LinkedIn covertly examines over 6,000 browser extensions and identifies your device.

      In summary: Each time you access LinkedIn using a Chrome-based browser, an invisible JavaScript routine discreetly examines your browser for over 6,000 installed extensions, gathers 48 hardware and software details about your device, encrypts the resulting fingerprint, and appends it to every API request made during your visit. Researchers have dubbed this practice "BrowserGate," and it is not mentioned in LinkedIn's privacy policy. LinkedIn claims this is a security measure; however, critics argue it constitutes covert surveillance of a billion users' browsing habits on a large scale.

      Every time you open LinkedIn, a routine operates on your device without your knowledge or any disclosure in the company's privacy policy. A report released in early April 2026 by Fairlinked e.V., a European association for commercial LinkedIn users, reveals that the platform embeds a 2.7-megabyte JavaScript bundle within its website that quietly scans visitors' browsers for the presence of over 6,000 specific Chrome extensions, creates a detailed fingerprint of their hardware, encrypts it, and sends the data to LinkedIn's servers, where it is linked to every subsequent action taken in the session.

      This investigation, independently validated by BleepingComputer, which confirmed the scanning behavior through its tests, has been referred to as "BrowserGate." While LinkedIn disputes several interpretations in the report, the technical aspects are not in contention.

      What the script does

      LinkedIn refers to its scanning mechanism as "Spectroscopy." When a user accesses the LinkedIn site, the script sends out up to 6,222 simultaneous requests, each querying a specific browser extension by trying to access files related to that extension's ID. The presence or absence of such a file in the response indicates whether the extension has been installed. This entire operation occurs silently in the background, without any visible alerts or notifications.

      In addition to extension detection, the script gathers 48 unique characteristics of the user’s device, including CPU core count, available memory, screen resolution, timezone, language preferences, battery status, audio hardware details, and storage capacity. While each attribute is unremarkable on its own, together they create a device fingerprint that is distinct enough to identify a user even after cookies have been deleted.

      Once the data is compiled, it is serialized to JSON and encrypted with an RSA public key, identified internally at LinkedIn as "apfcDfPK," before being sent to telemetry endpoints such as li/track and /platform-telemetry/li/apfcDf. The fingerprint is then permanently included as an HTTP header in every API request during the user's session, meaning LinkedIn receives it with each search, profile view, and message sent.

      What it is looking for

      The nature of the extensions LinkedIn scans for makes this surveillance more intrusive than what simple fraud detection requires. According to the BrowserGate report, LinkedIn's list contains over 200 products that directly compete with its sales tools, including Apollo, Lusha, and ZoomInfo. By systematically scanning for competitor products while knowing each user's employer, LinkedIn gains insights into which companies are testing or using rival tools.

      The list also reportedly includes tools related to neurodivergent conditions, religious practices, political affiliations, and job-hunting activities—categories considered sensitive personal data under the General Data Protection Regulation (GDPR) in the European Union. For instance, detecting that a user has a job-search extension implies significant insights about their employment intentions, acquired without consent.

      The scale of this operation has increased dramatically over the years. LinkedIn began scanning for 38 specific extensions in 2017. By 2024, this number had expanded to 461, and by February 2026, the list had grown to 6,167—a 1,252% increase within two years. BleepingComputer's tests confirmed that the scanning was active as of early April 2026.

      LinkedIn’s response and the report's source

      In response to BleepingComputer, LinkedIn asserted, “The claims made on the website linked here are plain wrong." A spokesperson indicated that the individual behind the claims faced account restrictions for scraping and other violations of LinkedIn’s Terms of Service. To protect users' privacy and ensure site stability, they stated that they monitor extensions that scrape data without users’ consent or otherwise violate the platform's rules. The company also emphasized that it does not use this data to "infer sensitive information about members."

      The context surrounding the source of the report is important. Fairlinked e.V. has ties to Teamfluence Signal Systems OÜ, an Estonian company whose directors include Steven Morell and Jan Liebling. Teamfluence developed a Chrome extension that LinkedIn restricted for supposedly violating its terms of service. Following this, the company filed a preliminary injunction against LinkedIn Ireland Unlimited Company and LinkedIn Germany GmbH in Munich, claiming violations of the Digital Markets Act, EU competition laws, and German data protection regulations. In January 2026