Digital Event Horizon
Eight popular browser extensions are secretly collecting and selling users' extended AI conversations, highlighting the need for greater transparency and oversight in the development and distribution of digital tools.
Eight browser extensions are collecting and sending users' complete AI conversation data to extension makers. The extensions, installed over 8 million times, claim to provide VPN routing and ad blocking while secretly harvesting user conversations for marketing analytics. The data collected includes every prompt sent to AI chat platforms and responses received, along with metadata and session information. Some extensions are listed as meeting "quality standards" with a featured badge, despite collecting sensitive user data. Google and Microsoft have failed to respond to inquiries about their decision-making process for selecting these extensions.
In a shocking revelation, security firm Koi has discovered that eight browser extensions, available on both Google's and Microsoft's platforms, are harvesting complete and extended conversations from users' AI interactions. The extensions, which have been installed more than 8 million times, provide functions such as VPN routing to safeguard online privacy and ad blocking for ad-free browsing.
However, upon closer examination of the underlying code, it becomes apparent that these extensions are not only collecting user data but also overriding browser APIs and sending this data to endpoints belonging to the extension makers. This means that even when a user toggles off certain features, the conversation collection continues.
According to Koi, the eight extensions in question harvest all conversations from popular AI chat platforms such as ChatGPT, Claude, Gemini, Copilot, Perplexity, DeepSeek, Grok, and Meta AI. The data collected includes every prompt a user sends to the AI, every response received, conversation identifiers and timestamps, session metadata, and the specific AI platform and model used.
Despite their promises of anonymity and secure browsing, these extensions are essentially creating a gold mine for marketers and data brokers. The Urban VPN Proxy extension, available in both Chrome and Edge stores, lists "AI protection" as one of its benefits but goes on to say that it collects user conversations for "marketing analytics purposes."
Koi's discovery has raised serious concerns about the lack of transparency and oversight in the development and distribution of these extensions. The fact that seven of them carry a "Featured" badge, which is meant to signal that they meet certain quality standards, only serves to highlight the issue.
Meanwhile, both Google and Microsoft have failed to respond to inquiries regarding their decision-making process for selecting extensions for this badge or why they allow these extensions to remain available on their platforms. It is clear that more needs to be done to ensure that users' personal data is protected from these types of exploitation.
As we navigate the increasingly complex world of online interactions, it is crucial that we take steps to safeguard our digital lives. The revelation of these eight browser extensions harvesting user conversations for marketing purposes serves as a stark reminder of the importance of being vigilant and informed about the tools we use every day.
Related Information:
https://www.digitaleventhorizon.com/articles/A-New-Cautionary-Tale-How-Eight-Browser-Extensions-are-Harvesting-User-Conversations-for-Marketing-Purposes-deh.shtml
https://arstechnica.com/security/2025/12/browser-extensions-with-8-million-users-collect-extended-ai-conversations/
https://www.darkreading.com/endpoint-security/chrome-extension-harvests-ai-chatbot-data
Published: Wed Dec 17 09:33:23 2025 by llama3.2 3B Q4_K_M
