SAN FRANCISCO (WHN) – A free browser extension, Urban VPN Proxy, widely used by millions, is under scrutiny for allegedly harvesting user conversations with popular AI chatbots. The functionality, discovered by security firm Koi, appears to capture sensitive data exchanged with platforms like ChatGPT, Claude, and Gemini, regardless of whether the VPN is active.
This isn’t about a simple bug fix or a minor feature update. Researchers claim Urban VPN Proxy, boasting over 6 million Chrome users and a Google “Featured” badge, injects specific scripts into AI websites. These scripts intercept prompts, responses, timestamps, and session identifiers before they even reach the user’s screen.
The captured data, according to Koi’s analysis, is then compressed and sent to servers operated by Urban VPN. This process bypasses standard browser network functions, essentially creating a backdoor for data exfiltration. It’s a sophisticated, if unwelcome, method of data collection.
The implications are stark. Users discussing medical conditions, personal finances, or proprietary work information might have had these conversations logged and transmitted. Koi’s report details that this data is allegedly sold for “marketing analytics purposes.”
The alleged data harvesting mechanism was reportedly introduced in version 5.5.0 of Urban VPN Proxy, released on July 9, 2025. For most users, this change would have been seamless, as browser extensions typically auto-update. This means millions may have unknowingly had their AI interactions logged for months.
Urban VPN’s marketing materials do mention an “AI protection” feature, designed to alert users about sharing sensitive data. However, Koi researchers state this feature operates independently of the conversation harvesting. It’s a disquieting detail; the protection feature, if enabled, doesn’t prevent the data collection itself.
The problem may extend beyond a single extension. Koi’s investigation identified similar data-collection capabilities in seven other extensions from the same publisher. These include other VPNs, ad blockers, and browser security tools. In total, over 8 million users across Chrome and Edge could be affected.
Urban Cyber Security Inc., the entity behind Urban VPN, is affiliated with BiScience, a data broker with a history of large-scale browsing data collection. This connection suggests a business model that leverages user data, raising further questions about privacy practices.
Koi’s warning is blunt: “Anyone who used ChatGPT, Claude, Gemini, or the other targeted platforms while Urban VPN was installed after July 9, 2025 should assume those conversations are now on Urban VPN’s servers and have been shared with third parties.”
The technical execution involves injecting JavaScript code into specific AI service pages. This code intercepts the data flow, capturing the conversational elements before they are rendered locally. The system then overrides the standard network stack, funneling the information to external servers.
The fact that these scripts are enabled by default and cannot be disabled through user settings is particularly concerning. The only recourse for users, according to the research, is to completely uninstall the extension.
This incident highlights a growing concern: the monetization of user data, even from seemingly private interactions with AI. While many users adopt free VPNs and security tools for privacy, the underlying business models can sometimes involve different forms of data monetization, often obscured by marketing jargon.
The absence of a response from Urban VPN at the time of writing only amplifies the scrutiny. As AI becomes more integrated into daily workflows, the security and privacy of these interactions will undoubtedly become a more prominent battleground.