LinkedIn Secretly Analyzes 6,000+ Extensions to Fingerprint Devices
LinkedIn is facing scrutiny over its data collection practices, particularly regarding the covert scanning of browser extensions. An investigation led by Fairlinked e.V. revealed that LinkedIn tracks users’ devices without transparency, using a technique dubbed “BrowserGate.”
BrowserGate Uncovered
The investigation published in April 2026 discovered that LinkedIn injects a 2.7-megabyte JavaScript bundle into Chrome-based browsers. This script analyzes more than 6,000 installed extensions, compiling a detailed fingerprint of hardware and software characteristics from user devices.
- Device fingerprints include:
- CPU core count
- Screen resolution
- Available memory
- Timezone and language settings
- Audio hardware information
- Storage capacity
This data is encrypted and transmitted, allowing LinkedIn to attach it to every API request during a user session. Critics argue that this violates user privacy, while LinkedIn claims it’s a security measure.
Details of the Scanning Process
Dubbed “Spectroscopy,” the scanning process involves sending up to 6,222 simultaneous requests to check for extensions. If a specific file related to an extension is found, it indicates the extension’s presence. This operation silently runs every time a user accesses LinkedIn.
Concerns Over User Privacy
LinkedIn’s scanning process raises significant privacy issues, particularly because it identifies users’ installed software. The list of extensions includes over 200 competitors to LinkedIn’s sales tools, like Apollo and ZoomInfo, providing insights into users’ business interests and intentions. This practice may also include sensitive categories under GDPR, such as religious beliefs and political interests.
The scale of the scanning has increased dramatically over the years. In 2017, LinkedIn scanned for 38 extensions, but by 2024, the number jumped to 461 and reached 6,167 by February 2026.
Regulatory Context
LinkedIn has previously faced regulatory challenges in Europe. In October 2024, it was fined €310 million for processing users’ data without a valid legal basis under GDPR. The implications of BrowserGate coincide with ongoing discussions about the adequacy of data collection disclosures.
LinkedIn’s Response
In response to the investigation, LinkedIn refuted the claims, stating they are attempting to prevent data scraping by malicious extensions. They maintain that the data collected does not allow them to infer sensitive user information.
Fairlinked e.V., the entity behind the investigation, is linked to a company that operates Chrome extensions, creating a backdrop of contention between the two parties.
What This Means for Users
With over one billion registered users, LinkedIn’s practices have implications for a large segment of the workforce. Most users access the site through Chrome, where this scanning happens automatically without consent. Currently, no settings allow users to opt-out of this practice.
As discussions around data privacy intensify, the need for improved transparency and governance in data collection practices comes into sharp focus. Whether regulators will address these privacy concerns effectively remains to be seen.
