"Every time a professional opens LinkedIn in a Chrome-based browser today, hidden JavaScript silently probes their device for up to 6,278 installed browser extensions, encrypts the results, and transmits them to LinkedIn's servers - where they are attached to that user's verified name, employer, and career history. The covert system, which LinkedIn has never disclosed in its privacy policy, is now the subject of a federal class action lawsuit and a complaint to the European Commission, after independent security research confirmed the scanning was active as recently as this week."
"The stakes are immediate for any of LinkedIn's more than one billion members who access the platform through Chrome, Edge, Brave, or Opera. Their browser inventories - which can reveal job-search activity, political affiliations, religious practices, health conditions, and the internal software their employers use - are being collected and linked to their real identities without their knowledge or consent, and with no opt-out mechanism available."
"On April 6, 2026, plaintiff Jeff Ganan, a Los Angeles County sales professional, filed Ganan v. LinkedIn Corporation (Case 5:26-cv-02968) in the U.S. District Court for the Northern District of California on behalf of a proposed nationwide class of Chrome users. The complaint, brought by the Law Office of J.R. Howell, alleges violations of the federal Electronic Communications Privacy Act, the California Constitution's privacy protections, and the California Comprehensive Computer Data Access and Fraud Act. It seeks monetary damages and an injunction requiring LinkedIn to change its data-collection practices."
""This system can identify a user's religion, their political views, whether they have a disability, and whether they are secretly looking for work," said J.R. Howell, the Santa Monica attorney leading the case. "LinkedIn knows every user's real name and employer. This is not abstr"
Hidden JavaScript allegedly probes devices for thousands of installed browser extensions when professionals open LinkedIn in Chrome-based browsers. The extension inventory is encrypted and transmitted to LinkedIn servers, where it is attached to verified names, employers, and career history. The scanning is alleged to have been active as recently as this week, despite not being disclosed in privacy materials. A federal class action lawsuit and a complaint to the European Commission claim the collection occurs without knowledge or consent and without an opt-out mechanism. The collected browser data can reveal sensitive attributes such as religion, political views, disability status, health-related information, and job-search activity, along with internal employer software.
#browser-extension-tracking #privacy-and-consent #cybersecurity-research #class-action-lawsuit #data-collection-and-identity-linkage
Read at Tech Times
Unable to calculate read time
Collection
[
|
...
]