Nonprofit Fairlinked recently released an investigation report, noting that the professional networking platform LinkedIn secretly detects users’ browser extensions through code, involving the collection of data from more than 6,000 extensions. The report says this could expose sensitive information about the political leanings, health status, and job-search activities of 405 million users worldwide.
Is browser detection going beyond the privacy red line?
According to the “BrowserGate” “browser door” allegations put forward by the investigation organization Fairlinked, LinkedIn deployed specific JavaScript code on its webpages to scan installed browser extensions in users’ browsers without users’ explicit consent. This scan list covers more than 6,000 items, including extensions that can recognize religious identity, political leanings, and neurodiversity (Neurodiversity) support tools. The report emphasizes that because LinkedIn accounts are highly linked to users’ real names, job titles, and employer information, the collected data can be precisely associated with specific individuals. In addition, the platform was also accused of detecting software tools from more than 200 competitors, including Salesforce, HubSpot, and ZoomInfo, in order to understand enterprise users’ service reliance habits—raising questions about unfair market competition and corporate espionage.
How does LinkedIn explain its detection behavior?
In response to the above allegations, LinkedIn stated it firmly denies any wrongdoing and clarified that the detection technology is only used to maintain platform integrity. LinkedIn said that some browser extensions inject images or code into webpages, which may lead to actions that violate the terms of service, such as automated data scraping (Data Scraping), and could even affect the stability of website operations. The platform emphasized that its detection behavior is achieved by checking whether static resource URLs exist, with the purpose of identifying extensions that violate rules and improving the technology—rather than inferring or collecting members’ sensitive personal information. LinkedIn said the accounts involved in the allegations had been restricted due to conducting large-scale data scraping, and the related controversy has already been dismissed in a lawsuit in Germany, with the court finding that the allegations lacked factual basis.
Third-party data sharing: Israel’s cyber warfare unit
Another focus in the report is the destination of data collected by LinkedIn. The investigation found that the relevant data was shared with the cybersecurity company HUMAN Security (formerly White Ops). The company merged in 2022 with the Israeli firm PerimeterX, whose founding team includes several former officers who previously served in Israel Defense Forces (IDF) cyber warfare Unit 8200 (Unit 8200).
Although HUMAN Security’s primary business is detecting digital fraud and unauthorized access, its deep military intelligence background and data-sharing relationship have once again brought strict scrutiny to the security protections and sovereignty issues of users’ data, especially when cross-border data transfers are involved, and whether it meets the standards for processing sensitive information under the EU’s GDPR “General Data Protection Regulation.”
Potential impact of user information exposure on the labor market
Among the more than 6,000 extensions that were detected, the report specifically singled out 509 job-search assistance tools. These tools are typically used by professionals who are looking for career change opportunities. If LinkedIn aggregates this data and correlates it with other information, it may result in users’ intentions to change jobs being revealed without their current employers’ knowledge. Although LinkedIn says it does not use this data to infer members’ sensitive information, privacy advocacy groups believe that this “backend scanning” model constitutes excessive monitoring of users’ digital behavior.
With digital privacy awareness on the rise, as platform operators draw the line between “preventing malicious scraping” and “respecting users’ privacy space,” they will face stricter regulatory review and increased social scrutiny.
This article, LinkedIn accused of secretly scanning browsers, privacy data of 400 million users may be leaked, first appeared on Lianxin ABMedia.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
