The EU treats big tech platforms like public infrastructure. If your platform is big enough that people and businesses have no real alternative, you play by public rules. And that’s a great way of seeing it. LinkedIn is the world’s largest professional network. Over 1.2 billion people and hundreds of millions of businesses depend on it. Practically every professional on the planet has a LinkedIn profile. For many, it is not optional. These people and businesses deserve representation. Fairlinked – Alliance for Digital Fairness e.V., was formed to be that representation.

Linkedin is searching your computer – Every time you visit linkedin.com, a JavaScript program embedded in the page scans your browser for installed Chrome extensions. The program runs silently, without any visible indicator to the user. It does not ask for consent. It does not disclose what it is doing. It reports the results to LinkedIn’s servers. This is not a one-time check. The scan runs on every page load, for every visitor.

How the Detection Works LinkedIn’s code uses a three-stage fallback chain to detect whether a specific extension is installed in your browser.

• Stage 1: Direct communication. The code attempts to contact the extension directly using Chrome’s externally_connectable messaging API. If the extension developer has explicitly disabled this channel in their manifest.json, this method fails, and LinkedIn moves to stage 2.
• Stage 2: Resource probing. The code attempts to fetch a known file from the extension using its web_accessible_resources. This is the equivalent of checking whether a door is unlocked by trying the handle. If the extension developer has not exposed any web-accessible resources, this also fails, and LinkedIn moves to stage 3.
• Stage 3: DOM mutation detection. The code monitors for changes to the page structure that are characteristic of specific extensions injecting elements into LinkedIn’s interface. This catches extensions that modify what you see on the page.
• When an extension developer explicitly disables externally_connectable, they are setting a security boundary. They are saying: “websites should not be able to communicate with this extension.” LinkedIn’s code treats that boundary as an obstacle to route around. The German Federal Court of Justice (BGH, 5 StR 614/19) has ruled that even quickly circumvented security measures qualify as “besondere Sicherung” (special security measures) under § 202a StGB. Bypassing them constitutes unauthorized data access.

How the Results Are Sent Detection results are transmitted to LinkedIn’s servers using an internal tracking function called fireTrackingPayload with an event type of “AedEvent”. The payload includes which extensions were detected. Because the user is logged in, LinkedIn can match the scan results to a specific person, their employer, their job title, and their location.