Investigation says LinkedIn scans browser extensions that may reveal religion, politics, and job searches

LinkedIn is silently scanning users’ installed browser extensions on every page load, according to a new investigation that calls the practice illegal corporate espionage.

The probe, executed via hidden JavaScript on linkedin.com, checks for thousands of specific Chrome and Chromium extensions by attempting to load known files from them. It then bundles the results, encrypts them, and ships them off to LinkedIn’s servers — plus third parties, including an American-Israeli cybersecurity outfit called HUMAN Security (formerly PerimeterX). None of this is mentioned in LinkedIn’s privacy policy, and users aren’t asked or told, according to the report.

The group behind the report, Fairlinked e.V., a German nonprofit of LinkedIn users and tool makers, put the full evidence online at browsergate.eu. They claim the scan list has ballooned to more than 6,000 extensions as of early 2026.

Some independent checks put the active count closer to 2,900. Either way, it includes 509 job-search tools, over 200 sales and recruiting apps that compete directly with LinkedIn’s own products, and extensions that signal religious practices, political views, or neurodivergence.

If you think about it, the platform already knows your real name, employer, and job title. Spotting a job-hunting extension or one tied to an Islamic content filter or an anti-Zionist tagger gives it a pretty clear picture of what you’re thinking or doing without you ever saying a word.

Fairlinked calls it a mass breach of special-category personal data under EU rules. They also argue LinkedIn used the same scanning tech to thumb its nose at the EU’s Digital Markets Act, which ordered the company to open up to third-party tools. Instead, the group says, LinkedIn quietly expanded its watchlist while publishing tiny, mostly useless APIs as compliance.

According to a Brave staffer, Brave browser already blocks the key tracking endpoints, including one called /sensorCollect and a hidden frame from li.protechts.net.

The investigation has a Munich legal case already on file and is hunting for funding and more plaintiffs to take on Microsoft, which owns LinkedIn and has deep pockets for fights like this. So far, LinkedIn hasn’t commented publicly.

Online reaction has been mixed. On Reddit a number of users called the report misleading or overblown, arguing the scan is mainly a tool to block scrapers and bots rather than some deep dive into personal computers. A few pointed out that websites have used similar fingerprinting tricks for years.

The full list is still up at browsergate.eu if you want to check it yourself.

We stand out from the tech-media crowd because we break news stories; we mainly bring you stuff that you won’t find anywhere in the mainstream tech media. Our stories have been picked up by some of the world’s most popular websites and media outlets—more info is available here.