Yes, Android is open source. But the thing is, Google’s clampdown on sideloading isn’t just about the OS code itself. It’s really about controlling the whole app ecosystem and making it harder for people to install apps outside of Google’s own channels.

Sure, folks can fork Android and make their own versions — that’s been happening for years with projects like LineageOS. But the tricky part is keeping all the apps working smoothly without Google’s proprietary stuff like Play Services. Without that, a lot of apps just don’t behave right, and the user experience takes a hit.

So basically, just having Android’s code open isn’t enough to keep it truly open and easy to use. The real control is in the ecosystem around it, and that’s what Google’s tightening grip is all about.

Thanks for the feedback. You’re right, it’s really just scanning for known extension IDs, not poking around your entire computer. Saying “computer scan” might sound a bit dramatic, but the privacy risk is still pretty serious given what info they can guess from those extensions.

About the home lab and network side — I get that LinkedIn isn’t scanning your whole network or anything. What I meant is more about how you can block or filter those sneaky requests at the network level, like with DNS blocking or firewall rules, so they never even get sent out. It’s not a classic home lab threat, but if you’re running your own DNS or network filters, it’s a handy extra layer to keep things tighter.

Sure, switching browsers or faking your user agent works too, but not everyone wants to give up Chromium or LinkedIn completely. That’s why I mentioned a few different ways to protect yourself.

Appreciate the note on wording — I just wanted to show why this isn’t just some minor browser oddity and why it’s worth thinking about from a privacy and network defence angle.

Spot on. If you can see a user has certain VPN clients, IDEs, or specific advocacy tools installed, you’ve essentially built a psychological profile of an employee’s home environment without them ever clicking ‘Accept’. It’s a massive GDPR Article 9 violation (Special Category data) hidden in plain sight.

Mostly, yes. Firefox doesn’t use the specific Chromium internal resource API that LinkedIn is exploiting for this. However, since the script relies on hidden GET requests, I still recommend Multi-Account Containers to isolate LinkedIn entirely, plus a custom uBlock Origin filter just to be sure.

I get it. I spend more time in the CLI than writing, so I’ve been using tools to help structure my posts. Clearly, that ‘polished’ look just comes across as robotic slop here. I’ll stick to the raw technical details from now on. Thanks for the feedback.

Fair play, you’ve done a proper deep dive there. I’ll hold my hands up—I’m a sysadmin, not a journalist. I use tools to help structure my thoughts because my natural writing style is about as readable as a kernel panic. As for the ‘social media’ bit, the share buttons are a default plugin I haven’t stripped out yet, and Mastodon is the only place I actually hang out because it’s federated. I’m just a guy in a home lab trying to share some tech stories; sorry if the ‘robotic’ prose put you off

That is a fair point. ‘Sideloading’ is definitely a corporate term designed to make basic ownership of our devices feel like a ‘workaround’ rather than a right. I used it here because it’s the language Google is currently using to justify their crackdown, but you’re absolutely right—it’s just installing software. We shouldn’t let them control the vocabulary of our digital freedom.