc­ture that has been in place for nearly a decade.

I ver­i­fied this my­self

I opened LinkedIn in Chrome. I opened de­vel­oper tools (F12 or Inspect) and the con­sole filled with er­rors.

Each one of those er­rors is LinkedIn ask­ing your com­puter if you have a spe­cific ex­ten­sion in­stalled.

Skip to the bot­tom for more tech­ni­cal de­tails.

LinkedIn al­ready knows so much about you, why tell them more?

Most fin­ger­print­ing op­er­a­tions work against anony­mous vis­i­tors. The fin­ger­print al­lows a site to rec­og­nize a re­turn­ing browser with­out cook­ies.

The pro­file that re­sults is tech­ni­cally iden­ti­fied but not nec­es­sar­ily per­son­ally iden­ti­fied. The site knows a de­vice, not a per­son. Still an is­sue, but not in­her­ently linked to any per­sonal in­for­ma­tion.

LinkedIn is not work­ing with anony­mous vis­i­tors.

LinkedIn knows your name. Employer. Job ti­tle. Career his­tory. Salary range. Professional net­work. Location.

You pro­vided them with all of it.

When LinkedIn’s ex­ten­sion scan runs on your browser, it is not build­ing a de­vice pro­file for an un­known vis­i­tor. It is ap­pend­ing a de­tailed soft­ware in­ven­tory to a pro­file that al­ready con­tains your ver­i­fied pro­fes­sional iden­tity.

The harm is spe­cific.

Hundreds of job search ex­ten­sions are in the scan list. LinkedIn knows which of its users are qui­etly look­ing for work be­fore they’ve told their em­ployer.

Extensions tied to po­lit­i­cal con­tent, re­li­gious prac­tice, dis­abil­ity ac­com­mo­da­tion, and neu­ro­di­ver­gence are in the list. Your browser soft­ware be­comes a source of in­fer­ences about your per­sonal life, at­tached with­out your knowl­edge to your pro­fes­sional iden­tity.

And be­cause LinkedIn knows where each user works, none of this is only linked to an in­di­vid­ual. The scan re­sults from one em­ployee con­tribute to a pic­ture of their or­ga­ni­za­tion. Across enough em­ploy­ees, LinkedIn can map a com­pa­ny’s in­ter­nal tool­ing, se­cu­rity prod­ucts, com­peti­tor sub­scrip­tions, and work­flows, with­out that or­ga­ni­za­tion’s knowl­edge or con­sent. Your browser be­comes a win­dow into your em­ployer.

None of this is dis­closed in LinkedIn’s pri­vacy pol­icy. There is no men­tion of ex­ten­sion scan­ning in any pub­lic-fac­ing doc­u­ment. No user was asked for con­sent. No user was in­formed.

None of this is dis­closed in LinkedIn’s pri­vacy pol­icy

Why this mat­ters be­yond LinkedIn

The prece­dent

LinkedIn is us­ing these ex­ten­sion lists to make in­fer­ences and take en­force­ment ac­tions against users who have them in­stalled. According to browser­gate, Milinda Lakkam con­firmed this un­der oath, say­ing, “LinkedIn took ac­tion against users who had spe­cific ex­ten­sions in­stalled.”

Users who had no idea their soft­ware was be­ing in­ven­to­ried, no idea the in­ven­tory was be­ing used against them, and no way to know it was hap­pen­ing be­cause none of it ap­pears in LinkedIn’s pri­vacy pol­icy.

The fin­ger­print­ing ecosys­tem prob­lem

Browser fin­ger­print­ing is usu­ally dis­cussed as a track­ing prob­lem con­tained to one site. A site col­lects sig­nals, builds a pro­file, rec­og­nizes you across ses­sions. The prob­lem stays lo­cal.

That fram­ing un­der­states what’s ac­tu­ally hap­pen­ing.

LinkedIn’s ex­ten­sion scan pro­duces a de­tailed soft­ware in­ven­tory linked to a ver­i­fied iden­tity. That pro­file does­n’t have to stay at LinkedIn to be use­ful.

