● SecurityWeek 📅 13/04/2026 à 16:00

BrowserGate: Claims of LinkedIn ‘Spying’ Clash With Security Research Findings

Cybersécurité 👤 Kevin Townsend
Illustration
The internet is full of claims that Microsoft’s LinkedIn is scanning users’ computers to fingerprint and profile LinkedIn users. Most people in the cybersecurity industry have now heard of BrowserGate. Fewer people will understand it. But in a search for ‘BrowserGate’ on Chrome, Edge or Safari (as of today), the top return will be a page that reads in bold, “LinkedIn Is Illegally Searching Your Computer”. This is followed by the subtitle, “Microsoft is running one of the largest corporate espionage operations in modern history.” BrowserGate is the eponymous name of the BrowserGate group (it describes itself as ‘Fairlinked… an association of commercial LinkedIn users’), that provides an exposé (that it names BrowserGate) and is located at the browsergate.eu URL. According to the BrowserGate exposé, LinkedIn has been deceiving EU regulators. “In 2023, the EU designated LinkedIn as a regulated gatekeeper under the Digital Markets Act and ordered it to open its platform to third-party tools.” But LinkedIn’s primary response was to expand “its surveillance of the exact tools the regulation was designed to protect… from roughly 461 products in 2024 to over 6,000 by February 2026.” In short, what BrowserGate describes as an attack happens silently through LinkedIn JavaScript. Whenever LinkedIn is opened on a Chrome-based browser, the JavaScript scans for approximately 6,000 browser extensions, collects the result, encrypts it, and transmits it to LinkedIn’s servers. The presence of many of these extensions can supposedly profile the user’s political opinions, religious beliefs, disability, neurodivergence and sexuality, employment status, and company trade secrets. So, if BrowserGate is correct in describing the process as one of the largest corporate espionage operations in modern history, this is mighty disturbing.Advertisement. Scroll to continue reading. LinkedIn, as you might expect, rejects this view. LinkedInHelp posted on Hacker News: “We use this data to determine which extensions violate our terms, to inform and improve our technical defenses, and to understand why a member account might be fetching an inordinate amount of other members’ data, which at scale, impacts site stability. We do not use this data to infer sensitive information about members.” So, which is it: aggressive privacy intrusion and theft, or valid defense? Tyler Reguly, associate director of security R&D at Fortra, decided to look deeper and report his findings. He describes the LinkedIn process as ‘resource probing’ to determine which out of more than 6,000 extensions are installed. “Yes, LinkedIn was probing for a lot of extensions, but there was no scanning of your computer and no malicious code, just a simple JavaScript technique to determine if the extension was there.” Reguly decided to test the resource probing and results obtained on a sample 10% of the 6,000+ extensions. “One extension refused to have its tab closed and reopened itself every time I closed it. Others changed my home screen, the about:blank page, and added bookmarks.” Another Rickrolled him, playing the ‘Never Gonna Give You Up’ video every time he opened his browser. “To say that a lot of these are the worst of the worst extensions out there is not an understatement.” What’s more, statistically from his sample testing, he believes only around 2,000 could be detected by LinkedIn, when even 6,000 is just a small sub-set of the total number of extensions that exist. If LinkedIn was intent on fingerprinting or profiling its users, there are better methods than this. “I don’t see anything that indicates malicious intent here,” he told SecurityWeek “It is discovering some information, yes, but I don’t think it crosses the threshold to malicious – I think that’s a very sensationalized view of what’s going on.” Asked why LinkedIn is doing this, he replies, “I don’t know. But for me, a common trend across these extensions is that they have data scraping functionality and are not well known. And they were problematic at times. Many of them gave me that used-car-salesman vibe that you see in the movies,” he continued. “I can’t help but wonder if LinkedIn wanted to know if these extensions were there to try and defend against them. I certainly wouldn’t want one of my LinkedIn contacts to be running these extensions and visit my page with these scrapers installed. I feel that a user with these extensions installed visiting my LinkedIn page is more of an affront to my privacy than LinkedIn checking to see if I have these extensions.” This doesn’t mean that LinkedIn is absolved from all criticism of its behavior. It hasn’t made the process clear to its users. Whether It is intentionally engaged in fingerprinting or profiling its users or not, the action gets close to illegality in certain jurisdictions. “The legality of such fingerprinting depends on the facts and jurisdiction,” comments Ilia Kolochenko, a lawyer focused on cybersecurity, data protection and privacy law, told SecurityWeek. “If used without notice and for commercial gain, in some countries, it may even constitute a criminal offense. In any case, if you don’t have a freely given and informed user consent to collect such data – that highly likely amounts to personal data under GDPR and most other privacy laws and regulations – the data collection may be a grave infringement of applicable privacy law.” It would seem that LinkedIn should make its behavior very clear to its users, and that signing up is consenting to the process. But for Reguly, “I think the only downside I see is that LinkedIn wasn’t notifying you that you had these potentially problematic extensions installed.” Personally, he writes, “I think that administrators and security folks should be celebrating this revelation – they now have a list of Extension IDs that they should block at their organization.” But on the more sensationalist claims for BrowserGate, he concludes, “I can’t help but look at this as a giant nothingburger.” Related: MI5 Warns Lawmakers That Chinese Spies Are Trying to Reach Them via LinkedIn Related: LinkedIn Hit With 310 Million Euro Fine for Data Privacy Violations From Irish Watchdog Related: Firefox 72 Blocks Fingerprinting Scripts by Default Related: Austrian Regulator Says Google Analytics Contravenes GDPR Written By Kevin Townsend Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines. More from Kevin Townsend Can We Trust AI? No – But Eventually We MustAnthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge AttacksMobile Attack Surface Expands as Enterprises Lose ControlCritical Vulnerability in Claude Code Emerges Days After Source LeakStolen Logins Are Fueling Everything From Ransomware to Nation-State CyberattacksVenom Stealer Raises Stakes With Continuous Credential HarvestingCritical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise Silent Drift: How LLMs Are Quietly Breaking Organizational Access Control Latest News Booking.com Says Hackers Accessed User InformationOpenAI Impacted by North Korea-Linked Axios Supply Chain HackInternational Operation Targets Multimillion-Dollar Crypto Theft SchemesCPUID Hacked to Serve Trojanized CPU-Z and HWMonitor DownloadsFake Claude Website Distributes PlugX RATGmail Brings End-to-End Encryption to Android and iOS for Enterprise UsersAdobe Patches Reader Zero-Day Exploited for MonthsIn Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack Trending Webinar: A Step-by-Step Approach to AI Governance April 28, 2026 With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment. Register Virtual Event: Threat Detection and Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the MoveThe United States Department of War appointed David Vaughn as Technical Advisor for Data Infrastructure.Black Duck has named Dom Glavach as Chief Information Security Officer.Finite State has named Ann Miller as Vice President of Marketing.More People On The MoveExpert Insights The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) The Human IOC: Why Security Professionals Struggle with Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) Flipboard Reddit Whatsapp Whatsapp Email
← Retour