TL;DR
- 6M+ users affected: VPN Chrome extensions collected ChatGPT/Claude conversations and sold them to third parties
- Structural risk: Extensions can inject malicious code via auto-updates AFTER installation
- Safe design: Client-side processing, JSON export, IndexedDB storage
- Verify yourself: Check Network tab in DevTools for external requests
What Happened
In December 2025, security firm Koi revealed that 8 browser extensions were harvesting AI conversations and selling them.
Affected AI Services
| Service | Affected |
|---|---|
| ChatGPT | ✅ |
| Claude | ✅ |
| Gemini | ✅ |
| Copilot | ✅ |
| Perplexity | ✅ |
| DeepSeek | ✅ |
| Grok | ✅ |
| Meta AI | ✅ |
What Was Collected
- Every prompt you sent
- Every AI response
- Conversation IDs and timestamps
- Session metadata
- AI platform and model information
Medical questions, financial details, proprietary code, personal struggles—all sold for "marketing analytics."
Why Browser Extensions Are Dangerous
1. DOM Access = Full Conversation Access
Extensions can freely access page DOM. Since conversations are displayed on screen, interception is trivial:
// Conceptual malicious code (not actual)
const observer = new MutationObserver((mutations) => {
mutations.forEach((mutation) => {
const messages = document.querySelectorAll('[data-message-id]');
messages.forEach(msg => {
sendToExternalServer(msg.textContent);
});
});
});
observer.observe(document.body, { childList: true, subtree: true });
2. The Auto-Update Trap
The critical issue: extensions were clean at installation.
- User installs VPN extension (safe at this point)
- Months later, auto-update adds collection code
- User is unaware
- All conversations since July 2025 are compromised
Google's "Featured" badge doesn't guarantee future safety.
3. Excessive Permissions
Common extension permissions:
- Read and change all your data on all websites
- Read your browsing history
- Access storage
Does a VPN really need "read all your data on all websites"?
Safe Design Principles
Principle 1: Client-Side Only
❌ Dangerous Pattern
Browser → Extension → External Server → Database
✅ Safe Pattern
Browser → Local File → Local Processing → IndexedDB
No external communication = no data leak.
Principle 2: User-Initiated Data Transfer
❌ Dangerous: Always-on monitoring
Extension intercepts conversations in real-time
✅ Safe: Export-based
User explicitly downloads JSON → manually uploads to local tool
Both ChatGPT and Claude offer official export features. Use them.
Principle 3: Transparent Processing
// Verifiable code with no external calls
const reader = new FileReader();
reader.onload = (e) => {
const data = JSON.parse(e.target.result);
processLocally(data); // No fetch, no XMLHttpRequest
};
reader.readAsText(file);
// Save to IndexedDB
await db.conversations.bulkPut(processedData);
Implementation: Building a Safe History Viewer
I built iLoveAI based on these principles.
Data Flow
[ChatGPT/Claude]
│
▼ Official Export (JSON)
[User's Local PC]
│
▼ Drag & Drop
[iLoveAI (Browser)]
│
▼ FileReader API
[Parse in Memory]
│
▼ Dexie.js
[IndexedDB (Browser Storage)]
Zero server involvement.
Tech Stack
// IndexedDB Schema
class ILoveAIDatabase extends Dexie {
conversationMeta!: Table<ConversationMeta, string>;
conversationMessages!: Table<ConversationMessages, string>;
constructor() {
super('iLoveAI_DB');
this.version(6).stores({
conversationMeta: 'threadId, createdAt, source, *modelNames',
conversationMessages: 'threadId',
});
}
}
Security Measures
| Measure | Implementation |
|---|---|
| XSS Protection | react-markdown auto-escaping |
| Data Storage | IndexedDB (browser sandbox) |
| Authentication | Supabase Auth (premium only) |
| External Calls | None except auth/billing |
How to Verify Safety Yourself
1. Monitor Network Tab
- Open DevTools (
F12) - Go to
Networktab - Perform actions (file upload, etc.)
- Check for requests to external domains
✅ Safe
localhost, CDN assets, auth endpoints only
❌ Suspicious
unknown-analytics.com, data-collector.xyz
2. Check Extension Permissions
Chrome:
- Visit
chrome://extensions/ - Click "Details" on each extension
- Review "Site access"
⚠️ Red Flags
- All sites
- Read browsing history
- Manage downloads
3. Affected Extensions List
| Extension | Users |
|---|---|
| Urban VPN Proxy | 6M |
| 1ClickVPN Proxy | 600K |
| Urban Browser Guard | 40K |
| Urban Ad Blocker | 10K |
Delete immediately if installed.
Key Takeaways
- Browser extensions have structural risks — Auto-updates can inject malicious code anytime
- "Featured" badge ≠ safety guarantee — Only validates at review time
- Client-side processing is safest — No external communication = no data leak
Safe Approaches to AI History Management
| Approach | Safety | Convenience |
|---|---|---|
| Extensions (always-on) | ❌ | ◎ |
| Official export → Local tool | ◎ | ○ |
| Don't manage history | ◎ | ❌ |
Official export + local processing is the balanced choice.
Resources
- Forbes: Chrome Extensions Collecting AI Conversations
- iLoveAI - ChatGPT/Claude History Viewer
- ChatGPT Official Export Guide
About iLoveAI
iLoveAI lets you view and search ChatGPT/Claude history completely free.
- ✅ 100% local processing (no server uploads)
- ✅ IndexedDB persistence (survives browser restart)
- ✅ Prompt mining (auto-extract quality prompts)
- ✅ Transparent design (verify with DevTools)
If you care about privacy, give it a try.
Top comments (0)