Somewhere in your browser, right now, LinkedIn is taking notes.
Not about your connections or your job history. About what tools you have installed.
In early April 2026, researchers discovered that LinkedIn had been quietly running a 2.7MB JavaScript bundle on every page visit. This script, larger than most entire web applications, does one thing: scan your Chrome extensions. All of them. BleepingComputer called it BrowserGate. The name stuck.
The script doesn't just count your extensions. It harvests your CPU core count, your RAM, your screen resolution, your battery status. None of this appears in LinkedIn's privacy policy. None of it required your consent.
You loaded a professional networking page. LinkedIn loaded a surveillance audit.
## What LinkedIn Is Actually Looking For
LinkedIn began extension scanning in 2017. At that point, they were watching for 38 specific tools, mostly known scraping extensions.
By February 2026, that list had grown to 6,167 extensions. A 1,252% increase.
The list is no longer limited to scraper tools. Researchers found it includes neurodivergent focus aids, religious applications, tools that suggest political orientation, job-hunting tools that compete with LinkedIn Recruiter, and competitor sales intelligence platforms.
LinkedIn's official response: "To protect the privacy of our members, their data, and to ensure site stability, we do look for extensions that scrape data without members' consent."
They're protecting member privacy. With an undisclosed surveillance script that collects device fingerprints without consent, running on every page visit.
The irony writes itself.
## What This Means If You Use LinkedIn Automation Tools
If you've ever used a Chrome extension to automate LinkedIn activity, Dux-Soup, Waalaxy, Expandi, LinkedHelper, or any of dozens of others, LinkedIn has likely already fingerprinted you.
Your extension is probably in that list of 6,167. Your device specifications are in their database. The first timestamp when their scanner detected your tool is logged somewhere in their infrastructure.
This doesn't mean your account gets banned today. LinkedIn's enforcement is a separate system from detection. But detection is the prerequisite for everything that follows. The information exists. What they do with it is their decision, made on their timeline, with their criteria. None of which you can see.
The question is no longer whether LinkedIn can detect browser-based automation. The evidence says they can, at scale, silently, since 2017.
The question is: what are you running that's already in their database?
## The Architecture Problem With Browser Extensions
Chrome extensions run inside the browser. That's their power and their exposure.
They can observe everything the browser sees: pages, clicks, DOM elements, network requests. But the browser can observe them back. Every extension registers itself with Chrome's extension API. Every extension has an ID, a manifest, a set of declared permissions. LinkedIn's BrowserGate scanner knows exactly where to look.
Desktop-native applications don't exist inside the browser. They aren't registered in Chrome's extension list. LinkedIn's JavaScript scanner has no mechanism to detect them, because the scanner is looking in the wrong layer of the stack.
This isn't a workaround. It's a structural difference in where software lives.
A Chrome extension operates inside LinkedIn's observable environment. A desktop-native app operates outside it. One registers itself in a place LinkedIn monitors. The other doesn't register there at all.
## How Bridddge Is Built
Bridddge is a native macOS application. It doesn't run in your browser. It doesn't install a Chrome extension. It uses an MCP (Model Context Protocol) server that communicates with Claude Code over local stdio. The automation runs at the desktop application layer, not the browser extension layer.
When LinkedIn's 2.7MB BrowserGate script runs on your next page load, checking against its list of 6,167 extensions, Bridddge isn't there.
Not because it hides. Because it's built in a different place entirely.
Your LinkedIn credentials stay on your Mac. No shared cloud IPs, no injected scripts, no extension fingerprint. The session LinkedIn sees is your real browser session, because that's what it is.
## The Larger Pattern
BrowserGate isn't really a LinkedIn story. It's a story about what happens when a platform becomes the professional graph everyone has to use.
If your career is networked on LinkedIn, you need to be there. That necessity gives LinkedIn permission to run a 2.7MB surveillance script on every page visit without disclosure, and most users will never know it happened. The coverage cycle runs 72 hours. Then it fades. The script keeps running.
The browser-based automation industry was already playing an endless cat-and-mouse game: tools trying to behave more like humans, platforms building systems to detect what behaves automatically. BrowserGate shows LinkedIn doesn't need to analyze your behavior patterns. They can just look at what's installed.
Desktop-native changes the game. Not through better evasion. Through a different architecture.
## What to Do Now
If you use a Chrome extension for LinkedIn activity, the risk profile just shifted. Not because LinkedIn announced enforcement, but because you now know the detection infrastructure is more sophisticated than almost anyone assumed.
The practical questions: Is your tool on that list of 6,167? When was it first flagged? What happens when LinkedIn decides to act on what they've collected?
Those questions don't have public answers.
If you're evaluating LinkedIn tools, the architecture question matters now in a way it didn't before April 2026. Browser extension versus desktop app is no longer a UX preference. It's the difference between existing inside LinkedIn's detection perimeter and outside it.
Bridddge offers a 7-day free trial at bridddge.com. No browser extension required.
That last part isn't a feature. It's the point.