LinkedIn has been issued two class-action privacy lawsuits after allegations of scanning users’ browsers to determine what extensions have been installed.
The investigative report, titled BrowserGate, first made these claims public in March as Fairlinked eVan alleged association of commercial LinkedIn usersbusinessesand third-party tool makers affected by the site’s data practices.
This lawsuit comes after LinkedIn promoted its anti-fraud and anti-scraping measuresposing a threat to customer trust in online communities.
In its reporta BrowserGate spokesperson argued that due to LinkedIn’s position in the job market changes the impact of the extension-scanning they describe.
“In many industrieshaving a LinkedIn profile is not optional. It is a prerequisite for being hired,” they explained.
“This means LinkedIn does not just know that someone has a religious browser extension installed. It knows that person’s nameemployerjob titledepartmentlocationand professional network. And it knows the same about every one of their colleagues who also uses LinkedIn.
“That is not a privacy breach. That is an intelligence operation.”
LinkedIn Faces California Class-Action Lawsuits
Having now been hit with two class-action lawsuitsthese filings were brought to the U.S District Court for the Northern District of California on Monday.
The California-based plaintiffsJeff Ganan and Nicholas Farrellhave alleged that LinkedIn installed client-side code to scan browser extensions without consent or knowledge.
In their argumentthe plaintiffs claimed that LinkedIn’s anti-fraud and anti-scraping efforts were a pretext for covertly scanning users’ browsers and transmission of extension and device data.
This data could contain politicalreligioushealthor employment-related indicatorsdepending on the type of extension detected.
The plaintiffs argued that the code operates without proper disclosure or opt-in consent and may violate privacy and security lawsclaiming this was an unauthorized collection of personal and device data.
This claimif held up in courtcould prove to be a breach of the Invasion of Privacy ActConsumer Privacy Actand breach of contract if LinkedIn’s practices are proven to be inconsistent with its terms of service.
Hidden Extension Scanning and Data Collection
Having first conducted research into the social platform in 2017the BrowserGate investigation was published in March 2026, alleging that LinkedIn’s website had been running hidden JavaScript code that scanned visitors’ browsers for installed browser extensions and collected detailed device data without clear user consent or disclosure.
This scan list allegedly includes over 6,000 Chrome extensions relating to sensitive and personal informationas well as having collected device and browser telemetry that can uniquely identify a user’s session.
The association claims that the script attempts to detect whether specific extension identifiers are present in the browser by probing recognized extension URLs or publicly accessible resources.
Because LinkedIn is a platform where profiles are linked to real identities, Fairlinked argues that this allows the site to link extension and device data directly to named userstheir employersrolesand professional networks.
As a resultFairlinked believes that its own collected materials could violate multiple legal frameworksincluding the GDPR for processing sensitiveunconsented dataand the Digital Markets Act (DMA) for allegedly scanning for and undermining third-party tools while presenting compliance to regulators.
LinkedIn Defends Extension Scanning as Security Measure
Speaking with BleepingComputera LinkedIn spokesperson rebutted the claimexplaining that the scanning method is a security measure to target extensions used for scraping and other rule violations.
“To protect the privacy of our memberstheir dataand to ensure site stabilitywe do look for extensions that scrape data without members’ consent or otherwise violate LinkedIn’s Terms of Service,” they said.
“We use this data to determine which extensions violate our termsto inform and improve our technical defensesand to understand why a member account might be fetching an inordinate amount of other members’ datawhich at scaleimpacts site stability.
“We do not use this data to infer sensitive information about members.”
Having previously taken this claim to court in GermanyLinkedIn claims Fairlinked had then operated under the developer of a browser extension called Teamfluenceafter enforcing a restriction on its account on the platform.
“For additional contextin retaliation for this website owner’s account restrictionthey attempted to obtain an injunction in Germanyalleging LinkedIn had violated various laws,” the spokesperson continued.
“The court ruled against them and found their claims against LinkedIn had no meritand in factthis individual’s own data practices ran afoul of the law.”
Trust and Transparency Under Pressure in Social Platforms
This latest social community controversy is the latest in a series of spotlighted tensions between platform security practices and user privacy expectations.
Recent rulings against companies like Meta highlight how misrepresentations about safety and user protection can breach consumer protection laws and damage public trustwith a New Mexico jury finding that Meta had violated consumer protection statutes for misleading users about platform safety.
This underscores that regulatory systems are increasingly willing to hold platforms accountable for how they communicate about safety and privacy.
FurthermoreMeta and Google’s similar lawsuit later that same week emphasizes that legal issues tied to platform safety and transparency pose not only legal risks but also operational and reputational risks for companies building customer engagement on those platforms.
As a resultenterprises that rely on external platforms must factor in how platform trust issues affect broader customer relationships and experiences.
How Hidden Data Practices Impact CX
If proven truethese allegations against LinkedIn could pose several CX implications against not only the platform but other social media communities that pose a risk to customer trust.
With more customers now expecting platforms to be clear about what data they collecthow it is usedand why it mattersinvisible browser extension scanning and extensive device fingerprinting without user consent can erode customer trust.
If users understand that their privacy has been violated and that their digital environment is being immorally monitoredthis undermines the platform’s safetywhich is central to CX.
Despite LinkedIn’s claims toward its true practice of extension detectingusers may interpret hidden scanning as invasive if it lacks clear notice and opt‑in mechanismscreating a gap between stated purpose and user perception that can diminish customer confidence and loyalty over time.
These allegations highlight how unexplained or undisclosed data practices can damage customer trust and confidenceparticularly when users discover behaviors that feel opaque or intrusive.
With other major platforms now facing scrutiny for perceived transparency and safety issuesthis controversy illustrates the tension between platform security practices and evolving expectations around privacy and CX.
