Eight browser extensions with more than 8 million combined installs are collecting complete AI conversations from users and selling the data for marketing purposes. According to Ars Technica, security firm Koi discovered the extensions still available in Google and Microsoft stores. Seven carry Featured badges, which signal the companies found them meeting quality standards. The free extensions offer VPN routing and ad blocking but collect far more data than users expect.
How the Data Collection Works
Each extension contains eight executor scripts targeting ChatGPT, Claude, Gemini, Copilot, Perplexity, DeepSeek, Grok, and Meta AI. The scripts inject into webpages when users visit these platforms. They override the browser’s built-in functions for making network requests and receiving responses.
All interactions between the browser and AI bots route through the executor script instead of legitimate browser APIs. The extensions compress the data and send it to endpoints belonging to the extension maker. Koi CTO Idan Dardikman explained the extension inserts itself into the flow and captures a copy of everything before the page displays it.
What Data Gets Captured
The extensions collect every prompt a user sends to the AI and every response received. They also capture conversation identifiers, timestamps, session metadata, and the specific AI platform and model used. The executor script runs independently from core functions like VPN networking or ad blocking. Even when users toggle off these features, conversation collection continues. The only way to stop harvesting is disabling the extension in browser settings or uninstalling it.
Extensions and Privacy Claims
The four Chrome Store extensions are Urban VPN Proxy with 6 million users, 1ClickVPN Proxy with 600,000 users, Urban Browser Guard with 40,000 users, and Urban Ad Blocker with 10,000 users. The Edge Add-ons page hosts four more with 1.32 million combined users. Urban VPN Proxy lists AI protection as a benefit. It claims to check prompts for personal data and scan AI chat responses for suspicious links.
Google’s privacy policy page for the extension says the developer declared that user data is not sold to third parties. The only explicit mention of AI conversation harvesting appears in a 6,000-word privacy policy on the extension website. It states the extension will collect prompts and outputs from AI chat providers and disclose them for marketing analytics purposes. All eight extensions come from Urban Cyber Security, which also operates BiScience, a company that transforms digital signals into market intelligence.
