Popular VPN extension Urban VPN stole your private chats with ChatGPT

🤔 Do you think a free VPN protects your privacy? What if it's secretly collecting all your conversations with AI chatbots and selling them? 📢 In December 2025, researchers exposed a massive scandal affecting over 8 million users.

🚨 Spoiler: Since July 2025, the Urban VPN Proxy extension has been intercepting dialogues with ChatGPT, Claude, Gemini, Grok, and others—and sending them to servers for monetization. 🗑️ Delete it immediately!

📚 Article Contents

• 📌 What happened: Koi Security researchers' discovery
• 📌 How the data theft mechanism worked
• 📌 Which extensions are dangerous and how many users were affected
• 📌 Developers' reaction and privacy policy
• 📌 Why free VPNs are often dangerous
• 💼 What to do if you used Urban VPN

💼 Secure alternatives to VPN extensions

• 💼 How to protect privacy when working with AI
• ❓ Frequently Asked Questions (FAQ)
• ✅ Conclusions

🎯 Section 1. What happened: Koi Security researchers' discovery

🎭 A free VPN that promises privacy actually turned into a surveillance tool for the most personal conversations with AI.

🔍 Researchers from Koi Security used their Wings tool to scan browser extensions for data leaks. 🕵️‍♂️ They expected to find a few obscure malicious apps but stumbled upon Urban VPN Proxy — an extension marked "Featured" by Google, with a 4.7 rating and millions of installs.

📈 Analysis showed that with version 5.5.0 (July 9, 2025), the extension began intercepting all dialogues with 10 popular AI platforms. 🚀 Data was sent to analytics.urban-vpn.com and stats.urban-vpn.com servers, linked to data broker BiScience. 📖 A detailed report from the researchers is available here.

🔍 Why this is important

🗣️ Conversations with AI often contain confidential information: medical consultations, financial plans, work ideas, or personal problems. ⚠️ Leaking such data can lead to blackmail, targeted advertising, or even identity theft.

📋 Example

👤 A user asks ChatGPT for advice on treating an illness or discusses a business strategy — all of this automatically goes into a database for sale.

• ✅ Collection occurred automatically through extension auto-updates.
• ✅ Users received no explicit warnings about the new feature.

Conclusion: This is one of the biggest privacy scandals of 2025 in the field of browser extensions (more details in The Hacker News and Infosecurity Magazine).

📌 Section 2. How the data theft mechanism worked

🎭 Technical trick: the extension overrode standard browser functions for full control over AI traffic, turning a protection tool into a hidden data leak channel.

📥 The mechanism worked as follows: when a user opened the website of one of the supported AIs (ChatGPT, Claude, Gemini, Copilot, Perplexity, Grok, Meta AI, etc.), the extension automatically injected a special "executor" script, adapted for the specific platform (e.g., claude.js for Anthropic Claude or chatgpt.js for OpenAI).

🛠️ This script overrode standard browser APIs for network requests — fetch() and XMLHttpRequest. This ensured that all requests and responses between the user and the AI first passed through the extension's code. 🎯 The script extracted:

• 📄 Full text of user requests (prompts);
• 🤖 Full AI responses;
• 🏷️ Metadata: timestamps, conversation ID, session ID;
• ⚙️ Information about the AI platform and model.

📦 The collected data was packed, compressed, and transmitted via window.postMessage (with the tag PANELOS_MESSAGE) to the extension's content script, and from there to the background service worker. 🚀 The latter sent everything to Urban VPN's remote servers: analytics.urban-vpn.com and stats.urban-vpn.com.

⚠️ Important: collection worked in the background constantly, even if the VPN was turned off, and the "AI Protection" function (which supposedly warned about personal data leaks) was deactivated. 🎭 This "protective" function only masked the real purpose, showing sporadic warnings but not stopping data transmission.

🔗 A detailed technical analysis is published in the Koi Security report: 8 Million Users' AI Conversations Sold for Profit.

