A report called “BrowserGate” alleges LinkedIn injects hidden JavaScript to scan visitors’ browsers for thousands of extensions and collect detailed device fingerprints tied to real LinkedIn profiles. BleepingComputer confirmed a script probing over 6,000 extensions while LinkedIn says the detections are used to block scraping and protect site stability in a dispute involving the Teamfluence developer. #BrowserGate #LinkedIn
Keypoints
- LinkedIn’s site injects hidden JavaScript that checks for thousands of browser extensions.
- Fairlinked claims extension fingerprints are linked to identifiable profiles and used to extract competitor customer lists like Apollo, Lusha, and ZoomInfo.
- BleepingComputer observed a randomized script probing 6,236 extensions via resource-access fingerprinting.
- LinkedIn says the scans detect scraping tools and defended its actions in a legal dispute with the Teamfluence developer.
- The script also gathers device signals (CPU cores, memory, screen, timezone, battery, audio, storage), raising tracking and privacy concerns.