Image Courtesy: LinkedIn
A new security report has raised concerns about data collection practices on LinkedIn, alleging that the platform uses browser fingerprinting scripts to gather detailed information about users’ devices and installed software. The findings suggest that the system operates across standard page loads and may collect data without explicit user awareness.
The claims originate from a report by Fairlinked e.V., which was independently tested by BleepingComputer. The analysis found that LinkedIn pages include JavaScript code capable of scanning for more than 6,000 Chrome extensions and collecting hardware-related data such as memory, CPU configuration, and screen properties, according to BleepingComputer.
The script reportedly checks for 6,236 specific Chrome extensions by attempting to access known file resources associated with each extension. This technique, commonly used in browser fingerprinting, allows websites to infer which extensions are installed without direct user interaction. Earlier observations suggested smaller scanning ranges, with around 2,000 extensions identified in 2025 and approximately 3,000 earlier this year.
In addition to extension detection, the script is said to collect a range of device telemetry. This includes CPU core count, available memory, screen resolution, time zone settings, language preferences, battery status, and storage capabilities. Such data points are often combined to create unique digital fingerprints that can distinguish individual devices across browsing sessions.
The report claims that many of the targeted extensions are associated with tools that compete with LinkedIn’s own services, including sales intelligence platforms such as Apollo, Lusha, and ZoomInfo. It also notes that the scan includes unrelated categories, such as grammar tools and professional software, though the purpose of this broader scope remains unclear.
Researchers further allege that the collected data could be linked to identifiable user profiles. Because LinkedIn accounts typically include real names, employment history, and other personal identifiers, combining this information with device-level fingerprints could allow for precise user tracking. The report also suggests that some data may be transmitted to HUMAN Security, although this aspect has not been independently confirmed.
LinkedIn has responded by stating that its use of such scripts is intended to detect extensions that scrape user data or violate platform policies. The company maintains that the data is not used to infer sensitive personal information and is part of efforts to protect user privacy and maintain system integrity.
The report also notes that its author has been linked to a browser extension previously restricted by LinkedIn for policy violations. A German court declined a request to block LinkedIn’s enforcement actions, ruling that the company was within its rights to restrict accounts engaged in automated data collection.
The findings contribute to broader scrutiny of browser fingerprinting practices across major online platforms. Similar techniques have previously been identified on websites operated by eBay and financial institutions, highlighting ongoing tensions between security enforcement and user privacy.