LinkedIn’s BrowserGate: Scanning Visitors for 6,236 Chrome Extensions and Device Data

Illustration: browser scanning extensions and device telemetry

A recent security analysis has raised alarms about how LinkedIn inspects the browsers of people who visit its site. Researchers at Fairlinked e.V. published what they call the “BrowserGate” report, and independent testing by BleepingComputer corroborated many of the findings: LinkedIn appears to inject client-side JavaScript that probes visitors’ browsers for thousands of Chrome extensions and collects a range of device telemetry. The behavior has rekindled discussions about browser fingerprinting, platform-side surveillance, and the balance between anti-scraping defenses and user privacy.

What the researchers found

Fairlinked’s report shows a script running on LinkedIn that probes for the presence of more than 6,000 Chrome extensions. Earlier public code repositories had shown LinkedIn scanning for roughly 2,000 extensions in 2025 and about 3,000 earlier this year; the most recent analysis puts the current total at 6,236. BleepingComputer performed independent tests and confirmed the scanning behavior and the script’s ability to read additional device-related signals.

Beyond extensions, the script collects hardware and software data points that are commonly used in browser fingerprinting: CPU core counts or class, available device memory, screen resolution, time zone, language settings, battery status, and storage capabilities. Taken together, these signals help build a more unique device profile than any single item alone.

How the extension detection works

The technique used to detect extensions is well-known in the security community. Chromium-based browsers expose resources tied to extension IDs; by attempting to access files or resources linked to those IDs, a site-side script can infer whether a particular extension is installed. This method does not require installing malicious code on the user’s machine—it relies on how extensions are exposed within the browser’s local resource space.

Which extensions are being targeted

The list of probed extensions is eclectic. Many entries are LinkedIn-adjacent tools—sales intelligence and prospecting extensions such as Apollo, Lusha, and ZoomInfo—products that compete with LinkedIn’s own business services. The scanning also includes language and grammar helpers, tax-professional tools, and other categories that have no obvious relationship to LinkedIn’s core functions. Fairlinked’s analysis suggests LinkedIn probes more than 200 competitive products in total.

Privacy and identification risks

Separately, the telemetry collected by the script contributes to a browser fingerprinting profile. While individual data points—screen size, time zone, battery level—are relatively innocuous alone, combined they can distinguish one device from another with high probability. When fingerprinting is performed on a site like LinkedIn, where accounts are tied to real names, employers, and job titles, those device fingerprints can be linked back to identifiable people, increasing privacy risks.

The report also claims that some of the scanned or collected data may be transmitted to HUMAN Security, an American-Israeli cybersecurity company. That particular claim has not been independently verified in all details.

LinkedIn’s response and legal context

LinkedIn told BleepingComputer the scanning is part of efforts to detect browser extensions that scrape data or otherwise breach its terms of service. The company said it uses these checks to protect member privacy and site stability and that it does not use the data to infer sensitive information about members.

Fairlinked’s reporting drew scrutiny in part because it was published by an account that LinkedIn had previously restricted for scraping activity; LinkedIn noted ties between the report’s author and a browser extension called Teamfluence, which the platform said violated its rules. In a related legal development, a German court denied a request for a preliminary injunction seeking to stop LinkedIn’s actions, finding LinkedIn acted within its rights to block accounts engaged in automated data collection.

Historical precedents

LinkedIn is not the first major site to use aggressive client-side fingerprinting to detect undesirable activity. In 2021, eBay was found to use JavaScript to detect remote access software on visitors’ devices, and similar techniques were later observed on pages operated by Citibank, TD Bank, and Equifax. These precedents illustrate an industry pattern: platforms sometimes deploy invasive client-side checks in the name of security and anti-fraud, but those techniques inevitably raise privacy and transparency concerns.

What this means for users and organizations

The situation highlights a difficult trade-off. Platforms have legitimate reasons to detect scraping, automated access, and software that undermines platform integrity. At the same time, broad client-side scanning and fingerprinting can expose users to heightened surveillance and create new privacy risks—especially when performed by services tied to real identities.

For security teams and privacy-conscious users, the episode is a reminder to consider who has access to device and extension metadata and how those signals might be combined with account data. Regulators and courts will likely play an ongoing role in determining acceptable boundaries for such techniques, especially in jurisdictions with strong privacy protections.

Closing thoughts

The BrowserGate report and follow-up confirmations thrust LinkedIn into a broader debate about transparency, consent, and the limits of platform-driven device inspection. As platforms continue to invest in anti-scraping and anti-fraud tools, public scrutiny and clear regulatory standards will be essential to prevent anti-abuse measures from becoming unchecked channels of surveillance.