## BrowserGate: LinkedIn's Alleged Data Collection A report by Fairlinked e.V., an association of commercial **LinkedIn** users, claims that **Microsoft**'s platform injects JavaScript into user sessions to detect thousands of browser extensions and link this data to user profiles. The report, available at [http://browsergate.eu/](http://browsergate.eu/), suggests this is done to gather sensitive personal and corporate information. The author asserts that **LinkedIn** uses this data to identify which companies use competitor products, effectively extracting customer lists from users' browsers without their knowledge. The report further alleges that **LinkedIn** has used this data to threaten users of third-party tools. ## Independent Verification **BleepingComputer** independently confirmed aspects of these claims. They observed a JavaScript file, with a randomized filename, loaded by **LinkedIn**'s website. This script checked for 6,236 browser extensions by attempting to access file resources associated with specific extension IDs, a technique detailed at [https://browserleaks.com/chrome](https://browserleaks.com/chrome). This fingerprinting script was previously reported in 2025, detecting approximately 2,000 extensions at that time. A [GitHub repository](https://github.com/mdp/linkedin-extension-fingerprinting/blob/main/chrome_extensions_with_names_all.csv) from two months ago showed 3,000 extensions being detected, indicating a continuous increase in the number of extensions targeted.  *Snippet of the list of extensions scanned for by LinkedIn's script* *Source: BleepingComputer* Interestingly, the script also targets language and grammar extensions, tools for tax professionals, and other seemingly unrelated features. The script gathers data on CPU core count, available memory, screen resolution, timezone, language settings, battery status, audio information, and storage features.  *Gathering information about visitors' devices* *Source: BleepingComputer* While **BleepingComputer** could not verify claims about the use of the data or its sharing with third parties, such fingerprinting techniques are often used to create unique browser profiles for tracking users across websites. ## LinkedIn's Response **LinkedIn** acknowledges detecting specific browser extensions but denies misusing the data. They claim the information is used to protect the platform and its users. **LinkedIn** also states that the report originates from an individual whose account was banned for scraping content and violating their terms of use. **LinkedIn**'s statement: > "The claims made on the website linked here are plain wrong. The person behind them is subject to an account restriction for scraping and other violations of LinkedIn's Terms of Service. > To protect the privacy of our members, their data, and to ensure site stability, we do look for extensions that scrape data without members' consent or otherwise violate LinkedIn's Terms of Service. > Here’s why: some extensions have static resources (images, javascript) available to inject into our webpages. We can detect the presence of these extensions by checking if that static resource URL exists. This detection is visible inside the Chrome developer console. We use this data to determine which extensions violate our terms, to inform and improve our technical defenses, and to understand why a member account might be fetching an inordinate amount of other members' data, which at scale, impacts site stability. We do not use this data to infer sensitive information about members. > For additional context, in retaliation for this website owner's account restriction, they attempted to obtain an injunction in Germany, alleging LinkedIn had violated various laws. The court ruled against them and found their claims against LinkedIn had no merit, and in fact, this individual's own data practices ran afoul of the law. > Unfortunately, this is a case of an individual who lost in the court of law, but is seeking to re-litigate in the court of public opinion without regard for accuracy." **LinkedIn** claims the report stems from a dispute involving the developer of "Teamfluence," a **LinkedIn**-related browser extension, which they restricted for violating the platform's terms. A German court denied the developer's request for a preliminary injunction, finding that **LinkedIn**'s actions did not constitute unlawful obstruction or discrimination. ## Prior Incidents of Fingerprinting This isn't the first instance of companies using aggressive fingerprinting scripts. In 2021, **eBay** used JavaScript to perform automated port scans on visitors' devices to detect remote support software. Other companies, including **Citibank**, **TD Bank**, **Ameriprise**, and **Equifax**, were later found using similar scripts.