Ask Runable forDesign-Driven General AI AgentTry Runable For Free
Runable
Back to Blog
Technology7 min read

LinkedIn scanning users' browser extensions sparks controversy and two lawsuits - Ars Technica

LinkedIn says claims fabricated by extension maker suspended for scraping data. Discover insights about linkedin scanning users' browser extensions sparks contr

TechnologyInnovationBest PracticesGuideTutorial
LinkedIn scanning users' browser extensions sparks controversy and two lawsuits - Ars Technica
Listen to Article
0:00
0:00
0:00

Linked In scanning users' browser extensions sparks controversy and two lawsuits - Ars Technica

Overview

Linked In scanning users’ browser extensions sparks controversy and two lawsuits

Linked In says claims fabricated by extension maker suspended for scraping data.

Details

Linked In is facing two lawsuits over its practice of scanning users’ browsers to determine which extensions they’re running. Two class action complaints were filed by different law firms on behalf of different plaintiffs Monday in US District Court for the Northern District of California.

Each complaint has one named plaintiff and seeks to represent a proposed class including all Linked In users in the US. The complaints seem to rely heavily on the recent “Browser Gate” report by a German entity called Fairlinked, which describes itself as a trade association and advocacy group for commercial Linked In users.

Fairlinked appears to be run by the same people behind Teamfluence, an Estonian software company that sued Linked In in Munich in January. Linked In says Teamfluence distributed a browser extension that scraped Linked In user data in violation of the user agreement, and that its Linked In accounts were suspended.

Linked In, a Microsoft subsidiary, does not deny that it scans browsers to identify extensions. There is a dispute over whether Linked In adequately discloses the scanning and how it uses the information it gathers. Linked In says it looks for extensions that violate its terms by scraping user data without consent.

The other lawsuit alleges that “Linked In crossed the line by using anti-abuse justifications as cover for massive covert browser surveillance on a global scale that far exceeded both necessity and any iteration of consent.” The lawsuit’s named plaintiff is California resident Jeff Ganan.

Group alleged Linked In illegally searches computers

Linked In says the allegations stem from its dispute with Teamfluence, which sells what it calls a Linked In “radar” that automatically collects information about interactions on the Linked In website. Teamfluence offers a Chrome extension.

Fairlinked’s Browser Gate report alleged that “Linked In Is illegally searching your computer” and that “Microsoft is running one of the largest corporate espionage operations in modern history.” Fairlinked says Linked In uses “a hidden Java Script program” to scan browsers for the presence of 6,222 extensions.

This includes scanning “for every major competitor to Microsoft’s own products—Salesforce, Hub Spot, Pipedrive—building company-level intelligence on which businesses use which software,” it says. “Because Linked In knows your name, employer, and role, each scan aggregates into a corporate technology profile assembled without anyone’s knowledge.”

Fairlinked’s argument that Linked In is gathering personal information is based on the fact that the extensions it detects include “an Islamic content filter,” an “anti-Zionist political tagger,” and “a tool designed for neurodivergent users.” Fairlinked claims that looking for these extensions on user devices amounts to “processing data that reveals religious beliefs, political opinions, or health conditions” and that this requires explicit consent under EU law.

Fairlinked’s evidence that Linked In transmits data to third-party firms includes the presence of a hidden iframe from American-Israeli firm Human Security, which offers technology for detecting and blocking bots. Fairlinked also cites Linked In’s use of a device fingerprinting script, but the script is associated with a Linked In URL rather than a third-party website. Fairlinked additionally points to Linked In’s use of Google’s re CAPTCHA, a widely used service designed to detect and protect against bots.

The Ganan lawsuit said that “Linked In did not disclose the role of third parties involved in this data extraction—nor what those parties or their subprocessors or clients could or would do with that data.”

A Linked In spokesperson today pointed Ars to a Hacker News post last week in which the company responded to the Browser Gate allegations. Linked In said:

Linked In’s post on Hacker News said it looks for extensions that “have static resources (images, javascript) available to inject into our webpages… We use this data to determine which extensions violate our terms, to inform and improve our technical defenses, and to understand why a member account might be fetching an inordinate amount of other members’ data, which at scale, impacts site stability. We do not use this data to infer sensitive information about members.”

