Still Can't Get a Human to Read Your Resume. LinkedIn Knows Everything Else About You Though.

LinkedIn used to be useful. Job listings you could actually apply to, professional connections that occasionally meant something, a search that surfaced real opportunities. That era is mostly gone — buried under inspirational fluff posts, obscure humble-brags from people who can't say what they actually did because it would reveal too much about their company, ghost jobs that exist to make hiring managers look busy, and an algorithm that rewards engagement over relevance.

Resumes hitting ATS black holes. Positions that get quietly pulled after two weeks. Roles that were never real to begin with — listed to satisfy internal optics or gauge the market with no intention of hiring. The social layer has eaten the useful layer alive, and what's left is a platform that looks like a professional network and functions like a content farm that occasionally shows you a job posting.

What hasn't cratered is the surveillance infrastructure running underneath all of it.

BrowserGate landed in my feed this past week — a campaign by Fairlinked e.V., a registered association of commercial LinkedIn users, documenting something that's been technically verifiable for years but has now reached a scale that's hard to look away from.

Every time you visit linkedin.com — whether you're a daily poster or someone who checks in three times a year — hidden JavaScript scans your browser for installed extensions, collects the results, and ships them to LinkedIn's servers and third parties. No disclosure. Not in the privacy policy. Never asked. Never told. LinkedIn calls the system internally "Spectroscopy."

And this is why people don't necessarily want to allow cookies, don't want JavaScript running by default, and get twitchy about browser extensions having access to page content. Not paranoia. Not tin foil. This. Every permission dialog you've ever dismissed without reading is a small version of this conversation, and LinkedIn just showed you what the other side of it looks like at industrial scale. Why we can't have nice things, indeed.

The behavior has been documented since LinkedIn was checking for 38 extensions. Today, per the linkedin-extension-fingerprinting project with a cryptographically timestamped evidence pack from February, that number is 6,222.

Yes, other websites fingerprint your browser. Most of them are trying to serve you better ads. LinkedIn is doing something more specific.

The scan list includes extensions that identify practicing Muslims, extensions that reveal political orientation, tools built for neurodivergent users. Under EU law that category of data isn't just regulated differently — it's prohibited without explicit consent. There is no consent. There is no disclosure.

It includes over 200 products competing directly with LinkedIn's own sales tools — Apollo, Lusha, ZoomInfo, hundreds of others. Because LinkedIn knows your employer, it can map which companies use which competitor products, extracted from your browser without anyone's knowledge.

It includes 509 job search tools — including extensions for Indeed, Glassdoor, and Monster — installed by a combined 1.4 million people. LinkedIn knows who has them installed. LinkedIn knows who their employer is. What LinkedIn does with that combination is entirely up to LinkedIn, entirely undisclosed, and entirely opaque.

What is documented is how LinkedIn uses this data against the tools themselves. The scan tells LinkedIn exactly who has which extensions installed. LinkedIn's Terms of Service are broad enough to cover almost any extension that touches the platform in a way they find inconvenient. The combination means LinkedIn can — and has — used covertly obtained browser data to justify restricting accounts and sending legal threats to users of competing tools. Whether your particular extension earns you that treatment is entirely at their discretion. Each individual action looks like a routine ToS enforcement call. The scanning is what makes it systematic rather than coincidental.

And LinkedIn's own sworn affidavit in the German court proceedings contains a telling contradiction: it states their models "do not take the use of any particular browser extension into account" — and in the same paragraph, that the system "may have taken action against LinkedIn users that happen to have [XXXXXX] installed." Those two sentences cannot both be true.

The EU compliance angle is where it gets particularly brazen. The EU designated LinkedIn a gatekeeper under the Digital Markets Act and ordered it to open up to third-party tools. LinkedIn's response: two restricted APIs handling 0.07 calls per second, presented as compliance. Its internal Voyager API runs at 163,000 calls per second. In Microsoft's 249-page DMA compliance report, "API" appears 533 times. "Voyager" appears zero times. While that report was being filed, the extension scan list grew from 461 products to over 6,000.

The EU told LinkedIn to let third-party tools in. LinkedIn built a surveillance system to identify and punish everyone using them.

There's a real legal case. In January, Teamfluence filed a preliminary injunction against LinkedIn Ireland and LinkedIn Germany at the Regional Court of Munich — represented by the firm that won the first successful DMA-based private enforcement action, before the same judge who previously ruled against Google. Case number: 37 O 104/26. This isn't a blog campaign. There's a docket.

This fits the rest of what Microsoft has been doing — the GitHub training pipeline, the Windows promises that didn't survive the month, the ToS that calls it entertainment. Same company. Same pattern. LinkedIn is just the one where the product visibly stopped working years ago and nobody apparently told the surveillance team.

On browsers: The scan only triggers on Chromium-based browsers — Chrome, Edge, Brave, Opera, Arc. Firefox and Safari users are unaffected, though for very different reasons.

Firefox wins on architecture — it randomizes extension UUIDs per browser instance by design, which breaks the fingerprinting at a technical level. If you're interested in going that route, LibreWolf or Waterfox are worth a look — both Firefox-based, both more privacy-hardened out of the box. If you want Chromium for better overall compatibility but with more serious tracking protection built in, Vivaldi or Brave are the ones worth looking at.

Fair caveat: almost every browser or its upstream has had some debate, scandal, or arguably bone-headed decision at some point. The question is whether they learned from it and course-corrected. None of them are perfect. All of them are better starting points than handing your extension list to LinkedIn every time you check your notifications — or telling Google everything about your online life every time you open a tab.

Safari wins because Apple consolidates tracking through their own infrastructure instead — which, as I covered in the Privacy™ piece, is a different kind of problem dressed up as a feature. You're not untracked on Safari. You're tracked by a different company with a better PR department.

On Chrome, BrowserGate built an extension that checks your installed extensions against the scan list. Runs locally. Doesn't phone home. Worth knowing what LinkedIn knows about you before you decide what to do about it.

On the LinkedIn app bundled into Windows — because of course it is — it keeps reinstalling itself. Nuke it properly, and run PowerShell as Administrator or it won't have the permissions to do anything useful:

powershell

Get-AppxPackage -AllUsers *LinkedIn* | Remove-AppxPackage -AllUsers
Get-AppxProvisionedPackage -Online | Where-Object {$_.DisplayName -like "*LinkedIn*"} | Remove-AppxProvisionedPackage -Online

First line removes it for all current users. Second line removes the provisioned package so it stops reinstalling for new profiles — if it just blinks a cursor and returns nothing, that means the provisioned package either isn't there or was already removed, which is actually fine. The first command doing its job is the important one. Check that LinkedIn is gone from your installed apps and call it done.

Part of the ongoing Big Tech's War on Users series.

Find me on Mastodon at @ppb1701@ppb.social