🔍 Why this is important

👁️‍🗨️ Such a mechanism allows data to be collected completely unnoticed, without notifications or the possibility of opting out. ⚠️ Users believed they were protecting their privacy, but in reality, they were creating a direct channel for the leak of their most confidential conversations to data broker BiScience for further monetization.

📋 Practical example

👤 A user opens claude.ai, enters a message — the claude.js script immediately intercepts the request, extracts the text, waits for a response from the Anthropic server, captures it, packs everything with a timestamp and session ID, and quietly sends it to Urban VPN servers. 🕵️ Everything happens in real-time, with no signs for the user.

• ✅ Collected: requests, AI responses, timestamps, session ID, AI model.
• ✅ Data was compressed and sent regardless of extension settings.
• ✅ No way to disable collection other than full extension removal.

✅ In my opinion This is not an accidental bug, but an intentional built-in monetization feature, quietly added via auto-update in July 2025.

📌 Section 3. Which extensions are dangerous and how many users were affected

🏢 One publisher — Urban Cyber Security Inc. — controls an entire family of extensions with identical malicious code.

🔬 Researchers found the same mechanism in several products from the same developer. 🏅 Many of them had a "Featured" badge or a high rating.

🔍 Why this is important

🛡️ Trust in extension stores is undermined: even "verified" apps can hide surveillance.

📋 Practical example

🚫 Urban Ad Blocker looks like a regular ad blocker but steals AI chats.

• 📈 Urban VPN Proxy: 6M+ on Chrome.
• 📈 Others: hundreds of thousands each, totaling 8M+.

✅ Conclusion: Check your extensions — remove all from Urban.

📌 Section 4. Developers' reaction and privacy policy

⚠️ The policy concealed the reality: data was transferred to partners, including BiScience, for commercial use.

💼 The company claims that collection is for "analytics and security," but researchers point to the lack of a real opt-out and the sale of data.

✅ Conclusion: Formal disclosure does not justify deceiving users.

📌 Section 5. Why free VPNs are often dangerous

🎯 "If the product is free — you are the product." This phrase is more relevant than ever for free VPN services.

⚙️ Operating and maintaining a VPN network requires significant costs: servers, bandwidth, development, technical support. 💰 Paid services cover this with subscription fees. Free ones, however, look for other sources of income, and the most common ones directly threaten user privacy.

📊 Main ways free VPNs monetize:

• 👁️‍🗨️ Data selling: Collection of browsing history, search queries, visited websites, and even traffic content (if encryption is weak). 📈 This data is partially or fully anonymized and sold to advertising networks, analytical companies, or data brokers (e.g., BiScience in the case of Urban VPN).
• 📝 Activity logging: Many services claim a "no-logs policy," but in practice, they store logs for later sale or transfer upon request.
• 🪧 Ad injection: Some free VPNs insert additional ads on web pages or redirect traffic through partner networks.
• 🤝 Affiliate programs: Transfer of data to third parties for a commission, including targeted advertising based on user behavior.
• ⚠️ Malicious code: In extreme cases — installation of trackers, cryptocurrency miners, or even malware.

History knows dozens of examples ⚠️

2015–2018 — Hola VPN sold user bandwidth to create a botnet (Hola / Luminati):

Hola VPN operated as a p2p service where user traffic and bandwidth were resold through the Luminati network (now Bright Data), allowing these nodes to be used like a botnet for DDoS attacks and mass traffic to websites, including 4chan/8chan. This was accompanied by a lack of full encryption, IP address leaks, and a number of technical vulnerabilities in the Hola client

ZDNet: Researchers slam Hola VPN over absent encryption, user IP leaks

Bitdefender: Hola VPN allegedly used in DDoS against 4Chan

Kaspersky: Misadventures with Hola service

2023–2025 — Billions of free Android VPN installs transmitting data to China:

Reviews from TechRadar and other publications show that dozens of popular free VPN apps for Android (Turbo VPN, VPN Proxy Master, Solo VPN, etc.), linked to Chinese companies, collected vast amounts of user data and could transmit it to servers in China. In total, this amounts to over 2.5 billion installs of such apps in recent years, posing a systemic risk to privacy.