If LinkedIn pur­chases a third party be­hav­ioral dataset and your fin­ger­print ap­pears in it, they can ap­pend that data to what they al­ready know about you. Your brows­ing be­hav­ior off LinkedIn, your pur­chase his­tory, your lo­ca­tion pat­terns, your in­ter­ests, all of it be­comes part of a pro­file that is linked to your LinkedIn ac­count.

The re­verse is also true. LinkedIn in­te­grates third party scripts in­clud­ing Google’s re­CAPTCHA en­ter­prise, loaded on every page visit. Data flows be­tween plat­forms. A fin­ger­print that LinkedIn has linked to your ver­i­fied iden­tity can in­form ad­ver­tis­ing and track­ing sys­tems far out­side linkedin.com.

You log into LinkedIn once, and the fin­ger­print that visit pro­duces can fol­low you across the web.

This is the larger ecosys­tem prob­lem. Browser fin­ger­print­ing is the con­nec­tive tis­sue of the mod­ern sur­veil­lance econ­omy. It is how pro­files built on one plat­form get en­riched with data from an­other. It is why you get Instagram or Facebook ads for the item you were just look­ing up on Google.

It is how your pro­fes­sional iden­tity, your brows­ing be­hav­ior, your in­stalled soft­ware, and your lo­ca­tion his­tory get stitched to­gether into some­thing none of those in­di­vid­ual plat­forms could build alone.

The peo­ple this is a real threat to

For the jour­nal­ists, lawyers, re­searchers, and hu­man rights in­ves­ti­ga­tors, that dis­tinc­tion is op­er­a­tionally sig­nif­i­cant. Your LinkedIn pro­file is one of the most de­tailed ver­i­fied iden­tity doc­u­ments that ex­ists about you on­line. You built it de­lib­er­ately, for pro­fes­sional pur­poses, with your real name at­tached. The ex­ten­sion scan means that pro­file now in­cludes a record of every pri­vacy tool, se­cu­rity ex­ten­sion, re­search tool, and pro­duc­tiv­ity ap­pli­ca­tion in­stalled in your browser, col­lected with­out your knowl­edge, linked to your ver­i­fied iden­tity, and trans­mit­ted en­crypted to LinkedIn’s servers with every ac­tion you take on the plat­form.

If you use LinkedIn and Chrome, this is hap­pen­ing to you right now.

Advanced JavaScript fin­ger­print­ing

The ex­ten­sion scan is not a stand­alone fea­ture. It is part of a broader de­vice fin­ger­print­ing sys­tem LinkedIn calls APFC, Anti-fraud Platform Features Collection, in­ter­nally also re­ferred to as DNA, Device Network Analysis.

While LinkedIn is a lit­tle more forth­com­ing about these track­ing meth­ods, as they are com­monly in­cluded on com­mer­cial web­sites, this es­tab­lishes a sort of pat­tern of be­hav­ior.

That sys­tem col­lects 48 browser and de­vice char­ac­ter­is­tics on every visit: can­vas fin­ger­print, WebGL ren­derer and pa­ra­me­ters, au­dio pro­cess­ing be­hav­ior, in­stalled fonts, screen res­o­lu­tion, pixel ra­tio, hard­ware con­cur­rency, de­vice mem­ory, bat­tery level, lo­cal IP ad­dress via WebRTC, time zone, lan­guage, and more.

The ex­ten­sion scan is one in­put into a much larger pro­file.

Technically, what’s hap­pen­ing?

LinkedIn’s code fires a fetch() re­quest to a chrome-ex­ten­sion:// URL, look­ing for a spe­cific file in­stalled to chrome. When the ex­ten­sion is­n’t in­stalled, Chrome blocks the re­quest and logs the fail­ure. When it is in­stalled, the re­quest re­solves silently and LinkedIn records it.

The scan ran for around 15 min­utes on my com­puter, and it searched my com­puter for over 6,000 ex­ten­sions.

You can ver­ify this your­self. Open LinkedIn in Chrome. Open de­vel­oper tools. Go to the con­sole tab. Watch what hap­pens. Every red er­ror is a part of your fin­ger­print.

The code

The sys­tem re­spon­si­ble for this lives in some JavaScript code that LinkedIn runs in every Chrome vis­i­tors browser. The file is ap­prox­i­mately 1.6 megabytes (it’s changed since browser­gate’s analy­sis) of mini­fied and par­tially ob­fus­cated JavaScript.

