Welcome to the forefront of conversational AI as we explore the fascinating world of AI chatbots in our dedicated blog series. Discover the latest advancements, applications, and strategies that propel the evolution of chatbot technology. From enhancing customer interactions to streamlining business processes, these articles delve into the innovative ways artificial intelligence is shaping the landscape of automated conversational agents. Whether you’re a business owner, developer, or simply intrigued by the future of interactive technology, join us on this journey to unravel the transformative power and endless possibilities of AI chatbots.
You know those memes about how there’s no such thing as a free VPN? Here’s the ultimate cautionary tale.
A recent investigation by Tel Aviv-based security firm Koi uncovered a massive data harvesting operation tied to a voluntary extension on Google’s Chrome browser. Called Urban VPN Proxy, the free extension has some six million users at the time of writing, and even a “featured” badge on the Chrome Web Store — in other words, an endorsement from Google itself.
As Koi researcher Idan Dardikman writes, the extension goes beyond the actions of a typical VPN. Packed under the hood are “executor” scripts designed to intercept and capture conversations from the leading AI platforms, including OpenAI’s ChatGPT, Anthropic’s Claude, Google’s Gemini, DeepSeek, and xAI’s Grok.
The data collected encompasses anything a user might ask their chosen AI chatbot, per Dardikman, including “medical questions, financial details, proprietary code, personal dilemmas, all of it, sold for ‘marketing analytics purposes.’”
Regardless of whether the VPN is on or off, Urban VPN Proxy is constantly scraping conversation data. The script is enabled by default, meaning that from the moment someone downloads the extension, their chatbot gabbing is fair game.
Worse yet, Forbes notes, “there is no user-facing toggle to disable this. The only way to stop the data collection is to uninstall the extension entirely.”
The company behind Urban VPN Proxy, Urban Cyber Security Inc, isn’t shy about any of this. As Dardikman observes, the company’s privacy policy explicitly states that “we share the Web Browsing Data with our affiliated company,” a data broker called BiScience, “that uses this raw data and creates insights which are commercially used and shared with business partners.”
Despite this, Urban VPN Proxy’s page on the Chrome Web Store declares that “your data is not being sold to third parties, outside of the approved use cases,” and “not being used or transferred for purposes that are unrelated to the item’s core functionality.”
Though the revelation might be startling for the six million users of Urban VPN Proxy, it’s surely not the only app running this scheme. Indeed, Forbes notes there are over two million customers across seven additional apps by the same publisher, each with “identical AI harvesting functionality.” All but one of them carry a “featured” badge courtesy of Google’s Chrome Web Store.
As Koi’s Dardikman writes, “if you have any of these extensions installed, uninstall them now. Assume any AI conversations you’ve had since July 2025 have been captured and shared with third parties.”
Even if your apps weren’t developed by this company, it might be a good time to start combing through their own privacy policies for similar scraping permissions. As Dardikman has shown, when it comes to data harvesting, all bets are off.
More on data privacy: Regular People Are Rising Up Against AI Surveillance Cameras
I’m a tech and transit correspondent for Futurism, where my beat includes transportation, infrastructure, and the role of emerging technologies in governance, surveillance, and labor.
Disclaimer(s)
Articles may contain affiliate links which enable us to share in the revenue of any purchases made. Registration on or use of this site constitutes acceptance of our Terms of Service.
© 2025 Recurrent. All rights reserved.
Do Not Sell or Share My Personal Information.