What's Happening?
LinkedIn has been found to secretly scan over 6,000 browser extensions and collect detailed device fingerprints from users visiting its site. This practice, dubbed 'BrowserGate,' involves a hidden JavaScript routine that runs silently in the background,
probing for specific Chrome extensions and gathering 48 hardware and software characteristics of the user's device. The collected data is encrypted and attached to every API request made during the user's session. LinkedIn claims this is a security measure, but critics argue it constitutes covert surveillance. The investigation, confirmed by BleepingComputer, highlights that LinkedIn's scanning includes extensions that compete with its own sales tools and those related to sensitive personal data categories, raising significant privacy concerns.
Why It's Important?
The implications of LinkedIn's scanning practices are significant for user privacy and data protection. By collecting detailed device fingerprints, LinkedIn can potentially track users across sessions and devices, even after cookies are cleared. This raises questions about user consent and the transparency of data collection practices, especially in light of stringent data protection regulations like the EU's GDPR. The practice could also impact LinkedIn's competitors, as the platform gains insights into which companies are using rival products. This situation underscores the growing tension between tech companies' data collection practices and regulatory frameworks designed to protect user privacy.
What's Next?
The ongoing scrutiny of LinkedIn's practices may lead to regulatory action, particularly from European data protection authorities. Given LinkedIn's history of fines for data protection violations, further investigations could result in additional penalties or mandates to change its data collection practices. Users may also become more cautious about their online privacy, potentially seeking alternatives or demanding greater transparency from platforms. The broader tech industry might face increased pressure to align data practices with evolving regulatory standards, emphasizing the need for explicit user consent and disclosure of data collection activities.
