Yeah IT pros and tech aware "power" users can always take these measures but the very availability of poor or maliciously coded extensions and apps in popular app stores makes it a problem considering normies will get swayed by the swanky features the software promises and will click past all misgivings and warnings. Social engineering attacks are impossible to prevent using technical means alone. Either a critical mass of ordinary people need to become more safety/privacy conscious or general purpose computing devices will become more & more niche as the very industry which creates these problems in the first place by poor review will also sell the solution of universal thin-clients and locked down devices, of course with the very happy cooperation of govts everywhere.

> I stick to extensions that Mozilla has manually vetted as part of the Firefox recommended extensions program.

If you're feeling extra-paranoid, the XPI file can be unpacked (ZIP) and to check over the code for anything suspicious or unreasonably-complex, particularly if the browser-extension is supposed to be something simple like "move the up/down vote arrows further apart on HN". :P

While that doesn't solve the overall ecosystem issue, every little bit helps. You'll know it's time to run away if extensions become closed-source blobs.

The problem is most codebase are huge - millions of lines when you include all the libraries etc.

Often they're compiled with typescript etc making manual review almost impossible.

And if you demand the developer send in the raw uncompiled stuff you have the difficulty of Google/Mozilla having to figure out how to compile an arbitrary project which could use custom compilers or compilation steps.

Remember that someone malicious wont hide their malicious code in main.ts... it's gonna be deep inside a chain of libraries (which they might control too, or might have vendored).

The question is, does Mozilla rigorously review every single update of every featured extension? Or did they just vet it once, and a malicious developer may now introduce data collection or similar "features" though a minor update of the extension and keep enjoying the "recommended" badge by Mozilla?

Funny enough the article mentions this extension was manially reviewed: > A "Featured" badge from Google, meaning it had passed manual review and met what Google describes as "a high standard of user experience and design."

> I know that Google hates to pay human beings, but this is an area that needs human eyes on code, not automated scans.

I think we need both human review and for somebody to create an antivirus engine for code that's on par with the heuristics of good AV programs.

You could probably do even better than that since you could actually execute the code, whole or piecewise, with debugging, tracing, coverage testing, fuzzing and so on.

The article says the extension has been "manually reviewed" by Google.

The article states that Google has done the same for this extension as part of providing its "Featured" badge.

The same applies to code editor extensions!

> They look really legitimate on the outside

If that looks use-italics "really legitimate" to you, then you might be easily scammed. I'm not saying they're not legitimate, but nothing that you shared is a strong signal of legitimacy.

It would take a perhaps a few hundred dollars a month to maintain a business that looked exactly like this, and maybe a couple thousand to buy one that somebody else had aged ahead of time. You wouldn't have to have any actual operations. Just continuously filed corporate papers, a simple brochure website, and a couple virtual office accounts in places so dense that people don't know the virtual address sites by heart.

Old advice, but be careful believing what you encounter on the internet!

https://www.manhattanvirtualoffice.com/

The NY address is a virtual office.

https://themillspace.com/wilmington/

The DE address is a virtual office plus coworking facility.

> Urban VPN is operated by Urban Cyber Security Inc., which is affiliated with BiScience (B.I Science (2009) Ltd.), a data broker company.

> This company has been on researchers' radar before. Security researchers Wladimir Palant and John Tuckner at Secure Annex have previously documented BiScience's data collection practices. Their research established that:

> BiScience collects clickstream data (browsing history) from millions of users Data is tied to persistent device identifiers, enabling re-identification The company provides an SDK to third-party extension developers to collect and sell user data

> BiScience sells this data through products like AdClarity and Clickstream OS

> The identical AI harvesting functionality appears in seven other extensions from the same publisher, across both Chrome and Edge:

Hmm.

> They look really legitimate on the outside

Hmm, what, no.

We have a data collection company, thriving financially on lack of privacy protections, indiscriminant collection and collating of data, connected to eight data siphoning "Violate Privacy Network" apps.

And those apps are free... Which is seriously default sketchy if you can't otherwise identify some obviously noble incentives to offer free services/candy to strangers.

