In partnership with

Your Private AI Chats Are Being Sold (Check Your Browser Right Now)

Hey there,

I'm breaking from my usual content because this can't wait.

Privacy breach alert showing 6 million users affected by data harvesting

If you use ChatGPT, Claude, or Gemini with Google Chrome, stop what you're doing and read this.

Yesterday, I came across a Forbes investigation by Zak Doffman that exposed something deeply disturbing: popular Chrome extensions have been secretly harvesting your AI conversations since July 2025 and selling that data to third parties.

Medical questions. Financial information. Proprietary code. Personal problems.

Everything.

6 million people had no idea it was happening.

How It Actually Works

Security researchers at Koi discovered that multiple Chrome extensions aren't just tracking your browsing. They're specifically targeting your AI conversations and monetizing them.

Here's the method:

When you visit ChatGPT, Claude, or Gemini, the extension injects custom tracking scripts directly into the page: chatgpt.js, claude.js, gemini.js.

Then it captures:

  • Every question you ask

  • Every AI response

  • Conversation IDs and timestamps

  • Which models you use

  • All metadata

The worst part? This is hardcoded. There's no opt-out setting. The only way to stop it is complete uninstallation.

Delete These Extensions Now

The main culprit: Urban VPN Proxy with 6 million users.

But Koi found the same code in seven other extensions from the same publisher, available on both Chrome and Edge.

These extensions didn't launch with this feature. They added it through a silent update. Most users never noticed.

The irony? Urban VPN markets itself as protecting your privacy.

Ad Break! Please, check out my sponsor Superhuman AI. These partnerships help me keep writing for you.

Go from AI overwhelmed to AI savvy professional

AI keeps coming up at work, but you still don't get it?

That's exactly why 1M+ professionals working at Google, Meta, and OpenAI read Superhuman AI daily.

Here's what you get:

  • Daily AI news that matters for your career - Filtered from 1000s of sources so you know what affects your industry.

  • Step-by-step tutorials you can use immediately - Real prompts and workflows that solve actual business problems.

  • New AI tools tested and reviewed - We try everything to deliver tools that drive real results.

  • All in just 3 minutes a day

Join 1M+ pros

What Data Got Sold

Let me be blunt about what "everything" means:

  • Medical inquiries you asked about symptoms

  • Financial questions about investments or debt

  • Proprietary code from your startup projects

  • Personal problems you discussed at 2 AM

  • Business strategies you brainstormed

All packaged and sold for "marketing analytics purposes".

The Timeline

This started in July 2025.

That's five months of data collection from 6 million users.

Koi's warning: "Assume any AI conversations since July 2025 have been captured and shared with third parties".

Think about everything you asked ChatGPT in five months.

Now assume someone else has all of it.

What You Must Do Right Now

Action 1: Check Your Extensions (2 minutes)

  1. Open Chrome

  2. Three dots → Extensions → Manage Extensions

  3. Find Urban VPN Proxy or suspicious VPN extensions

  4. Delete immediately

Action 2: Audit Everything (5 minutes)

Review every extension. Ask:

  • Do I use this regularly?

  • Do I remember installing it?

  • Does it need "access to all websites"?

If no to any question, delete it.

Action 3: Change Your Behavior (Forever)

As Forbes cybersecurity expert Zak Doffman put it: "Your AI assistant is not your ally, financial consultant, doctor, or therapist. It's a computer operated by someone else".

Stop treating AI like a confidant. Treat it like a public forum.

The Privacy Policy Trick

Urban VPN's privacy policy technically mentions this, but it's buried in legal text.

The consent prompt mentions processing "ChatAI communication" but frames it as "protections," not data selling.

The actual policy states: "We will collect prompts queried by End-Users" and "We disclose the prompts for analytics purposes".

Translation: We're selling your conversations, but we wrote it so you'd miss it.

The Bigger Problem

This isn't just one rogue extension.

We've been conditioned by decades of private messaging to think chat interfaces are confidential. They're not.

ChatGPT's share feature has already led to private conversations being indexed by search engines. Names and emails became publicly searchable because users didn't understand how it worked.

Then there's shadow AI: employees using AI outside company policies, uploading sensitive data without proper security.

The issue isn't just malicious extensions. We're treating billion-dollar AI platforms like private therapists when they're data processing machines with complex monetization pressures.

What The Companies Said

Forbes reached out for comments.

OpenAI: No response
Google: No response
Urban Cyber Security: No response

Silence.

Meanwhile, ChatGPT has 900 million weekly active users, but only 5% pay. That means 95% are "free users."

And in tech, if you're not paying for the product, you might be the product.

The New Rules for AI Privacy

After reading the Forbes investigation and doing my own research, here's what you need to know:

Rule 1: Never share what you wouldn't post publicly

Treat every AI conversation like it's going on Twitter. No names, addresses, financial details, health information.

Rule 2: Use temporary chat features

ChatGPT has "temporary chat" that supposedly doesn't save conversations. Use it for sensitive topics.

Rule 3: Audit extensions monthly

Set a calendar reminder. First of every month: review and delete unnecessary extensions.

Rule 4: Assume breach

Operate assuming whatever you share with AI could become public. If you're not comfortable with that, don't share it.

Rule 5: Rotate between providers

Don't put all sensitive conversations in one platform. Spread them across ChatGPT, Claude, and Gemini.

If losing this information would hurt your business, don't give it to AI.

Resources & Credit

This newsletter was inspired by and draws from:

Primary Source:
📰 How Your Private ChatGPT And Gemini Chats Are 'Sold For Profit' by Zak Doffman, Forbes (December 15, 2025)

Additional Research:

  • Koi Security Research Report

  • AI Privacy Studies

  • OpenAI and Google monetization analyses

Full credit to Zak Doffman and Forbes for breaking this story.

Two Requests

If this helped you:

  1. Forward it to anyone using ChatGPT or Gemini

  2. Reply if you found suspicious extensions

I read every response.

Stay safe.

P.S. I checked my own Chrome while writing this. Found two extensions I didn't remember installing. All deleted now.

Subscribe my Newsletter 💟

See you next time,
Better Every Day

Reply

or to participate

© 2025 Better Every Day.

Report abuse

Privacy policy

Terms of use

Powered by beehiiv