A Tel Aviv-based security firm, Koi, has uncovered a large-scale data harvesting operation connected to the Urban VPN Proxy Chrome extension, which has approximately six million users and holds a “featured” badge on the Chrome Web Store.
Koi researcher Idan Dardikman detailed how the extension includes hidden “executor” scripts that intercept and capture user conversations on major AI platforms, including OpenAI’s ChatGPT, Anthropic’s Claude, Google’s Gemini, DeepSeek, and xAI’s Grok.
The harvested data covers a wide range of user queries, such as medical questions, financial details, proprietary code, and personal dilemmas, and is sold for marketing-analytics purposes, according to Dardikman. Data collection runs continuously, whether the VPN is active or not.
The scripts activate by default upon installation, and no user-facing toggle exists to disable them. Users must uninstall the extension completely to halt the scraping. Urban Cyber Security Inc., the developer behind Urban VPN Proxy, discloses these practices in its privacy policy.
The policy states that the company shares web-browsing data with its affiliated data broker, BiScience, which processes this raw data into insights that it sells commercially to business partners. In contrast, the extension’s Chrome Web Store page asserts that user data is not sold to third parties outside approved use cases.
It also claims the data is not used or transferred for purposes unrelated to the extension’s core functionality. Forbes reporting indicates the same publisher operates at least seven additional extensions with identical AI-harvesting capabilities, serving more than two million users combined, with all but one carrying Google’s “featured” badge.
Dardikman urged immediate action: “If you have any of these extensions installed, uninstall them now. Assume any AI conversations you’ve had since July 2025 have been captured and shared with third parties.” The investigation highlights the need for users to examine privacy policies of extensions from the same publisher and others for similar data collection permissions.
