Browser Privacy Extensions Track Your AI Activity, Log All Chats

The Hidden Threat: Browser Extensions Eavesdropping on AI Conversations

More than 8 million people have unknowingly allowed their chatbot interactions to be monitored by malicious browser extensions. These extensions, which are designed to protect user privacy, have instead been harvesting sensitive data from AI conversations and transmitting it to third parties.

The four problematic extensions identified in the research include Urban VPN Proxy, 1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker. These extensions are available on the Chrome Web Store and Microsoft Edge Add-ons, but they contain hidden code that intercepts and transmits user data from popular AI platforms.

According to Idan Dardikman, co-founder and CTO of Koi Security, these extensions target conversations across ten AI platforms, including ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok, and Meta AI. Each platform has a dedicated "executor" script embedded within the extension, allowing it to capture user interactions.

How the Data Harvesting Works

When a user visits one of the targeted AI platforms, such as chatgpt.com, the Urban VPN Proxy extension injects the "executor" script into the page. This script overrides essential browser APIs like fetch() and XMLHttpRequest, enabling it to monitor all network requests and responses.

Once the script is active, it captures API responses and packages the data for transmission. The information is sent via window.postMessage to the extension's content script, along with a specific identifier. The content script then forwards the data to a background service worker, which exfiltrates the information to endpoints at analytics.urban-vpn.com and stats.urban-vpn.com.

Dardikman explains that there is no user-facing option to disable this data collection. The only way to stop it is to completely uninstall the extension.

Privacy Concerns and Lack of Transparency

Despite Urban VPN's disclosure of AI data collection during the setup prompt and in its privacy policy, the Chrome Web Store listing suggests that data is not sold to third parties outside approved use cases. However, AI conversations are not specifically mentioned in the policy.

Dardikman points out that users who installed Urban VPN before July 2025 would not have seen the consent prompt, which was added via a silent update. Additionally, the software does not indicate that data collection occurs even when the VPN is not active.

Urban VPN received a Featured Badge from the Chrome Web Store team, which implies that Google reviewed the extension and deemed it compliant with their standards. However, Dardikman questions whether the review examined the code that harvests conversations from Google's own AI product, Gemini.

Policy Loopholes and Misuse

The issue highlights a potential loophole in Google's Chrome Web Store Limited Use policy, which allows data to be transferred to third parties for limited scenarios. This includes security or business ownership changes, but not transferring data to data brokers like BiScience.

Security researcher Wladimir Palant suggests that BiScience and its affiliated partners may falsely claim these exceptions to sell user data to third parties. He notes that Chrome Web Store appears to interpret its policies as allowing the transfer of user data if extensions claim Limited Use exceptions through their privacy policy or other disclosures.

Recommendations for Users

Dardikman urges users to uninstall any of the affected extensions immediately. He warns that any AI conversations had since July 2025 may have been captured and shared with third parties.

As the threat of data harvesting continues to evolve, users must remain vigilant and take proactive steps to protect their online privacy.