LinkedIn 'BrowserGate' claims

LinkedIn is facing a fast-moving privacy fight after researchers accused it of quietly scanning visitors’ browsers for installed extensions and device traits, and two class-action lawsuits were filed in California on April 6, 2026. LinkedIn says the lawsuits distort a practice it says is disclosed in its privacy policy and used to fight abuse and scraping. (arstechnica.com) (pcmag.com) The claims come from a campaign called “BrowserGate,” published by Fairlinked e.V., a German group that says it represents commercial LinkedIn users, businesses, and toolmakers. Fairlinked alleges that LinkedIn loads hidden client-side code when people visit the site and uses it to inspect software installed in Chromium-based browsers. (browsergate.eu) (pcmag.com) At the center of the dispute is a simple technical trick with big consequences. A website can sometimes test whether a browser extension is installed by probing for files tied to that extension’s public identifier, which turns the browser into a kind of yes-or-no checklist for software on a user’s machine. (bleepingcomputer.com) (pcmag.com) Fairlinked says LinkedIn’s script checks for more than 6,200 extensions, while some outside reporting says independent reviews found a lower active count closer to 2,900. That gap matters because the broadest allegations in the social media posts and campaign materials are still claims from the reporting group, not findings that have been confirmed by a court or regulator. (browsergate.eu) (piunikaweb.com) (tech.yahoo.com) The reason extension scans are sensitive is that extensions can reveal more than software preferences. A job-search helper, a religion-related add-on, an accessibility tool, or a sales prospecting plugin can act like labels on a filing cabinet, hinting at what a person is doing, what they care about, or what tools their employer uses. (browsergate.eu) (cybernews.com) Fairlinked also alleges that LinkedIn collected device and behavioral signals such as battery information, hardware details, language settings, memory, storage, and screen characteristics to build a browser fingerprint. A browser fingerprint is a profile made by combining many small technical details until a device becomes recognizable even without a login cookie, much like identifying a car from its make, dents, stickers, and license plate frame instead of just its plate number. (cert.gov.az) (techtimes.com) (newsbreak.com) That point is one reason the allegation about “not logged in” visitors has drawn so much attention. If a company can recognize a browser from its technical pattern, then the practical difference between a signed-in user and a returning visitor can shrink, although that specific use of fingerprinting in LinkedIn’s case remains an allegation rather than an established fact. (browsergate.eu) (newsbreak.com) The campaign’s estimate of roughly 405 million affected users appears to come from Fairlinked’s own analysis and has been repeated in coverage, but LinkedIn has not publicly confirmed that number. That makes it better understood as the scale alleged by the researchers than as a settled count of impacted people. (cybernews.com) (browsergate.eu) One of the sharpest accusations is about motive. Fairlinked says LinkedIn scanned for more than 200 products that compete with its own sales tools, including names such as Apollo, Lusha, and ZoomInfo, and claims LinkedIn could use that information to see which companies rely on rival products. (browsergate.eu) (tech.yahoo.com) That accusation lands differently because LinkedIn is not just any website; it is a Microsoft-owned platform built around real identities, employers, and work histories. If extension results were tied to named profiles, the data could reveal not only what one person uses, but also what software stacks entire teams or companies rely on. (browsergate.eu) (cybernews.com) The reporting also says some of the collected data was shared with HUMAN Security, which multiple outlets describe as an American-Israeli cybersecurity firm. Fairlinked frames that as third-party transfer to a company with intelligence ties, while the public reporting available so far does not show a regulator or court independently validating the strongest version of that claim. (browsergate.eu) (cybernews.com) LinkedIn’s public response has been narrow but important. The company told PCMag that it does scan for browser extensions, said the purpose is to detect abuse and defend site stability, said the practice is disclosed in its privacy policy, and said it does not use the data to infer sensitive information about members. (pcmag.com) That privacy-policy argument is likely to become a central fault line in court. Reporting on the policy says LinkedIn states it can collect network and device information including browser “add-ons,” but the lawsuits argue that a general reference to add-ons is not the same as clearly telling users that the site may systematically test thousands of extension identifiers during page loads. (pcmag.com) (vpncentral.com) The two California complaints cite laws including the federal Electronic Communications Privacy Act and California computer-access statutes. In plain English, the plaintiffs are arguing that LinkedIn crossed the line from defending its platform to interrogating users’ devices in a way ordinary people neither expected nor meaningfully consented to. (pcmag.com) (iclg.com) Europe may be the harder battlefield. Fairlinked says it has already filed proceedings under the European Union’s Digital Markets Act, and much of its public case is built around the idea that extension scans can expose special-category data such as religion, health, disability, and political views, which receive stronger protection under the General Data Protection Regulation. (browsergate.eu) (computing.co.uk) There is also a credibility fight wrapped around the technical fight. LinkedIn has described the broader scandal narrative as a smear campaign tied to a disgruntled extension developer who previously lost a court battle in Germany