Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Google-featured VPN extension harvested and sold ChatGPT and Claude conversations

Researchers found that Urban VPN Proxy, a Google-featured Chrome extension used by millions, ran hidden scripts that continuously collected conversations from major AI platforms and shared the data with affiliated brokers for commercial use.

byKerem Gülen
December 19, 2025
in Cybersecurity
Home News Cybersecurity
Share on FacebookShare on TwitterShare on LinkedInShare on WhatsAppShare on e-mail
Google Preferred Source

A Tel Aviv-based security firm, Koi, investigated Urban VPN Proxy, a Google Chrome extension with six million users and a featured badge from Google. The probe revealed executor scripts harvesting user conversations from AI platforms for sale to data brokers.

Koi researcher Idan Dardikman detailed the extension’s operations beyond standard VPN functions. Urban VPN Proxy, published by Urban Cyber Security Inc., includes executor scripts that intercept and capture conversations from major AI platforms. These platforms consist of OpenAI’s ChatGPT, Anthropic’s Claude, Google’s Gemini, DeepSeek, and xAI’s Grok. The scripts activate upon installation, targeting interactions users have with these services directly within the browser environment.

The harvested data covers a wide range of user inputs to AI chatbots. Dardikman specified that it includes medical questions, financial details, proprietary code, personal dilemmas, and all other queries posed to the AI systems. This information gets sold for marketing-analytics purposes, turning private exchanges into commercial assets processed by affiliated entities.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

Data collection persists regardless of the VPN’s active status. The executor scripts run continuously from the moment of installation. They operate by default without any user intervention required to start them. No user-facing toggle exists to disable the scraping functionality. Users must uninstall the extension completely to halt the data capture process.

Urban Cyber Security Inc. discloses certain practices in its privacy policy. Dardikman pointed out that the policy states explicitly: “we share the Web Browsing Data with our affiliated company,” identified as the data broker BiScience, “that uses this raw data and creates insights which are commercially used and shared with business partners.” This sharing transforms raw browsing and conversation data into marketable insights distributed to external partners.

In contrast, the Urban VPN Proxy listing on the Chrome Web Store presents different assurances. The page declares that “your data is not being sold to third parties, outside of the approved use cases,” and adds that data is “not being used or transferred for purposes that are unrelated to the item’s core functionality.” These statements appear alongside the featured badge, signaling Google’s review and promotion.

The same publisher operates seven additional Chrome extensions with identical AI-harvesting functionality. These apps collectively serve over two million customers. All but one carry a featured badge on the Chrome Web Store. Each extension embeds the same executor scripts, enabling interception of AI conversations across the listed platforms.

Dardikman issued a direct warning to users. He wrote, “if you have any of these extensions installed, uninstall them now. Assume any AI conversations you’ve had since July 2025 have been captured and shared with third parties.” This recommendation targets users of Urban VPN Proxy and the affiliated extensions to prevent further data exposure.

Users of extensions from this publisher face documented permissions for data sharing. Broader scrutiny applies to privacy policies of other apps. Dardikman’s findings highlight permissions that allow web-browsing data, including AI interactions, to flow to brokers like BiScience for commercial processing and partner distribution.


Featured image credit

Tags: AIFeaturedSecurityUrban VPN Proxy

Related Posts

Opera adds protection against copy-paste ClickFix attacks

Opera adds protection against copy-paste ClickFix attacks

July 3, 2026
Cloudflare will block AI crawlers unless sites opt in

Cloudflare will block AI crawlers unless sites opt in

July 3, 2026
WhatsApp usernames spark impersonation and fraud concerns

WhatsApp usernames spark impersonation and fraud concerns

July 2, 2026
Massive data leak exposes Apple supplier Tata Electronics on dark web

Massive data leak exposes Apple supplier Tata Electronics on dark web

June 30, 2026
OpenAI expands cybersecurity efforts with Patch the Planet

OpenAI expands cybersecurity efforts with Patch the Planet

June 24, 2026
Google files lawsuit over AI-assisted phishing operation abusing Gemini

Google files lawsuit over AI-assisted phishing operation abusing Gemini

June 15, 2026

LATEST NEWS

OpenAI launches GPT-Live voice models for ChatGPT

DuckDuckGo browser now blocks most YouTube video ads

Samsung Galaxy Z Flip 8 and Z Fold 8 renders leak

Amazon is reportedly building a more agentic Alexa

Google launches AI-powered Video Remix tool in Google Photos

X to DM users when their posts receive a Community Note

BEST AI MODELS LEADERBOARD

See the best AI models, ranked by intelligence, benchmark results, speed and token price. Find the most suitable LLMs, Text-to-Image, Image Editing, Text-to-Speech, Text-to-Video and Image-to-Video  artificial intelligence model for your tasks and business.

LATEST TOOLS

Leadfwd

AI RoastBot

Bit.ai

Pikzels

Aflow

Chai AI

OpenRead

TTS Monster

Learvo

BraintrustData

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI tools
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies to improve your experience. You can choose to accept or reject them. Visit our Privacy Policy.