Linked In lawyer Sarah Wright, a company vice president, wrote yesterday that “Teamfluence was distributing a browser extension that scraped member data from Linked In without our members’ knowledge or consent,” in violation of Linked In’s user agreement. “In retaliation for their accounts being suspended, in January the creator of Teamfluence sought an injunction against Linked In in Germany, demanding that their accounts be restored and claiming that Linked In’s enforcement of its User Agreement violated various EU laws.”

Wright states that “the court thoroughly rejected Teamfluence’s claims, reaffirming Linked In’s ability to act swiftly and decisively against bad actors who access member data inappropriately. The judge not only ruled in our favor, but also found Teamfluence itself is violating data protection laws, and Linked In is entitled to protect our members.”

We contacted Teamfluence today and will update this article if it provides a response.

“Unfortunately, this is a case of an individual who lost in the court of law, but is seeking to re-litigate in the court of public opinion without regard for accuracy,” Linked In said.

Lawyer: Linked In “does not meaningfully deny” allegation

It’s not uncommon for lawyers to file class action lawsuits shortly after explosive claims are made by media outlets or advocacy groups. The Farrell lawsuit against Linked In extensively quotes the Browser Gate report and describes Fairlinked as a “European advocacy group” without mentioning its ties to Teamfluence. We contacted the lawyers who filed the lawsuit and will update this article if we get a response.

The Ganan lawsuit doesn’t mention the Browser Gate report but makes similar allegations. J. R. Howell, the Santa Monica attorney who filed the complaint, told Ars today that the suit’s allegations “were based on the firm’s own review and analysis of Linked In’s client-side code and related technical behavior, as well as the applicable US and California legal framework.”

Howell told Ars that Linked In’s response to the claims does not refute the central allegation regarding lack of consent.

Howell argues that a “reasonable user does not consent to mass browser surveillance and third-party data exploitation through vague references to security, cookies, add-ons, or abuse prevention.”

Both lawsuits allege that Linked In violated the California Constitution’s protection against invasion of privacy and the California Comprehensive Computer Data Access and Fraud Act. The Ganan lawsuit also alleges that Linked In violated the federal Electronic Communications Privacy Act. Both lawsuits seek financial damages and an injunction forcing the company to change its data-collection and disclosure practices.

  1.          Finally, Artemis delivers some exceptional, high-quality photos of the Moon

  2.          Thousands of consumer routers hacked by Russia's military

  3.          What the heck is wrong with our AI overlords?

  4.          With Orion still flying, NASA is nearing key decisions about Artemis III

  5.          Testing suggests Google's AI Overviews tell millions of lies per hour

Ars Technica has been separating the signal from the noise for over 25 years. With our unique combination of technical savvy and wide-ranging interest in the technological arts and sciences, Ars is the trusted source in a sea of information. After all, you don’t need to know everything, only what’s important.

Key Takeaways

  • Linked In scanning users’ browser extensions sparks controversy and two lawsuits

  • Linked In says claims fabricated by extension maker suspended for scraping data

  • Linked In is facing two lawsuits over its practice of scanning users’ browsers to determine which extensions they’re running

  • Each complaint has one named plaintiff and seeks to represent a proposed class including all Linked In users in the US

  • Fairlinked appears to be run by the same people behind Teamfluence, an Estonian software company that sued Linked In in Munich in January

Cut Costs with Runable

Cost savings are based on average monthly price per user for each app.

Which apps do you use?

Apps to replace

ChatGPTChatGPT
$20 / month
LovableLovable
$25 / month
Gamma AIGamma AI
$25 / month
HiggsFieldHiggsField
$49 / month
Leonardo AILeonardo AI
$12 / month
TOTAL$131 / month

Runable price = $9 / month

Saves $122 / month

Runable can save upto $1464 per year compared to the non-enterprise price of your apps.

Start saving with Runable todayContact us for any pricing questions