LinkedIn's Silent Browser Extension Scanning Triggers Two Privacy Lawsuits

LinkedIn is facing two class action lawsuits after reports emerged that it scans users’ installed browser extensions without clear disclosure. The suits allege LinkedIn collects session-linked data from browsers and shares it with undisclosed third parties - framing what it calls abuse detection as covert surveillance. LinkedIn has defended the practice as a security measure but has not directly denied the core technical allegations.

One suit, filed by attorney J.R. Howell, is based on independent code analysis of LinkedIn’s client-side behavior rather than relying on the advocacy group report that sparked initial controversy. Howell argues LinkedIn’s public response sidesteps the consent question entirely - vague references to security and cookies in a privacy policy don’t constitute meaningful disclosure of extension enumeration and third-party data sharing.

Both lawsuits allege violations of the California Constitution’s privacy protections and the California Computer Data Access and Fraud Act. One additionally cites the federal Electronic Communications Privacy Act. Plaintiffs are seeking damages and an injunction to force disclosure and behavioral changes. The case puts a sharp edge on a broader question: when does client-side telemetry for ‘abuse prevention’ cross into warrantless browser surveillance?