Urban VPN Proxy Extension Surreptitiously Intercepts AI Platform Conversations

The Urban VPN Proxy browser extension has been discovered to intercept and exfiltrate user conversations from ten major AI platforms: ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok (xAI), and Meta AI. This data collection is implemented via platform-specific scripts, termed "executors," which are activated by default through hardcoded configuration flags within the extension. Notably, there is no user-accessible option to disable this functionality; complete uninstallation of the extension is the only method to cease data collection. The intercepted data encompasses a comprehensive range of sensitive information, including conversation prompts, AI responses, unique conversation identifiers, precise timestamps, session metadata, and details regarding the specific AI platform and model in use. Critically, this data collection operates persistently, independent of the VPN's activation status, indicating a continuous monitoring capability. Technically, this implementation represents a deliberate and covert data exfiltration mechanism. The use of dedicated executors for each platform demonstrates a targeted approach to data collection, while the absence of user controls to disable this functionality reveals a fundamental disregard for user consent and transparency. The cybersecurity implications of this discovery are significant. The extension, marketed as a privacy-enhancing tool, instead engages in extensive surveillance of user interactions with AI platforms. This duplicity underscores the potential for abuse in software that purports to enhance security but instead compromises user privacy. For cybersecurity professionals, this incident serves as a critical reminder of the importance of thorough software vetting, particularly for browser extensions with broad system access. It highlights the necessity of transparent data collection practices and robust user controls in security software. In response to this threat, users are advised to immediately uninstall the Urban VPN Proxy extension and review the data collection practices of all installed browser extensions. This case also emphasizes the need for organizational policies governing the use of third-party extensions, particularly in environments handling sensitive data.