What LinkedIn Does When You Visit

Every time you visit LinkedIn in a Chrome-based browser, hidden code quietly scans your computer for over 6,000 browser extensions you may have installed. You are not asked. You are not told. It is not mentioned anywhere in LinkedIn’s privacy policy.

LinkedIn calls this system “Spectroscopy.” It fires off thousands of silent requests in the background, each one probing for a specific extension by checking whether certain files exist on your system. The entire operation takes place without any visible prompt or notification.

What it is looking for goes well beyond security. The extensions LinkedIn scans for include tools that reveal religious practice, political orientation, neurodivergent conditions, and job search activity, including tools that expose whether someone is quietly looking for a new job on the very platform where their current employer can see their profile. Under EU law, this category of data is not regulated. It is prohibited.

LinkedIn also scans for over 200 products that compete directly with its own sales tools. Because LinkedIn knows who you work for, it can use this information to map which companies are using rival products, effectively extracting competitive intelligence from its own users’ browsers without their knowledge.

Beyond the extension scan, LinkedIn assembles a detailed fingerprint of your device: CPU count, screen resolution, memory, battery status, timezone, and dozens of other characteristics. That fingerprint is attached to everything you do during your session. Every search, every profile view, every message. And because it uses reversible encryption rather than a one-way hash, LinkedIn retains the full picture, not just a token.

None of this is disclosed. LinkedIn says it is a security measure. Independent researchers, including BleepingComputer, have confirmed the technical facts are not in dispute.

What you can do

The most effective step is to use Firefox when visiting LinkedIn. Chrome-based browsers, including Edge and Brave in their default configurations, are more exposed to this kind of scanning. Firefox limits LinkedIn’s ability to conduct it, though it does not eliminate it entirely.

Two browser extensions worth installing regardless of which browser you use:

uBlock Origin blocks ads, trackers, and unwanted scripts. It works best on Firefox — Google has restricted its capabilities on Chrome, where only a reduced version is available.

Privacy Badger is made by the Electronic Frontier Foundation, a non-profit digital rights organization. It automatically learns to block hidden trackers as you browse, without requiring any configuration.

The two extensions are designed to complement each other and work well together.

Neither extension gives you complete protection against what LinkedIn is doing. But they are a meaningful step in the right direction, and they benefit you across every website you visit, not just LinkedIn.

For the full technical detail behind what was discovered, the original investigation is documented at BrowserGate.

The bigger picture

This is not a LinkedIn-specific problem. It is an example of what websites are doing inside your browser every day, invisibly, without your knowledge. The tracking pixel that started this industry twenty years ago was literally a single invisible dot. What LinkedIn is running today is 2.7 megabytes of code that quietly searches your computer every time you visit.

The only thing with any real chance of reining this in is regulation. Europe is moving in that direction. Whether it moves fast enough remains to be seen.