LinkedIn’s Covert Data Collection: Uncovering 6,000+ Chrome Extensions

A recent investigation known as “BrowserGate” has raised alarms about Microsoft’s LinkedIn utilizing concealed JavaScript codes on its platform to scan visitors’ browsers for installed extensions and gather device information.

As per a report by Fairlinked e.V., an association of commercial LinkedIn users, the platform inserts JavaScript into user sessions to check for a wide range of browser extensions and link the findings to identifiable user profiles.

The report author alleges that this practice is aimed at collecting sensitive personal and corporate data since LinkedIn accounts are linked to real identities, employers, and job positions.

The report states, “LinkedIn scans for over 200 products that directly compete with its own sales tools, including Apollo, Lusha, and ZoomInfo. By knowing each user’s employer, LinkedIn can track which companies use rival products. It essentially extracts customer lists of numerous software companies from their users’ browsers without their knowledge.”

BleepingComputer has independently verified parts of these claims through testing, noting a JavaScript file with a randomized filename being loaded by LinkedIn’s site. This script checked for 6,236 browser extensions by attempting to access file resources related to specific extension IDs, a common method for identifying installed extensions.

While the script primarily targets LinkedIn-related extensions, it also detected language tools, tax professional utilities, and seemingly unrelated features.

In addition to browser extensions, the script gathers various browser and device data, including CPU core count, memory availability, screen resolution, timezone, language settings, battery status, audio details, and storage information.

Although BleepingComputer could not confirm the report’s claims regarding data usage or sharing with third-party entities, similar fingerprinting techniques have been used previously to create unique browser profiles for tracking users across websites.

LinkedIn’s Response

LinkedIn has refuted allegations regarding data exploitation, asserting that the information collected is used to safeguard the platform and its users.

The company contends that the report originates from an individual whose account was restricted for scraping LinkedIn content and violating the site’s terms of use.

LinkedIn asserts that the BrowserGate report is linked to a conflict involving the creator of a LinkedIn-related browser extension named “Teamfluence,” which was restricted for violating platform terms.

In documents shared with BleepingComputer, a German court dismissed the developer’s plea for an injunction, ruling that LinkedIn’s actions did not amount to illegal obstruction or discrimination.

LinkedIn argues that the BrowserGate report is an attempt to publicly re-litigate the aforementioned dispute.

Regardless of the report’s origins, one fact remains undisputed: LinkedIn’s site employs a fingerprinting script detecting over 6,000 extensions in a Chromium browser and gathering system data from visitors.

This isn’t the first instance of companies utilizing aggressive fingerprinting scripts to identify programs running on visitors’ devices. In 2021, eBay was found to conduct automated port scans on visitors’ devices using JavaScript to detect various remote support software.

While eBay never disclosed the purpose of these scripts, it was speculated that they aimed to prevent fraud on compromised devices. Subsequently, multiple companies, including Citibank, TD Bank, Ameriprise, and others, were found to use similar fingerprinting techniques.

Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.

This whitepaper maps six validation surfaces, shows where coverage ends, and offers three diagnostic questions for tool evaluation.

Get Your Copy Now