(Photo by Nikolas Kokovlis/NurPhoto via Getty Images)
Two class-action lawsuits have been filed against LinkedIn over the social network's alleged covert surveillance of users via browser extension scanning. However, LinkedIn says the dispute is overblown and mischaracterizes practices already disclosed in its privacy policy.
"This is a house of cards built entirely upon a fabrication. We do disclose that we scan for browser extensions in our Privacy Policy, in order to detect abuse and provide defense for site stability," LinkedIn tells PCMag.
The class-action lawsuits were filed Monday in a US District Court in California after a German group, Fairlinked e.V., published a report about the Chrome browser extension scanning, which occurs via a JavaScript file on the LinkedIn site.
The report found that LinkedIn will look for 6,222 extensions and claims the company can harness the data to profile users and see whether they’re using competitors’ software. However, LinkedIn says the browser extension scanning is intended to stamp out web scraping. “We do not use this data to infer sensitive information about members,” the company tells PCMag.
The privacy policy also says LinkedIn can "get information about your network and device (e.g., IP address, proxy server, operating system, web browser, and add-ons)," which would include extensions.
LinkedIn frames the extension scanning as a privacy safeguard since it can stop the scraping of LinkedIn member pages without user consent. But despite the justification, the class-action lawsuits demand that the Microsoft-owned site pay damages to affected users and cease browser extension scanning, arguing that LinkedIn went too far.
"No reasonable user would read generalized references to URLs, browser data, add-ons, device features, cookies, automated systems, security, anti-abuse, fraud prevention, or similar matters and understand that LinkedIn would covertly interrogate the user’s browser, enumerate or infer installed extensions," one of the complaints says.
One class-action lawsuit, from California resident Jeff Ganan, argues that the browser scanning violates the Electronic Communications Privacy Act and the California Comprehensive Computer Data Access and Fraud Act, as well as other state laws. The second lawsuit, from another resident named Nicholas Farrell, invokes similar claims but focuses more on how LinkedIn’s alleged conduct violates California laws.
The German group, Fairlinked, says it represents commercial LinkedIn users. One of its board members is listed as “S.Morell,” who appears to be Steven Morell, the founder of Teamfluence, a tool that helps businesses monitor LinkedIn activity.
LinkedIn claims the dispute stems from Teamfluence attempting to web scrape data, prompting the social networking site to crack down. “So we acted to restrict the accounts associated with Teamfluence. In retaliation for their accounts being suspended, in January, the creator of Teamfluence sought an injunction against LinkedIn in Germany,” according to LinkedIn’s VP for Legal, Sarah Wight. “I’m happy to report that the court thoroughly rejected Teamfluence’s claims, reaffirming LinkedIn’s ability to act swiftly and decisively against bad actors who access member data inappropriately."
In a statement to PCMag on Monday, LinkedIn also said, “Unfortunately, this is a case of an individual who lost in the court of law, but is seeking to re-litigate in the court of public opinion without regard for accuracy,” alluding to the browser extension scanning.
However, Fairlinked claims, “the court case Microsoft cites has nothing to do with the surveillance operation. That case concerns an account suspension. BrowserGate was never mentioned in the proceedings. Microsoft implies it prevailed. It did not. A motion for a preliminary injunction was denied. Both plaintiffs have appealed. The litigation is ongoing.”
The group also questions LinkedIn’s justification for the browser extension searches. “Scanning for 6,000 extensions and transmitting the results to third parties without user consent is not server protection. It’s an illegal spying operation,” it says. "The scan list contains thousands of extensions that have nothing to do with scraping. Religious extensions. Political opinion extensions. Job search tools. Neurodivergent aids. Amazon image downloaders. Pharmacy operations tools. Delivery schedulers. Clearly, server protection is not the goal here.”