Browser extensions with over 8 million installs have been secretly recording every AI conversation you have and selling them to data brokers. Security firm Koi discovered that seven of these extensions even carry Google’s and Microsoft’s “Featured” badges-the ones supposed to mean they’re trustworthy.

The extensions-including Urban VPN Proxy (6 million Chrome users), 1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker-promise privacy protection while doing the exact opposite. They inject special “executor” scripts into AI chat platforms like ChatGPT, Claude, and Gemini that intercept every prompt users type and every response they receive.

Here’s the scary part

The extensions override browsers’ standard networking functions to secretly copy all AI interactions before they even display on screen. This data collection runs independently from the VPN or ad-blocking features, meaning it continues even when users toggle those functions off. The only way to stop it is to completely uninstall the extension.

Since early July 2025, these extensions have been capturing medical questions, financial details, proprietary code, and personal dilemmas-essentially anything users shared with AI chatbots-and sending it to their servers for sale.

Urban VPN has always been sketchy

Urban VPN and its parent company Urban Cyber Security have long raised red flags among security researchers. The company is owned by BIScience (B.I Science), an Israeli-founded data broker established in 2009 that openly sells “digital & behavioral data intelligence” to market research firms and advertisers.

Urban VPN operates as a peer-to-peer network, meaning users’ internet traffic routes through other users’ devices-and vice versa. This creates serious privacy and security risks, as malicious actors could potentially use your IP address for harmful activities.

Multiple independent reviews have consistently flagged Urban VPN’s data practices. The service logs IP addresses, browsing history, and geolocation data, then shares this information with contractors and “business partners”. Their privacy policy admits they “may share, sell, or make a commercial use” of collected data.

Security researchers have documented BIScience’s practices since at least 2019, including collecting clickstream data (complete browsing history) from millions of users and providing tracking SDKs to third-party developers.

The fine print they hoped you’d never read

While the extensions’ Chrome Web Store listings claim user data “isn’t sold to third parties,” their 6,000-word privacy policies tell a different story. Buried in legalese, they admit collecting AI prompts and outputs and disclosing them “for marketing analytics purposes” to BIScience, which transforms this “raw data” into “market intelligence” sold to business partners.

The extensions even market an “AI protection” feature claiming to safeguard users from accidentally sharing sensitive information with chatbots. The cruel irony: this feature operates separately from the data harvesting, which continues regardless of whether protection is enabled.

Should you be worried?

Anyone who used these extensions between July 2025 and now while chatting with AI platforms should assume those conversations are now on Urban VPN’s servers and have been sold to third parties. This includes conversations with ChatGPT, Claude, Gemini, Copilot, Perplexity, DeepSeek, Grok, and Meta AI.

The extensions remain available on both Chrome and Edge stores as of December 17, 2025, with most still carrying “Featured” badges-raising serious questions about how Google and Microsoft review and monitor their extension marketplaces.

This incident underscores the dangers of installing free extensions from unfamiliar developers, especially those promising privacy protection while doing the opposite.