{"id":7755,"date":"2026-04-09T01:01:13","date_gmt":"2026-04-09T01:01:13","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=7755"},"modified":"2026-04-09T01:01:13","modified_gmt":"2026-04-09T01:01:13","slug":"questions-raised-about-how-linkedin-uses-the-petabytes-of-data-it-collects","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=7755","title":{"rendered":"Questions raised about how LinkedIn uses the petabytes of data it collects"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

Through LinkedIn\u2019s more than one billion business users, the Microsoft unit has access to a vast array of personally-identifiable information, including data that could identify religious and political positions. What is less clear is what LinkedIn does with all of that data.<\/p>\n

A small European company that sells a browser extension to leverage different aspects of LinkedIn data is running a campaign, which it calls BrowserGate<\/a>, that accuses LinkedIn of \u201cillegally searching your computer\u201d and \u201crunning one of the largest corporate espionage operations in modern history.\u201d\u00a0<\/p>\n

\u201cEvery time any of LinkedIn\u2019s one billion users<\/a> visits linkedin.com, hidden code searches their computer for installed software, collects the results, and transmits them to LinkedIn\u2019s servers and to third-party companies including an American-Israeli cybersecurity firm,\u201d the company claimed.<\/p>\n

\u201cThe user is never asked. Never told. LinkedIn\u2019s privacy policy does not mention it,\u201d the BrowserGate site said. \u201cBecause LinkedIn knows each user\u2019s real name, employer, and job title, it is not searching for anonymous visitors. It is searching identified people at identified companies.\u201d<\/p>\n

LinkedIn denies some of those accusations, and avoids addressing the remainder.\u00a0<\/p>\n

\u201cThis [accusation] is a house of cards built entirely upon a fabrication,\u201d said a LinkedIn statement emailed to CSOonline<\/em>. \u201cWe do<\/em> disclose that we scan for browser extensions in our privacy policy, in order to detect abuse and provide defense for site stability.\u201d\u00a0<\/p>\n

When asked whether it uses that data solely<\/em> to do those things, LinkedIn did not reply.<\/p>\n

Possible misuse<\/h2>\n

The key person behind the allegations calls himself Steven Morrell (not his legal name, which he asked CsoOnline<\/em> to not publish). The company he represents also has different names, including Teamfluence and Fairlinked.\u00a0<\/p>\n

Morrell said that LinkedIn is gathering data that includes sensitive details, including information that he argued could be used to determine religious and political leanings. Gathering such data, Morrell said, could violate European privacy rules.<\/p>\n

But Morrell is not saying that LinkedIn is in fact using the data to determine those preferences, but merely that they could. Much the same could be said for almost all large companies.<\/p>\n

Morell isn\u2019t exactly unbiased, however. He and LinkedIn are also involved in a legal dispute in Germany, in which Morrell said that LinkedIn violated EU rules and that it improperly kicked him, and others, off the service. <\/p>\n

LinkedIn countered that Morell and the other plaintiffs had violated its terms of service with their plugins. Last month, a judge in Munich sided with LinkedIn, dismissing the motion for a preliminary injunction.<\/p>\n

Might cause compliance issues<\/h2>\n

Safayat Moahamad<\/a>, research director at Info-Tech Research Group, said that compliance approaches throughout the European Union and the UK could indeed have some issues with this deep a level of data collection.\u00a0<\/p>\n

\u201cEuropean courts are likely to support platforms that restrict automated data harvesting, when they can plausibly link organization-level policy enforcement actions to consumer protection and regulatory compliance,\u201d Moahamad said.<\/p>\n

Advice for CIOs<\/h2>\n

Cybersecurity consultant Brian Levine<\/a>, executive director of FormerGov, said enterprise CIOs should use these allegations, even if they prove to be untrue, to help them tweak their data strategy and privacy policies for 2026.<\/p>\n

\u201cAssuming the BrowserGate allegations are true, LinkedIn users should consider reducing the amount of identifiable, trackable, or sensitive data their browser exposes, and organizations should treat LinkedIn as a potentially hostile web environment until facts are verified,\u201d Levine said. \u201cEven if BrowserGate is exaggerated, browser fingerprinting is a real, widespread practice across the web. Treat LinkedIn like any other third-party data collector. LinkedIn has historically been treated as safe, [but] that assumption may need to be revisited.\u201d<\/p>\n

Levine said IT executives should \u201cassume that LinkedIn can map your tech stack\u201d and that, if the claims are accurate, LinkedIn could infer \u201cwhich SaaS tools your employees use, which competitors you rely on, which job search tools your staff is using and which political\/religious extensions appear inside your workforce.\u201d<\/p>\n

He added that IT should consider blocking LinkedIn on sensitive networks, or require it to only be accessed through VDI, as well as employing browser isolation techniques. Some companies might even want to use a separate isolated browser solely for LinkedIn, or, he said, \u201cuse a sandboxed browser session, such as Browserling or other cloud-isolated browsers.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

Through LinkedIn\u2019s more than one billion business users, the Microsoft unit has access to a vast array of personally-identifiable information, including data that could identify religious and political positions. What is less clear is what LinkedIn does with all of that data. A small European company that sells a browser extension to leverage different aspects […]<\/p>\n","protected":false},"author":0,"featured_media":7756,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-7755","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/7755"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7755"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/7755\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/7756"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7755"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7755"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7755"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}