Understanding the Hidden Risks of AI Chatbot Data Collection
A shocking new investigation reveals that over six million conversations with private AI chatbots have been scraped and sold to data brokers for profit. This comes from research conducted by Tel Aviv-based security firm Koi, exposing a massive data harvesting operation tied to a free Chrome browser extension called Urban VPN Proxy. Despite carrying a “featured” badge on the Chrome Web Store, the extension collects far more than typical VPN data.
The findings highlight a growing privacy concern for AI users worldwide. Anything shared with popular AI platforms such as OpenAI’s ChatGPT, Anthropic’s Claude, Google’s Gemini, DeepSeek, and xAI’s Grok may not be as private as users assume.
How Urban VPN Proxy Collects Sensitive Information
According to Koi researcher Idan Dardikman, the extension contains “executor” scripts that intercept conversations from leading AI platforms. The collected data ranges from medical inquiries and financial details to proprietary code and personal dilemmas. All of this information is sold for marketing analytics purposes.
Alarmingly, the data collection is constant, regardless of whether the VPN is actively in use. There is no option for users to disable this feature. Forbes reports that the only way to stop the data harvesting is by uninstalling the extension entirely.
Urban Cyber Security Inc, the company behind Urban VPN Proxy, openly shares in its privacy policy that it provides web browsing data to its affiliated company, BiScience, which then creates commercially valuable insights. Yet, the extension’s Chrome Web Store page reassures users that data is not sold outside of approved use cases. This contradiction highlights the confusing and often misleading nature of privacy claims in digital services.
Wider Implications for AI Privacy
This incident is not isolated. Forbes notes that the publisher of Urban VPN Proxy has over two million customers across seven other apps, each with similar AI harvesting functionalities. Only one of these apps lacks a “featured” badge from Google, showing how widespread and normalized such data collection practices can be.
Koi advises, “If you have any of these extensions installed, uninstall them now. Assume any AI conversations you’ve had since July 2025 have been captured and shared with third parties.” Even if your apps are from different developers, this serves as a cautionary tale to review privacy policies and permissions closely.
Protecting Your AI Conversations and Digital Privacy
As AI tools become more integrated into daily life, understanding the risks of data harvesting is critical. Users should exercise caution when installing extensions, regularly review privacy policies, and consider secure alternatives. Protecting sensitive conversations with AI is increasingly important as digital privacy threats evolve.
For more guidance on secure AI usage and privacy protection, you can explore tools and resources that prioritize confidentiality and user control.
Source: Futurism