One of the largest corporate espionage and data breach scandals in digital history': New "BrowserGate" report claims LinkedIn secretly scans user browsers for installed extensions and collects device data

News
By published

LinkedIn calls it a smear campaign

linkedin
(Image credit: Shutterstock / Ink Drop)
  • Report alleges LinkedIn scans browsers for extensions
  • Claims data used against competitors in “BrowserGate”
  • LinkedIn denies misuse, calls accusations a smear campaign

A new report is alleging LinkedIn uses hidden JavaScript to scan its visitors’ browsers for installed extensions, looks for those that compete with its own sales tools, and then twists its users’ arms until they stop using those and pick LinkedIn’s products, instead.

However the social network says this is a smear campaign run by a disgruntled extensions developer who lost a court battle in Germany.

An “association of commercial LinkedIn users” called Fairlinked e.V published a report detailing “BrowserGate” - claiming LinkedIn scans for thousands of browser extensions and ties the results to identifiable user profiles - and by scanning, LinkedIn harvests personal and corporate information.

Article continues below

Scans confirmed, motives not

"LinkedIn scans for over 200 products that directly compete with its own sales tools, including Apollo, Lusha, and ZoomInfo. Because LinkedIn knows each user's employer, it can map which companies use which competitor products. It is extracting the customer lists of thousands of software companies from their users' browsers without anyone's knowledge,' the report states.

"Then it uses what it finds. LinkedIn has already sent enforcement threats to users of third-party tools, using data obtained through this covert scanning to identify its targets."

Apparently, the scanning part is true - BleepingComputer ran an independent test and saw a JavaScript that checked for exactly 6,236 browser extensions. The publication says that many of the extensions scanned are related to LinkedIn, but some have seemingly unrelated features - language and grammar extensions, tools for tax professionals, and others.

“The script also collects a wide range of browser and device data, including CPU core count, available memory, screen resolution, timezone, language settings, battery status, audio information, and storage features,” BleepingComputer reports.

In response to the accusations, LinkedIn says it does scan for extensions, but it does so to prevent users from violating the site’s terms of use. It also claims BrowserGate’s author is running a smear campaign after losing a court battle in Germany.

Protecting user privacy? Or violating it?

LinkedIn

LinkedIn says it's actually protecting user privacy (Image credit: Shutterstock)

"The claims made on the website linked here are plain wrong. The person behind them is subject to an account restriction for scraping and other violations of LinkedIn's Terms of Service,” LinkedIn response says.

“To protect the privacy of our members, their data, and to ensure site stability, we do look for extensions that scrape data without members' consent or otherwise violate LinkedIn's Terms of Service.

Here’s why: some extensions have static resources (images, javascript) available to inject into our webpages. We can detect the presence of these extensions by checking if that static resource URL exists. This detection is visible inside the Chrome developer console. We use this data to determine which extensions violate our terms, to inform and improve our technical defenses, and to understand why a member account might be fetching an inordinate amount of other members' data, which at scale, impacts site stability. We do not use this data to infer sensitive information about members.

For additional context, in retaliation for this website owner's account restriction, they attempted to obtain an injunction in Germany, alleging LinkedIn had violated various laws. The court ruled against them and found their claims against LinkedIn had no merit, and in fact, this individual's own data practices ran afoul of the law.

Unfortunately, this is a case of an individual who lost in the court of law but is seeking to re-litigate in the court of public opinion without regard for accuracy."

Apparently, the BrowserGate’s author built a browser extension called “Teamfluence” which, according to LinkedIn, violated the site’s terms of use, for automated data collection.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.