Security Researchers Catch "Privacy" Browser Extensions Siphoning AI Chats and Selling Them via a Data Broker

The discovery by Koi underscores a growing blind spot in the browser extension ecosystem. Eight popular extensions—most notably Urban VPN Proxy and its sibling tools—have silently added code that intercepts prompts and responses from leading large‑language‑model services such as ChatGPT, Claude, Gemini, and Microsoft Copilot. The feature was pushed in a July 2025 auto‑update, meaning users never consented to the extra data collection. Even when the VPN toggle is disabled, the extensions continue to pipe raw conversation strings to Urban’s backend, where they are aggregated with standard browsing telemetry.

From a regulatory perspective, the practice collides with emerging privacy frameworks in the U.S., EU, and Asia that demand explicit user consent before harvesting personal or behavioral data. By bundling AI‑prompt harvesting with a generic “browsing data” clause, the extensions skirt the spirit of the GDPR and the California Consumer Privacy Act, exposing both developers and the affiliated broker BiScience to potential enforcement actions. Moreover, the discrepancy between the Chrome Web Store’s claim of “no data sales” and the privacy policy’s admission of affiliate sharing erodes consumer trust in platform vetting processes.

Enterprises and individual users can mitigate exposure by auditing installed extensions, disabling or removing any that claim VPN or ad‑blocking functions without transparent data practices. Security teams should incorporate extension monitoring into their endpoint protection policies and educate staff about the false sense of security conferred by “Featured” badges from Google or Microsoft. As AI assistants become integral to workflow, the market will likely see stricter oversight of third‑party tools that access conversational data, prompting developers to adopt clearer consent mechanisms and auditors to demand independent privacy certifications.