LinkedIn Is Reading Your Extensions

Every time you open LinkedIn, it runs a scan of your browser. Not your profile. Not your activity on the site. Your actual browser — the extensions you have installed, what they do, who makes them.

No consent dialog. No notification. No mention in the privacy policy. Just 6,167 extension IDs checked against your machine, every single page load.

The Mechanism

Fairlinked e.V., an association of commercial LinkedIn users, blew this open under the name BrowserGate. The technical details are specific enough to be damning.

LinkedIn's JavaScript runs a three-stage detection system. First: a parallel batch scan that fires over 6,000 fetch requests simultaneously using Promise.allSettled(), probing for web-accessible resources in installed extensions. Second: a staggered sequential scan that probes extensions individually with configurable delays — slower, quieter, harder to notice. Third: a passive DOM walk they call "spectroscopy," which crawls the entire document tree looking for chrome-extension:// references that extensions inject into page elements.

The whole system loads via a 2.7 MB Webpack chunk. The results get RSA-encrypted and injected as an HTTP header into subsequent API requests, meaning your extension fingerprint follows every action during your session. Data flows to three separate endpoints. One of them routes to HUMAN Security, an American-Israeli cybersecurity firm.

What They're Looking For

This is where it stops being a technical curiosity and starts being something else entirely.

LinkedIn is scanning for 509 job search tools. If you're covertly looking for a new position while employed, LinkedIn now knows. It scans for competitive sales products — Apollo, Lusha, ZoomInfo — mapping which companies use which tools, then sending enforcement threats to users. It scans for extensions that indicate religious beliefs, political orientation, and neurodivergent focus aids.

The list grew from 461 extensions in 2024 to 6,167 by February 2026. That's not passive data collection. That's an actively expanding surveillance operation.

The Inversion

There's a pattern here that shows up across the entire platform economy, but LinkedIn makes it particularly visible because of the power dynamic. This is the platform you use to find work. To maintain professional relationships. To signal your availability to employers who hold leverage over your livelihood.

And while you're doing that, the platform is inventorying your tools, mapping your interests, identifying your vulnerabilities, and sharing the data with third parties — all through code that runs silently on every page load.

The stated purpose is networking. The actual function is intelligence gathering. When the tool starts studying the user, the relationship has inverted. You're not using LinkedIn. LinkedIn is using you.

Fairlinked has filed complaints under the EU's Digital Markets Act. Whether enforcement follows remains to be seen. In the meantime, every time you open a LinkedIn tab, 6,167 probes fire against your browser before you've even typed a search.

The platform knows what tools you're using. The question is whether you knew the platform was looking.

Sources:

• LinkedIn Is Illegally Searching Your Computer — BrowserGate.eu, 2026-02-25
• The Attack: How it works — BrowserGate.eu, 2026-02-25