In the last few days, the alarm about tracking techniques that we had so far associated more with advertising companies or malicious entities than with professional networks has been relaunched: a report known as "BrowserGate.", developed by Fairlinked e.V., ensures that LinkedIn incorporates in its platform fragments of JavaScript capable of inspecting each visitor's browser to check which extensions are installed and collect numerous device data.
The point of concern to those who have read the report is that the results of this check, according to the authors, are not anonymous: they would be linked to actual LinkedIn accounts, which would allow to associate a list of extensions installed with specific names, companies and jobs. If that were the case, the information could reveal commercial tools used by a company's employees and ultimately map which companies use certain competition products, an accusation that the report exemplifies by citing known sales and prospecting names.
Some of these claims have been independently verified. Technical means such as BleepingComputer have reproduced checks and have observed on the LinkedIn site the loading of a random name script that performs tests on the presence of thousands of extensions in Chromium browsers. The technique is known: the script tries to load resources (e.g. images or files) associated with specific extension identifiers; if the resource exists, it is an indication that the extension is present. An example of this method can be found in BrowserLeaks, which documents how certain features and routes can report installed extensions.
The technical data that have been found show a disturbing progression: the same type of script was previously detected with a coverage of about 2,000 extensions, then a public repository in GitHub showed about 3,000 and the most recent checks indicate that the detection could exceed 6,000 extensions. In addition to the extensions, the same script collects information about the computer and browser: number of CPU cores, available memory, screen resolution, time zone, language, battery status and other parameters that together help build a unique device footprint.
Why should we care about this even if we're not users of commercial tools? Because the combination of extension identifiers with a real account on a professional network changes the equation. An isolated browser footprint is already a threat to privacy, but when associated with a specific professional identity the door opens to uses that go beyond mere telemetry: from identifying potential customers of a tool to making commercial or technical decisions about specific users.
LinkedIn, for its part, does not deny the detection of extensions. The company has explained that it tracks the presence of certain extensions to protect the platform, prevent scraping and detect automated behaviors that may affect the stability or privacy of members. According to the version that you have transcended, LinkedIn uses the existence of static resources linked to some extensions to identify those that inject code or images into your pages, and defends that this process is done for security purposes and compliance with your terms of use. He also noted that part of the debate came from a legal conflict with the developer of a specific extension, and that a German court rejected interim measures requested by that developer.
There is, however, a grey space: neither Fairlinked's report nor journalistic verifications have been able to prove publicly and conclusively how these data are used on a large scale or whether they are shared with third parties. The history of tracking shows that techniques initially justified for security reasons can evolve towards wider commercial uses; it is therefore reasonable to ask for transparency and clear limits on data collection, retention and purpose.
The technique itself is not new; the security and privacy community has been warning about the construction of fingerprints from browser and system parameters for years. Organizations like the Electronic Frontier Foundation have long explained why the combination of many small features of a browser can make it a persistent identifier ( Panopticlick / EFF). The novelty in this case is the scale and context: a professional network where profiles are tied to real identities.
If you are a regular LinkedIn user and you are concerned about your privacy, there are practical measures that you should know. It's not about getting alarmed, but about understanding the ecosystem: reviewing the installed extensions, minimizing those that have extensive permissions, using browsers with anti-fingerprinting protections and keeping profiles and sessions apart when working with sensitive professional accounts are actions that reduce the exposure surface. Browsers oriented to privacy like Tor Browser or Brave they offer greater defences against this kind of techniques, although with their own limitations for daily use.
The story of "BrowserGate" puts questions on the table that go beyond LinkedIn: what limits should exist for browser signal collection in sites that require real identities? To what extent can safety justify such intrusive inspections? And perhaps most importantly, how is it verified by the community and regulators that these data do not end up feeding commercial activities that harm people's competition or privacy?
As long as the parties involved present their arguments, regulators, independent auditors and the technical press should continue to call for access to evidence and controls. Confidence in platforms that mix professional identity and technical data depends on both legitimate security measures and transparency and clear limits on the use of the information collected. The original report can be consulted at: BrowserGate, the journalistic checks in BleepingComputer and examples of how extensions are detected in BrowserLeaks and in public repositories such as repository cited in GitHub.
In summary: there is technical evidence that LinkedIn runs a script that can identify thousands of extensions and collect device parameters; the company insists that it does so to protect the platform; and the current debate focuses on transparency on the use of these data and on the privacy and competition implications that can be derived from linking technical prints to real identities.
18-year-old Ukrainian youth leads a network of infostealers that violated 28,000 accounts and left $250,000 in losses
The Ukrainian authorities, in coordination with US agents. They have focused on an operation of infostealer which, according to the Ukrainian Cyber Police, was allegedly adminis...
The digital signature is in check: Microsoft dismands a service that turned malware into apparently legitimate software
Microsoft announced the disarticulation of a "malware-signing-as-a-service" operation that exploited its device signature system to convert malicious code into seemingly legitim...
A single GitHub workflow token opened the door to the software supply chain
A single GitHub workflow token failed in the rotation and opened the door. This is the central conclusion of the incident in Grafana Labs following the recent wave of malicious ...
WebWorm 2025: the malware that is hidden in Discord and Microsoft Graphh to evade detection
The latest observations by cyber security researchers point to a change in worrying tactics of an actor linked to China known as WebWorm: in 2025 it has incorporated back doors ...
Identity is no longer enough: continuous verification of the device for real-time security
Identity remains the backbone of many security architectures, but today that column is cracking under new pressures: advanced phishing, real-time proxyan authentication kits and...
The dark matter of identity is changing the rules of corporate security
The Identity Gap: Snapshot 2026 report published by Orchid Security puts numbers to a dangerous trend: the "dark matter" of identity - accounts and credentials that are neither ...
PinTheft the public explosion that could give you root on Arch Linux
A new public explosion has brought to the surface again the fragility of the Linux privilege model: the V12 Security team named the failure as PinTheft and published a concept t...