Every time you open LinkedIn, you may be unknowingly handing over a detailed inventory of your browser extensions—tools that can reveal your job search activity, political leanings, disabilities, and even religious affiliations. According to Browsergate.eu, the professional network is allegedly using hidden scripts to scan users’ browsers, transmitting this sensitive data to third parties without consent or disclosure.
The Digital Fingerprinting Operation
The investigation, led by privacy advocates and the group Fairlinked, alleges that LinkedIn’s “BrowserGate” operation silently fingerprints browsers to detect installed extensions. While the exact number of monitored extensions is disputed—Fairlinked claims over 6,000, while independent analyses suggest closer to 2,953—the scope is unprecedented. The list reportedly includes job-hunting tools like Apollo, Lusha, and ZoomInfo, as well as plugins for accessibility, activism, and more.
This isn’t routine analytics. The data is allegedly sent to HUMAN Security, a US-Israeli cybersecurity firm, and integrated into Google’s tracking ecosystem, creating detailed user profiles that go far beyond professional networking.
Corporate Espionage in Plain Sight
The allegations paint LinkedIn as a digital corporate spy, surveilling companies that rely on sales intelligence tools. It’s as if the host of a networking event secretly photographs every business card and sells the data to competitors. LinkedIn’s dual API policy is also under fire: while developers get limited access, the platform allegedly uses its internal systems to conduct far more aggressive surveillance, potentially violating the EU’s Digital Markets Act (DMA).
Legal Reckoning Looms
These practices may breach GDPR’s strict rules on processing “special category” data without explicit consent. Unlike the hiQ Labs case, which concerned scraping public profiles, browser extension scanning invades the private user environment, a legally distinct and far more sensitive territory.
EU regulators are under pressure to enforce DMA compliance and investigate LinkedIn’s alleged expansion into covert surveillance. As of April 2026, neither LinkedIn nor Microsoft has publicly addressed the allegations.
The Bottom Line
The question is no longer if LinkedIn will respond—but whether users will continue to feed their data to a platform that allegedly treats their browser as an open book. With GDPR and DMA enforcement ramping up in 2026, the stakes for privacy, corporate espionage, and digital rights have never been higher.
Source: Browsergate.eu, CyberNews, Tech Yahoo, EFF
Like my content? Support me with a tip!
