Millions of people typed deeply personal thoughts into AI chatbots believing those conversations stayed between them and the machine. They did not. A Chrome browser extension promoted by Google as Featured was silently intercepting and exporting private AI conversations at massive scale. Not because of a bug. Not because of a breach. Because that was the product.
The extension, Urban VPN Proxy, advertised itself as a privacy tool. It promised protection, anonymity, and security. Instead, it functioned as a surveillance layer embedded directly into users’ browsers. Urban VPN Proxy has millions of installs across Chrome and Edge and carries high ratings and a Featured badge that signals trust and quality to everyday users. People installed it specifically to avoid tracking.
In July 2025, an update quietly changed what the extension did. Without warning and without meaningful consent, it began intercepting conversations with major AI platforms including ChatGPT, Claude, Gemini, Copilot, Grok, Meta AI, DeepSeek, and Perplexity. Anyone with auto updates enabled woke up one day with new code running inside their browser that captured what they typed and what the AI replied.
The extension injected custom scripts into AI chatbot pages and hooked into the browser’s network request handling. Every message sent to an AI service and every response received was routed through the extension first. This allowed it to capture full conversations in real time, including prompts, responses, session identifiers, timestamps, and platform metadata. The captured data was then transmitted to Urban VPN controlled servers for analysis and monetization.
Urban VPN markets an AI protection feature that warns users about sharing sensitive information with chatbots and presents itself as a safeguard. In reality, the interception occurred regardless of whether that feature was enabled. The extension warned users not to share personal information while simultaneously exfiltrating the entire conversation. The warning created a false sense of safety while the data was quietly copied and sold.
The company’s own privacy policy admits that AI prompts and outputs are collected and claims the data is used for analytics and safe browsing with identifiers filtered out. At the same time, it acknowledges that raw browsing data is shared with affiliated entities. One of those entities is BIScience, an ad intelligence and brand monitoring firm that owns Urban Cyber Security Inc and has previously been accused by researchers of collecting clickstream data at scale under misleading disclosures.
The same AI interception logic was identified in multiple extensions published by the same company, several of which also carried Featured badges. Combined, these extensions reached more than eight million users. This was not a rogue update. It was infrastructure.
People do not treat AI chats like search queries. They use them as journals, as therapists, as legal sounding boards, and as places to ask questions they would never type into a public forum. These conversations often contain health concerns, relationship problems, financial fears, political beliefs, and emotional vulnerabilities. Capturing this data is far more invasive than tracking which websites someone visits.
Featured badges create trust. They function as endorsements whether companies admit it or not. Google and Microsoft built extension marketplaces that reward growth and engagement while relying on policy loopholes and after the fact enforcement. Auto updating extensions remove consent entirely and users are never given a meaningful chance to opt out when functionality changes.
This is not a failure of individual users. It is a structural failure of the ecosystem. Once intimate data is captured, it cannot be unshared. Once it is sold, it cannot be recalled. Trust badges are not safeguards and privacy features are not guarantees. Software that monetizes surveillance will always find new places to extract value.
Your AI chats were never private. That was the business model.
Blackout VPN exists because privacy is a right. Your first name is too much information for us.
Keep learning
FAQ
Which extension was intercepting AI chats
Urban VPN Proxy, a featured Chrome and Edge extension with millions of users, was observed intercepting AI conversations.
What AI platforms were affected
ChatGPT, Claude, Gemini, Copilot, Grok, Meta AI, DeepSeek, and Perplexity were among the targeted platforms.
Was the data collection accidental
No. The interception was enabled by default through a deliberate update.
What kind of data was captured
User prompts, AI responses, session metadata, timestamps, and platform identifiers were collected.
Why did users not notice the change
Browser extensions auto update by default, removing meaningful consent when functionality changes.