Every time you load a LinkedIn page in Chrome, a 2.7 MB JavaScript bundle scans your browser for over 6,200 extensions. Every page load. Every session.
Fairlinked e.V. investigated.
BleepingComputer confirmed independently.
48 device characteristics collected. Fingerprint encrypted and attached to every API request.
38 extensions scanned in 2017. Over 6,200 by early 2026.
What's on the list? Competitor sales tools like Apollo, Lusha, ZoomInfo. 509 job search extensions. And categories that could reveal far more than software preferences.
LinkedIn says it's anti-scraping. The technical findings were verified independently by BleepingComputer, and LinkedIn has not denied the scanning.
Extension scanning is not unique to LinkedIn. The scale is. LinkedIn accounts are tied to real names, employers, and job titles.
If you're a CTO with employees on LinkedIn in the EU, this is a GDPR question you didn't know you had.
Have you checked if your extensions are on the list?