There is a routine that runs on your computer every time you open LinkedIn. You were not told about it. It does not appear in the platform’s privacy policy.
According to the BrowserGate investigation by Fairlinked e.V., a German association of commercial LinkedIn users, the platform injects a 2.7-megabyte JavaScript bundle into its website that silently probes visitors’ browsers for the presence of specific Chrome extensions, assembles a hardware fingerprint from 48 device characteristics, encrypts the result, and attaches it to every subsequent request made during the session. BleepingComputer independently confirmed the script was active as of early April 2026.
The scale of the operation has grown considerably. LinkedIn began scanning for 38 extensions in 2017. By 2024 the list had reached 461. By February 2026 it stood at 6,167, a 1,252 per cent increase in two years. LinkedIn’s response to the reporting was pointed: the claims were “plain wrong,” the platform said, and the scanning is used to detect extensions that scrape data or violate its terms of service. The company added that it does not use the data to infer sensitive information about members.
What a Browser Extension Reveals
The argument that this is simply anti-scraping security becomes harder to sustain when you look at what is being scanned for. The BrowserGate list includes 509 job-search tools, over 200 sales and recruiting apps that compete directly with LinkedIn’s own products, tools that signal religious practices such as Islamic prayer-time reminders or daily Torah readings, extensions designed for users with ADHD or dyslexia, and VPN clients.
Detecting a competitor’s sales tool tells LinkedIn which companies use which rival products. Detecting a neurodivergent accessibility extension reveals something rather more personal.
Because LinkedIn accounts are tied to real names, employers, and job titles, any extension data collected is not anonymous. It is attached to an identity. The fingerprint is also injected as an HTTP header into every API call made during the session, meaning it follows every search, message, and profile view. LinkedIn is not reading the extensions themselves.
It is reading what their presence implies, and linking those implications to a verified professional profile.
The EU Legal Problem
In Europe, the question is not only whether the technique is sophisticated. It is whether it is lawful. Fairlinked has filed legal proceedings under the Digital Markets Act, arguing the scanning violates transparency requirements for designated gatekeepers.
Under GDPR, collecting data that could reveal health conditions, religious beliefs, or political views without explicit informed consent constitutes processing of special-category personal data, which carries the highest level of protection under EU law.
Fingerprinting sits awkwardly with informed consent because it is designed to function without friction or disclosure. A platform with over one billion users, operating across EU jurisdictions, running an undisclosed scanning operation that grew by 1,252%in two years, presents precisely the kind of case that regulators have signalled they will pursue.
LinkedIn was already fined for EU privacy violations in October 2024 and faced a lawsuit in January 2025 over training AI on private InMail messages.
BrowserGate adds another chapter to an expanding record.
Surveillance and Scams Share a Platform
BrowserGate lands in a labour market that already feels less safe than it looks. Employment scams cost an estimated $2 billion annually according to the Better Business Bureau, with 14 million people exposed each year.
The FTC reports that job scam losses jumped from $90 million in 2020 to $501 million in 2024. LinkedIn removed 80.6 million fake accounts in just the second half of 2024. On the platform that markets itself on the credibility of real identity, fake recruiters and fraudulent listings remain a persistent problem.
The collision of those two realities is damaging in a specific way. If job seekers already distrust the listings, they become acutely sensitive to any sign that the platform is also monitoring them. Scams and covert surveillance produce the same underlying feeling: that the job hunt is a transaction where you are the one being assessed, not the opportunity. LinkedIn’s defence, that fingerprinting protects users from scraping and fraud, asks people to accept surveillance as the price of safety.
That is a trade many professionals on the platform never agreed to make.
Keep up with Daily Euro Times for more updates
Read also:
Estonia’s Digital Success Cannot Fix the Demographic Dread
Digital Bridges: Austria and the UAE
French Privacy Over Politics: Clooneys Choose Provence
