#BrowserGate isn't a theory; it’s a 6,000-point fingerprinting scan running in your browser right now.
Microsoft-owned LinkedIn is using a Chromium API flaw to inventory your local plugins. They can infer your health, religion, and tech stack—all without an "opt-in."
Technical breakdown for the #HomeLab and #FOSS crowd on why "Shields" are failing:
https://the.unknown-universe.co.uk/privacy-security/linkedin-browsergate/
#Privacy #Microsoft #LinkedIn #CyberSecurity #BraveBrowser #GDPR #TechNews
Alsof ik niet al genoeg reden had om geen Chrome-gebaseerde browser te gebruiken.
The Attack: How it works | BrowserGate
https://browsergate.eu/how-it-works/
Every time you open LinkedIn in a Chrome-based browser, LinkedIn’s JavaScript executes a silent scan of your installed browser extensions. The scan probes for thousands of specific extensions by ID, collects the results, encrypts them, and transmits them to LinkedIn’s servers. The entire process happens in the background. There is no consent dialog, no notification, no mention of it in LinkedIn’s privacy policy. This page documents exactly how the system works, with line references and code excerpts from LinkedIn’s production JavaScript bundle.
Linkedin is searching your computer Every time you visit linkedin.com, a JavaScript program embedded in the page scans your browser for installed Chrome extensions. The program runs silently, without any visible indicator to the user. It does not ask for consent. It does not disclose what it is doing. It reports the results to LinkedIn’s servers. This is not a one-time check. The scan runs on every page load, for every visitor.
@heiseonline Habt ihr euch die Vorwürfe, die #browsergate gegenüber LinkedIn erhebt, schon näher angeschaut?
Microsoft is running one of the largest corporate espionage operations in modern history. Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm. The user is never asked. Never told. LinkedIn’s privacy policy does not mention it. Because LinkedIn knows each user’s real name, employer, and job title, it is not searching anonymous visitors. It is searching identified people at identified companies. Millions of companies. Every day. All over the world.
LinkedInへアクセスする度にPC内が違法に検索されてしまうと主張する調査プロジェクト「BrowserGate」 - GIGAZINE
https://gigazine.net/news/20260403-linkedin-browsergate/
Ne me cherchez plus sur LinkedIn, je suis parti...
Microsoft is running one of the largest corporate espionage operations in modern history. Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm. The user is never asked. Never told. LinkedIn’s privacy policy does not mention it. Because LinkedIn knows each user’s real name, employer, and job title, it is not searching anonymous visitors. It is searching identified people at identified companies. Millions of companies. Every day. All over the world.
Da haben wir den nächsten Hammer:
☣️ Microsoft spioniert LinkedIn-User aus, indem es bösartigen Code in ihre #Browser einschleust ☣️
𝘓𝘪𝘯𝘬𝘦𝘥𝘐𝘯 𝘷𝘦𝘳𝘭𝘢𝘴𝘴𝘦𝘯, 𝘫𝘦𝘵𝘻𝘵!
Executive Summary | BrowserGate
https://browsergate.eu/executive-summary/
Microsoft Corporation’s LinkedIn is running a massive, global, and illegal spying operation on every computer that visits their website. 1. The Regulation of Linkedin In 2024 Microsoft was designated as a “gatekeeper” under the Digital Markets Act in the EU. The two regulated products are Microsoft Windows and Microsoft LinkedIn. The Digital Markets Act mandates that gatekeepers allow business users and authorized third parties free, effective, high-quality, continuous and real-time access to all data, including personal data, that is generated through the use of (LinkedIn).
LinkedIn has 33,000 employees and a $15 billion legal budget.
But there are one billion LinkedIn users.
And they have this list of five things you can do to help stop #BrowserGate:
LinkedIn has 33,000 employees and a $15 billion legal budget. But we are one billion LinkedIn users. And you have this list. 01 | Check if your tools are on the list Search the database of 6,222 extensions LinkedIn scans for. Search the list → Enter your extension name or ID and see it in LinkedIn’s actual JavaScript code. Takes 10 seconds. 02 | Share this with someone who should know Most people have no idea this is happening. Use our pre-written posts and media assets to share on LinkedIn, X, Mastodon, Bluesky, or Facebook. Each post is tailored to the platform. One click.
Scandalo #Browsergate: secondo il sito https://www.browsergate.eu, ogni volta che un utente accede a #Linkedin questo scansiona i plugin installati sul browser, raccoglie i dati e li trasmette ai server di Linkedin, il tutto senza autorizzazione.
[...] convinzioni religiose, le opinioni politiche, le disabilità e l'attività di ricerca di lavoro di individui identificati. [...] le estensioni che identificano i praticanti musulmani, le estensioni che rivelano l'orientamento politico [...]
Microsoft is running one of the largest corporate espionage operations in modern history. Every time any of LinkedIn’s one billion users visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn’s servers and to third-party companies including an American-Israeli cybersecurity firm. The user is never asked. Never told. LinkedIn’s privacy policy does not mention it. Because LinkedIn knows each user’s real name, employer, and job title, it is not searching anonymous visitors. It is searching identified people at identified companies. Millions of companies. Every day. All over the world.
The BrowserGate folks have provided an evidence pack, proving the scraping of data from your computer.
This includes a sworn affidavit by LinkedIn’s Senior Manager of Software Engineering and Machine Learning, Milinda Lakkam. It’s an admission of guilt. Under oath.
https://browsergate.eu/the-evidence-pack/
🧵 2/2
#BrowserGate #LinkedIn #InfoSec #OpSec #Privacy #Crime #YouAreTheProduct #Microsoft
Everything on this page is independently verifiable. The source code speaks for itself. Its own engineer, under oath, admits it. Exhibit 1 — LinkedIn’s JavaScript bundle File: 5fdhwcppjcvqvxsawd8pg1n51.js Size: ~2.7 MB (13,159 lines of minified JavaScript) Webpack chunk: chunk.905 This is the file LinkedIn serves to every Chrome user who visits linkedin.com. It contains a hardcoded array of 6,222 Chrome extension IDs, each paired with a specific internal file path that LinkedIn engineers mapped for detection.
TheIPW
Diederick de Vries
magicmarcy
Sockenklaus
kyu3(キューさん) 
TacTac
Nils Fuhrmann
Djoerd Hiemstra 🍉
Molly Million
Mark Wyner Won’t Comply 