A popular Google Chrome extension, Urban VPN Proxy, which claims to provide secure browsing for over six million users, has been found to secretly collect prompts from users of AI chatbots such as ChatGPT and others. The extension, marketed as a way to hide online identities and access restricted content, includes an update that enables data harvesting by default.
The update, released on July 9, 2025, incorporates a tailored JavaScript executor that triggers every time users interact with specific AI platforms. This script overrides the browser’s native request handling methods to capture input prompts, the AI’s responses, and relevant session data, exfiltrating this information to remote servers.
Despite Urban VPN’s assurances of user privacy, its updated privacy policy states that it collects data for enhanced Safe Browsing and marketing. However, it ambiguously indicates that sensitive information might still be processed, albeit intentions to de-identify the prompts are noted. The application also claims to monitor inputs for potential personal data exposure but fails to mention that data collection occurs regardless of the user’s awareness.
An investigation revealed that the company behind Urban VPN, Urban Cyber Security Inc., shares browsing data with an affiliated entity, BIScience, which uses this information to create insights for commercial purposes. This discovery revealed the alarming reality that data from users was potentially sold to advertisers, contradicting the extension’s privacy promises.
Koi Security, which uncovered this issue, noted identical harvesting functionalities in three other extensions from the same developer, collectively surpassing eight million total installations. These extensions come with a "Featured" badge, which falsely implies compliance with quality standards set by the Chrome Web Store, misleading many users who might feel reassured by the certification.
The case highlights significant risks associated with trusting browser extensions that promise privacy, emphasizing how user data can be exploited in ways that directly conflict with user expectations. As users engage with AI chatbots, often disclosing personal information, the importance of scrutinizing software privacy practices remains paramount.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.