Khaberni - A recent technical security report called “BrowserGate”, revealed controversial tracking practices employed by Microsoft-owned LinkedIn platform.
The report indicated that the platform uses hidden and complex JavaScript codes to perform a comprehensive scan of visitor’s browsers, with the goal of identifying installed extensions and collecting detailed data about device hardware, which experts described as a blatant invasion of professional users’ privacy.
According to findings by cybersecurity researchers, the platform discreetly scans over 6100 extensions for "Google Chrome" and browsers built on the "Chromium" core.
The process goes beyond determining whether a user is using an ad blocker, extending to include password management tools, digital wallet extensions, and professional data analysis tools, giving the company a panoramic view of the technical tools professionals use in their daily business.
Digital Fingerprinting.. Tracking beyond “cookies”
The report clarified that LinkedIn gathers about 48 technical data points from the user’s device, including CPU specifications and core count, battery charge levels and device temperature, in addition to a list of installed fonts and screen resolution in pixels.
This practice is particularly dangerous due to something known as "Browser Fingerprinting," a technique that allows the platform to recognize and track users even if they delete cookies or use a virtual private network (vpn), as the set of technical characteristics of the device remains unique like a fingerprint.
Technical Camouflage Tactics
To ensure this activity goes undetected, the "Browser Gate" report mentioned that the code designed by LinkedIn uses a technique called "gradual scanning". Instead of inspecting all the extensions at once, which could slow down the browser and alert the user, the code sends scanning requests at very short intervals that do not affect the usage experience, making it invisible to traditional monitoring tools.
Reactions and Legal Risks
The report sparked a wave of criticism, particularly as LinkedIn links these deep technical data to the real identity of the user, their employment record, and geographical location.
Legal experts believe that these practices could put Microsoft in direct conflict with strict data protection laws, such as the General Data Protection Regulation in the European Union, which prohibits data collection without explicit disclosure of its purpose.
Until now, there has been no official comment from LinkedIn or Microsoft about the allegations made in the "Browser Gate" report. However, many digital security experts have started recommending the use of browsers that incorporate native protection against "browser fingerprinting" as a precautionary measure.
