8 Million Users’ Browser Extensions Harvest AI Chat Data
▼ Summary
– Eight popular browser extensions with over 8 million installs are harvesting users’ complete AI chat conversations and selling the data for marketing.
– These extensions, many with “Featured” badges from Google and Microsoft, promise user privacy while offering services like VPNs and ad blocking.
– The extensions use hidden “executor” scripts that inject themselves into webpages for major AI platforms like ChatGPT and Claude.
– These scripts override core browser functions to intercept all data exchanged between the user and the AI service before it is displayed.
– The extensions capture every detail of conversations, including prompts and responses, compress the data, and send it to the extension maker’s servers.
A significant privacy concern has emerged with the discovery that several popular browser extensions, boasting over eight million combined installations, are secretly harvesting users’ complete AI chat conversations. These tools, which remain available in both the Google Chrome and Microsoft Edge extension stores, are designed to capture and sell detailed interaction data from platforms like ChatGPT and Claude for marketing purposes. This activity directly contradicts the privacy assurances provided by the extension developers.
The security firm Koi identified eight such extensions, seven of which carry the “Featured” badge from Google or Microsoft. This designation is intended to signal that the companies have vetted the software and determined it meets their quality and security standards. The extensions offer common utilities like VPN services for enhanced privacy and ad blockers for cleaner browsing, all while promising users that their data remains anonymous and is not shared beyond the extension’s stated functionality.
However, an analysis of the underlying code reveals a starkly different reality. Each extension contains what researchers term “executor” scripts specifically tailored for major AI platforms including ChatGPT, Claude, Gemini, and five others. Whenever a user visits one of these AI chat websites, the scripts are automatically injected into the page. Their primary function is to hijack the browser’s fundamental networking processes.
These scripts override the browser’s native functions for sending and receiving data, specifically the `fetch()` and `HttpRequest` APIs. Instead of the conversation flowing directly between the user’s browser and the AI service, all interaction is rerouted through the extension’s executor script. This allows the software to capture a perfect copy of every exchange before the page even finishes loading on the user’s screen.
“The extension inserts itself into that data flow and captures a copy of everything,” explained Koi’s Chief Technology Officer, Idan Dardikman. The consequence is a comprehensive data harvest: the extension accesses the complete conversation in its raw form. This includes every user prompt, each AI-generated response, associated timestamps, and all other metadata. This captured data is then compressed and transmitted to servers controlled by the extension maker.
This collected information represents a gold mine for marketers and data brokers. Detailed logs of AI conversations can reveal sensitive personal interests, professional research, creative projects, and private inquiries. The sale of this data creates substantial privacy risks for millions of users who believed they were simply installing a helpful tool for VPN routing or ad blocking, unaware their most detailed AI interactions were being monitored and commodified.
(Source: Ars Technica)