Once is happenstance, twice is coincidence, three (or eight) times is enemy action.

The only thing that could possibly make this look any worse is discovering a connection to Facebook.

You can get a mailing address and phone number for like $15/mo. You can incorporate a US business for only a couple hundred dollars.

Is the agent address real?

1000 N. WEST ST. STE. 1501, WILMINGTON, New Castle, DE, 19801

It almost matches this law firms address but not quite.

https://www.skjlaw.com/contact-us/

Brandywine Building 1000 N. West Street, Suite 1501 Wilmington DE 19801

Being a real business doesn't necessarily mean they can be trusted. Real companies do shady stuff all the time.

> Urban VPN is operated by Urban Cyber Security Inc., which is affiliated with BiScience (B.I Science (2009) Ltd.), a data broker company.

BiScience is an Israeli company.

Judging from their website, all links eventually point to either the VPN extension download website, or a signup link. I'm not surprised if some nation state supported APT is behind this shit.

If Google would care at all for their users, they'd tell WhatsApp to not require the use of the Contacts permission only to add names to numbers when you don't share the Contacts with the App.

Or they'd tell WhatsApp to allow granting microphone permissions for one single call, instead of requesting permanent microphone permissions. All apps that I know of respect the flow of "Ask every time", all but Meta's app.

Google just doesn't care.

I think what's going on there is that "While using" includes when a navigation app is running in the background, which is visible to the user (via e.g. a blue status bar pill). "Always" allows access even when it's not clear to the user that an app is running.

The developer documentation is actually pretty clear about this: https://developer.apple.com/documentation/bundleresources/ch...

This might be a case of app permissions just being poorly delineated. E.g. I've seen Android apps require "location data" access just because they want to connect over bluetooth or manage WiFi or something (not entirely sure which one it was specifically) because that is actually the same permission and the wording in the permission modal is misleading.

A big problem is also that you can pretty much only grant permission for one specific site or all sites and this very much depends on which of those two options the extension uses.

For example there's no need for the "inject custom JS or CSS into websites" extensions to need permission to read and write data on every single website you visit. If you only want to use them to make a few specific sites more accessible to you that doesn't mean you're okay with them touching your online banking. Especially when most of these already let you define specific URLs or patterns each rule/script should apply to.

I understand that there are still vectors for data exfiltration when the same extension has permissions on two different sites and that "code injection as a service" is inherently risky (although cross-origin policies can already lock this down somewhat) but in 2025 I'd hope we could have a more granular permission model for browser extensions that actually supports sandboxing.

People used to cast lots to make major life decisions.

Putting a token predictor in the mix — especially one incapable of any actual understanding — seems like a natural evolution.

Absolved of burden of navigating our noisy, incomplete and dissonant thoughts, we can surrender ourselves to the oracle and just obey.

It does strike me as pretty crazy, but I'm at the other end of the spectrum, I almost never think about using an AI for anything. I've tried Claude I think, twice (it wasn't very helpful). The only other AI I've ever used are the "AI summaries" that Duck Duck Go sometimes shows at the top of its search results.

Some people are incapable of internal thought. They have to verbalise/write down their thoughts, so they can hear/read it back, and that's how they make progress. In a way, these people's brain do work like LLMs.

If this is surprising to you then your circle is fairly unusual.

For example HBR recently reported the number 1 use for ChatGPT is "Therapy/companionship"

https://archive.is/Y76c5

Delegating life decisions to AI is obviously quite stupid but it can really help lay out and question your thoughts even if it's obviously biased.

I constantly use AI like this. For life decisions, for complicated logistics situations, for technical decisions and architectures, etc. I'm not having it make any decisions for me, I'm just talking through things with another entity who has a vast breadth of knowledge, and will almost always suggest a different angle or approach that I hadn't considered.

Here's an example of the kinds of things I've talked with ChatGPT about in the last few weeks:

- I'm moving to a new area and I share custody of my daughter, so this adds a lot of complications around logistics. Talked through all that.

- Had it research niche podcasts and youtube channels for advertising / sponsorship opportunities for my SaaS

- Talked through a really complex architecture decision that's a mix of technical info and big tradeoffs for cost and customer experience.

