Subject: Use a VPN for security? - THINK!
Most of us have used PC's and/or mobile phones for years. The use of the internet has become both a convenience and a necessity for all manner of applications, ranging from financial to advice from AI's. Those who are astute use VPN's to encrypt and protect their transmissions from interception between your device and the destination. I want to point out that, though the following is about VPN's, there are any number of extensions and utilities which, in theory, you may have given permission to access your storage or other vital sections of your device, which if malicious, could be very costly. (This is especially true of "cleaners", anti-spyware, driver and hard-disk utilities which, by their very nature peer into the deepest recesses of your device. I'm not saying they are necessarily evil, but just that they have the ability to, if coopted, be very bad indeed.

Anyway:
https://www.koi.ai/blog/urban-...

(The Author) asked Wings, (their) agentic-AI risk engine, to scan for browser extensions with the capability to read and exfiltrate conversations from AI chat platforms. We expected to find a handful of obscure extensions-low install counts, sketchy publishers, the usual suspects.

The results came back with something else entirely.
Near the top of the list: Urban VPN Proxy. A Chrome extension with over 6 million users. A 4.7-star rating from 58,000 reviews. A "Featured" badge from Google, meaning it had passed manual review and met what Google describes as "a high standard of user experience and design."

A free VPN promising privacy and security. Exactly the kind of tool someone installs when they want to protect themselves online.

Urban VPN Proxy targets conversations across ten AI platforms: ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok (xAI), Meta AI.

For each platform, the extension includes a dedicated “executor” script designed to intercept and capture conversations. The harvesting is enabled by default through hardcoded flags in the extension’s configuration.
There is no user-facing toggle to disable this. The only way to stop the data collection is to uninstall the extension entirely.
[...]
The data collection operates independently of the VPN functionality. Whether the VPN is connected or not, the harvesting runs continuously in the background.
[...]
What gets captured:
• Every prompt you send to the AI
• Every response you receive
• Conversation identifiers and timestamps
• Session metadata
• The specific AI platform and model used

Be careful out there

Jeff