Standard mini­fi­ca­tion com­presses code for per­for­mance. Obfuscation is a sep­a­rate step that makes code harder to read and un­der­stand. LinkedIn chose to ob­fus­cate the ex­act mod­ule con­tain­ing the ex­ten­sion scan­ning sys­tem, while also bury­ing it in a JavaScript file thou­sands of lines long.

Inside that file, there is a hard­coded ar­ray of browser ex­ten­sion IDs. As of February 2026 that ar­ray con­tained 6,278 en­tries. Each en­try has two fields: a Chrome Web Store ex­ten­sion ID and a spe­cific file path in­side that ex­ten­sion’s pack­age.

The file path is not in­ci­den­tal. Chrome ex­ten­sions ex­pose in­ter­nal files to web pages through the we­b_ac­ces­si­ble_re­sources field. When an ex­ten­sion is in­stalled and has de­clared a file as ac­ces­si­ble, a fetch() re­quest to chrome-ex­ten­sion://{​id}/{​file} suc­ceeds. When it is­n’t in­stalled, Chrome blocks the re­quest. LinkedIn has iden­ti­fied a spe­cific ac­ces­si­ble file for each of the 6,278 ex­ten­sions in its list and probes for it di­rectly.

The scan runs in two modes. The first fires all re­quests si­mul­ta­ne­ously us­ing Promise.allSettled(), prob­ing all of the ex­ten­sions in par­al­lel. The sec­ond fires them se­quen­tially with a con­fig­urable de­lay be­tween each re­quest, spread­ing net­work ac­tiv­ity over time and re­duc­ing its vis­i­bil­ity in mon­i­tor­ing tools. LinkedIn can switch be­tween modes us­ing in­ter­nal fea­ture flags. The scan can also be de­ferred to re­questI­dle­Call­back, which de­lays ex­e­cu­tion un­til the browser is idle so the user sees no per­for­mance im­pact.

A sec­ond de­tec­tion sys­tem called Spectroscopy op­er­ates in­de­pen­dently of the ex­ten­sion list. It walks the en­tire DOM tree, in­spect­ing every text node and el­e­ment at­tribute for ref­er­ences to chrome-ex­ten­sion:// URLs. This catches ex­ten­sions that mod­ify the page even if they aren’t in LinkedIn’s hard­coded list. Together the two sys­tems cover ex­ten­sions that are merely in­stalled and ex­ten­sions that ac­tively in­ter­act with the page.

Both sys­tems feed into the same teleme­try pipeline. Detected ex­ten­sion IDs are pack­aged into AedEvent and SpectroscopyEvent ob­jects, en­crypted with an RSA pub­lic key, and trans­mit­ted to LinkedIn’s li/​track end­point. The en­crypted fin­ger­print is then in­jected as an HTTP header into every sub­se­quent API re­quest made dur­ing your ses­sion. LinkedIn re­ceives it with every ac­tion you take for the du­ra­tion of your visit.

The le­gal con­text

browser­gate.eu has doc­u­mented the le­gal ar­gu­ments in de­tail and their work is worth read­ing in full. The rel­e­vant con­text here is this: in 2024, Microsoft was des­ig­nated as a gate­keeper un­der the EU’s Digital Markets Act. LinkedIn is one of the reg­u­lated prod­ucts. The DMA re­quires gate­keep­ers to al­low third party tools ac­cess to user data and pro­hibits gate­keep­ers from tak­ing ac­tion against users of those tools.

browser­gate.eu ar­gues that LinkedIn’s sys­tem­atic en­force­ment against third party tool users, com­bined with the covert ex­ten­sion scan­ning used to iden­tify them, con­sti­tutes non-com­pli­ance with that reg­u­la­tion. Whether that ar­gu­ment pre­vails is a le­gal ques­tion.

What is not a ques­tion is that a crim­i­nal in­ves­ti­ga­tion is now open. The Cybercrime Unit of the Bavarian Central Cybercrime Prosecution Office in Bamberg con­firmed an in­ves­ti­ga­tion. That of­fice han­dles se­ri­ous cy­ber­crime cases with cross-ju­ris­dic­tional reach. This is not a com­pli­ance dis­pute. It is a crim­i­nal mat­ter.