- Did some research and talked through options for buying two new vehicles for the upcoming move, and what kinds work best for use cases (which are complex)

- Lots and lots of discussions around complex tax planning for 2026 and beyond

Again, these models have vast knowledge, as well as access to search and other tools to gather up-to-date info and sift through it far faster than I can. Why wouldn't I talk through these things with them? In my experience, with a little guardrails ("double check this" or "search and verify that X..."), I'm finding it more trustworthy than most experts in those fields. For example, I've gotten all kinds of incorrect tax advice from CPAs. Sometimes ChatGPT is out of date, but it's generally pretty accurate around taxes ime, especially if I have it search to verify things.

A certain type of person loves nothing more than to spill their guts to anyone who will listen. They don’t see their conversational partners as other equally aware entities—they are just a sounding board for whatever is in this person's head. So LLMs are incredibly appealing to these folks. LLMs never get tired or zone out or make snarky responses. Add in chatbots’ obsequious enabling, and these folks are instantly hooked.

ISPs are so heavily regulated that the will give any federal or government agency free access to future and past internet connection information that are directly tied to your real identity.

Meanwhile reputable VPN provider like mullvad offer there service without KYC and leave feds empty handed when they knock on there doors.

https://mullvad.net/en/blog/mullvad-vpn-was-subject-to-a-sea...

For the same reason you trust your ISP? It handles all your internet traffic; and depending on where you live, probably has government-mandated back doors, or is willing to cooperate with arbitrary requests from law-enforcement agencies.

That's why TLS exists, after all. All Internet traffic is wiretapped.

A lot of people from poor countries where they can't access a lot of websites/services and also can't pay for a VPN use these "free" VPNs

but other than that I would never trust anything other than Mullvad/IVPN/ProtonVPN

The use case is people that are urged to view something that is blocked (torrent / adult / gambling). They want it now, and they don't want to get involved with some shady company that slaps on a 2 year contract and keeps extending indefinitely. These people instead find "free vpn" in the web store and decide to give it a try.

VPNs are just one example. How many chrome extensions do you have that you don't use all the time, like adblockers, cookie consent form handlers or dark mode?

Yeah free VPN is totally a problem, but there's TLS so at least those users aren't getting their bank account information stolen.

I don't understand how code review would catch this. The extension advertises itself as an AI protection tool, that monitors your AI interactions. The code is basically consistent with the stated purpose. That it doesn't stop collecting data when you turn of the UI alerting is perhaps an inconsistency, but I think that's debatable (is there a rule in google's terms that says data collection is contingent on UI alerts being enabled?). I'm curious what workflow or decision tree you'd expect a code review process to follow here that results in this being rejected? The problem here doesn't seem like code related, it's policy related, as in, what are they doing with the information, not that the extension has code to collect it.

I’m not sure there’s much more juice to squeeze here via automated or semi-automated means. They could perhaps be doing these kind of human-in-the-loop reviews themselves for all extensions that hit a certain install count, but that’s not a popular technique at Google.

Do you think Google wants to have the extensions system, given that this is how people block ads?

Google is doing code review on extensions?

Is this even a problem that code review could find? Once they have your conversation data what happens then isn't part of the plug-in.

Its the reason why they found it because the code was in extension. Before manifest v3, extensions could just load external scripts and there's no way you could tell what they were actually doing.

Let me ask you this way: How do you think they make money?

Pretty easy to match up those logs with browser fingerprinting to identify the actual user. Then you have "do you want to purchase what Mr. Foo Bar is prompting the LLM?"

Not just advertising but market research. Loads of people want to know exactly what type of questions ppl are asking these chat bots

This was a nearly poetic way to put it. Thank you for ascribing words to a problem that equally frustrates me.

I spend a lot of time trying to think of concrete ways to improve the situation, and would love to hear people's ideas. Instinctively I tend to agree it largely comes down to treating your users like human beings.

And still, there is plenty of software that you can't run on anything but Windows. That's a major blocker at this point and projects like 'mono' and 'wine', while extremely impressive, are still not good enough to run that same software on Linux.

