Stealthy Code in Popular Networking Site Secretly Checks Your Browser's Installed Tools
It has been discovered that a famous networking platform, recognized globally and housing over a billion users, has been secretly examining the software installed on your computer. This is done every time you access the platform using a Chrome-based browser. It's done without letting you know, and it's not mentioned in the platform's privacy policy statement.
This surprising information was unearthed by a European advocacy organization as part of their “BrowserGate” campaign. The investigators consider this to be one of the most significant corporate espionage and data leak scandals in the digital age.
What Does the Concealed Code Do?
The process is technically intricate and intentionally invisible. Whenever a user visits a page on the platform, a hidden script runs silently. It looks for known browser extension identifiers by trying to access files that extensions might expose to websites. If a file loads, the extension is confirmed to be present. If not, it's not there. The entire scan takes milliseconds, and the user doesn't see anything.
The hidden JavaScript on the platform includes identifiers for more than 6,167 browser extensions. However, the scan is only initiated on Chromium-based browsers like Chrome, Edge, Brave, Opera, and Arc. This is done through a built-in function check. Users of Firefox and Safari browsers are currently not affected.
What makes this covert operation particularly dangerous is context. Because the platform links accounts to real names, employers, and job titles, any detected extension can be immediately associated with an identified individual.
Moreover, because the platform also knows where each user works, these individual scans can be assembled into detailed corporate intelligence profiles. These profiles reveal which software tools entire organizations use, without the organizations' knowledge or consent.
The Sensitive Data Being Gathered
The extent of what the platform can infer from scanned extensions extends far beyond software preferences. The investigators identified several high-risk categories among the tracked extensions. These include:
- 509 job search tools, which could expose users secretly looking for work on the same platform where their current employer can see their profile.
- Extensions that indicate religious beliefs.
- Markers that reveal users' political leanings.
- Tools for managing disabilities and neurodivergent conditions.
- Over 200 direct competitor products, which the platform uses to map which companies use competing sales intelligence platforms.
Under the EU’s General Data Protection Regulation (GDPR), data revealing religious beliefs, political opinions, and health conditions is classified as Special Category Data. This data is not merely regulated, but prohibited from processing without explicit consent. The platform has neither consent, disclosure, nor a legal basis for collecting it.
The surveillance extends beyond the platform's own servers. The investigators identified an invisible tracking element loaded from an American-Israeli cybersecurity firm. This element sets cookies without user knowledge.
A separate fingerprinting script runs from the platform’s own servers, and a third script from a major tech company executes silently on every page load. Everything is encrypted and undisclosed.
How to Guard Yourself
If you are worried about the scanning, there are several immediate options you can consider:
- Switch to Firefox or Safari for accessing the platform, as the detection method relies on Chrome’s extension architecture which Firefox’s design prevents.
- Create a platform-only Chrome profile with no extensions installed, breaking the surveillance chain.
- Use Brave browser with fingerprinting protection enabled, which blocks the detection mechanism.
- Check your installed extensions using BrowserGate’s searchable public database to see if your tools are being tracked.
At the same time, the platform has significantly expanded the scale of its surveillance. The scan list grew from roughly 461 products to over 6,000 — a 1,252% increase — targeting precisely the tools the DMA was designed to protect.
The combined user base of the scanned extensions amounts to 405 million people. This makes BrowserGate one of the largest undisclosed data collection operations in the history of the commercial internet. Regulators across the EU have been notified, and legal proceedings are being organized. For now, every user of a Chromium browser remains a subject of this silent, daily scan.