BrowserGate: Whistleblowers Reveal LinkedIn Spying

03/04/2026 · Nicolas Mertens

LinkedIn has allegedly been running a hidden script for years to collect data about the other applications you use. This is revealed in a report just published by a German user association. A massive privacy violation, this latest episode is part of a long series of surveillance abuses by major platforms — a story that French-language media, once again, seem to find unworthy of coverage. Yet several million Belgians and French citizens use LinkedIn every day.

The Fairlinked report, available at browsergate.eu^[1], details the method. When a user logs into LinkedIn using a Chromium-based browser (Chrome, Edge, Brave, Opera), a small JavaScript runs in the background. It aggressively attempts to open a long list of extensions to check whether they are installed^[2]^[3].

The list of targeted extensions is far from innocuous: over 6,000 references, including hundreds of tools competing with Apollo, Lusha or ZoomInfo, 510 job-search extensions, as well as religious (Muslim prayer reminders, liturgical calendars), medical (prescribed blue-light filters, tools for neurodivergent users) and political extensions^[4]^[5]^[6]. No consent is requested, no information is given to the user. For years, LinkedIn collected this sensitive data, encrypted it, then sent it to its servers — and to third-party companies^[7].

Europe’s privacy “defenders”? Nowhere to be found

In theory, Europe has the GDPR, the famous regulation supposed to protect citizens against abuses by digital giants. In practice, we are still waiting for it to prevent anything. LinkedIn (Microsoft) is an American company. What are Europe’s privacy defenders doing?

BrowserGate is, however, a textbook case: the collection of sensitive data (religion, health, political opinions) without any consent whatsoever, and the use of that data for competitive espionage. Will this be enough to stir Brussels into action? Or does the Digital Services Act (DSA) really only serve to censor content that displeases our authorities?

A decade of surveillance scandals

BrowserGate is the latest in an ever-growing list. Since 2010, tech giants have accumulated cases of mass surveillance and abuse of dominant position. Here are the most notable.

The PRISM Programme (2007–2013) – the NSA inside GAFAM servers

Everyone remembers that in June 2013, Edward Snowden revealed the close cooperation between the NSA and Google, Apple, Microsoft, Facebook and other giants, enabling user surveillance. Through the PRISM programme, the US government legally accessed your data at Google, Microsoft or Apple — while being forbidden from telling you. Those revelations were published by Glenn Greenwald in The Guardian^[8] — a paper he later left to co-found The Intercept, which he also resigned from, again to denounce the censorship he experienced within major media outlets^[9].

Project “Ghostbusters” (2013–2019) – Facebook spies via Snapchat

Facebook had a problem: it could not decrypt your messages. Its solution? Acquiring Onavo, a startup offering a supposedly protective VPN. Behind the screen, Onavo intercepted and decrypted the encrypted traffic of Snapchat, YouTube and Amazon users. The affair was revealed by declassified court documents in March 2024 in the context of an antitrust complaint against Meta^[10]^[11]^[12].

Pegasus / Forbidden Stories (2019–2021) – the ultimate spyware

You may also have heard of the Pegasus spyware, capable of infecting a smartphone via a single missed WhatsApp call. Software sold and used against thousands of journalists, lawyers, human rights activists and political opponents. The international investigation The Pegasus Project, coordinated by Forbidden Stories^[13]^[14] in 2021, revealed the global scale of this scandal.

Amazon (2020) – when the platform spies on its own sellers

Amazon played a particularly treacherous double game: the platform spied on the sales data of third-party merchants who trusted it, identified the most profitable products, then copied them to sell under its own Amazon Basics label — cannibalising the very sellers who had made its success. A large-scale breach of trust, revealed by the Wall Street Journal on 23 April 2020^[15]^[16].

Each of these affairs revealed the same mechanism: a trusted platform that turns into a spy. BrowserGate is its latest incarnation.

LinkedIn defends itself (poorly) – and the evidence mounts

When questioned, LinkedIn did not deny detecting extensions. The company invokes “security and stability reasons”^[17]^[18]. But why would it need to know whether a user has installed a prayer tool or a pregnancy tracker? Fairlinked published a sworn statement from a senior LinkedIn manager acknowledging the existence of the system^[19]. The association also published a video demonstrating the script in action, along with the full spy code used by LinkedIn, whose presence was timestamped by an independent body^[20].

A first legal proceeding has already been initiated before a Munich court^[21]. In Belgium, has the Data Protection Authority (APD) been informed? Has it opened an investigation? Nobody knows. And, remarkably, our media are not asking.

Omertà in the French-language press

To date, no major French-language media outlet has devoted a single article to BrowserGate. Yet LinkedIn claims more than 6 million users in Belgium^[22]^[23] and more than 35 million in France^[24]^[25]. According to available statistics, around two thirds of them use Chrome or Edge^[26]^[27], the vulnerable browsers. They are therefore potentially being spied on with every visit.

This silence is not trivial. Traditional media and digital platforms appear to be part of the same information-control apparatus.

So what can be done? Of course, try to limit your use of major platforms — though they are sometimes unavoidable. Of course, diversify the browsers you use so that no single one has access to all your information and can build a complete profile.

But the real remedy would be collective awareness. So do not hesitate to spread the word!

Nicolas Mertens, citizen journalist for BAM!

[1] LinkedIn Is Illegally Searching Your Computer

[2] The Attack: How it works | BrowserGate

[3] LinkedIn Has Been Reading Your Browser for Years, and Nobody Noticed

[4] LinkedIn caught spying on users’ browsers: sensitive data harvested

[5] LinkedIn secretly scans for 6,000+ Chrome extensions, collects data

[6] LinkedIn Uses Hidden JavaScript to Scan for Over 6,000 Chrome Extensions on Visitors’ Browsers

[7] Microsoft’s LinkedIn is scanning installed browser extensions without user permission

[8] NSA Prism program taps in to user data of Apple, Google and others | The Guardian

[9] My Resignation From The Intercept - Glenn Greenwald

[10] Facebook snooped on users’ Snapchat traffic in secret project, documents reveal | TechCrunch