LinkedIn Secretly Scans User Browsers for Installed Extensions
Key Takeaways LinkedIn has been covertly scanning user browsers for installed extensions without consent or disclosure, specifically targeting Chromium-based browsers. The scan collects highly...
Key Takeaways
- LinkedIn has been covertly scanning user browsers for installed extensions without consent or disclosure, specifically targeting Chromium-based browsers.
- The scan collects highly sensitive data, including indicators of job search activity, religious beliefs, political affiliations, and disabilities, which are then transmitted to LinkedIn and third-party servers.
- Fairlinked e.V.’s “BrowserGate” investigation describes this as a major corporate espionage and data breach scandal, potentially violating GDPR and other privacy regulations.
- The practice has escalated dramatically, with the number of tracked extensions growing from hundreds to over 6,000 in recent years.
LinkedIn, the professional networking giant owned by Microsoft, has been caught secretly scanning user browsers for installed extensions. This clandestine operation, which occurs every time a user accesses the platform on a Chromium-based browser, gathers extensive data without user knowledge, consent, or any mention in LinkedIn’s privacy policy.
Table Of Content
An investigation by the European advocacy group Fairlinked e.V., dubbed “BrowserGate,” has exposed what researchers are calling a significant corporate espionage and data breach scandal. With over a billion users globally, LinkedIn is reportedly deploying hidden code to probe for thousands of browser extensions, compile the findings, encrypt them, and transmit this information to its own servers and to external third-party entities.
The Covert Scanning Mechanism
The technical implementation of this surveillance is designed to be both precise and undetectable. Each time a LinkedIn page loads, a silent fingerprinting script executes. This script attempts to access specific files that browser extensions can optionally expose to websites. A successful file load confirms the presence of an extension, while a failure indicates its absence. This entire process concludes in milliseconds, completely unnoticed by the user.
LinkedIn’s JavaScript bundle contains identifiers for more than 6,167 browser extensions. The scanning is exclusively activated on Chromium-based browsers, including Chrome, Edge, Brave, Opera, and Arc, due to an internal isUserAgentChrome() function check. Users of Firefox and Safari browsers are not affected by this particular scanning technique.
The danger of this surveillance is amplified by context: LinkedIn profiles are intrinsically linked to real identities, employers, and job roles. Every detected extension can thus be immediately associated with a specific individual. Furthermore, since LinkedIn possesses information about each user’s employer, these individual scans can be aggregated to construct detailed corporate intelligence profiles, revealing the software tools and practices of entire organizations without their awareness or consent.
Harvested Sensitive Data Categories
The implications of the data LinkedIn can deduce from these scanned extensions extend far beyond mere software preferences. BrowserGate researchers have identified several high-risk categories among the 6,222 tracked extensions:
- Job Search Tools: Over 509 extensions for platforms like Indeed, Glassdoor, and Monster, potentially exposing users who are discreetly seeking new employment while their current employer might view their LinkedIn profile.
- Religious Belief Indicators: Extensions that identify members of various faith communities, including practicing Muslims.
- Political Orientation Markers: Tools such as news source selectors and partisan fact-checking extensions that can reveal a user’s political leanings.
- Disability and Neurodivergent Support: Applications designed for ADHD management, autism support, and screen readers.
- Competitor Products: More than 200 extensions for direct competitors like Apollo, Lusha, ZoomInfo, and Hunter.io, which LinkedIn could use to ascertain which companies utilize rival sales intelligence platforms.
Under the European Union’s General Data Protection Regulation (GDPR), data pertaining to religious beliefs, political opinions, and health conditions is categorized as Special Category Data. The processing of such data is strictly prohibited without explicit consent. LinkedIn reportedly lacks both consent and disclosure for collecting this information, operating without a legal basis.
The surveillance extends beyond LinkedIn’s direct control. BrowserGate researchers found an invisible tracking element loaded from HUMAN Security (formerly PerimeterX), an American-Israeli cybersecurity firm. This zero-pixel-wide element, hidden off-screen, sets cookies without user awareness. In addition to a separate fingerprinting script running from LinkedIn’s own servers, a third script from Google also executes silently on every page load. All collected data is encrypted, and none of these operations are disclosed to the user.
While HUMAN Security’s technology is widely deployed across numerous websites, ostensibly to differentiate human users from bots, BrowserGate asserts that the data flows back to third-party servers, contributing to detailed device profiles for every visitor.
The BrowserGate investigation further alleges that LinkedIn is leveraging its covert scanning capabilities for competitive enforcement. LinkedIn has reportedly issued legal threats to users of third-party tools, utilizing data obtained through this hidden scanning to identify and target them. Concurrently, LinkedIn has significantly expanded its surveillance efforts. The list of scanned products surged from approximately 461 in 2024 to over 6,000 by February 2026, marking a 1,252% increase and specifically targeting tools that the Digital Markets Act (DMA) aims to protect.
LinkedIn has countered by alleging that the BrowserGate campaign is spearheaded by an individual whose account was banned for violating LinkedIn’s Terms of Service. However, independent researchers note that this practice dates back to at least 2017, when LinkedIn was scanning for 38 extensions. By February 2026, this number had grown to nearly 3,000, and has since more than doubled.
Fairlinked e.V. maintains that these practices are illegal and potentially criminal across all jurisdictions examined. The combination of undisclosed collection of special-category data, covert transmission to third parties, and alleged regulatory deception presents severe liabilities under GDPR, the ePrivacy Directive, and the DMA. With the combined user base of the scanned extensions totaling 405 million people, BrowserGate represents one of the largest undisclosed data collection operations in the history of the commercial internet.
Regulatory bodies across the EU have been informed, and legal proceedings are being prepared. For the time being, every LinkedIn user on a Chromium browser remains subject to this silent, daily scan.
What You Should Do
- Use Firefox or Safari: Access LinkedIn via Firefox or Safari, as these browsers’ extension architectures prevent the current detection method.
- Dedicated Chrome Profile: Create a separate Chrome profile specifically for LinkedIn with no extensions installed to isolate your activity.
- Enable Brave’s Fingerprinting Protection: Utilize Brave browser with its built-in fingerprinting protection enabled, which can block the detection mechanism.
- Audit Extensions: Check your installed extensions against BrowserGate’s searchable public database to see if your tools are being tracked.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.