Your AI Conversations are Being Harvested: Millions at Risk from Browser Extensions
Millions of users are unknowingly having their sensitive conversations with AI chatbots like ChatGPT,Gemini,and Claude collected and potentially sold by seemingly innocuous browser extensions. Recent investigations have uncovered a widespread data harvesting operation impacting over 8 million individuals, raising serious privacy concerns. This article details the findings,affected extensions,and what you can do to protect your data.
How Your Data is Being Collected
Security researchers at Koi Labs first discovered the issue within the “Urban VPN Proxy” extension. They found that even when you disable core features like VPN networking, ad blocking, or AI protection within these extensions, a hidden script continues to run, silently collecting your AI interactions.
HereS what’s being captured:
* Session metadata: Details about your conversations.
* The specific AI platform and model used: Which chatbot you’re interacting with.
This collection isn’t tied to the extension’s primary functions. Disabling the VPN or ad blocker won’t stop the harvesting. the only way to ensure your conversations remain private is to fully disable or uninstall the extension from your browser settings.
The Origin: Urban VPN and beyond
The initial discovery centered around Urban VPN Proxy, a VPN routing extension advertising “AI protection.” Data collection began in early July with version 5.5.0. Koi Labs afterward identified seven additional extensions employing the same data harvesting tactics.
According to Koi Labs, anyone who used targeted AI platforms while these extensions were installed after July 9, 2025, should assume their conversations have been compromised and shared with third parties. This includes deeply personal data like:
* Medical questions
* Financial details
* Proprietary code
* Personal dilemmas
This data is reportedly being sold for “marketing analytics purposes.”
Affected Extensions and User Numbers
Here’s a breakdown of the affected extensions and their estimated user base as of late 2024:
Chrome Web Store:
* Urban VPN Proxy: 6 million users
* 1ClickVPN Proxy: 600,000 users
* Urban Browser Guard: 40,000 users
* Urban Ad Blocker: 10,000 users
Edge add-ons:
* Urban VPN Proxy: 1,320,000 users
* 1ClickVPN Proxy: 36,459 users
* urban Browser Guard: 12,624 users
* Urban Ad Blocker: 6,476 users
Conflicting Messaging and Hidden Practices
These extensions often present conflicting information regarding bot conversation handling. They advertise features like “AI protection” while simultaneously collecting your sensitive data. Such as, the Urban VPN Proxy listing in the Chrome Web Store highlights “AI protection” but doesn’t disclose the extent of data harvesting.
This lack of transparency is deeply concerning, as your most personal information – relating to your health, finances, and relationships – is being treated as a commodity.
What You Should Do Now
Protecting your privacy requires immediate action. Here’s what you need to do:
- Disable or Uninstall: Immediately disable or uninstall all of the listed extensions from your browser.
- Review Permissions: Regularly review the permissions granted to your browser extensions. Be wary of extensions requesting access to data that isn’t essential for their core functionality.
- Stay Informed: Keep up-to-date on security news and research to identify potential threats.
- Consider Alternatives: Explore privacy-focused VPNs and ad blockers from reputable providers.
This situation underscores the importance of carefully evaluating the extensions you install and understanding their data collection practices. Your privacy is at stake, and proactive measures are essential to safeguard your sensitive information.
Resources:
* Urban VPN Proxy (Chrome Web Store)
* [Koi Labs report](https://koilabs.com/posts/ai-data-harvesting
Related reading