LinkedIn Is Illegally Searching Your Computer

My notes

Summary

LinkedIn runs hidden JavaScript on every page load that scans visitors’ browsers for installed extensions and software, then transmits the results to LinkedIn’s servers and third-party companies - without disclosure, consent, or mention in their privacy policy. Because LinkedIn ties this data to real identities (name, employer, job title), it constitutes mass surveillance of identified individuals at identified companies. Fairlinked e.V. is funding legal action against Microsoft over this.

Key Insight

• Scale of scanning: The extension scan list grew from ~461 products in 2024 to over 6,000 by February 2026 - a 13x expansion in one year.
• Sensitive data categories exposed: Scanned extensions reveal religious beliefs (Muslim prayer apps), political orientation, neurodivergent status, and active job-seeking behaviour - all EU special-category data requiring explicit consent.
• Competitive intelligence extraction: LinkedIn specifically scans for 200+ competing sales tools (Apollo, Lusha, ZoomInfo) to map which companies use which competitor products. It then uses this data to send enforcement threats.
• Third-party data sharing: An invisible 0-pixel tracking element from HUMAN Security (formerly PerimeterX, an American-Israeli firm) sets cookies on every page load alongside Google scripts - none disclosed.
• EU regulatory evasion: LinkedIn’s two public APIs handle ~0.07 calls/second. Its internal Voyager API handles 163,000 calls/second. In Microsoft’s 249-page DMA compliance report, “Voyager” is mentioned zero times. The DMA was supposed to protect third-party tools; LinkedIn responded by building surveillance to find and punish their users.
• Legal exposure: Fairlinked argues this is a criminal offence in every EU jurisdiction examined, not just a regulatory infringement.