BROWSERGATE is an investigation described by Security Affairs as one of the largest data breach and corporate espionage scandals in digital history, centred on LinkedIn secretly fingerprinting users via browser extensions and device data and transmitting encrypted results to LinkedIn servers and third parties.
The system is said to operate with three coordinated modules in a single JavaScript bundle, including active extension detection via fetch() on chrome-extension:// resources and a passive DOM scan called Spectroscopy, both aimed at identifying installed extensions and extension activity.
LinkedIn is alleged to collect 48 browser characteristics through a fingerprinting system named APFC or DNA, including IP address, devices, CPU, and various fingerprints, and to include the user’s Do Not Track preference in the fingerprint hash. Third parties involved are claimed to include HUMAN Security (formerly PerimeterX), a merchant script from merchantpool1.linkedin[.]com, and Google reCAPTCHA v3 Enterprise, with the fingerprint payload encrypted and sent to endpoints and injected into API requests.
The piece also notes that Safari’s architecture prevents the primary vector from executing, while on iOS the approach is described as inoperative. According to Security Affairs, the article is written by Pierluigi Paganini with an update date of April 27, 2026.