On April 6, 2026, the European association Fairlinked e.V. published a bombshell report: LinkedIn secretly injects a 2.7MB JavaScript bundle into its website, capable of scanning your browser on every visit. The scandal has been dubbed BrowserGate.
How it works
The script, named "Spectroscopy", performs three operations on every page load:
- Extension scanning: 6,222 simultaneous requests are fired to detect which Chrome extensions are installed in your browser.
- Hardware fingerprinting: 48 characteristics are collected — CPU core count, available memory, screen resolution, timezone, language, battery status…
- Encrypted transmission: this data is encrypted and attached to every API request during your session.
All of this happens without any mention in LinkedIn's privacy policy.
The scale of surveillance
The growth of this list is staggering:
- 2017: 38 extensions monitored
- 2024: 461 extensions monitored
- February 2026: 6,167 extensions monitored — +1,252% in two years
Among the targeted extensions: over 200 direct LinkedIn competitors (Apollo, Lusha, ZoomInfo), but also tools linked to neurodivergent conditions, religious practices, political opinions, or active job-seeking. More than one billion users are potentially affected.
LinkedIn's response
LinkedIn acknowledges scanning for extensions, but claims it only does so to detect those that "scrape data in violation of its terms of service." The platform denies using this information to "infer sensitive data."
LinkedIn also dismisses the report as a smear campaign, attributing it to a developer whose account was suspended for scraping.
Some security researchers push back: Tyler Reguly (Fortra) calls it "resource probing" rather than spying, and notes that many targeted extensions are genuinely malicious. He considers the accusations overblown. But even he acknowledges the core issue: a complete lack of transparency.
The legal context
This isn't the first time LinkedIn has faced trouble over data protection. In October 2024, Ireland's Data Protection Commission already fined LinkedIn €310 million for GDPR violations related to targeted advertising.
BrowserGate raises new questions: collecting potentially sensitive data (religious beliefs, health conditions, professional activity) without explicit consent conflicts with GDPR for European users.
What your data funds
Since September 2024, LinkedIn has been using your data to train Microsoft's AI models — opt-in by default, with data going back to 2003. Microsoft has invested $13 billion in OpenAI and holds the Pentagon's $9 billion cloud contract. While OpenAI still officially banned military use, the Pentagon was already testing its models through Azure. In 2026, OpenAI signed a direct deal with the Pentagon for deployment in classified networks.
Your subscription and your data feed an ecosystem whose priorities have little to do with the professional network you were sold.
The angle that's being overlooked
2.7MB of surveillance JavaScript. 6,222 HTTP requests fired in parallel. On every visit. And that, for each of their billion users.
This is a perfect illustration of what unconstrained development produces: code that serves the platform's interests, silently loaded onto your device, consuming your bandwidth, your battery, your resources. Zero benefit to you.
A site that respects its users doesn't do this. And a well-designed site doesn't need to.
Surveillance isn't free. It has an energy cost, a trust cost, and — increasingly — a legal cost. Eco-design also means deciding to only load what's actually necessary for the user.
For my part, I deleted my account after this. BrowserGate isn't an isolated incident — it's yet another example of a big platform treating its users as a resource to exploit. I also find LinkedIn too corporate, too polished, and not very accessible to people who don't fit the standard CV mould.
If anyone is interested in building a healthier, more open, more honest networking platform — I'd love to talk.
Sources: Fairlinked e.V. • The Next Web • TechRadar • SecurityWeek • Malwarebytes • Gizmodo • Tech Insider