LinkedIn is under renewed scrutiny after a report accused the company of scanning users’ browsers for installed extensions and collecting detailed device data.
The allegations, published under the name BrowserGate, claim the Microsoft-owned platform uses hidden JavaScript to monitor visitor environments at scale.
The report was released by Fairlinked e.V., a group describing itself as an association of commercial LinkedIn users. It alleges that LinkedIn injects JavaScript into active user sessions to check for thousands of browser extensions and connect the results to identifiable accounts. Because LinkedIn profiles are tied to real names, job roles, and employers, the report argues this process could allow the company to identify which businesses use certain third-party tools.
Among the most serious claims is that LinkedIn scans for more than 200 products that compete with its own sales and marketing solutions, including services such as Apollo, Lusha, and ZoomInfo. The report suggests that by detecting these extensions, LinkedIn could determine which companies rely on rival platforms. It also alleges that LinkedIn has used data gathered through this detection process to send enforcement warnings to users of specific browser tools.
Security news outlet BleepingComputer independently examined LinkedIn’s website and confirmed part of the technical behavior described. During testing, researchers observed a JavaScript file with a randomized name being loaded. The script attempted to detect 6,236 browser extensions by checking for file resources associated with known extension IDs, a recognized technique used to determine whether extensions are installed in Chromium-based browsers.
Earlier reports in 2025 indicated the script was checking for roughly 2,000 extensions. A GitHub repository from two months ago showed the number had grown to around 3,000. The latest findings suggest the detection list has expanded significantly. While many of the extensions appear related to LinkedIn automation or scraping tools, others include grammar checkers, tax software, and various unrelated browser add-ons.
In addition to extension detection, the script gathers system-level data, including CPU core count, available memory, screen resolution, timezone, language settings, battery status, audio capabilities, and storage features. Although BleepingComputer confirmed the presence of the fingerprinting script and its extension checks, it said it could not independently verify how LinkedIn uses the collected information or whether it is shared with third parties.
LinkedIn has denied the broader allegations. The company does not dispute detecting certain browser extensions but says the practice is intended to protect its platform and members. In a statement, LinkedIn explained that some extensions inject static resources such as images or scripts into web pages. By checking whether those resources exist, LinkedIn can detect extensions that scrape data without consent or otherwise violate its terms of service.
The company says the data is used to enforce its rules, improve technical defenses, and maintain site stability. LinkedIn also denies using the information to infer sensitive personal details about members. It further claims the BrowserGate report is linked to a dispute involving the developer of a LinkedIn-related extension called Teamfluence, whose account was restricted for alleged policy violations.
Court documents shared with BleepingComputer show that a German court denied the developer’s request for a preliminary injunction. The court found that LinkedIn’s actions did not constitute unlawful obstruction or discrimination and acknowledged that automated data collection could violate the platform’s terms.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Despite the legal dispute, one point is not contested. LinkedIn’s website currently uses a fingerprinting script capable of detecting more than 6,000 browser extensions in Chromium-based browsers, along with collecting various device attributes. The situation adds to ongoing concerns about browser fingerprinting practices and the balance between platform security and user privacy.
