Every time you visit linkedin.com, hidden JavaScript runs on your computer and searches for your installed browser extensions. Then it phones home to LinkedIn’s servers—and to third-party companies you’ve never heard of—with a full inventory of what it found.
You didn’t consent. LinkedIn never told you. Their privacy policy doesn’t mention it.
This is called BrowserGate, and it’s one of the largest corporate espionage operations in modern history. Here’s the thing: because LinkedIn knows your real name, your employer, and your job title, this isn’t anonymous tracking. This is targeted intelligence collection on identified professionals at identified companies. Millions of companies. Every day.
What LinkedIn Is Actually Scanning For
LinkedIn’s scan list has exploded from 38 extensions in 2017 to 461 in 2024 to over 6,000 by February 2026. But it’s not random. Here’s what they’re actually looking for:
509 job search tools. These extensions alert you to new job openings, help you track applications, or notify you when roles change. LinkedIn scans for them specifically to out secret job hunters to their current employer’s platform. Imagine your manager seeing that you’re actively job hunting—because LinkedIn flagged you.
Muslim prayer apps and Quran readers. Religion-specific extensions that reveal which users are practicing Muslims. Under EU law, collecting religious belief data without explicit consent is prohibited. Full stop. No exceptions.
Political orientation extensions. Browser tools that reveal voting history, political donations, or alignment with particular parties or causes.
Neurodivergent user tools. Extensions built for ADHD, autism, dyslexia support—disability data that’s also prohibited under EU privacy law without consent.
Over 200 competitor sales tools. Apollo, Lusha, ZoomInfo, and others. LinkedIn maps which companies use which competitor products by scanning the professionals who work there, then uses that intel to target enforcement threats at users of third-party tools.
This isn’t incidental data collection. This is surgical intelligence gathering on identified people at identified companies.
The Third-Party Angle
LinkedIn doesn’t keep this data to itself. Hidden iframes load code from HUMAN Security (formerly PerimeterX, an American-Israeli cybersecurity firm). These invisible 0px iframes set tracking cookies silently while scanning your extensions. Google’s scripts run on every page too.
You’re not just sharing this data with LinkedIn. You’re sharing it with a surveillance ecosystem.
The DMA Betrayal
Here’s where it gets darker. In 2023, the EU forced LinkedIn to comply with the Digital Markets Act and open its platform to third-party tools. LinkedIn’s response? They massively expanded the scan list from 461 to 6,000+ extensions—specifically targeting DMA-protected competing tools.
Then they submitted a compliance report to EU regulators claiming they were making only 0.07 API calls per second. Meanwhile, their internal Voyager API was running at 163,000 calls per second.
They lied to regulators while ramping up surveillance. The investigation calls this potentially criminal in every jurisdiction examined.
How to Protect Yourself
You can’t trust LinkedIn’s word on this. Here’s what actually works:
Use a dedicated browser profile. Firefox containers or a separate Chromium profile used only for LinkedIn. Your job search extensions, prayer apps, and political tools never touch it.
Block the trackers. Add these to uBlock Origin’s blocklist:
px-cloud.net(PerimeterX/HUMAN Security)px.ads.linkedin.comsnap.licdn.com
Use Pi-hole if you run your own DNS to block these domains network-wide.
Use Mullvad Browser or LibreWolf for non-authenticated LinkedIn browsing. These are hardened browsers that strip fingerprinting vectors and make mass surveillance harder.
Just… don’t go to LinkedIn unless you have to. Honestly, this is the nuclear option and it works great. Most of us don’t need to be there daily anyway.
The Real Issue
The technical mitigation matters, but the bigger problem is that a billion-user platform run by a trillion-dollar company decided to secretly scan your computer without asking, without telling you, and without legal basis.
And they did it for years before anyone noticed.
Investigation credit goes to Fairlinked e.V., an association of commercial LinkedIn users who documented all of this. Full evidence pack and technical details at browsergate.eu.
Legal proceedings are underway. Until they’re resolved, assume LinkedIn is still doing this. Protect yourself accordingly.
