An investigation into so-called privacy extensions by security researchers has found that some are secretly harvesting and selling users' complete conversations from major AI platforms. The extensions, which are available in Microsoft Edge and other Chrome-based browsers are able to target and capture conversations from ten AI platforms including ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok (xAI), and Meta AI.
A key offender identified by the investigation was Urban VPN Proxy which has over six million Chrome users and holds a Google "Featured" badge. It had a 4.7 star rating based on 58.5K ratings, giving the impression that it is a trustworthy app, but this research suggests it is not.
Across Chrome and Edge, the security researchers said that over eight million users are affected by extension sharing the same malicious code. The harvesting code was also found in seven other extensions from the same publisher, including 1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker.
The extensions steal your data by injecting an executor script directly into the web page of the targeted AI platform. This script overrides native browser functions which allows it to intercept all network traffic including requests and responses between the user and the AI platform. The script then parses the intercepted API traffic to extract every prompt, every AI response, timestamps, conversation IDs, and session metadata. After this, the data is compressed and transmitted to Urban VPN's servers.
This data harvesting is enabled by default and runs continuously in the background, independent of whether the VPN is on or off or any user-facing settings. The only way to stop it is by uninstalling the extension. The functionality has been present in the VPN since version 5.5.0, which was released on July 9, 2025. All conversations since this date are compromised.
Urban VPN is operated by Urban Cyber Security Inc. which is affiliated with the data broker company BiScience. The harnessed data is reportedly being collected and sold for marketing analytics purposes.
Anyone using these extensions are strongly advised to uninstall them immediately and should assume that their conversations on targeted AI platforms have been compromised. This incident also raises questions about all third-party browser extensions. Unless there is incredibly good reason to use an extension and you are sure it is safe (Google featuring it isn't enough) then they are worth uninstalling too.
13 Comments
Load the comments and join the conversation!
Read the comments, ask the editors questions, show respect and join the conversation.