TechRadar: Millions of free VPN users have inadvertently sent their data to China

2023 — SuperVPN data leak and log collection by free VPN extensions (SuperVPN, Betternet, etc.):

In 2023, vpnMentor researchers discovered an unprotected database without a password, belonging to a free VPN service (SuperVPN and related apps), which exposed over 360 million records including email addresses, real IPs, geolocation, device information, and other traffic metadata. Despite "no-logs" marketing, further reviews of SuperVPN, Betternet, and other free VPN extensions for Chrome demonstrate aggressive collection of user data, which can potentially be monetized through sales to third parties.

VPNMentor: Free VPN data breach exposed 360 million records online

2025 — Urban VPN began collecting AI conversations (ChatGPT, Claude, Gemini, Copilot, Perplexity, etc.):

According to an investigation by Koi Security, version 5.5.0 of the Urban VPN Proxy extension for Chrome/Edge (released July 9, 2025) added hidden functionality to intercept full user conversations with major AI chats (prompts, responses, session IDs, timestamps, metadata). This data was automatically sent to Urban VPN servers (including analytics.urban-vpn.com and stats.urban-vpn.com) regardless of whether the VPN was activated, after which it was used and sold as "marketing analytics" to third parties

Koi Security: Urban VPN browser extension harvesting AI conversations

Infosecurity Magazine: Urban VPN Proxy accused of harvesting AI chats

⚠️ An additional problem is the lack of independent audits. 🧾 Paid services like ExpressVPN, Mullvad, or ProtonVPN are regularly audited by third parties (e.g., PwC, Cure53), which confirms their no-logs policy. ❌ Free VPNs almost never have such audits, and their claims of privacy remain just words.

🔍 Why this is important in my opinion

🛡️ Users install VPNs precisely to protect their privacy, but with free services, they often get the opposite effect: instead of anonymity — complete surveillance. 👁️ It is especially dangerous when not just URLs are collected, but the content of conversations, medical or financial inquiries.

📋 Practical example

📱 A user installs a free VPN to bypass blocking and protect data on public Wi-Fi. 💸 Instead, the service records all their banking transactions or correspondence and sells the profile to advertisers, who then offer "personalized" loans or insurance.

• ⚠️ Free VPNs are often based in jurisdictions with weak data protection (14 Eyes, etc.).
• ⚠️ Privacy policy updates can occur quietly, without user consent.
• ⚠️ Lack of transparency: it's impossible to verify what the app is doing with your traffic.

✅ Section conclusion: Paid VPNs with independent audits and transparent policies are the only reliable choice for those who truly value privacy. 💸 Free alternatives almost always come with a hidden price, and that price is your data.

💼 Section 6. What to do if you used Urban VPN

🗑️ The only reliable way to stop data collection is to completely remove the extensions. Data may have already been transferred to third parties.

📅 As of December 2025, Urban VPN extensions are still available in the Chrome Web Store and Microsoft Edge Add-ons, so don't wait for the stores to react — act independently.

✅ Step-by-step removal instructions (for Google Chrome and Microsoft Edge):

1. 🔍 Open your browser and go to chrome://extensions/ (or edge://extensions/ for Edge).
2. 🎯 Find extensions in the list with the name "Urban VPN", "1ClickVPN", "Urban Ad Blocker", "Urban Browser Guard" or any others from the publisher Urban Cyber Security Inc..
3. 🗑️ Click "Remove" for each of them and confirm the action.
4. 🧹 After removal, clear your browser's cache: Settings → Privacy and security → Clear browsing data → Select "Cached images and files" → Clear.
5. 🔄 Restart your browser.

🛡️ Additional security measures:

• 🔐 Change passwords on all important accounts (banks, email, AI services) if you discussed them in chats.
• ✅ Enable two-factor authentication (2FA) wherever possible.
• 🧹 Delete chat history in ChatGPT, Claude, Gemini, etc. (some services allow this in settings).
• ⚙️ Consider resetting browser settings to default if you suspect deep integration.

