Privacy in the Age of AI: A Hidden Risk
We often confide in AI chatbots as if they were our closest friends, sharing details we wouldn’t dare to disclose in public. Whether seeking advice or just looking for validation, the ease of conversation with these digital companions can lead us to overlook a crucial concern: are our discussions truly private?
The Growing Threat of Browser Extensions
Opting out of model training or bolstering your account security might not be sufficient in today’s digital landscape. A new threat looms large over millions of unsuspecting users: browser extensions that secretly monitor and capture conversations with chatbots. Among them, Urban VPN Proxy stands out, boasting over 6 million users and a 4.7-star rating. This extension was diplomatically highlighted by Google until a cybersecurity report unveiled its darker side.
The Alarming Discovery
A report from Koi, a cybersecurity research firm, uncovers the unsettling truth about Urban VPN Proxy. Investigators found that the extension, designed for privacy, could access and transmit conversations held with various AI chatbots outside of the browser environment.
A Broad Spectrum of Data Collection
This intrusion isn’t limited to just one AI service. Users of platforms like ChatGPT, Claude, Gemini, and Microsoft Copilot are all at risk. Conversations with these bots often encompass sensitive information, from personal inquiries to financial details. The potential consequences of such data exposure are both serious and unsettling.
How Conversations Are Intercepted
The mechanism of interception doesn’t exploit flaws in chatbots but instead leverages the privileged access extensions have within the browser. Urban VPN Proxy actively monitors tabs, injecting code into the AI platform’s page. This means conversations can be captured in real-time, including user messages, AI replies, and contextual data related to each interaction.
Unbundling the Complexity
What is alarming is that the extension does not require users to activate the VPN for conversation capturing to occur. The malicious code continues to operate regardless. There’s also no straightforward way to disable this feature short of completely removing the extension from your browser.
Unexpected Updates
The troubling nature of this collection was not part of Urban VPN Proxy from the start. An update on July 9, 2025, activated this feature by default, enabling the interception of AI conversations. Users with automatic updates have been subject to this intrusive behavior without explicit consent.
False Promises of Protection
Urban VPN Proxy aims to present itself as a protector, offering alerts when potentially dangerous actions occur on chatbots. However, this security layer fails to stop the ongoing interception of conversations, making dubious claims rooted in marketing rather than genuine user privacy.
Identifying the Scope of the Issue
The investigation extends beyond Urban VPN Proxy, revealing similar data capture logic in several other browser extensions from the same developer. Over 8 million users across Chrome and Edge might find their private conversations at risk, indicating a widespread challenge rather than isolated incidents.
Addressing Data Collection Concerns
For users concerned about their privacy, experts recommend uninstalling any extensions identified in Koi’s report. Given the nature of this data capture, it’s wise to assume that any interaction with AI chatbots since the update could have been recorded, urging users to be more cautious with sensitive information in the future.
Final Thoughts
As AI continues to weave itself into our daily lives, understanding and managing privacy risks becomes increasingly vital. Remaining vigilant and informed is our best strategy in a world where digital conversations may not be as private as we once believed.