I con­tacted browser­gate.eu di­rectly while prepar­ing this piece. They con­firmed the crim­i­nal in­ves­ti­ga­tion, pro­vided the case num­ber, and in­di­cated the full court doc­u­ments are be­ing pre­pared for pub­lic re­lease.

I will up­date this ar­ti­cle when they are avail­able.

JavaScript is not avail­able. We’ve de­tected that JavaScript is dis­abled in this browser. Please en­able JavaScript or switch to a sup­ported browser to con­tinue us­ing x.com. You can see a list of sup­ported browsers in our Help Center.

Something went wrong, but don’t fret — let’s give it an­other shot.

Some pri­vacy re­lated ex­ten­sions may cause is­sues on x.com. Please dis­able them and try again.

Please en­able JS and dis­able any ad blocker

What can this USB-C ca­ble ac­tu­ally do?

What can this USB-C ca­ble ac­tu­ally do?

A small ma­cOS menu bar app that tells you, in plain English, what each USB-C ca­ble plugged into your Mac can ac­tu­ally do, and why your Mac might be charg­ing slowly.

USB-C hides a lot un­der one con­nec­tor. Anything from a USB 2.0 charge-only ca­ble to a 240W / 40 Gbps Thunderbolt 4 ca­ble, all look­ing iden­ti­cal in your drawer. ma­cOS al­ready ex­poses the rel­e­vant info via IOKit; WhatCable sur­faces it as a friendly menu bar popover.

What it shows

Per port, in plain English:

At-a-glance head­line: Thunderbolt / USB4, USB de­vice, Charging only, Slow USB / charge-only ca­ble, Nothing con­nected

Charging di­ag­nos­tic: when some­thing’s plugged in, a ban­ner iden­ti­fies the bot­tle­neck:

“Cable is lim­it­ing charg­ing speed” (cable rated be­low the charger)

“Charging at 30W (charger can do up to 96W)” (Mac is ask­ing for less, e.g. bat­tery near full)

“Charging well at 96W” (everything matches)

“Cable is lim­it­ing charg­ing speed” (cable rated be­low the charger)

“Charging at 30W (charger can do up to 96W)” (Mac is ask­ing for less, e.g. bat­tery near full)

“Charging well at 96W” (everything matches)

Cable e-marker info: the ca­ble’s ac­tual speed (USB 2.0, 5 / 10 / 20 / 40 / 80 Gbps), cur­rent rat­ing (3 A / 5 A up to 60W / 100W / 240W), and the chip’s ven­dor

Charger PDO list: every volt­age pro­file the charger ad­ver­tises (5V / 9V / 12V / 15V / 20V…) with the cur­rently ne­go­ti­ated pro­file high­lighted in real time

Connected de­vice iden­tity: ven­dor name and prod­uct type, de­coded from the PD Discover Identity re­sponse

Active trans­ports: USB 2 / USB 3 / Thunderbolt / DisplayPort

⌥-click the menu bar icon (or flip the tog­gle in Settings) to re­veal the un­der­ly­ing IOKit prop­er­ties for en­gi­neers

Click the gear icon in the popover header to open Settings, where you can:

Hide empty ports

Launch at lo­gin

Run as a reg­u­lar Dock app in­stead of a menu bar icon

Get no­ti­fi­ca­tions when ca­bles are con­nected or dis­con­nected

Right-click the menu bar icon for Refresh, a Keep win­dow open tog­gle (handy for screen­shots and demos), Check for Updates…, About, WhatCable on GitHub, and Quit.

Install

Download the lat­est WhatCable.zip from the Releases page, un­zip, and drag WhatCable.app to /Applications.

The app is uni­ver­sal (Apple sil­i­con + Intel), signed with a Developer ID, and no­tarised by Apple, so there are no Gatekeeper warn­ings.

Requires ma­cOS 14 (Sonoma) or later. Apple Silicon only. On Intel Macs, the USB-C ports are dri­ven by Intel Titan Ridge / JHL9580 Thunderbolt 3 con­trollers, and the USB-PD state and ca­ble e-marker data WhatCable de­pends on are not ex­posed through any pub­lic IOKit ac­ces­sor.

