LinkedIn discreetly analyzes over 6,000 browser extensions and collects device fingerprints.

      In summary: Each time you access LinkedIn using a Chrome-based browser, a concealed JavaScript routine discreetly checks your browser for over 6,000 installed extensions, gathers 48 hardware and software details about your device, encrypts this fingerprint, and accompanies every API request you make during your session. This practice, referred to as “BrowserGate” by researchers, is not mentioned in LinkedIn’s privacy policy. LinkedIn claims it is a security measure, while critics argue that it constitutes covert surveillance of a billion users' browsing activities on an industrial scale.

      There’s a routine running on your computer whenever you visit LinkedIn. It operates invisibly, without your knowledge, and is not outlined in the company's privacy policy. An investigation published in early April 2026 by Fairlinked e.V., a European association of LinkedIn commercial users, uncovered that the platform injects a 2.7-megabyte JavaScript bundle that covertly scans users’ browsers for more than 6,000 specific Chrome extensions, compiles an intricate fingerprint of the hardware, encrypts it, and sends it to LinkedIn’s servers, where it is associated with every action taken during the session.

      This investigation, which has been validated by BleepingComputer through its own tests, has been labeled “BrowserGate.” LinkedIn disputes many descriptions in the report, but the technical elements remain undisputed.

      What the script performs

      LinkedIn refers to its scanning mechanism as “Spectroscopy.” When a user loads the LinkedIn site, the script launches up to 6,222 simultaneous requests, each targeting a specific browser extension by trying to access files linked to that extension's ID. The presence or absence of a file in the response reveals whether the extension is installed. This entire process occurs silently in the background, without any visible alerts or notifications.

      The script also gathers 48 specific details about the user's device, including CPU core count, available memory, screen resolution, timezone, language settings, battery status, audio hardware information, and storage capacity, among others. While each attribute may seem unremarkable on its own, combined, they create a distinctive device fingerprint that can identify users even after cookies are cleared.

      Once compiled, the information is serialized to JSON and encrypted using an RSA public key, identified internally by LinkedIn as “apfcDfPK,” before being sent to telemetry endpoints like li/track and /platform-telemetry/li/apfcDf. This fingerprint is then permanently incorporated as an HTTP header in every API request made during the session, allowing LinkedIn to receive it with every search, profile view, and message sent.

      What it seeks

      The nature of the extensions LinkedIn scans for makes the surveillance more intrusive than mere fraud detection would necessitate. According to the BrowserGate report, LinkedIn’s list encompasses over 200 products that compete directly with its own sales tools, including Apollo, Lusha, and ZoomInfo. Since LinkedIn knows each registered user’s employer, systematically scanning for competitor tools allows the platform to monitor which companies are considering or implementing rival products.

      The list further reportedly comprises tools related to neurodivergent conditions, religious practices, political interests, and job-hunting activities, which in the European Union are classified as sensitive personal data deserving enhanced protection under the General Data Protection Regulation. For instance, identifying that a user is using a job search extension offers significant insight into their employment intentions, drawn without their consent.

      The scale of this operation has increased dramatically over time. LinkedIn began scanning for 38 specific extensions in 2017. By 2024, that number grew to 461, and by February 2026, it reached 6,167, representing a 1,252% increase in just two years. Testing by BleepingComputer confirmed that the scanning was active in early April 2026.

      LinkedIn’s response and the origin of the report

      LinkedIn's rebuttal to BleepingComputer was direct. A spokesperson stated, “The claims made on the website linked here are plainly incorrect. The individual behind them faces an account restriction for scraping and other violations of LinkedIn’s Terms of Service. To safeguard our members’ privacy, their data, and to maintain site stability, we monitor for extensions that scrape data without members' consent or otherwise breach LinkedIn's Terms of Service.” The company further asserted that it does not use the data to “infer sensitive information about members.”

      The context surrounding the source is significant. Fairlinked e.V. is associated with Teamfluence Signal Systems OÜ, an Estonian company managed by Steven Morell and Jan Liebling. Teamfluence produces a Chrome extension called Teamfluence, which LinkedIn restricted for alleged violations of its terms of service. This company subsequently filed a preliminary injunction against LinkedIn Ireland Unlimited Company and LinkedIn Germany GmbH at the Regional Court of Munich, claiming violations of the Digital Markets Act, EU competition law, and German data protection regulations. In January 202