A recent investigation loudly claimed to have uncovered what it called one of the “largest corporate espionage and data breach scandals in digital history.” Indeed, it’d be disturbing if LinkedIn were really spying on its users. But it’s just not true, a security analyst says after conducting his own research.

The claim, “Microsoft is running one of the largest corporate espionage operations in modern history,” sounds truly explosive.

And if you search for “BrowserGate” online, the top result is a browsergate.eu page that reads: “LinkedIn Is Illegally Searching Your Computer.” Scary, isn’t it? No one would like to be watched every time they open LinkedIn.

The central allegation is that LinkedIn illegally scans users’ browsers to see what extensions they have running. Allegedly, these scans can identify over 6,000 extensions and reveal sensitive personal or corporate information, potentially affecting 405 million people worldwide.

Two class action complaints filed

“Every time you visit linkedin.com, a JavaScript program embedded in the page scans your browser for installed Chrome extensions,” reads the report, accusing LinkedIn of deceiving EU regulators.

“The program runs silently, without any visible indicator to the user. It does not ask for consent. It does not disclose what it is doing. It reports the results to LinkedIn’s servers.”

The authorship of the claim is, predictably, the BrowserGate group, describing itself as Fairlinked, a German association of commercial LinkedIn users.

By now, the web is indeed packed with assertions that “LinkedIn is scanning your computer” or even “injecting malicious code to track sensitive data,” like political opinions, religious beliefs, employment status, or company trade secrets.

The claim, “Microsoft is running one of the largest corporate espionage operations in modern history,” sounds truly explosive.

Plus, lawsuits are incoming. Two class action complaints were filed last week by different law firms on behalf of separate plaintiffs in the US District Court for the Northern District of California.

Pesky and murky extensions

However, according to Tyler Reguly, associate director of security R&D at cybersecurity company Fortra, claims that Microsoft is allegedly injecting malicious code to track personal data of LinkedIn users are sensationalist.

In a blog post, Reguly actually agrees that LinkedIn has been using a technique called Resource Probing to attempt to determine which of the 6,000 or more extensions might be installed on a user’s device. But he sees no grand conspiracy.

“LinkedIn was probing for a lot of extensions, but there was no scanning of your computer and no malicious code, just a simple JavaScript technique to determine if the extension was there,” wrote the analyst.

“The kicker… it didn’t even include the most popular extensions – popular ad blockers, password managers, and other extensions that people regularly use were not included.”

Instead, as Reguly – who tested the results of the BrowserGate report himself – saw, the list of extensions includes tools for extracting personal information from web pages, 496 AI-related extensions, and 162 extensions that reference social media.

After installing hundreds of Chrome extensions, the analyst says he saw that a large number of them installed background tasks and added an overwhelming amount of overlays to the webpage.

“One extension refused to have its tab closed and reopened itself every time I closed it. Others changed my home screen, the about: blank page, and added bookmarks. To say that a lot of these are the worst of the worst extensions out there is not an understatement,” said Reguly.

Another extension kept trying to open a YouTube video every time he opened his browser. It was Rick Astley’s “Never Gonna Give You Up.” The browser slowed down to an insufferable level as well.

Fantasy of an aggrieved LinkedIn user?

In other words, Reguly says, this probably is a “giant nothinburger.” He even thinks that administrators and security analysts should be celebrating BrowserGate – they now have a list of data-scraping Extension IDs that they should block at their organization.

“Even with only installing 10% of the extensions, I saw rickrolls, background processes that ran after Chrome was closed, bookmarks modified, page contents relayed to various servers, and several other things that scared me,” he wrote.

“The only thing LinkedIn should do is notify users that they have these impractical extensions installed. That’s about the only thing we can look down on them for in this situation. Everything else is just making a mountain out of a molehill.”

According to LinkedIn, the individual behind the accusations had their account restricted due to scraping activities and other violations of the platform’s Terms of Service.

Separately, Reguly told Security Week: “I certainly wouldn’t want one of my LinkedIn contacts to be running these extensions and visit my page with these scrapers installed. I feel that a user with these extensions installed visiting my LinkedIn page is more of an affront to my privacy than LinkedIn checking to see if I have these extensions.”

LinkedIn naturally rejects claims it’s doing anything illegally. On Hacker News, the platform’s representative posted: “To protect the privacy of our members, their data, and to ensure site stability, we do look for extensions that scrape data without members’ consent or otherwise violate LinkedIn’s Terms of Service.”

According to LinkedIn, the individual behind the accusations had their account restricted due to scraping activities and other violations of the platform’s Terms of Service.

The individual pursued legal action in Germany, seeking an injunction on the grounds that LinkedIn had violated multiple laws. However, the court ultimately rejected these claims, concluding they lacked merit, and found that the individual’s data practices were not compliant with legal standards.

“Unfortunately, this is a case of an individual who lost in the court of law, but is seeking to re-litigate in the court of public opinion without regard for accuracy,” LinkedIn’s comment reads.

---

Unlock more exclusive Cybernews content on YouTube.