LinkedIn accused of covertly scanning users’ browsers for 6,000 extensions

Privacy advocates warn the practice may trigger European Union GDPR obligations.

April 5, 2026

LinkedIn’s website injects JavaScript that checks for web‑accessible resources tied to specific extensions, encrypts the findings, and sends them to LinkedIn’s servers, Fairlinked report reveals.
Group says the data—some of which is shared with cybersecurity partner HUMAN Security—could indirectly reveal sensitive traits such as religion, political views, health status, or job‑seeking activity, given that LinkedIn profiles are tied to real identities.
Fairlinked claims the scans cover more than 200 competing software products—such as Salesforce, HubSpot, Apollo, Lusha, and ZoomInfo—raising concerns about competitive intelligence gathering.

A coalition representing commercial LinkedIn users, Fairlinked e.V., alleges the professional networking giant has secretly scanned visitors’ browsers to detect more than 6,000 extensions, compiling and transmitting the results without explicit consent in what the group brands “BrowserGate,” potentially impacting up to 405 million people.

According to Fairlinked’s report, LinkedIn’s website injects JavaScript that checks for web‑accessible resources tied to specific extensions, encrypts the findings, and sends them to LinkedIn’s servers. The group says the data—some of which is shared with cybersecurity partner HUMAN Security—could indirectly reveal sensitive traits such as religion, political views, health status, or job‑seeking activity, given that LinkedIn profiles are tied to real identities.

Data harvesting

LinkedIn disputes the characterisation. In a public comment, the company said extension detection is used to identify tools that violate its terms, strengthen anti‑scraping defenses, and diagnose abnormal data harvesting that could harm site stability.

“We do not use this data to infer sensitive information about members,” a LinkedIn representative wrote, adding that a German court rejected related claims by an individual whose account had been restricted for scraping.

Privacy advocates warn the practice may trigger European Union GDPR obligations, including the need for explicit consent if special‑category data can be inferred. Fairlinked also claims the scans cover more than 200 competing software products—such as Salesforce, HubSpot, Apollo, Lusha, and ZoomInfo—raising concerns about competitive intelligence gathering.

Advertisment

Fairlinked says its campaign highlights one of the “largest corporate espionage and data breach scandals in digital history,” while LinkedIn maintains the measures is security‑driven and disclosed via observable network and console activity. Regulators and data protection authorities have not yet announced formal investigations.

Discover more from TechChannel News

Subscribe to get the latest posts sent to your email.

Nasir Security claims months-long breach of Dubai International Airport

Iran strike damages AWS facility in Bahrain

AI confronts hidden industrial workforce productivity gap in Middle East

UAE to quintuple solar PV capacity to 32.3GW by 2035

BitGo prices IPO above range, raises $212.8m in 2026’s first crypto listing

Onton raises $7.5m to streamline online shopping with neurosymbolic AI

PhysicsWallah soars 45% on trading debut, valued at $5.1b

Nothing gets $200m to drive AI-enabled consumer hardware revolution