LinkedIn Analyzes Over 6,000 Chrome Extensions to Gather Data
A recent investigation reveals significant data collection practices by LinkedIn, particularly regarding web browser extensions. The report, titled “BrowserGate,” suggests that Microsoft’s LinkedIn employs JavaScript scripts to track visitors’ browser activities and gather device information covertly.
Key Findings of the BrowserGate Report
According to Fairlinked e.V., an entity representing LinkedIn users, the platform discreetly injects JavaScript into user sessions. This script detects over 6,200 browser extensions and links the findings to identifiable user profiles.
- LinkedIn scans for more than 200 competing products, such as Apollo, Lusha, and ZoomInfo.
- The process allows LinkedIn to identify which companies are using competitive software products.
- Allegations suggest that LinkedIn extracts customer data from numerous software companies without user consent.
Technical Details of the Data Collection
The JavaScript employed by LinkedIn was confirmed by independent testing from BleepingComputer. This file checks for installed extensions using a specific technique that looks for unique extension IDs. Earlier claims indicated this technology could identify around 2,000 extensions, but recent findings show the capability has expanded to over 6,200.
LinkedIn’s script not only targets its own extensions but also collects various types of data, including:
- CPU core count
- Available memory
- Screen resolution
- Timezone and language settings
- Battery status and audio information
LinkedIn’s Response to Data Collection Allegations
LinkedIn refutes the claims related to the misuse of collected data. The company asserts that it analyzes browser extensions solely to protect its users and maintain platform integrity. It argues that the concerns stem from an account restriction directed at someone who violated its terms of service.
LinkedIn further explains that it detects specific extensions that might scrape data without user consent, emphasizing its commitment to user privacy. The company maintains that the implicated individual is attempting to publicize their grievances following legal setbacks regarding their account practices.
Historical Context of Fingerprinting Techniques
This isn’t the first instance of aggressive data collection techniques. Previous reports revealed that eBay used similar JavaScript methods to scan users’ devices for specific software. Other corporations, including Citibank and Chick-fil-A, have deployed fingerprinting scripts to enhance security and block fraudulent activities.
The information surfaced by the BrowserGate report raises important questions about privacy and responsibility in the digital age. As companies continue to adapt their practices, users remain vigilant about the extent of data collection that occurs behind the scenes.
