A recent investigation into a practice labeled BrowserGate reveals that LinkedIn utilizes hidden JavaScript to scan user browsers for thousands of installed extensions. This data collection reportedly allows Microsoft to identify which specific third-party tools and competitors are being used by professionals and corporations globally.
The report issued by Fairlinked e.V. alleges that LinkedIn's platform injects specific scripts into active sessions to probe for the presence of over six thousand different browser extensions. By linking these findings to individual profiles, the platform can connect software usage data directly to real-world identities, employers, and professional roles. This level of tracking creates a detailed map of corporate software environments that would otherwise remain private.
According to the findings, LinkedIn specifically targets over two hundred products that compete with its own internal sales and networking tools. By identifying users of services like Apollo or ZoomInfo, Microsoft can effectively extract the customer lists of its competitors. Because the platform knows exactly where each user works, it can determine which companies are utilizing specific rival software packages without the consent of the software providers or the users.
Beyond simple data collection, the report suggests that LinkedIn is actively using this information for enforcement purposes. The platform has reportedly issued legal or service threats to individuals using third-party extensions, using the data harvested through this covert scanning to identify its targets. This move has raised significant concerns regarding privacy and the potential for anti-competitive behavior in the professional software market.
Independent testing has corroborated several technical aspects of these claims, including the observation of JavaScript files with randomized names being loaded by the site. These scripts employ a known fingerprinting technique that attempts to access internal file resources associated with specific extension IDs. By checking for these unique identifiers, the site can confirm the presence of an extension even if it is not currently active or visible.
The scale of this operation appears to be expanding rapidly over time. While similar fingerprinting scripts were noted in 2025 as targeting roughly two thousand extensions, recent data indicates the list has grown to over six thousand. This steady increase suggests a dedicated effort to maintain a comprehensive database of the software tools being used by the platform’s hundreds of millions of professional users.
Source: http://browsergate.eu/