LinkedIn is secretly scanning your browser for 6,000 extensions, and you weren’t told

LinkedIn, the leading professional networking platform, has been found to be secretly scanning users' browsers for over 6,000 extensions without their knowledge. This practice, dubbed "BrowserGate" by researchers, raises serious privacy concerns and highlights the extent to which companies are collecting data on their users.

The discovery was made by a team of researchers who analyzed LinkedIn's behavior in Chrome-based browsers. Every time a user visits LinkedIn, a hidden JavaScript routine is activated. This routine discreetly probes the browser for information on installed extensions, collecting data on more than 6,000 different extensions. The collected data is then combined with 48 hardware and software characteristics of the user's device. This comprehensive fingerprint is encrypted and attached to every API request made by the user during their session on the platform.

The implications of this practice are significant. Firstly, it raises questions about transparency. LinkedIn has not disclosed this data collection practice to its users, who may not be aware that their browsing habits and device information are being systematically gathered. This lack of transparency is particularly concerning given the sensitive nature of professional networking data. Users often share personal and professional information on LinkedIn, and the platform's undisclosed data collection methods could expose this information to potential risks.

Secondly, the scale of data collection is alarming. By scanning for over 6,000 extensions, LinkedIn is not only collecting information about the user's browser but also about their overall digital habits. Extensions can reveal a wealth of information about a user's interests, preferences, and even their professional tools. Combining this with hardware and software characteristics creates a detailed profile that could be used for targeted advertising, behavioral analysis, or even more sinister purposes.

Thirdly, the encryption of the fingerprint and its attachment to every API request during the session means that the data is consistently linked to the user's activities on LinkedIn. This persistent tracking could allow LinkedIn to build a comprehensive profile over time, even if users are not aware of the data being collected. The fact that this data is encrypted adds an extra layer of security for LinkedIn, making it more difficult for users to detect or prevent the data collection.

The researchers who uncovered this practice have labeled it "BrowserGate," drawing parallels to the infamous Cambridge Analytica scandal that involved the misuse of Facebook user data. While the scale and methods may differ, both incidents highlight the potential for companies to collect and utilize user data in ways that users are not fully aware of or have not consented to.

LinkedIn has not yet responded to the allegations, and it remains unclear whether the company will acknowledge the practice or take steps to address the privacy concerns raised. In the meantime, users who value their privacy may want to consider the potential risks associated with using LinkedIn, especially given the undisclosed nature of the data collection.

This incident also prompts a broader discussion about data privacy and transparency in the digital age. As companies continue to collect vast amounts of data on their users, it is crucial that they are transparent about their practices and obtain proper consent. Regulators may also need to step in to ensure that such practices are regulated and that users have control over their personal data.

In conclusion, the discovery of LinkedIn's secretive data collection practices through "BrowserGate" serves as a stark reminder of the importance of privacy in the digital world. Users must be vigilant about the data they share online and demand transparency from the companies that collect and utilize this information. As the digital landscape continues to evolve, it is essential that we remain aware of the potential risks and take steps to protect our privacy in an increasingly connected world.