🔍 Why this is important

📡 Data collection lasted for months, and the collected information may have already been sold to data brokers. ⏰ Quick actions minimize further risks: targeted advertising, phishing, or even blackmail based on confidential conversations.

📋 Practical example

👤 A user who discussed a business idea in Claude or medical symptoms in ChatGPT now risks this information falling into advertising networks or malicious hands.

• ✅ Removal stops further collection in this browser.
• ✅ Clearing the cache removes residual scripts.
• ✅ Changing passwords protects against potential leaks.

💡 In my opinion Act immediately and systematically — data may have already been sold, but you can prevent new leaks and protect yourself going forward.

💼 Section 7. Secure Alternatives to VPN Extensions

💡 It's better to pay for real privacy than to "pay" with your data to free services.

📋 In 2025, market leaders underwent numerous independent audits (Deloitte, PwC, Securitum, etc.), confirming that they do not store activity logs. 🏆 Here are the top recommendations:

• NordVPN: Best balance of speed, security, and features. Four no-logs audits in 2025, RAM servers, Double VPN.
• ExpressVPN: Premium option with the simplest interface. Over 19 audits, Lightway protocol, based in BVI.
• Mullvad: Maximum anonymity — anonymous registration, payment with cash or Monero, fixed price €5/month, RAM servers.
• ProtonVPN: Free plan with no-logs audit (2025, Securitum), unlimited traffic, open-source applications. Paid — for speed and streaming.
• Surfshark: Unlimited devices, low price, audited RAM servers, CleanWeb (ad blocking).

🌐 For your browser:

• 🔧 Official proxy extensions from NordVPN, ExpressVPN, or ProtonVPN (they only manage browser traffic).
• 🛡️ Or a full VPN application — protects the entire device.
• 🚫 For blocking ads/trackers — uBlock Origin (no VPN features, but safe).

🔍 Why this is important

✅ These services are proven not to collect data, have transparent policies, and are regularly audited. 💰 Unlike free services, their business model is subscription-based, not selling your data.

📋 Practical example

👤 A user switches to Mullvad: registers anonymously, pays with Monero — no traces. ⚡ Or ProtonVPN Free: complete privacy without payment, but with limited speed.

• ✅ All recommended — with no-logs audit 2024–2025.
• ✅ RAM servers: data is erased upon reboot.
• ✅ Jurisdictions outside 14 Eyes (Panama, BVI, Switzerland).

✅ Section conclusion: Choose a VPN with a proven reputation and audits — it's an investment in real privacy, not an illusion.

📚 For a deeper understanding of privacy, AI, and technology topics, I recommend familiarizing yourself with these materials:

🔗 How AI platforms choose sources for answers in 2025-2026 — learn about the algorithms for selecting information for AI search.

🤖 How crawling works in the age of AI — understand how bots collect data to train large language models.

🕵️ What is Browser Fingerprint: a complete guide to digital browser fingerprints — understand how you can be tracked online.

🌐 How VPN works: why it moves you to another country — get a clear explanation of the principles of virtual private networks.

💼 Section 8. How to protect privacy when working with AI

🔒 Privacy when working with AI is your personal responsibility. No service protects you 100% if you don't take care of it yourself.

🤖 Working with AI chatbots has become a part of everyday life, but most popular platforms (ChatGPT, Claude, Gemini, etc.) collect your queries for model training, analytics, or even marketing. ⚠️ After the Urban VPN scandal, it became clear: even third-party tools can access these conversations. 💡 Here is a comprehensive set of practical steps for maximum protection.

