The organization “Verlinked e.V.”, as part of its “BrowserGate” campaign, revealed that LinkedIn used hidden code to scan users’ browser extensions without their knowledge or consent. The investigation found that the code, written in JavaScript, runs silently when pages are loaded, collecting information about installed browser extensions, as well as details about the device hardware and software.
LinkedIn’s Justification
In response to the investigation, LinkedIn told BleepingComputer that this practice is purely security-focused, aimed at preventing data scraping and protecting accounts from automated or fake activity. The company emphasized that the data is not used for commercial purposes and does not infer any sensitive information about users.
LinkedIn also noted that the report was published by an individual whose account had been restricted for violating the platform’s terms by collecting LinkedIn content without permission.
Reactions and Controversy
These findings come amid growing attention to user privacy and personal data protection on social and professional networks. While LinkedIn defends the practice as part of its security measures, the revelation of hidden browser scanning code raises questions about the limits of security practices and whether users should be explicitly informed when such data is collected.
Conclusion
This incident highlights the importance of transparency in data usage and the challenge of balancing security with user privacy. Users need clear insight into what happens on their browsers and devices when using major digital platforms like LinkedIn.