8 Million Users' AI Conversations Sold for Profit by "Privacy" Extensions | Koi Blog
The Discovery
We asked Wings, our agentic-AI risk engine, to scan for browser extensions with the capability to read and exfiltrate conversations from AI chat platforms. We expected to find a handful of obscure extensions-low install counts, sketchy publishers, the usual suspects.The results came back with something else entirely.
Near the top of the list: Urban VPN Proxy. A Chrome extension with over 6 million users. A 4.7-star rating from 58,000 reviews. A "Featured" badge from Google, meaning it had passed manual review and met what Google describes as "a high standard of user experience and design."
A free VPN promising privacy and security. Exactly the kind of tool someone installs when they want to protect themselves online.
What We Found
Urban VPN Proxy targets conversations across ten AI platforms:
- ChatGPT
- Claude
- Gemini
- Microsoft Copilot
- Perplexity
- DeepSeek
- Grok (xAI)
- Meta AI
For each platform, the extension includes a dedicated "executor" script designed to intercept and capture conversations. The harvesting is enabled by default through hardcoded flags in the extension's configuration
limerod
in reply to limerod • • •