LinkedIn secretly collects information about installed software products on its users' devices.

German organization Fairlinked e.V. revealed a secret “check” on LinkedIn

> Who:

> *Fairlinked e.V.* – an association of commercial LinkedIn users in Germany that launched an investigation called “BrowserGate.”

> What was discovered:

> LinkedIn (owned by Microsoft) secretly scans Chromium‑based browser extensions (Chrome, Edge, Brave, Opera, Arc) to determine which plugins each user has installed. Every time a LinkedIn page loads, the function *isUserAgentChrome()* attempts to open files that may be accessible to extensions. If the file is available – the extension is considered installed; if not – it isn’t. The entire process takes milliseconds and is invisible to the user.

> What data is collected:

> 1. A list of installed extensions (over 6167 items).
> 2. Linking those extensions to real names, employers, and job titles of users.
> 3. Information about which tools employees at companies actually use.

> How it’s done:

> * LinkedIn sends the results to its own servers and third‑party companies.
> * During the process an “invisible” tracker component from HUMAN Security (formerly PerimeterX) was found – a zero‑width element that, without user knowledge, sets cookies.

> Why this matters:

> LinkedIn has over 1 billion users and stores data tied to real names. That means every detected extension can be matched to a specific person and, in aggregate, to the activities of an entire company (e.g., which recruiting services employees use).

> What researchers found:

> * 509 job‑search tools (Indeed, Glassdoor, Monster).
> * Extensions indicating religious affiliation, political views, disability status, and neurodevelopmental traits.
> * Over 200 competing services (Apollo, Lusha, ZoomInfo, Hunter.io).

> Legal risk:

> * GDPR classifies data on religion, politics, and health as “special categories.” Processing such data is only allowed with explicit consent. According to Fairlinked e.V., LinkedIn did not obtain such consent, nor did it inform users of the collection.
> * Potential claims under the ePrivacy Directive and the Digital Markets Act (DMA).

> Scale of the practice:

> The list of tracked extensions grew from 461 in 2024 to over 6000 by February 2026 – a growth of 1252 %.
> * LinkedIn asserts that “BrowserGate” is the activity of a single user whose account was blocked.
> * Independent sources indicate that scanning began at least as early as 2017 (38 extensions).
> * Audience estimate: ≈ 405 million LinkedIn users with tracked extensions installed.

> Status of regulatory proceedings:

> EU regulators have already been notified. Legal disputes are expected. Users who use Chromium‑based browsers continue to be subject to hidden checks daily.

> What users can do:

1. Switch to Firefox or Safari – these browsers don’t use the Chrome extension architecture and thus aren’t scanned by LinkedIn.
2. Disable automatic launch of extensions in browser settings, if possible.
3. Use open‑source extensions that allow control over file access.
4. Check permissions for installed plugins and remove those that are unnecessary.

> Conclusion:

> LinkedIn employs a covert mechanism to detect user extensions on Chromium‑based browsers, links them to personal data, and forwards this information to third parties. This raises serious privacy and GDPR compliance concerns and could become the subject of regulatory investigations in the EU. Users can protect themselves by switching to alternative browsers or limiting extension access.