CONSENSUS WIRE
← Back to Tech & Science

LinkedIn Found Scanning Browsers for Chrome Extensions via Hidden Scripts

Tech & ScienceAI-Generated & Algorithmically Scored·

AI-generated from multiple sources. Verify before acting on this reporting.

Microsoft-owned professional network LinkedIn is deploying hidden JavaScript scripts to scan visitors' web browsers for installed Chrome extensions and collect device data, a practice that has raised privacy concerns among security researchers.

The activity was detected on Wednesday across the global platform. The scripts operate in the background, executing code that identifies specific browser add-ons and gathers technical information about the user's device without explicit user consent or visible notification. This data collection occurs regardless of whether a user is logged into a LinkedIn account, affecting anonymous visitors to the site.

LinkedIn has not publicly commented on the specific purpose of the data collection. The company has not issued a statement explaining why the scripts are necessary or what specific data points are being harvested beyond the identification of extensions and device metrics. The lack of transparency regarding the motivation behind the scanning has left the intent of the operation unclear.

Security experts analyzing the code indicate that the scripts are embedded within the site's standard loading sequence, making them difficult for average users to detect without specialized browser tools. The practice allows LinkedIn to build profiles based on the software ecosystem of its visitors, potentially inferring professional interests or security postures based on the extensions installed.

The discovery comes amid increasing scrutiny of how major technology companies track user behavior across the web. While browser fingerprinting is a common technique used for advertising and security purposes, the specific targeting of Chrome extensions represents a more granular level of surveillance. Critics argue that collecting such detailed information without clear disclosure violates user privacy expectations.

Microsoft, LinkedIn's parent company, has faced previous criticism over data privacy practices. The company has historically maintained that it collects data to improve service functionality and security, though it has not addressed this specific instance of extension scanning. The technology giant has not confirmed whether the data is being stored, shared with third parties, or used for targeted advertising.

The situation remains fluid as users and privacy advocates seek clarification. Questions persist regarding the duration of the data collection, the specific categories of extensions being targeted, and whether the practice will continue. It is also unknown if LinkedIn plans to update its privacy policy to reflect this new data collection method or if the scripts will be removed following the public disclosure.

As of Wednesday evening, the scripts remained active on the site. Users concerned about the data collection have been advised to review their browser extension permissions and consider using privacy-focused browser tools to block unauthorized tracking. The broader implications for user privacy and the potential regulatory response remain to be seen.