I would figure state actors don’t need to go through the trouble of a browser extension. But, yeah.

Download Valley strikes again!

Well, you’d be surprised to discover that Koi is also an Israeli company, and they were the ones who even discovered this

https://www.calcalistech.com/ctechnews/article/syoe1xjslx

It would have been no less suprising to me had it been a US company but it certainly fits the cultural stereotype of callousness that particular country has been openly displaying in recent years.

And what are the odds that mossad are getting access to this data?

Because VPNs are exclusively and heavily marketed and sold as magical turnkey solutions to privacy, encryption, hair loss, and more!

I think this is most likely what happened. The update/review process for extensions is broken. Apparently you can add any malicious functionality after you’re in and also keep any badges and recommendations.

Thanks, the last fetched page on archive.org is from 2025-01-26 [1], removed after this date and before 2025-02-13. 155,477 users at the moment, 1 star reviews were mostly about not working. It's interesting that the developers didn't care to remove the button directing to the ff add-on page at least several months after the removal. Maybe was some kind of PR compromise, they probably thought that listing it with linking to a broken page was better than not listing at all.

A review page [2] mentions that this add-on is a peer-to-peer vpn, not having its own dedicated servers that already makes it suspicious.

[1] https://web.archive.org/web/20250126133131/https://addons.mo...

[2] https://www.vpnmentor.com/reviews/urban-vpn/

Probably not. All side effects need to go through the js side. So you can alway see where http calls are made

They are not. They found it by searching for extensions that had the capability to exfiltrate data.

> We asked Wings, our agentic-AI risk engine, to scan for browser extensions with the capability to read and exfiltrate conversations from AI chat platforms.

ublock requires access to all sites and data. Maybe they are trustworthy but who really knows?

I doubt its the actual conversations but the aggregated insights that are valuable.

Think: is my brand getting mentioned more in AI chats? Are people associating positive or negative feelings towards it? Are more people asking about this topic lately?

Let's assume that people are discussing medical conditions in these conversations - I think that insurance companies would be pretty interested to get this kind of data in their hands.

Note that in the profile of a model in Openrouter, under Data Policy, there is a statement as "Prompt Training". Some of model will clearly stated that prompt training is true, even for paid models.

>What is their business model anyway?

They take a 5.5% fee whenever you buy credits. There's also a discount for opting-in to share your prompts for training.

Which "AI" has a native app?

Or you mean the web sites packed with a copy of chromium?

Correct. The article is about Chrome and MS Edge browser extensions.

> Exactly the kind of tool someone installs when they want to protect themselves online.

No. When you want to increase your security, you install fewer tools.

Each tool increases your exposure. Why is the security industry full of people who don't get this?

I prefer WG-Easy (https://github.com/wg-easy/wg-easy), which uses a Docker container, not ansible.

The only extensions I have installed are dark reader and ublock origin. Would be nice if I could disable auto updating for them somehow and run local pinned versions...

Same here, uBlock Origin and EFF's Privacy Badger are the only extensions I trust enough to install.

I imagine this would be a great use case for AI helping out?

Can we please, please stop using this absolutely deprecated proverb? As shown in YouTube lite, Samsung fridges with ads, cars with telemetry etc. etc. even if you paid, you are still subject to manipulation, spyware, ads and telemetry. It has absolutely nothing to do with payment.

They're probably only incorporated in the US, so it's meaningless. If they plan to establish a corp in the EU they'll just put it in Ireland and bribe Ireland like all of US big tech does. This is a solved thing.

4*

2*

What sort of argument is that? Just because I need to eat (also let's be real the developers/owners behind this app are not struggling to get food on the table), does excuse me doing unethical/illegal things (and this behaviour is almost certainly illegal in the EU at least).

There is a “contradictions” section that clearly explains why this is a scam of the highest order.

There are honest ways to make a living. In this case honest is “being transparent” about the way data is handled instead of using newspeak.

The guy that holds up people for money in the alley is a human too, people forget, and needs to pay for food and a place to live. Of course they do too.