LinkedIn discreetly analyzes over 6,000 browser extensions and identifies your device's unique fingerprint.

      In summary: Each time you access LinkedIn using a Chrome-based browser, a hidden JavaScript function quietly examines your browser for over 6,000 installed extensions, gathers 48 hardware and software traits from your device, encrypts the resulting fingerprint, and associates it with every API request you make during that session. This practice, referred to as “BrowserGate” by researchers, is not mentioned in LinkedIn’s privacy policy. LinkedIn claims it is a security protocol; however, critics argue it constitutes covert surveillance of a billion users’ browsing habits on a massive scale.

      An automatic routine is triggered on your device whenever you open LinkedIn. It operates without your awareness, and it’s not outlined in the company's privacy policy. An investigation released in early April 2026 by Fairlinked e.V., a European group of commercial LinkedIn users, found that the platform injects a 2.7-megabyte JavaScript package into its site that quietly scans visitors’ browsers for the presence of over 6,000 specific Chrome extensions, creates a detailed fingerprint of their hardware, encrypts it, and sends this information to LinkedIn’s servers, where it is linked to every subsequent action taken during the session.

      The investigation, independently validated by BleepingComputer, which confirmed the scanning process through its own tests, has been termed “BrowserGate.” LinkedIn contests many aspects of the report’s descriptions; however, the technical details are undisputed.

      What the script does

      LinkedIn refers to its scanning mechanism as “Spectroscopy.” When a user opens the LinkedIn website, the script initiates up to 6,222 simultaneous requests, each checking for a specific browser extension by attempting to access files related to that extension’s ID. The response, indicating the presence or absence of a file, reveals whether the extension is installed. This entire process occurs silently in the background, without any visible prompt or notification.

      Besides checking for extensions, the script gathers 48 different characteristics of the user’s device, including CPU core count, available memory, screen resolution, timezone, language settings, battery status, audio hardware information, and storage capacity, among others. While these attributes may seem ordinary on their own, when combined, they create a unique device fingerprint that can identify a user even after cookies have been deleted.

      Once collected, the data is serialized to JSON format and encrypted using an RSA public key, identified internally by LinkedIn as “apfcDfPK,” before being sent to telemetry endpoints such as li/track and /platform-telemetry/li/apfcDf. The fingerprint is then permanently injected into every API request made during the session as an HTTP header, meaning LinkedIn receives it with every search, profile view, and message sent.

      What it is scanning for

      The specifics of the extensions LinkedIn is scanning for elevate the surveillance beyond what simple fraud detection would necessitate. The BrowserGate report reveals that LinkedIn’s list includes over 200 products that directly compete with its own sales tools, such as Apollo, Lusha, and ZoomInfo. Given that LinkedIn knows each user’s employer, systematically checking for the presence of a competitor’s tool grants the platform insight into which companies are assessing or utilizing rival products.

      Additionally, the list reportedly contains tools related to neurodivergent conditions, religious practices, political interests, and job-hunting activities, which are classified as sensitive personal data requiring greater protection under the General Data Protection Regulation in the European Union. For example, being aware that a user employs a job-search extension provides significant insight into their employment intentions, obtained without consent.

      The scale of LinkedIn's scanning has notably increased over time. The company started with a focus on 38 specific extensions in 2017. By 2024, this number had risen to 461, and by February 2026, the total reached 6,167, marking a 1,252% increase within two years. BleepingComputer’s tests confirmed scanning was in effect as of early April 2026.

      LinkedIn’s defense and the origin of the report

      In response to BleepingComputer, LinkedIn was direct: “The claims made on the website linked here are simply incorrect,” a spokesperson stated. “The individual behind them has faced account restrictions for scraping and other breaches of LinkedIn’s Terms of Service. To safeguard our members' privacy and data, as well as to ensure site stability, we do monitor extensions that scrape data without members’ consent or violate LinkedIn’s Terms of Service.” The company also asserted that it does not use the data to “infer sensitive information about members.”

      The characterization of the source is important. Fairlinked e.V. is linked to Teamfluence Signal Systems OÜ, an Estonian firm managed by Steven Morell and Jan Liebling. Teamfluence produces a Chrome extension named Teamfluence, which LinkedIn restricted due to alleged violations of its terms of service. Subsequently, the company filed for a preliminary injunction against