I'm failing to see how these extensions "circumvent the privacy of our members", but normal use of the website doesn't. Either you're safeguarding the information properly, or you aren't.
I am fine with huge GDPR fines to teach companies that data is a liability as well as an asset, and needs to be protected appropriately (which this measure doesn't seem to do, since it is trivial to bypass).
I'm not so sure I'm OK with you probing my browser to detect ToS violations/scraping, but not transparently mentioning it makes it worse.
> I'm failing to see how these extensions "circumvent the privacy of our members", but normal use of the website doesn't.
Of course the website does. But the website does it to provide revenue for the website, whereas the extensions probably do it to avoid generating revenue for the website.
LinkedIn is infamous for its dark patterns. They probably do this to protect their revenue model. That in this case it involves protecting the privacy of their users, makes for nice PR.
Though for that matter, their users (which include me) have at least chosen to share their information with LinkedIn. LinkedIn may scam them into sharing more data than they want (which also happened to me), which is absolutely questionable, but at least the users have chosen to do something with LinkedIn, and haven't chosen to do something with the scrapers.
To use rape as an analogy: it's the difference between a guy you wanted to have safe sex with puncturing the condom, and a stranger jumping from the bushes to pull you from your bike. Both are rape, but in very different ways.
Was I trying to defend LinkedIn here? I guess it's different shades of very dark grey.
If LinkedIn has a 'delete profile' button that works, and extensions let recruiters scrape profiles and thus keep records on deleted users, who do you think is in the wrong?
If they have a "delete profile" button that works, then recruiters shouldn't be able to scrape that. It doesn't really matter, the country I live in has robust anti-spam and privacy laws. When I lived in the US, I was spammed often (CAN-SPAM is pretty weak compared to GDPR and CASL), but you don't see LinkedIn campaigning for better privacy laws in the US.
Apart from campaigning for GDPR-style protections, there are enough other solutions. For example, GitHub has a nice email forwarding feature to preserve user's privacy/email address.
LinkedIn could provide a similar option where when I opt-in, my email address is replaced by an address they provide. They could even go a step further and make it look like a real email address. Any emails to that address are forwarded to my real address, and after the initial forwarding I could reply from my real email address. Meanwhile LinkedIn could do analysis of who is sending what to these email canaries (like they transparently said they would when you opt in), and catch scrapers that way. For users, if I'm getting too much spam, I can simply request a new canary email address from them.
This is what a user-focussed solution would look like. Not some weird semi-legal hack they are doing now.
Who's in the wrong - the scraper, obviously. Why would you think LinkedIn would be on the hook - it's not like their "Delete Profile" button can wipe Google's/Internet Archives[1] cache.
1. I haven't read their robots.txt, but nothing I've read in GDPR remotely suggests "Right to be forgotten" features that attempt to erase data internet-wide.
I am fine with huge GDPR fines to teach companies that data is a liability as well as an asset, and needs to be protected appropriately (which this measure doesn't seem to do, since it is trivial to bypass).
I'm not so sure I'm OK with you probing my browser to detect ToS violations/scraping, but not transparently mentioning it makes it worse.