admin At the centre of the dispute is a report published by Fairlinked e. V., a group describing itself as an association of commercial LinkedIn users. It claims LinkedIn runs JavaScript that silently checks for installed extensions on every page load, reports the results back to LinkedIn’s servers and ties that data to logged-in accounts, which often include a user’s real name, employer, job title and location. The group says the scan list has expanded sharply over time and now includes sales tools, job-search tools, privacy software and other categories that could reveal commercially or personally sensitive information.
One of the most significant elements in the allegation is not simply the size of the scan list, but the claim that the information could be used to infer behaviour or business intent. The BrowserGate material says the extension checks include products that compete with LinkedIn’s own sales offerings, such as Apollo, Lusha and ZoomInfo, as well as tools associated with job hunting. BleepingComputer’s reporting said it was able to verify the presence of the fingerprinting script and confirmed that it checked for 6,236 browser extensions by probing known file resources linked to particular extensions, a technique long recognised in browser-security circles. It did not, however, independently verify Fairlinked’s broader claims about how the resulting data is used or whether it is shared with third parties.
LinkedIn has pushed back forcefully. In a statement reported by BleepingComputer, the company said the allegations were “plain wrong” and argued that it detects extensions in order to protect members, their data and site stability from tools that scrape information or otherwise violate LinkedIn’s terms of service. LinkedIn said some extensions expose static resources that can be detected by checking whether a particular URL exists, and that this information is used to identify rule-breaking extensions, strengthen technical defences and understand unusual account activity at scale. The company also said it does not use the data to infer sensitive information about members.
That response narrows, but does not erase, the issue. Even LinkedIn’s defence leaves little doubt that extension detection is taking place. The sharper questions now concern proportionality, transparency and legal basis. LinkedIn’s privacy policy, effective from November 2025, says the company is committed to transparency, offers users choices about the data it collects and may introduce new features requiring the collection of new information, with notice if it collects materially different personal data or materially changes how it collects, uses or shares information. The BrowserGate critics argue that extension scanning and associated fingerprinting are not described with sufficient clarity in those disclosures.
The regulatory context gives the dispute wider significance. Microsoft was designated by the European Commission as one of the first six gatekeepers under the Digital Markets Act on 6 September 2023, with LinkedIn among the core platform services covered by those obligations. The Commission has since said designated gatekeepers must comply with the DMA’s rules aimed at keeping digital markets fair and open. Fairlinked argues LinkedIn expanded surveillance of third-party tools instead of embracing interoperability, though that is the campaign’s interpretation rather than a regulatory finding. ][4])
Privacy regulators have already signalled a tough stance on fingerprinting more broadly. Guidance from the UK Information Commissioner’s Office says businesses do not have free rein to deploy fingerprinting and that such techniques must be used lawfully and transparently. European data-protection guidance has also made clear that rules covering access to information on a user’s device apply beyond cookies and extend to emerging tracking methods, including fingerprinting. That means any platform using these tools may face questions not only about security justifications, but also about whether users were properly informed and whether consent or another lawful basis was required.
