Fairlinked says LinkedIn probes thousands of browser plugins and fingerprints devices without users’ knowledge
Professional networking platform LinkedIn has been quietly collecting detailed information about users’ devices and installed browser extensions, a new security report has alleged.
The findings, published by Fairlinked, a Germany-based group of LinkedIn users, in a report dubbed BrowserGate, claim that LinkedIn injects a hidden script into its webpages that scans visitors’ browsers for thousands of Chrome extensions while simultaneously gathering device-specific data.
According to the report, the script probes for as many as 6,236 Chrome extensions by attempting to access resources linked to each extension, a recognised method of detecting installed add-ons in Chromium-based browsers.
Fairlinked alleges that many of the targeted extensions belong to tools that compete directly with LinkedIn’s own services, particularly in the sales and recruitment space.
These reportedly include widely used sales intelligence platforms such as Apollo, Lusha and ZoomInfo.
The report claims this allows LinkedIn to identify which companies are using rival products by correlating extension data with users’ employment information on the platform.
“It is extracting the customer lists of thousands of software companies from their users’ browsers without anyone’s knowledge,” the report states.
Device fingerprinting concerns
Beyond extensions, researchers say the script gathers a range of hardware and software details, including CPU core count, memory, screen resolution, language settings, time zone and battery status.
Such data is commonly used in browser fingerprinting – a technique that can uniquely identify users even without cookies.
Because LinkedIn profiles are tied to real-world identities, critics warn this could allow highly precise tracking of individuals.
The report further alleges that some of this data may be transmitted to HUMAN Security, a cybersecurity firm, although this claim has not been independently verified.
LinkedIn’s response
LinkedIn has rejected suggestions of improper data use, stating that its systems are designed to protect users and enforce platform rules.
A spokesperson told technology news site BleepingComputer: “To protect the privacy of our members, their data, and to ensure site stability, we do look for extensions that scrape data without members’ consent.”
The company added that it does not use collected data to infer sensitive personal information.
LinkedIn also questioned the motivations behind the report, noting that it was authored by an individual previously restricted from the platform for alleged data scraping activity.
A German court recently sided with LinkedIn in a related case, ruling that the company was within its rights to block accounts engaged in automated data collection.
The allegations are not without precedent. In recent years, several major companies have been found to employ aggressive browser interrogation techniques.
In 2021, eBay was reported to have used scripts capable of scanning users’ devices for certain software, widely believed to be part of fraud detection efforts.
Similar methods have also been identified across banking and technology firms.
Fairlinked is now calling for regulatory scrutiny and has launched a legal fund aimed at challenging LinkedIn’s parent company, Microsoft.
The group is urging users and regulators to examine whether such practices comply with data protection laws, particularly in jurisdictions with strict privacy frameworks.
Click Here For The Original Source
