How Your Private ChatGPT and Gemini Chats Are Being Sold for Profit: The Alarming Browser Extension Scandal
In an era where artificial intelligence chatbots like ChatGPT and Gemini have become trusted confidants for millions—handling everything from personal advice to sensitive professional queries—a disturbing privacy breach has come to light. Security researchers at Koi Security revealed on December 16, 2025, that popular browser extensions, masquerading as privacy tools, have been systematically harvesting complete conversations from major AI platforms and funneling them to data brokers for profit.
What Is Spyware? Definition, Types And Protection | Fortinet
The primary offender is Urban VPN Proxy, a Chrome extension with over 6 million users and Google’s prestigious “Featured” badge, alongside seven related extensions totaling more than 8 million installs across Chrome and Edge. Since a silent update in July 2025, these tools have intercepted full prompts and responses from ChatGPT, Gemini, Claude, Microsoft Copilot, Perplexity, Grok, DeepSeek, and Meta AI—regardless of whether their VPN or ad-blocking features are active.
Developed by Urban Cyber Security Inc. and linked to data broker BiScience, the extensions capture timestamps, session IDs, and metadata, packaging this intimate data for “marketing analytics” and commercial sale. Users who installed these for protection unwittingly exposed their most private ChatGPT and Gemini chats to profiteering—highlighting a profound betrayal in the browser extension ecosystem.
This scandal exposes how “private” AI interactions, often laden with health details, financial plans, or emotional confessions, can be commoditized without meaningful consent. As AI becomes central to daily life, this breach serves as a wake-up call: your private ChatGPT and Gemini chats may already be sold for profit.
Urban VPN Proxy – Chrome Web Store
The Mechanics of Deception: How the Harvesting Works
The operation is remarkably sophisticated yet stealthy. Browser extensions enjoy extensive permissions to “read and change all your data on all websites,” enabling deep interference.
When a user visits an AI platform:
- The extension detects the site and injects tailored scripts (e.g., chatgpt.js for ChatGPT, gemini.js for Gemini).
- These scripts override core browser functions like fetch() and XMLHttpRequest, creating a man-in-the-middle intercept.
- Raw network traffic—prompts before submission, responses before display—is captured, parsed, and packaged.
- Data flows via postMessage to the extension’s background worker, compressed, and transmitted to servers like analytics.urban-vpn.com.
CometJacking: How One Click Can Turn Perplexity’s Comet AI Browser Against You – LayerX
Crucially, this runs independently of user settings. Even with VPN disabled or the touted “AI protection” feature off, harvesting persists. The “AI protection”—marketed as scanning prompts for personal data and warning of risks—operates separately, ironically alerting users to dangers while exfiltrating everything.
Auto-updates introduced this in July 2025 without fresh consent prompts for existing users, exploiting trust in seamless maintenance.
Affected extensions include:
- Urban VPN Proxy (6M+ Chrome users)
- 1ClickVPN Proxy
- Urban Browser Guard
- Urban Ad Blocker (and Edge variants)
Urban VPN Proxy – Chrome Web Store
The Data Broker Pipeline: From Private Chats to Profit
Captured data doesn’t vanish—it feeds a commercial ecosystem. Urban Cyber Security shares with affiliate BiScience, known for clickstream and behavioral data sales via AdClarity and Clickstream OS.
Privacy policies (updated June 2025) admit collecting “AI prompts and outputs” for analytics, claiming de-identification. Yet disclosures are buried, Chrome listings contradict (no third-party sales claimed), and metadata enables re-identification.
BiScience’s history includes misleading browsing data collection; this escalates to profoundly sensitive AI dialogues. Sold insights fuel targeted ads, profiling, or partnerships—turning your private ChatGPT therapy session or Gemini financial query into revenue.
What are data brokers — and how you’re opted in by default | Proton
Scale of Exposure: Millions Affected, Irreversible Damage
Over 8 million installs mean potentially billions of conversations captured since July. AI chats uniquely concentrate vulnerability: one thread might reveal medical conditions, relationships, or secrets.
No uninstall retroactively deletes server-held data. Users must assume post-July private ChatGPT and Gemini chats are compromised—rotate mentioned credentials, monitor for misuse.
Oversight Lapses and Industry Reckoning
Google’s “Featured” badge and reviews missed months of activity. Auto-updates evade scrutiny; calls grow for behavioral monitoring and sensitive-data consent.
This echoes past scandals but hits harder as AI confidences amplify risks.
Protecting Yourself: Immediate and Long-Term Steps
- Uninstall Immediately: Remove all Urban extensions; check chrome://extensions or Edge equivalents.
- Audit Installs: Review all extensions—favor minimal permissions.
- Use Alternatives: Incognito, dedicated profiles, or vetted tools like uBlock Origin.
- Enhance Habits: Avoid sensitive AI topics; use end-to-end encrypted options if available.
- Advocate: Report to stores, support stricter regulations.
Enterprises: Enforce extension policies, monitor anomalies.
Conclusion: Reclaiming Privacy in the AI Age
The revelation that private ChatGPT and Gemini chats are being sold for profit via trusted browser extensions exposes a chilling vulnerability. Tools meant to shield users became conduits for exploitation, turning intimate AI interactions into commodities.
This scandal demands accountability—from developers, stores, and regulators—while empowering users to act decisively. Uninstall threats, scrutinize permissions, and remember: in digital privacy, trust is earned, not assumed.
Your private chats deserve protection. Take control today—before more is sold for profit.
