Microsoft-Owned LinkedIn Allegedly Fingerprints Visitors and Scans Installed Chrome Extensions ⇥ browsergate.eu
There is an E.U. organization called Fairlinked that is a “trade association and advocacy group for commercial LinkedIn users”, and it recently released a report about serious privacy concerns with LinkedIn:
Microsoft Corporation’s LinkedIn is running a massive, global, and illegal spying operation on every computer that visits their website.
[…]
Because LinkedIn knows each visitor’s name, employer, and job title, every detected extension is matched to an identified individual. And because LinkedIn knows where each user works, these individual scans aggregate into detailed profiles of companies, institutions, and government agencies, revealing which software tools their employees use without the organization’s knowledge or consent.
Fairlinked raises two major points of contention: a script on LinkedIn allegedly fingerprints visitors and, if they use a Chromium-based browser, it also compares a known list of browser extensions against the extensions the visitors has installed.
When this was first documented in 2017 by Dan Andrews, LinkedIn was scanning for 38 extensions. One of which was Daxtra Magnet, which “references your recruitment database, such as Taleo, Bullhorn, Salesforce, Adapt, etc. and automatically checks it for a match to an online candidate profile that you are looking at”. Two weeks prior, Andrews writes, LinkedIn was scanning for 28 extensions. Then, when Mark Percival explored this behaviour in February 2026, LinkedIn was now identifying 2,953 extensions. It is now at over 6,200. Some of them are comparable to Daxtra Magnet in that they make use of LinkedIn data specifically, while others are completely irrelevant to the site, or recruiting or job hunting in general.
This is very obviously a severe privacy violation because it can and probably does tie back to named and identified individuals. The amount and type of information collected by this system is ripe for abuse. This is very bad.
However, this campaign is being waged by an industry group that has its own privacy problems. Fairlinked is promoting a lawsuit filed against LinkedIn by Teamfluence, which makes software that allows users to bypass LinkedIn’s daily connection request limits, build up their contacts database, and run automations based on who visits their company or individual profiles. In one example, Teamfluence says it can automatically retrieve the email and phone number of anyone who clicks “like” on a LinkedIn post; in another example, it allows companies to detect website visits from prospective clients’ offices. This product enables spam or, to put it nicely, unsolicited outreach at scale. And, yes, Teamfluence is distributed as a browser extension.
Fairlinked has no documentation of its member groups and barely any of its leadership. One of its board members is an “S. Morell”, and it just happens that Teamfluence was founded by someone named Steven Morell. Another board member is “J. Liebling” and, unsurprisingly, a Jan-Jakob Liebling is an executive at Teamfluence.
There, too, are a bunch of companies that have made their business on the back of LinkedIn data. This is not comparable to Teamfluence or Daxtra Magnet, but it is worth underscoring an entire industry that thrives on this data. LinkedIn has been on a tear trying to curtail it. Just last year, the company sued two companies — ProxyCurl and ProAPIs — to force them to stop scraping its site. This has been going on for years. A massive 2019 leak of “enrichment” data from People Data Labs at least partly originated from LinkedIn scraping. The same year, a U.S. court found it was legal for hiQ Labs to scrape LinkedIn, a decision that was reaffirmed in 2022 after a brief detour through the U.S. Supreme Court. However, LinkedIn was allowed to reinforce its terms of service and could restrict scraping.
Again, to be clear, mass scraping does not appear to be a practice Teamfluence is engaged in. In the E.U., LinkedIn is considered a gatekeeper under the Digital Markets Act and, so, must meet certain obligations of interoperability. That seems quite reasonable. However, the personal and identifiable data held by LinkedIn is basically a world of organizational charts masquerading as a bleak social network. Allowing for interoperability could also open the doors for greater exploitation of user data without adequate individual control. I wish none of this existed.
I am so glad I do not work in an industry where having a LinkedIn profile is basically an obligation.