LinkedIn's Browser Extension Scan: A Privacy Concern?

A recent study, dubbed ‘BrowserGate,’ alleges that LinkedIn is actively collecting data on users’ browser extensions. The research claims LinkedIn injects JavaScript code that identifies installed extensions, then maps these against user identities and their associated organizations. For instance, if your organization uses a specific commercial tool, LinkedIn could potentially link your company to the usage of that tool, leveraging its existing data on employee roles and company affiliations to infer business needs and trends. Beyond extensions, the script reportedly gathers system-level information such as memory, timezone, language, and battery status.

In response to inquiries from BleepingComputer, LinkedIn stated that the data collection is intended for user protection. The company also noted that the researcher behind the BrowserGate study had previously been suspended for data scraping activities. Despite LinkedIn’s defense, the findings raise questions about the extent of data harvesting and its implications for user privacy and corporate intelligence.

The BrowserGate research highlights a potential blind spot in how organizations assess the digital footprint of their employees and the tools they use. While LinkedIn asserts protective intentions, the detailed mapping of extensions and system data could offer significant insights into an organization’s technological stack and operational dependencies, potentially for purposes beyond mere security.