The very tools millions of users trust to shield their online activities from prying eyes may be the ones actively betraying their confidence, creating a digital paradox where privacy becomes the price of admission. A startling investigation has brought to light serious allegations against Urban VPN Proxy, a popular browser extension with a user base exceeding six million. This tool, marketed as a guardian of digital anonymity, is now accused of containing a hidden mechanism designed specifically to intercept and harvest users’ private conversations with leading AI chat platforms. According to a detailed report from the security firm Koi, this data collection is not an accidental byproduct or an optional feature but a core, unchangeable function of the software. The discovery raises critical questions about the security of browser extensions and the true cost of “free” services, suggesting that users seeking to protect their data may have unknowingly been feeding their most sensitive interactions directly to a data collection apparatus operating under the guise of a privacy shield.
The Mechanism of Deception
Infiltration by Default
The method allegedly employed by the Urban VPN extension constitutes a fundamental breach of user consent and expectation. Research indicates that the data-harvesting functionality is enabled by default upon installation and, crucially, operates continuously in the background, regardless of whether the user has activated the VPN service. This means that even when the extension appears dormant, it is actively monitoring and intercepting traffic. The mechanism involves the sophisticated injection of custom scripts into the web pages of major AI services, including industry leaders like ChatGPT, Gemini, and Claude. Once embedded, these scripts act as a surveillance tool, meticulously capturing a wide range of sensitive information. The collected data reportedly includes the full text of user prompts, the complete AI-generated responses, unique session IDs that can link conversations together, and precise timestamps. After being harvested, this trove of personal data is compressed and transmitted to analytics servers under the control of Urban VPN, all without any notification or permission from the user, who remains completely unaware of the ongoing data siphon.
The Silent Update
The deployment of this controversial feature was reportedly executed with calculated stealth, leaving the vast majority of its user base in the dark. The data-gathering capability was introduced in version 5.5.0 of the Urban VPN Proxy extension, pushed to users on July 9, 2025. Leveraging the automatic update feature common to modern browsers like Chrome and Edge, the new version was seamlessly installed on millions of devices without requiring any user interaction. This process ensured that the invasive functionality became active almost overnight across its entire user base. Furthermore, the investigation revealed that this issue is not confined to a single product. The same data-harvesting code was found to be present in seven other browser extensions published by the same company, Urban Cyber Security Inc. This widens the scope of the potential data exposure significantly, with the total number of affected users across all implicated extensions estimated to be over eight million. The systematic nature of this deployment suggests a deliberate strategy to collect AI interaction data on a massive scale from an unsuspecting public.
Tracing the Data Trail
The Broker Connection
The implications of this data collection are magnified by the alleged corporate connections behind the extension. The security firm Koi’s report draws a direct line from Urban VPN’s operator, Urban Cyber Security Inc., to a data broker known as BiScience. This firm has a documented history of engaging in large-scale data collection for commercial purposes. The link suggests a clear financial motive for the clandestine harvesting of AI conversations, which are incredibly valuable datasets for market research, advertising analytics, and training new AI models. The nature of data broker operations means that once the information is acquired, it can be sold and resold to countless third parties, making it nearly impossible for individuals to track or control who has access to their private thoughts and queries. In light of this connection, Koi issued a stark warning to all users: anyone who had the affected extensions installed after the July 9th update should operate under the assumption that their private AI conversations have been compromised, collected, and potentially sold on the open market, transforming personal inquiries into a tradable commodity.
A Breach of Trust and Silence
The discovery of this hidden functionality created a significant rupture in the trust between users and the providers of digital privacy tools. A service explicitly designed and marketed to safeguard user data was alleged to have been systematically undermining that very principle for commercial gain. The silent and non-consensual nature of the data collection represented a profound violation, turning a supposed shield into a surveillance tool. In the wake of these serious allegations, Urban VPN remained silent, offering no public statement or response to the detailed findings presented by the security researchers. This lack of communication left over eight million users without answers or reassurance, deepening the sense of betrayal. The incident served as a critical reminder of the potential dangers lurking within browser extensions, which often require extensive permissions to function. It underscored the necessity for greater scrutiny and transparency in the digital tools people rely on daily, highlighting a landscape where the promise of privacy could no longer be taken at face value.
