A new report called “BrowserGate” alleges Microsoft-owned LinkedIn injects hidden JavaScript into user sessions to scan for installed browser extensions and collect detailed device fingerprinting data. BleepingComputer confirmed a randomized script checking for over 6,000 extensions while LinkedIn says the scans are used to detect scraping and protect the platform, a claim disputed by the report’s author. #LinkedIn #BrowserGate
Keypoints
- Fairlinked’s BrowserGate report claims LinkedIn injects JavaScript to detect thousands of browser extensions.
- BleepingComputer observed a script with a randomized filename that checked for over 6,000 extensions.
- The script also collects device and browser fingerprinting data like CPU cores, memory, resolution, timezone, and battery status.
- LinkedIn says the detection targets scraping extensions to protect members and site stability and denies misuse of data.
- Similar aggressive fingerprinting practices by other companies and a German court ruling have intensified scrutiny of these techniques.