Consumer Rights Wiki

LinkedIn browser extension scanning: Difference between revisions

Newer edit →
VisualWikitext
new page on linkedin's browser-extension scanning, the browsergate report, microsoft's response, and the two california class actions
 
added screenshots of the bleepingcomputer testing, the munich ruling, the irish dpc fine, and the ganan complaint
Line 14: Line 14:


LinkedIn is a professional-networking service with more than one billion members.<ref name="tnw" /> [[Microsoft]] acquired the company in 2016 for $26.2 billion.<ref name="msft" /> The service has drawn regulatory scrutiny over its data handling before BrowserGate. In October 2024 the Irish Data Protection Commission fined LinkedIn 310 million euros, about $334 million, over processing personal data for targeted advertising without a valid legal basis.<ref name="tnw" />
LinkedIn is a professional-networking service with more than one billion members.<ref name="tnw" /> [[Microsoft]] acquired the company in 2016 for $26.2 billion.<ref name="msft" /> The service has drawn regulatory scrutiny over its data handling before BrowserGate. In October 2024 the Irish Data Protection Commission fined LinkedIn 310 million euros, about $334 million, over processing personal data for targeted advertising without a valid legal basis.<ref name="tnw" />
[[File:LinkedIn BrowserGate Irish DPC fine.png|thumb|center|upright=2.0|The Irish Data Protection Commission's press release on its 310 million euro fine of LinkedIn Ireland, dated October 24, 2024.]]


Browser extensions on Chromium-based browsers are addressed through fixed, enumerable identifiers. A web page can test whether a given extension is installed by attempting to load a file resource that the extension exposes under its known ID, & inferring the result from whether the load succeeds.<ref name="bleeping" />
Browser extensions on Chromium-based browsers are addressed through fixed, enumerable identifiers. A web page can test whether a given extension is installed by attempting to load a file resource that the extension exposes under its known ID, & inferring the result from whether the load succeeds.<ref name="bleeping" />
Line 24: Line 26:


BleepingComputer independently confirmed part of the claims through its own testing, during which it observed a JavaScript file with a randomized filename being loaded by LinkedIn's website.<ref name="bleeping" /> The total count of probed extensions came from the researchers rather than from BleepingComputer's own tally. The BrowserGate report counted 6,222 extensions, a figure repeated by PCMag & in the two lawsuits, while BleepingComputer's own testing found a script checking 6,236.<ref name="pcmag" /><ref name="bleeping" />
BleepingComputer independently confirmed part of the claims through its own testing, during which it observed a JavaScript file with a randomized filename being loaded by LinkedIn's website.<ref name="bleeping" /> The total count of probed extensions came from the researchers rather than from BleepingComputer's own tally. The BrowserGate report counted 6,222 extensions, a figure repeated by PCMag & in the two lawsuits, while BleepingComputer's own testing found a script checking 6,236.<ref name="pcmag" /><ref name="bleeping" />
[[File:LinkedIn BrowserGate BleepingComputer verification.png|thumb|center|upright=2.2|BleepingComputer reported observing LinkedIn's scanning script and counting a check for 6,236 extensions, stating that it confirmed part of the BrowserGate findings through its own testing.]]


== Discovery and disclosure ==
== Discovery and disclosure ==
Line 30: Line 34:


LinkedIn tied the report to a prior legal dispute. The company says the report stems from a dispute with the developer of a LinkedIn-related browser extension called Teamfluence, which LinkedIn restricted for violating its terms.<ref name="bleeping" /> The developer, Teamfluence Signal Systems OÜ, sought a preliminary injunction against LinkedIn Ireland Unlimited Company & LinkedIn Germany GmbH at the Regional Court of Munich in January 2026.<ref name="browsergate" /> In March 2026 the court dismissed the motion, finding that LinkedIn's actions did not constitute unlawful obstruction or discrimination.<ref name="cso" /><ref name="bleeping" />
LinkedIn tied the report to a prior legal dispute. The company says the report stems from a dispute with the developer of a LinkedIn-related browser extension called Teamfluence, which LinkedIn restricted for violating its terms.<ref name="bleeping" /> The developer, Teamfluence Signal Systems OÜ, sought a preliminary injunction against LinkedIn Ireland Unlimited Company & LinkedIn Germany GmbH at the Regional Court of Munich in January 2026.<ref name="browsergate" /> In March 2026 the court dismissed the motion, finding that LinkedIn's actions did not constitute unlawful obstruction or discrimination.<ref name="cso" /><ref name="bleeping" />
[[File:LinkedIn BrowserGate Munich dismissal.png|thumb|center|upright=2.2|Fairlinked's BrowserGate page logs the January 2026 injunction filing against two LinkedIn entities and the Regional Court of Munich's dismissal of the motion on March 11, 2026.]]


== Competitor-tool targeting ==
== Competitor-tool targeting ==
Line 54: Line 60:


Two separate class actions were filed against LinkedIn in the U.S. District Court for the Northern District of California in early April 2026.<ref name="privacydaily" /><ref name="bloomberg" /> One, brought by Nicholas Farrell, is case No. 4:26-cv-02953.<ref name="privacydaily" /> The other, brought by Jeff Ganan, is case No. 5:26-cv-02968; the Ganan complaint was filed on April 6, 2026 by the Law Office of J.R. Howell & accused LinkedIn of running a ''covert browser surveillance system''.<ref name="privacydaily" /><ref name="ppc" />
Two separate class actions were filed against LinkedIn in the U.S. District Court for the Northern District of California in early April 2026.<ref name="privacydaily" /><ref name="bloomberg" /> One, brought by Nicholas Farrell, is case No. 4:26-cv-02953.<ref name="privacydaily" /> The other, brought by Jeff Ganan, is case No. 5:26-cv-02968; the Ganan complaint was filed on April 6, 2026 by the Law Office of J.R. Howell & accused LinkedIn of running a ''covert browser surveillance system''.<ref name="privacydaily" /><ref name="ppc" />
[[File:LinkedIn BrowserGate Ganan complaint.png|thumb|center|upright=2.2|PPC Land's account of the Ganan v. LinkedIn complaint, filed April 6, 2026 as case No. 5:26-cv-02968 by the Law Office of J.R. Howell.]]


The complaints plead causes of action including the California Comprehensive Computer Data Access & Fraud Act, invasion of privacy under the California Constitution, intrusion upon seclusion, the federal Electronic Communications Privacy Act, & California penal-code provisions covering the illegal use of a pen register or trap-and-trace device.<ref name="privacydaily" /> PCMag & Bloomberg Law reported on the same conduct underlying both suits.<ref name="pcmag" /><ref name="bloomberg" />
The complaints plead causes of action including the California Comprehensive Computer Data Access & Fraud Act, invasion of privacy under the California Constitution, intrusion upon seclusion, the federal Electronic Communications Privacy Act, & California penal-code provisions covering the illegal use of a pen register or trap-and-trace device.<ref name="privacydaily" /> PCMag & Bloomberg Law reported on the same conduct underlying both suits.<ref name="pcmag" /><ref name="bloomberg" />
Retrieved from "https://consumerrights.wiki/w/LinkedIn_browser_extension_scanning"