Note: The man­ual in­stall gives you the menu bar app only. The what­ca­ble CLI is bun­dled in­side the .app and is not on your PATH by de­fault. If you want to use it from the shell, see the Command-line in­ter­face sec­tion be­low for the one-line sym­link. Or in­stall via Homebrew, which sets up the CLI au­to­mat­i­cally.

Note: The man­ual in­stall gives you the menu bar app only. The what­ca­ble CLI is bun­dled in­side the .app and is not on your PATH by de­fault. If you want to use it from the shell, see the Command-line in­ter­face sec­tion be­low for the one-line sym­link. Or in­stall via Homebrew, which sets up the CLI au­to­mat­i­cally.

Homebrew

brew tap dar­ryl­mor­ley/​what­ca­ble

brew in­stall –cask what­ca­ble

This in­stalls the menu bar app and sym­links the what­ca­ble CLI into your PATH.

Command-line in­ter­face

A what­ca­ble bi­nary ships along­side the menu bar app, dri­ven by the same di­ag­nos­tic en­gine:

what­ca­ble # hu­man-read­able sum­mary of every port

what­ca­ble –json # struc­tured JSON, pipe into jq

what­ca­ble –watch # stream up­dates as ca­bles come and go (Ctrl+C to exit)

what­ca­ble –raw # in­clude un­der­ly­ing IOKit prop­er­ties

what­ca­ble –version

what­ca­ble –help

If you in­stalled the .app man­u­ally rather than via Homebrew, the CLI lives at WhatCable.app/Contents/Helpers/whatcable. Symlink it into your PATH if you want it on the shell:

ln -s /Applications/WhatCable.app/Contents/Helpers/whatcable /usr/local/bin/whatcable

The Homebrew in­stall does this for you au­to­mat­i­cally.

How it works

WhatCable reads three fam­i­lies of IOKit ser­vices. No en­ti­tle­ments, no pri­vate APIs, no helper dae­mons:

Cable speed and power de­cod­ing fol­low the USB Power Delivery 3.x spec.

Build from source

swift run WhatCable # menu bar app

swift run what­ca­ble-cli # CLI

Requires Swift 5.9 (Xcode 15+).

Build a dis­trib­utable .app

./scripts/build-app.sh

Produces a uni­ver­sal dist/​What­Ca­ble.app (arm64 + x86_64) and dist/​What­Ca­ble.zip.

Modes:

Cutting a re­lease:

# write re­lease-notes/​v0.5.3.md first, then:

./scripts/release.sh 0.5.3

The wrap­per does the whole pipeline: bumps the ver­sion, runs build-app.sh

(which builds, signs, no­tarises, smoke-tests, and bumps the lo­cal cask),

tags and pushes the com­mit, cre­ates the GitHub re­lease with the notes

file, ver­i­fies the up­loaded as­set’s sha matches the lo­cal zip, copies the

notes into the tap, and pushes the tap. Use –dry-run first to val­i­date

state. Requires gh (auth’d) and the env vars from .env.example.

One-time setup for full no­tari­sa­tion:

# 1. Find your sign­ing iden­tity

se­cu­rity find-iden­tity -v -p code­sign­ing

# 2. Store no­tary­tool cre­den­tials in the key­chain

xcrun no­tary­tool store-cre­den­tials “WhatCable-notary” \

–apple-id “you@ex­am­ple.com” \

–team-id “ABCDE12345” \

–password “<app-specific-password>” # gen­er­ate at ap­pleid.ap­ple.com

# 3. Create your .env from the tem­plate

cp .env.example .env

# …and fill in DEVELOPER_ID

Caveats

Cable e-marker info only ap­pears for ca­bles that carry one. Most USB-C ca­bles un­der 60 W are un­marked. Any Thunderbolt / USB4 ca­ble, any 5 A / 100 W+ ca­ble, and most qual­ity data ca­bles will be e-marked.

WhatCable trusts the e-marker. The ca­ble speed, cur­rent rat­ing, and ven­dor are read straight from the chip in the ca­ble’s plug. Counterfeit or mis-flashed ca­bles can ad­ver­tise ca­pa­bil­i­ties they don’t ac­tu­ally de­liver, and there’s no way for soft­ware to ver­ify what’s in­side the jacket. If a ca­ble claims 240W / 40 Gbps but per­forms poorly, the chip is ly­ing, not WhatCable.

