Chrome Extensions Are Selling Your AI Conversations: How to Safely Manage ChatGPT History

takumi — Wed, 17 Dec 2025 04:50:11 +0000

TL;DR

6M+ users affected: VPN Chrome extensions collected ChatGPT/Claude conversations and sold them to third parties
Structural risk: Extensions can inject malicious code via auto-updates AFTER installation
Safe design: Client-side processing, JSON export, IndexedDB storage
Verify yourself: Check Network tab in DevTools for external requests

What Happened

In December 2025, security firm Koi revealed that 8 browser extensions were harvesting AI conversations and selling them.

Affected AI Services

Service	Affected
ChatGPT	✅
Claude	✅
Gemini	✅
Copilot	✅
Perplexity	✅
DeepSeek	✅
Grok	✅
Meta AI	✅

What Was Collected

- Every prompt you sent
- Every AI response
- Conversation IDs and timestamps
- Session metadata
- AI platform and model information

Medical questions, financial details, proprietary code, personal struggles—all sold for "marketing analytics."

Why Browser Extensions Are Dangerous

1. DOM Access = Full Conversation Access

Extensions can freely access page DOM. Since conversations are displayed on screen, interception is trivial:

// Conceptual malicious code (not actual)
const observer = new MutationObserver((mutations) => {
  mutations.forEach((mutation) => {
    const messages = document.querySelectorAll('[data-message-id]');
    messages.forEach(msg => {
      sendToExternalServer(msg.textContent);
    });
  });
});

observer.observe(document.body, { childList: true, subtree: true });

2. The Auto-Update Trap

The critical issue: extensions were clean at installation.

User installs VPN extension (safe at this point)
Months later, auto-update adds collection code
User is unaware
All conversations since July 2025 are compromised

Google's "Featured" badge doesn't guarantee future safety.

3. Excessive Permissions

Common extension permissions:

- Read and change all your data on all websites
- Read your browsing history
- Access storage

Does a VPN really need "read all your data on all websites"?

Safe Design Principles

Principle 1: Client-Side Only

❌ Dangerous Pattern
Browser → Extension → External Server → Database

✅ Safe Pattern
Browser → Local File → Local Processing → IndexedDB

No external communication = no data leak.

Principle 2: User-Initiated Data Transfer

❌ Dangerous: Always-on monitoring
Extension intercepts conversations in real-time

✅ Safe: Export-based
User explicitly downloads JSON → manually uploads to local tool

Both ChatGPT and Claude offer official export features. Use them.

Principle 3: Transparent Processing

// Verifiable code with no external calls
const reader = new FileReader();
reader.onload = (e) => {
  const data = JSON.parse(e.target.result);
  processLocally(data); // No fetch, no XMLHttpRequest
};
reader.readAsText(file);

// Save to IndexedDB
await db.conversations.bulkPut(processedData);

Implementation: Building a Safe History Viewer

I built iLoveAI based on these principles.

Data Flow

[ChatGPT/Claude]
      │
      ▼ Official Export (JSON)
[User's Local PC]
      │
      ▼ Drag & Drop
[iLoveAI (Browser)]
      │
      ▼ FileReader API
[Parse in Memory]
      │
      ▼ Dexie.js
[IndexedDB (Browser Storage)]

Zero server involvement.

Tech Stack

// IndexedDB Schema
class ILoveAIDatabase extends Dexie {
  conversationMeta!: Table<ConversationMeta, string>;
  conversationMessages!: Table<ConversationMessages, string>;

  constructor() {
    super('iLoveAI_DB');

    this.version(6).stores({
      conversationMeta: 'threadId, createdAt, source, *modelNames',
      conversationMessages: 'threadId',
    });
  }
}

Security Measures

Measure	Implementation
XSS Protection	react-markdown auto-escaping
Data Storage	IndexedDB (browser sandbox)
Authentication	Supabase Auth (premium only)
External Calls	None except auth/billing

How to Verify Safety Yourself

1. Monitor Network Tab

Open DevTools (F12)
Go to Network tab
Perform actions (file upload, etc.)
Check for requests to external domains

✅ Safe
localhost, CDN assets, auth endpoints only

❌ Suspicious
unknown-analytics.com, data-collector.xyz

2. Check Extension Permissions

Chrome:

Visit chrome://extensions/
Click "Details" on each extension
Review "Site access"

⚠️ Red Flags
- All sites
- Read browsing history
- Manage downloads

3. Affected Extensions List

Extension	Users
Urban VPN Proxy	6M
1ClickVPN Proxy	600K
Urban Browser Guard	40K
Urban Ad Blocker	10K

Delete immediately if installed.

Key Takeaways

Browser extensions have structural risks — Auto-updates can inject malicious code anytime
"Featured" badge ≠ safety guarantee — Only validates at review time
Client-side processing is safest — No external communication = no data leak

Safe Approaches to AI History Management

Approach	Safety	Convenience
Extensions (always-on)	❌	◎
Official export → Local tool	◎	○
Don't manage history	◎	❌

Official export + local processing is the balanced choice.

Resources

About iLoveAI

iLoveAI lets you view and search ChatGPT/Claude history completely free.

✅ 100% local processing (no server uploads)
✅ IndexedDB persistence (survives browser restart)
✅ Prompt mining (auto-extract quality prompts)
✅ Transparent design (verify with DevTools)

If you care about privacy, give it a try.

DEV Community: takumi