You know that generative AI browser assistant extension is probably beaming everything to the cloud, right?

You know that generative AI browser assistant extension is probably beaming everything to the cloud, right?

  • 25.03.2025 08:41
  • theregister.com
  • Keywords: Data Harvesting, Privacy Issues

Researchers warn that generative AI browser extensions harvest personal data with minimal privacy protections, potentially violating laws by collecting sensitive information. A study analyzed ten Chrome extensions, finding they often send user data to remote servers, raising privacy concerns.

Alphabet ServicesMSFTsentiment_neutralSIDsentiment_dissatisfied
open_in_newOriginal article

Estimated market influence

University of California, Davis

Negativesentiment_dissatisfied
Analyst rating: N/A

Contributed to the study highlighting privacy issues with AI browser extensions.

Google

Neutralsentiment_neutral
Analyst rating: N/A

Mentioned as a company whose name is used by some extensions but not affiliated with them.

Microsoft

Microsoft

Neutralsentiment_neutral
Analyst rating: Strong buy

Mentioned as a company whose name is used by some extensions but not affiliated with them.

OpenAI

Neutralsentiment_neutral
Analyst rating: N/A

Mentioned as a company whose name is used by some extensions but not affiliated with them.

Harpa AI

Negativesentiment_dissatisfied
Analyst rating: N/A

Found to collect sensitive data including health records and student information, violating privacy commitments.

Perplexity

Positivesentiment_satisfied
Analyst rating: N/A

Rated as the most privacy-friendly extension in the study.

Sider

Sider

Negativesentiment_dissatisfied
Analyst rating: N/A

Collected full webpage content including sensitive information.

Monica

Negativesentiment_dissatisfied
Analyst rating: N/A

Collected textual data in plain text, potentially exposing sensitive information.

ChatGPT for Google

Neutralsentiment_neutral
Analyst rating: N/A

Mentioned as an extension but not affiliated with Google.

Merlin

Negativesentiment_dissatisfied
Analyst rating: N/A

Collected full webpage content including sensitive information.

MaxAI

Negativesentiment_dissatisfied
Analyst rating: N/A

Shared page locations and referrers with third-party trackers.

Wiseone

Neutralsentiment_neutral
Analyst rating: N/A

Mentioned as an extension but not affiliated with Google.

TinaMind

Negativesentiment_dissatisfied
Analyst rating: N/A

Collected data from webpages, though specifics were not detailed.

Copilot

Negativesentiment_dissatisfied
Analyst rating: N/A

Found to collect full DOMs of user-visited pages.

Context

Analysis of Generative AI Browser Extensions: Privacy Risks and Market Implications

Key Findings from the Study

  • Researchers: A team from UC Davis, Mediterranea University, UCL, and Universidad Carlos III de Madrid conducted the study.
  • Extensions Tested: 10 Chrome extensions including Sider, Monica, ChatGPT for Google, Merlin, MaxAI, Perplexity, HARPA, Wiseone, TinaMind, and Copilot.

Privacy Concerns

  • Data Collection: Extensions harvest sensitive data such as health records, student information, and form inputs (e.g., social security numbers).
  • Third-party Sharing: Some extensions share data with third-party trackers like Google Analytics.
  • Misrepresentation: Despite claims of privacy protection, many extensions fail to uphold their commitments. For example:
    • Harpa: Claims no data collection but sends health records and personal messages to third parties.
    • Merlin: Collects web form contents from financial sites.

Technical Insights

  • Server-side Processing: 90% of extensions use remote APIs, exposing user data to external servers.
  • Data Scope: Extensions collect varying levels of data:
    • Harpa & MaxAI: Share full webpage content and DOM structures.
    • Perplexity: Most privacy-friendly.

Market and Competitive Dynamics

  • Consumer Trust: Privacy risks could lead users to avoid extensions or seek alternatives like local AI models (e.g., Llama-3).
  • Regulatory Pressure: Researchers recommend stricter vetting by Chrome Web Store and regulatory frameworks for generative AI tools.
  • Competitive Edge: Extensions with better privacy practices (e.g., Perplexity) may gain market advantage.

Strategic Considerations

  • Developer Responsibility: Extension developers must improve data handling to avoid losing users concerned about privacy.
  • Regulatory Compliance: Potential future regulations could mandate privacy-by-design principles for AI tools and browser extensions.

Long-term Effects

  • Shift in User Behavior: Increased awareness may lead to preference for privacy-focused tools.
  • Market Shift: Businesses may adopt local AI solutions or alternatives with stronger privacy controls.
  • Industry Impact: The findings could influence future development of AI tools, emphasizing the need for transparency and data protection.

Conclusion

The study underscores significant privacy risks associated with generative AI browser extensions. Addressing these issues through improved practices, regulatory oversight, and user education is critical to maintaining trust and ensuring responsible innovation in AI.