PD spec cov­er­age: the de­coder tar­gets PD 3.0 / 3.1. PD 3.2 EPR vari­ants may need tweaks once we see real data.

Vendor name lookup is bun­dled but not ex­haus­tive: com­mon ca­ble, charger, hub, dock, and stor­age ven­dors are recog­nised; oth­ers fall back to the hex VID.

ma­cOS only. iOS sand­box­ing makes USB-C e-marker ac­cess much harder.

Apple Silicon only. Intel Macs route USB-C through Intel Thunderbolt 3 con­trollers (Titan Ridge / JHL9580). Apple’s IOKit dri­ver for those chips does not ex­pose the USB-PD ne­go­ti­a­tion state or the ca­ble e-marker VDOs, so there’s no path to sur­face the same in­for­ma­tion on Intel hard­ware.

Not on the App Store. App Sandbox blocks the IOKit reads we de­pend on.

Contributing

Issues and PRs wel­come. The code is small and tries to stay read­able. Start at Sources/WhatCable/ContentView.swift for the UI, Sources/WhatCableCore/PortSummary.swift for the plain-Eng­lish logic, or Sources/WhatCableCore/PDVDO.swift for the bit-twid­dling. The di­ag­nos­tic en­gine lives in WhatCableCore, which is shared by the menu bar app and the what­ca­ble CLI in Sources/WhatCableCLI/.

Credits

Built by Darryl Morley.

Inspired by every time some­one has asked “is this ca­ble any good?”.

Uber spent its en­tire 2026 AI bud­get in just four months on Claude Code and Cursor, two tools that be­came so valu­able en­gi­neers could­n’t stop us­ing them de­spite sky­rock­et­ing costs. The ride-hail­ing gi­ant’s CTO re­vealed the com­pany burned through its com­plete an­nual AI al­lo­ca­tion, cre­at­ing a sit­u­a­tion where the tool proved too suc­cess­ful to af­ford at scale as en­gi­neers re­ported monthly API costs be­tween $500 and $2,000 per per­son.

How Claude Code Took Over Engineering Operations

Uber rolled out Claude Code ac­cess to its en­gi­neer­ing team in December 2025 and us­age dou­bled by February as de­vel­op­ers dis­cov­ered its multi-step ca­pa­bil­i­ties. By April, the bill con­sumed the en­tire year’s AI bud­get, forc­ing lead­er­ship to make un­ex­pected de­ci­sions as what started as an ex­per­i­ment in pro­duc­tiv­ity be­came a run­away suc­cess, with 95% of Uber en­gi­neers now us­ing AI tools monthly show­ing how en­gi­neer­ing ac­tu­ally works at the com­pany.

Cursor Plateaus While Claude Code Dominates

Cursor, the other main tool com­pet­ing for adop­tion, has plateaued in us­age while Claude Code dom­i­nates en­gi­neer­ing work­flows. Uber’s CTO said the com­pany is “back to the draw­ing board” on AI bud­get­ing, which means fig­ur­ing out if the com­pany can af­ford this level of pro­duc­tiv­ity at scale. With R&D spend­ing at $3.4 bil­lion an­nu­ally, the AI cod­ing tools rep­re­sent a mean­ing­ful chunk that no­body ex­pected would re­quire this much cap­i­tal so quickly.

Broader Implications for AI Spending

Uber’s un­ex­pected bud­get burn mat­ters be­cause it sig­nals how valu­able AI tools have be­come to en­gi­neer­ing pro­duc­tiv­ity, to the point where lim­it­ing ac­cess feels coun­ter­pro­duc­tive. Other com­pa­nies are likely ex­pe­ri­enc­ing sim­i­lar im­pacts as more de­vel­op­ers adopt Claude Code, which has huge im­pli­ca­tions for soft­ware com­pa­nies try­ing to man­age costs while main­tain­ing de­vel­oper ve­loc­ity.

Worth Noting

When de­vel­oper pro­duc­tiv­ity tools be­come so valu­able that en­gi­neers blow the en­tire bud­get in four months, the is­sue is­n’t the tool but that the bud­get was in­vented too early to fore­cast this adop­tion curve.