A new investigation by Fairlinked e.V. claims that Microsoft-owned LinkedIn is running a massive, undisclosed corporate surveillance operation.
According to the “BrowserGate” report, hidden code on LinkedIn’s website secretly scans the computers of its one billion users to detect installed software and browser extensions.
This scanning reportedly happens without user consent, disclosure, or any mention in LinkedIn’s privacy policy.
The Hidden Surveillance Operation
Because LinkedIn requires users to provide their real names, job titles, and employers, this scanning is not anonymous.
The platform is allegedly linking installed software directly to identified professionals and companies worldwide.
The BrowserGate investigation highlights that this secret data collection crosses major legal boundaries, especially in the European Union.
The hidden scan collects highly sensitive personal data by identifying specific browser extensions.
According to the report, LinkedIn can detect tools that reveal a user’s political views, religious practices, or neurodivergence.
Furthermore, the code tracks over 500 job search tools, exposing professionals who are quietly looking for new work while connected to their current employers.
Under EU privacy laws, collecting this category of personal data without explicit consent is strictly prohibited.
Corporate Espionage and Competitor Tracking
Beyond personal privacy breaches, Fairlinked e.V. accuses LinkedIn of large-scale corporate espionage.
The platform’s hidden code reportedly scans for more than 200 competing sales tools, such as Apollo, Lusha, and ZoomInfo.
By identifying which users have these extensions installed, LinkedIn can silently map out the customer lists of rival software companies.
The investigation claims LinkedIn has already used this secretly gathered intelligence to send enforcement threats to users of third-party tools.
The report also claims LinkedIn is actively deceiving European regulators. In 2023, the EU named LinkedIn a regulated gatekeeper under the Digital Markets Act (DMA), legally forcing the platform to support third-party tools.
While LinkedIn offered two heavily restricted APIs to satisfy EU regulators, these handle virtually no traffic. Meanwhile, the platform secretly expanded its surveillance operations. Key findings include:
- LinkedIn hid its massive internal “Voyager” API from its EU compliance reports, which processes 163,000 calls per second.
- The number of third-party tools secretly monitored by LinkedIn exploded from roughly 460 in 2024 to over 6,000 by February 2026.
- Rather than opening its platform, LinkedIn built a system to identify and punish users of the exact tools the EU sought to protect.
The secretly gathered data does not just stay at LinkedIn. The investigation found that LinkedIn loads invisible, zero-pixel tracking elements from HUMAN Security, a cybersecurity firm. This code silently places cookies on users’ browsers.
Additional encrypted scripts from Google and LinkedIn’s own fingerprinting tools execute in the background on every page load, all without user knowledge.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
