“`html
Each instance you launch LinkedIn in a browser based on Chrome, concealed JavaScript discreetly examines your device for installed applications without your awareness, without your permission, and without a single mention in LinkedIn’s privacy terms.
A revealing study carried out by the European advocacy group Fairlinked e.V., under the initiative “BrowserGate,” has unveiled what investigators label as one of the most extensive corporate spying and data compromise incidents in digital history.
Microsoft’s LinkedIn, the globe’s largest professional networking platform with more than one billion users, is utilizing clandestine code that investigates visitors’ browsers for a multitude of installed extensions, gathers the information, encrypts it, and sends all of it back to LinkedIn’s servers and to external companies.
What the Concealed Code Actually Performs
The process is technically accurate and intentionally invisible. Each time a visitor opens a LinkedIn page, a fingerprinting script operates silently, probing for recognizable browser extension identifiers by trying to access files that extensions may optionally reveal to websites. If a file successfully loads, the extension is confirmed present; if it fails, it isn’t. The entire scanning process takes mere milliseconds, with the user detecting absolutely nothing.
LinkedIn’s JavaScript bundle comprises identifiers for over 6,167 browser extensions. The scanning is exclusively activated on Chromium-based browsers like Chrome, Edge, Brave, Opera, and Arc — via a built-in isUserAgentChrome() function check. Users of Firefox and Safari are not presently impacted.
What makes this monitoring especially perilous is context: LinkedIn accounts are connected to real identities, employers, and job roles. Each identified extension is immediately associated with a recognized individual.
Furthermore, as LinkedIn is aware of where each user is employed, these personal scans accumulate into thorough corporate intelligence profiles indicating which software tools entire organizations utilize, without the awareness or permission of those organizations.
The Sensitive Information Being Collected
The breadth of what LinkedIn can deduce from examined extensions exceeds mere software preferences. BrowserGate researchers recognized several high-risk categories among the 6,222 monitored extensions:
- 509 job search utilities — including extensions for Indeed, Glassdoor, and Monster — unveiling users secretly seeking employment on the very platform where their current employer can observe their profile.
- Indicators of religious beliefs — extensions that identify practicing Muslims and various faith communities.
- Political preference markers — news source selectors and partisan fact-checking tools indicating users’ political inclinations.
- Disability and neurodiversity aids — ADHD management applications, autism support extensions, and screen readers.
- 200+ direct competitor products — including Apollo, Lusha, ZoomInfo, and Hunter.io, which LinkedIn utilizes to map which companies utilize rival sales intelligence platforms.
Per the EU’s General Data Protection Regulation (GDPR), data disclosing religious convictions, political beliefs, and health conditions is classified as Special Category Data, not only regulated but entirely prohibited from processing without explicit consent. LinkedIn lacks any consent, disclosure, and legal foundation for gathering such data.
The monitoring extends beyond LinkedIn’s own servers. BrowserGate researchers discovered an invisible tracking component loaded from HUMAN Security (previously PerimeterX), an American-Israeli cybersecurity firm, a zero-pixel-wide component obscured off-screen that sets cookies without user awareness.
A separate fingerprinting script operates from LinkedIn’s own servers, and a third script from Google executes silently on each page load. All of this is encrypted. None of it is disclosed.
HUMAN Security’s technology is incorporated on hundreds of major websites, nominally to differentiate real users from bots, but BrowserGate alleges that the data flows back to external servers, constructing detailed device profiles of every visitor.
The BrowserGate inquiry further asserts that LinkedIn is exploiting its covert scanning capability for competitive enforcement. LinkedIn has already issued legal threats to users of third-party tools, employing data garnered through this hidden scanning to identify and target those users.
Concurrently, LinkedIn significantly augmented the scope of its surveillance. The scanning list expanded from roughly 461 products in 2024 to over 6,000 by February 2026 — a staggering 1,252% increase — targeting exactly the tools the DMA was intended to protect.
The company also claimed that the BrowserGate initiative was led by someone whose account had been banned due to violations of LinkedIn’s Terms of Service.
Independent researchers, however, point out that this practice dates back to at least 2017, when LinkedIn was examining just 38 extensions. By February 2026, that count had risen to nearly 3,000 and has since more than doubled.
Fairlinked e.V. asserts that this practice is illegal and potentially criminal in every jurisdiction it has reviewed. The combination of undisclosed special-category data collection, clandestine third-party transmission, and alleged regulatory deceit represents significant exposure under GDPR, the ePrivacy Directive, and the DMA.
The combined user base of the scanned extensions totals 405 million individuals — rendering BrowserGate one of the largest undisclosed data collection operations in the history of the commercial internet.
Regulatory bodies throughout the EU have been informed. Legal actions are being organized. For the time being, every LinkedIn user on a Chromium browser remains a subject of this silent, daily scanning.
How to Safeguard Yourself
Individuals worried about the scanning have multiple immediate alternatives:
- Switch to Firefox or Safari for LinkedIn access — the detection technique relies on Chrome’s extension architecture, which is prevented by Firefox’s design.
- Create a LinkedIn-exclusive Chrome profile devoid of extensions, breaking the surveillance chain.
- Utilize Brave browser with fingerprinting protection activated, which inhibits the detection mechanism.
- Review your installed extensions using BrowserGate’s searchable public database to check if your tools are being monitored.
“`