- Updated: December 16, 2025
- 6 min read
Urban VPN Browser Extension Secretly Harvested AI Chat Data from Millions of Users
Urban VPN Browser Extension Caught Harvesting AI Chats from 8 Million Users
Answer: A recent security investigation revealed that the Urban VPN Proxy browser extension silently injects scripts into popular AI chat platforms, captures every prompt and response, and exfiltrates the data to the company’s servers for marketing analytics—affecting over eight million Chrome and Edge users.
When you click “Connect” on a free VPN, you expect privacy, not a hidden data‑mining operation. Yet a Koi research report published on December 15, 2025 shows that the Urban VPN Proxy extension, a UBOS partner featured on the Chrome Web Store, has been covertly harvesting AI conversations from ChatGPT, Claude, Gemini, Microsoft Copilot and six other platforms. The findings raise urgent questions for privacy‑conscious internet users and tech professionals seeking trustworthy VPN solutions.
Key Findings at a Glance
- 6 million+ active Chrome users and 1.3 million+ Edge users have the extension installed.
- Data collection began with version 5.5.0 released on July 9, 2025.
- The extension targets ten AI platforms, injecting a dedicated script for each.
- Collected data includes prompts, AI responses, timestamps, session IDs, and device metadata.
- Exfiltrated data is sent to
analytics.urban-vpn.comandstats.urban-vpn.comfor “marketing analytics.” - Similar harvesting code appears in seven other “privacy‑focused” extensions from the same publisher, raising the total affected user base to **over 8 million**.
How the Extension Hijacks Your AI Conversations
1. Tab Monitoring & Script Injection
The extension constantly monitors open tabs. When a user navigates to a supported AI site (e.g., OpenAI ChatGPT integration), it injects a platform‑specific JavaScript file (chatgpt.js, claude.js, etc.) directly into the page’s DOM.
2. Overriding Core Browser APIs
Once injected, the script wraps native fetch() and XMLHttpRequest calls. This “man‑in‑the‑middle” approach captures every outbound request and inbound response, giving the extension full visibility into the raw JSON payloads that contain user prompts and AI replies.
3. Parsing, Packaging, and Messaging
The intercepted payloads are parsed to extract:
- User prompt text
- AI‑generated response
- Conversation ID and timestamps
- Platform and model identifiers
These data packets are then dispatched via window.postMessage to a hidden content script, flagged with PANELOS_MESSAGE.
4. Background Service Worker Exfiltration
The content script forwards the packaged data to the extension’s background service worker. The worker compresses the payload and posts it to the remote endpoints mentioned earlier. This occurs regardless of whether the VPN tunnel is active, meaning the “privacy” feature is decoupled from the data‑stealing logic.
5. No User‑Facing Controls
All harvesting flags are hard‑coded. The extension offers no toggle to disable AI data collection; the only way to stop it is to uninstall the extension entirely.
Privacy Fallout and Erosion of Trust
AI chat logs often contain highly sensitive information—medical queries, financial details, proprietary code snippets, and personal dilemmas. By siphoning this data, Urban VPN not only violates the implicit trust users place in a “privacy‑first” VPN but also potentially breaches data‑protection regulations such as GDPR and CCPA.
Key privacy implications include:
- Re‑identification risk: Coupling AI prompts with device identifiers enables profiling across services.
- Commercial exploitation: The harvested data is sold to third‑party advertisers, as confirmed by the company’s privacy policy.
- Regulatory exposure: Unlawful processing of personal data could trigger fines up to 4 % of global revenue under GDPR.
- Loss of brand credibility: Users who installed the extension for security now face a breach of that very security.
For enterprises, the risk multiplies. An employee could inadvertently expose confidential project details or client data through an AI chat, which then lands in a data broker’s repository. This scenario undermines the Enterprise AI platform by UBOS and any downstream AI‑driven analytics.
Community Reaction & Expert Recommendations
Security researchers, privacy advocates, and even Google’s own extension review team have voiced alarm. The following steps are recommended for users and organizations:
For Individual Users
- Immediately uninstall Telegram integration on UBOS if you have it, as it shares the same publisher.
- Remove all “Urban” branded extensions: Urban VPN Proxy, 1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker.
- Switch to a vetted, open‑source VPN solution that undergoes regular third‑party audits.
- Enable browser‑level privacy settings: block third‑party cookies, disable automatic extension updates where possible.
For Enterprises & SaaS Providers
- Audit all installed extensions across corporate devices using tools like Workflow automation studio.
- Enforce a whitelist policy that only permits extensions from verified vendors.
- Deploy data‑loss‑prevention (DLP) solutions that can detect anomalous outbound traffic to
urban‑vpn.comdomains. - Educate staff on the risks of “privacy‑focused” extensions and promote internal AI marketing agents that respect data sovereignty.
For Platform Operators (Chrome, Edge)
Both stores must tighten their review pipelines:
- Require explicit disclosure of AI data collection in the store listing.
- Mandate a separate permission for “AI chat access” that users can toggle.
- Introduce automated static analysis to flag scripts that override
fetchorXMLHttpRequeston AI domains.
What to Do Next? Secure Your Digital Footprint with UBOS
If you’re looking for a trustworthy alternative that truly safeguards your data, explore the UBOS platform overview. Our suite includes:
- Web app editor on UBOS – build secure internal tools without third‑party extensions.
- UBOS templates for quick start – launch privacy‑first SaaS products in minutes.
- AI marketing agents that operate under strict data‑use policies.
- UBOS partner program for developers who want to embed secure AI features.
For startups seeking a compliant AI stack, see UBOS for startups. Small‑ and medium‑size businesses can benefit from UBOS solutions for SMBs, which include built‑in privacy controls and transparent data handling.
Ready to replace risky extensions with a platform that puts privacy first? Check out our UBOS pricing plans and start a free trial today.
Boost Your Workflow with UBOS AI Templates
UBOS’s marketplace offers ready‑made AI tools that respect user data. A few that may interest privacy‑focused professionals:
- AI SEO Analyzer – audit your site without sending raw content to third parties.
- AI Article Copywriter – generate marketing copy inside a secure sandbox.
- AI Video Generator – create video assets while keeping scripts on‑premise.
- AI Email Marketing – personalize campaigns without exposing subscriber data.
These templates integrate seamlessly with the Chroma DB integration and ElevenLabs AI voice integration, giving you powerful AI capabilities while staying compliant.
Conclusion
The Urban VPN data‑collection scandal serves as a stark reminder: not every “privacy‑enhancing” tool lives up to its promise. By dissecting the extension’s script injection, API hijacking, and silent exfiltration, we’ve shown how millions of AI conversations have been compromised for marketing gain.
Protecting your digital conversations starts with vigilance—scrutinize every extension, demand transparent data policies, and choose platforms that embed privacy into their core architecture. UBOS offers a transparent, audit‑ready environment that aligns with the highest standards of E‑E‑A‑T and Generative Engine Optimization (GEO), ensuring your content is both safe and discoverable.
Take action now: remove the risky extensions, adopt a secure AI‑first platform, and stay informed through About UBOS for the latest privacy‑focused innovations.
© 2025 UBOS Technologies. All rights reserved.