LinkedIn is spying on you, according to a new ‘BrowserGate’ security report — scripts stealthily scan visitors’ browsers for over 6,000 Chrome extensions and ha

LinkedIn is spying on you, according to a new 'BrowserGate' security report — scripts stealthily scan visitors' browsers for over 6,000 Chrome extensions and ha

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works .

LinkedIn is understood to be injecting a JavaScript fingerprinting script into every page load that probes visitors' browsers for 6,236 installed Chrome extensions and collects detailed device telemetry, according to a report by Fairlinked e.V. and independently confirmed by BleepingComputer .

The script, which BleepingComputer verified through its own testing, also harvests the CPU core count, available memory, screen resolution, time zone, language settings, and battery status. The findings were first published in Fairlinked’s “BrowserGate” report, which claims the script works by attempting to access file resources tied to specific extension IDs, a well-documented technique for detecting whether extensions are installed in Chromium-based browsers. A GitHub repo documented LinkedIn scanning for roughly 2,000 extensions in 2025, while a separate repo from February this year logged approximately 3,000. The current count stands at 6,236.

Many of the targeted extensions are LinkedIn-related tools, including sales intelligence products from Apollo, Lusha, and ZoomInfo that directly compete with LinkedIn's offerings. The Fairlinked report claims that LinkedIn scans more than 200 competing products in total and that the script also checks for language and grammar extensions, tools for tax professionals, and other categories with no obvious connection to LinkedIn's platform.

You may like Steam client allegedly continues sharing your status with your friends even if you set it ‘Offline,’ report claims Lenovo denies allegations of transferring data to China DRAM bots reportedly being deployed to hoover up memory chips and components Beyond extensions, the script gathers hardware and software fingerprinting data , such as CPU class, device memory, screen dimensions, time zone offset, battery status, and storage capabilities. These data points are commonly used in browser fingerprinting to build unique device profiles, but because LinkedIn accounts are tied to real names, employers, and job titles, the extension and device data can be linked back to positively identify individuals. The Fairlinked report also claims the data is transmitted to HUMAN Security , an American-Israeli cybersecurity firm, though this has not been independently verified.

LinkedIn also said the Fairlinked report was published by someone whose account had been restricted for scraping. The individual is linked to a browser extension called "Teamfluence," which LinkedIn said violated its platform terms. A German court denied that individual's request for a preliminary injunction against LinkedIn, finding that the platform was within its rights to block accounts engaged in automated data collection.

LinkedIn isn’t the first major platform to use aggressive client-side fingerprinting. In 2021, eBay was found to be using JavaScript to perform automated port scans on visitors' devices to detect remote access software. The same script was later found running on sites operated by Citibank, TD Bank, and Equifax.

Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.

Key considerations

Investor positioning can change fast
Volatility remains possible near catalysts
Macro rates and liquidity can dominate flows

Reference reading

More on this site

Informational only. No financial advice. Do your own research.

Key considerations

Reference reading

More on this site

Related posts:

Leave a Comment Cancel reply