LinkedIn Accused of Secretly Scanning Users' Browsers in 'BrowserGate' Scandal
A major privacy controversy dubbed 'BrowserGate' has erupted around Microsoft-owned LinkedIn, following a report by German privacy group Fairlinked eV. The research, independently confirmed by Bleeping Computer, reveals that the professional network injects a hidden JavaScript fingerprinting script into every page load. This script probes visitors' browsers for a staggering 6,236 installed Chrome extensions and harvests detailed device telemetry without user consent. The technique, which LinkedIn internally calls 'Spectroscopy,' operates by detecting any element, script, or attribute that a browser extension injects into a page. According to The CyberSec Guru, even a VPN that modifies a single pixel leaves a detectable fingerprint. The script extracts a unique 32-character ID for each extension. As reported by Anavem and GBHackers, this data is bundled with behavioral tracking information, encrypted, and sent to LinkedIn's servers via stealthy communication channels, alongside tracking elements from partners like Google and cybersecurity firm HUMAN Security. The practice has prompted severe legal scrutiny, particularly in the EU where the German group is pursuing action under the Digital Markets Act (DMA). Critics, including Windows News and CyberPress, argue this constitutes a massive data harvesting operation that is not disclosed in LinkedIn's privacy policy, potentially violating GDPR. The discovery fundamentally challenges the platform's reputation as a trusted professional space and raises critical questions about covert user surveillance.
Prefer swipe-first reading?
Install the app to keep reading with faster loads and a smoother mobile experience.
Sources
LinkedIn Accused Of Tracking Users Through BroweserGate Scripts, All You Need To Know | Times Now
Recent findings indicate that LinkedIn may not be as trustworthy as previously thought. A report from Fairlinked eV, corroborated by Bleeping Computer, reveals that LinkedIn injects a JavaScript script into pages that scans for over 6,200 Chrome extensions., Technology & Science, Times Now
BrowserGate: The Massive Microsoft-LinkedIn Espionage Scandal | The CyberSec Guru
LinkedIn calls it “Spectroscopy.” ... element, script, or attribute that an extension has injected. A VPN that modifies even one pixel of the page leaves a fingerprint. Spectroscopy finds it, extracts the extension’s 32-character ID, and sends it back to LinkedIn’s servers. The results from all three layers are encrypted and bundled into a payload sent to https://www.linkedin.com/li/track...
The scripts use dynamic code generation and encrypted communication channels to transmit the harvested extension data. Analysis of the network traffic patterns reveals that the collected information is processed alongside other behavioral tracking data to build comprehensive user profiles. LinkedIn...
Additionally, LinkedIn runs its ... scripts from Google. None of these tracking mechanisms or partnerships are disclosed in LinkedIn’s official privacy policy, raising severe legal and criminal questions about the platform’s massive data harvesting practices. Follow us on Google News , LinkedIn ...
The investigation found that LinkedIn ... tracking elements from HUMAN Security, a cybersecurity firm. This code silently places cookies on users’ browsers. Additional encrypted scripts from Google and LinkedIn’s own fingerprinting tools execute in the background on every page load, all without user knowledge. Follow us on Google News, LinkedIn, ...
Fact Checks
Take Yomuyo with you
Download the mobile app for personalized headlines and quick access to breaking stories.