A major privacy issue has come to light about LinkedIn that the app quietly scans its users’ web browsers for installed software without consent.
These reports surfaced following an investigation by European digital rights advocacy group Fairlinked e.V., conducted under a campaign dubbed “BrowserGate.”
They said LinkedIn allegedly deploys hidden JavaScript code that automatically checks users’ browsers for thousands of installed extensions each time the site loads on open-source browsers like Google Chrome, Microsoft Edge, Brave, Opera, and Vivaldi.
According to the findings, the script operates silently in the background. It attempts to access publicly exposed files associated with browser extensions, allowing LinkedIn’s systems to confirm whether specific add-ons are installed. The process completes within milliseconds and produces no visible indication to users.
Investigators claim LinkedIn’s internal code references more than 6,000 extension identifiers. The scan reportedly activates only on browsers like Google Chrome, Microsoft Edge, Brave, Opera, and Arc, while Firefox and Safari users are not affected.
Now because LinkedIn profiles are connected to real identities, employment histories, and workplaces, every detected extension can allegedly be tied directly to an identifiable individual. This allows the platform to infer behavioral patterns, workplace technologies, and even organizational software ecosystems.
The investigation claims aggregated scans could effectively reveal which digital tools entire companies use, potentially generating large-scale corporate intelligence without employees or employers being aware.
The extensions detected include hundreds linked to job hunting platforms, potentially exposing professionals searching for new employment while maintaining active LinkedIn profiles. Others include tools associated with religious communities, political news preferences, accessibility and neurodivergent support software, and competing sales platforms.
Additional hidden tracking components are loaded alongside LinkedIn pages, including scripts linked to cybersecurity firm HUMAN Security and separate background processes associated with Google services. These elements allegedly operate invisibly, placing tracking cookies and transmitting encrypted data during normal browsing sessions.
LinkedIn has not publicly confirmed the allegations at the time of reporting.
When verified, the issue could become one of the most significant corporate privacy investigations involving a global social platform.