Users aware of their privacy online often turn to browser extensions like VPNs and ad blockers to protect their online activities. But recent research reveals that one of the most popular VPN extensions, Urban VPN Proxy, has been secretly harvesting and selling users’ AI conversations without their consent, affecting over 8 million users worldwide, with sensitive data being sold to third-party marketers.
The discovery has raised critical concerns about the security of browser extensions and the extent to which they can access and exploit user data. Let’s break down the findings, how this breach occurred, and what you can do to protect yourself.
Hidden Data Harvesting in Plain Sight
Security researchers from Koi AI recently uncovered the disturbing truth about Urban VPN Proxy, a Chrome extension that promises online privacy and security. Despite boasting a large user base and a 4.7-star rating on the Chrome Web Store, it turns out that the extension’s “privacy” features were covering up a sinister data collection scheme.
Using their Wings AI risk engine, the researchers discovered that Urban VPN Proxy was secretly harvesting user conversations from popular AI platforms, including:
- ChatGPT
- Claude
- Gemini
- Microsoft Copilot
- DeepSeek
- Meta AI
This harvesting functionality was introduced in version 5.5.0, released earlier this year in July. Since browser extensions update automatically by default, users who had already installed it were silently upgraded to the new version without being informed.
Since then, any user with the extension installed has had their interactions with these platforms secretly collected and transmitted to Urban VPN’s servers, where it is likely sold for marketing analytics purposes.
The extension operates far beyond just providing a VPN. In fact, the AI conversation harvesting occurs regardless of whether the VPN is active. The extension works by:
Script Injection: The extension injects custom scripts into the AI platforms when users interact with them. This allows it to capture every network request and response between the AI service and the user’s browser.
Overriding Browser Functions: Once injected, these scripts modify browser APIs to intercept all data exchanged between the user and the AI. This includes the user’s inputs, AI responses, and metadata like timestamps and conversation IDs.
Exfiltration: The captured data, which may include personal and sensitive information like medical questions, financial details and even proprietary business discussions, are then sent to controlled servers for further processing.
More Extensions Involved: A Web of Deception
More alarming is that seven other extensions from the same publisher also share this troubling surveillance functionality. Combined, these extensions have over 8 million total users across Chrome and Microsoft Edge.
Among them are:
- Urban VPN Proxy
- 1ClickVPN Proxy
- Urban Browser Guard
- Urban Ad Blocker
These tools, which span a range of categories from VPNs to ad blockers, all share the same backend data collection infrastructure. Users who thought they were simply protecting their privacy with an ad blocker may have unwittingly exposed their sensitive conversations to unauthorized third parties.
The Double-Edged Sword of “AI Protection”
Urban VPN Proxy promotes a feature called “AI Protection”, claiming to shield users from sharing sensitive personal information with AI services. The extension even issues warnings about sharing details like email addresses or phone numbers with AI platforms.
However, the extension’s AI Protection feature operates separately from its data harvesting mechanism. While users are warned about potentially sensitive data in their prompts, every single conversation is still captured and exfiltrated. Essentially, the extension warns users about sharing information while simultaneously harvesting everything they type.
Their privacy policy does provide some disclosures if you know where to look. The policy acknowledges that it collects AI prompts and outputs and shares them for marketing analytics. Yet the Chrome Web Store listing, where users initially decide whether to install the extension, states that user data is not sold to third parties.
This contradiction highlights a key issue where users are misled. The webstore listing failed to mention AI data collection, creating an illusion of privacy protection while quietly collecting and selling private conversations.
Reviewing the “Featured” Extension
Urban VPN Proxy carries a “Featured” badge on the Chrome Web Store, meaning it was reviewed by Google’s team and met their standards. The review either missed or overlooked the extension’s data harvesting capabilities, allowing it to remain on the marketplace despite its privacy violations.
Google’s policies prohibit extensions from selling user data to third-party advertisers, yet Urban VPN Proxy has clearly violated this rule. The presence of the Featured badge gives the extension an implicit endorsement from Google, which may have contributed to users trusting it.
If you’ve installed any of the affected extensions, the most important step is to uninstall them immediately (and review any other unknown extensions you may be using). Whether you’ve used the VPN or not, you should assume that any AI conversations you’ve had since July 2025 have been captured and sold to third parties.
The research serves as a powerful reminder of the risks associated with browser extensions. Despite promises of privacy and security, these tools can secretly compromise user data at a massive scale.
What makes this case particularly troubling is that these extensions were not only widely used but also approved by major platforms like Google. The “Featured” badge was supposed to guarantee a certain level of trust, yet it failed to protect users from a significant privacy violation.
As more people turn to browser extensions for online security, it is crucial that both developers and platforms take extra care to ensure transparency and security.
Leave a Reply