A new investigation has raised serious concerns about how much users can trust popular browser extensions that promise privacy. Researchers found that a widely used browser add on quietly changed its behaviour and began collecting private conversations between users and artificial intelligence chatbots, without clear notice or consent.
Urban VPN Proxy was long promoted as a free tool to “hide your IP” and “protect your online identity.” It built a massive user base of around 6 million installs on Google Chrome and over 1 million on Microsoft Edge, helped by a visible Featured badge that suggested platform approval. Researchers at Koi Security say an update released in July 2025 changed everything. The extension started collecting every prompt and response from AI services such as OpenAI’s ChatGPT, Anthropic’s Claude, Microsoft Copilot, Google Gemini, xAI’s Grok, Meta AI, DeepSeek and Perplexity. Because browser extensions update automatically, most users never realized the shift had happened.
The technical method was extensive. The extension injected custom scripts like chatgpt.js, claude.js and gemini.js into AI chatbot pages. These scripts intercepted browser requests by overriding fetch() and XMLHttpRequest(). This allowed the extension to capture full conversations, timestamps, session details, conversation IDs, and even which AI model was used. The data was then sent to servers such as analytics.urban vpn[.]com and stats.urban vpn[.]com. The same behaviour was found in 3 other extensions from the same publisher, bringing the total affected install base to more than 8 million users.
Urban VPN advertised an “AI protection” feature that claimed to scan prompts for sensitive data. Researchers say this description masked the real activity, as monitoring occurred even when the feature was disabled. According to Idan Dardikman of Koi Security, “These badges are the difference between installing an extension and passing it by.” Data was reportedly shared with an affiliated advertising and brand intelligence firm called BIScience, which uses raw, non-anonymized browsing data for commercial insights. The updated privacy policy dated June 25, 2025 mentions AI prompt collection for safety and marketing analytics, though researchers say full data was captured before any filtering. Separately, FCRF Launches Flagship Compliance Certification (GRCP) as India Faces a New Era of Digital Regulation, highlighting how oversight gaps are becoming more critical as digital rules evolve.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