✅ Key recommendations:

• 💻 Use local AI models. The safest option is to run models on your own computer. Programs like Ollama, LM Studio, GPT4All, or Jan.ai allow you to work with Llama 3, Mistral, Gemma, etc., without transmitting data over the internet.
• 🌐 Separate browser or profile. Create a separate profile in Chrome/Edge/Firefox exclusively for working with AI or use incognito mode. Do not install any extensions in it.
• 🔌 Minimize extensions. Regularly review the list of installed extensions (chrome://extensions/) and remove everything that is not used daily. Especially avoid VPNs, ad blockers, or "accelerators" from unknown publishers.
• 🚫 Do not enter confidential data. Never type PINs, passwords, card numbers, medical diagnoses with personal details, or trade secrets into chats. If necessary, anonymize the information (replace real names, dates, etc.).
• 🔐 Enable additional account protection. 2FA (two-factor authentication) on all AI services, use a password manager (Bitwarden, 1Password, KeePass).
• 🧹 Limit history and memory. In ChatGPT, disable "Memory"; in Claude, disable "Projects" with context saving; in Gemini, disable "Activity." Regularly delete old chats.
• 🕵️ Use private alternatives. Services like Poe.com (with a private bots option), You.com, or Perplexity with "Private" mode collect data less aggressively than the main giants.
• 🚧 Block trackers. Install trusted extensions: uBlock Origin, ClearURLs, Privacy Badger — they block most analytical scripts.

🔍 Why this is important

👤 Your conversations with AI are a detailed digital portrait: interests, problems, plans, health, finances. ⚔️ In the hands of malicious actors or marketers, such information becomes a powerful weapon for manipulation, blackmail, or targeted advertising.

📋 Practical example

💡 A developer discusses a startup idea with a detailed business plan in ChatGPT. 🕳️ Due to a leak (e.g., Urban VPN), this information falls into the hands of a data broker, and a month later, competitors launch a similar product with "surprising" speed.

• ✅ Local models = 100% control over data.
• ✅ Separate profile = isolation from main activity.
• ✅ Anonymization = even if leaked, data is not linked to you.

✅ Section conclusion: A combination of technical tools (local AI, clean browser) and conscious behavior (anonymization, data minimization) is the only reliable key to preserving privacy when working with modern AI.

❓ Frequently Asked Questions (FAQ)

⚠️ Is it safe to use Urban VPN now?

❌ No, absolutely not safe. Even after the scandal, the extension may continue to collect data. 🗑️ Delete it immediately along with all products from Urban Cyber Security Inc. and consider all AI chats after July 2025 potentially compromised.

🤖 Which AI platforms were affected by the leak?

📄 ChatGPT (OpenAI), Claude (Anthropic), Gemini (Google), Microsoft Copilot, Grok (xAI), Perplexity, DeepSeek, Meta AI, Poe, and most other popular JavaScript-based web chatbots.

🛒 Has the extension been removed from the Chrome Web Store and Microsoft Edge Add-ons?

⏳ As of December 17, 2025 — not yet. Google and Microsoft usually react to such scandals with a delay. 🚨 Don't wait for official removal — delete the extension yourself as soon as possible.

🧹 Can I delete or recover my collected data?

😔 Unfortunately, no. The data has already been transmitted to Urban VPN's servers and its partner BiScience, and then to third parties. 🔒 There is no mechanism to request deletion. The only thing you can do is protect yourself going forward.

📱 Did the leak affect mobile AI applications?

✅ No, the mechanism only worked in browser extensions. Mobile applications like ChatGPT, Claude, etc., were not affected by this specific leak.

⸻

✅ Conclusions

• 🚨 Urban VPN and similar extensions turned the promise of privacy into a tool for mass collection and sale of the most personal conversations of millions of users.
• 💰 Free VPNs almost always come with a hidden price — your data, and this scandal is further proof.
• 🔍 Check your browser, remove suspicious extensions, switch to local AI, and paid, verified VPNs.
• 🛡️ Privacy in 2025 requires active measures: data minimization, caution, and the use of reliable tools.

💭 I think:

That in a world where AI is becoming increasingly powerful, our privacy is becoming more fragile. Trust only verified services, always check what you install, and remember: the best protection is your own vigilance.

This article was prepared by the founder and leader of a company with 8 years of experience in web development — Vadym Kharovyuk.