Block LinkedIn's hidden extension scanning, device fingerprinting, and tracker probes.
Open-source. No tracking. No account required.
Every time you visit linkedin.com, hidden JavaScript:
- Probes 6,236 browser extensions by ID to detect what you have installed
- Collects 48+ device data points (CPU cores, memory, screen, battery, timezone)
- Injects a zero-pixel invisible iframe from HUMAN Security (li.protechts.net)
- Sends it all encrypted to LinkedIn servers — no consent, no opt-out
Source: BrowserGate investigation (April 2026)
- Blocks extension probing (intercepts
chrome-extension://URL checks) - Blocks tracker endpoints (
/li/track,/sensorCollect,protechts.net) - Randomizes device fingerprint data (CPU cores, memory, battery)
- Removes hidden tracking iframes
- Shows real-time badge count of blocked probes
- Click "Analyze with AI" to get a plain-English explanation of what was blocked
- Supports Claude (Anthropic), OpenAI, QMax, or any OpenAI-compatible provider
- BYOLLM — bring your own API key, stored locally in browser storage
- Clone this repo
- Open
chrome://extensions/→ Enable Developer Mode - Click "Load unpacked" → Select the
linkedin-shieldfolder - Visit linkedin.com and check the shield badge
Coming soon.
Layer 1: Declarative Net Request Rules (rules.json)
- Blocks tracking endpoints at the network level before JavaScript runs
- Blocks
protechts.netiframe,sensorCollect,/li/track,spectroscopy
Layer 2: Content Script (content.js)
- Intercepts
fetch()andXMLHttpRequestto blockchrome-extension://probes - Overrides
performance.getEntriesByName()to prevent timing-based detection - Randomizes
navigator.hardwareConcurrencyandnavigator.deviceMemory - Blocks
navigator.getBattery()API - MutationObserver removes hidden iframes as they're injected
Layer 3: AI Analysis (optional)
- Background service worker sends blocked stats to your chosen LLM
- Returns a plain-English privacy risk assessment
- No data leaves your machine unless you click "Analyze"
- Zero telemetry. Zero analytics. Zero tracking.
- AI analysis is opt-in and uses YOUR API key — we never see your data.
- All blocking happens locally in your browser.
- Open-source — audit every line.
- Chrome (Manifest V3)
- Edge (Chromium-based)
- Brave (already blocks some endpoints — this adds extension probe protection)
- Firefox: Manifest V2 port planned
PRs welcome. Key areas:
- Add more LinkedIn tracking endpoints as they're discovered
- Firefox Manifest V2 port
- Better fingerprint randomization
- UI improvements
MIT
Built by QualityMax — AI-native test automation for engineering teams.