Yeah IT pros and tech aware "power" users can always take these measures but the very availability of poor or maliciously coded extensions and apps in popular app stores makes it a problem considering normies will get swayed by the swanky features the software promises and will click past all misgivings and warnings. Social engineering attacks are impossible to prevent using technical means alone. Either a critical mass of ordinary people need to become more safety/privacy conscious or general purpose computing devices will become more & more niche as the very industry which creates these problems in the first place by poor review will also sell the solution of universal thin-clients and locked down devices, of course with the very happy cooperation of govts everywhere.

> I stick to extensions that Mozilla has manually vetted as part of the Firefox recommended extensions program.

If you're feeling extra-paranoid, the XPI file can be unpacked (ZIP) and to check over the code for anything suspicious or unreasonably-complex, particularly if the browser-extension is supposed to be something simple like "move the up/down vote arrows further apart on HN". :P

While that doesn't solve the overall ecosystem issue, every little bit helps. You'll know it's time to run away if extensions become closed-source blobs.

The problem is most codebase are huge - millions of lines when you include all the libraries etc.

Often they're compiled with typescript etc making manual review almost impossible.

And if you demand the developer send in the raw uncompiled stuff you have the difficulty of Google/Mozilla having to figure out how to compile an arbitrary project which could use custom compilers or compilation steps.

Remember that someone malicious wont hide their malicious code in main.ts... it's gonna be deep inside a chain of libraries (which they might control too, or might have vendored).

Funny enough the article mentions this extension was manially reviewed: > A "Featured" badge from Google, meaning it had passed manual review and met what Google describes as "a high standard of user experience and design."

The question is, does Mozilla rigorously review every single update of every featured extension? Or did they just vet it once, and a malicious developer may now introduce data collection or similar "features" though a minor update of the extension and keep enjoying the "recommended" badge by Mozilla?

> I know that Google hates to pay human beings, but this is an area that needs human eyes on code, not automated scans.

I think we need both human review and for somebody to create an antivirus engine for code that's on par with the heuristics of good AV programs.

You could probably do even better than that since you could actually execute the code, whole or piecewise, with debugging, tracing, coverage testing, fuzzing and so on.

The article states that Google has done the same for this extension as part of providing its "Featured" badge.

The same applies to code editor extensions!

> They look really legitimate on the outside

If that looks use-italics "really legitimate" to you, then you might be easily scammed. I'm not saying they're not legitimate, but nothing that you shared is a strong signal of legitimacy.

It would take a perhaps a few hundred dollars a month to maintain a business that looked exactly like this, and maybe a couple thousand to buy one that somebody else had aged ahead of time. You wouldn't have to have any actual operations. Just continuously filed corporate papers, a simple brochure website, and a couple virtual office accounts in places so dense that people don't know the virtual address sites by heart.

Old advice, but be careful believing what you encounter on the internet!

https://www.manhattanvirtualoffice.com/

The NY address is a virtual office.

https://themillspace.com/wilmington/

The DE address is a virtual office plus coworking facility.

> Urban VPN is operated by Urban Cyber Security Inc., which is affiliated with BiScience (B.I Science (2009) Ltd.), a data broker company.

> This company has been on researchers' radar before. Security researchers Wladimir Palant and John Tuckner at Secure Annex have previously documented BiScience's data collection practices. Their research established that:

> BiScience collects clickstream data (browsing history) from millions of users Data is tied to persistent device identifiers, enabling re-identification The company provides an SDK to third-party extension developers to collect and sell user data

> BiScience sells this data through products like AdClarity and Clickstream OS

> The identical AI harvesting functionality appears in seven other extensions from the same publisher, across both Chrome and Edge:

Hmm.

> They look really legitimate on the outside

Hmm, what, no.

We have a data collection company, thriving financially on lack of privacy protections, indiscriminant collection and collating of data, connected to eight data siphoning "Violate Privacy Network" apps.

And those apps are free... Which is seriously default sketchy if you can't otherwise identify some obviously noble incentives to offer free services/candy to strangers.

Once is happenstance, twice is coincidence, three (or eight) times is enemy action.

The only thing that could possibly make this look any worse is discovering a connection to Facebook.

You can get a mailing address and phone number for like $15/mo. You can incorporate a US business for only a couple hundred dollars.

Is the agent address real?

1000 N. WEST ST. STE. 1501, WILMINGTON, New Castle, DE, 19801

It almost matches this law firms address but not quite.

https://www.skjlaw.com/contact-us/

Brandywine Building 1000 N. West Street, Suite 1501 Wilmington DE 19801

> Urban VPN is operated by Urban Cyber Security Inc., which is affiliated with BiScience (B.I Science (2009) Ltd.), a data broker company.

BiScience is an Israeli company.

Being a real business doesn't necessarily mean they can be trusted. Real companies do shady stuff all the time.

Judging from their website, all links eventually point to either the VPN extension download website, or a signup link. I'm not surprised if some nation state supported APT is behind this shit.

If Google would care at all for their users, they'd tell WhatsApp to not require the use of the Contacts permission only to add names to numbers when you don't share the Contacts with the App.

Or they'd tell WhatsApp to allow granting microphone permissions for one single call, instead of requesting permanent microphone permissions. All apps that I know of respect the flow of "Ask every time", all but Meta's app.

Google just doesn't care.

I think what's going on there is that "While using" includes when a navigation app is running in the background, which is visible to the user (via e.g. a blue status bar pill). "Always" allows access even when it's not clear to the user that an app is running.

The developer documentation is actually pretty clear about this: https://developer.apple.com/documentation/bundleresources/ch...

This might be a case of app permissions just being poorly delineated. E.g. I've seen Android apps require "location data" access just because they want to connect over bluetooth or manage WiFi or something (not entirely sure which one it was specifically) because that is actually the same permission and the wording in the permission modal is misleading.

A big problem is also that you can pretty much only grant permission for one specific site or all sites and this very much depends on which of those two options the extension uses.

For example there's no need for the "inject custom JS or CSS into websites" extensions to need permission to read and write data on every single website you visit. If you only want to use them to make a few specific sites more accessible to you that doesn't mean you're okay with them touching your online banking. Especially when most of these already let you define specific URLs or patterns each rule/script should apply to.

I understand that there are still vectors for data exfiltration when the same extension has permissions on two different sites and that "code injection as a service" is inherently risky (although cross-origin policies can already lock this down somewhat) but in 2025 I'd hope we could have a more granular permission model for browser extensions that actually supports sandboxing.

People used to cast lots to make major life decisions.

Putting a token predictor in the mix — especially one incapable of any actual understanding — seems like a natural evolution.

Absolved of burden of navigating our noisy, incomplete and dissonant thoughts, we can surrender ourselves to the oracle and just obey.

If this is surprising to you then your circle is fairly unusual.

For example HBR recently reported the number 1 use for ChatGPT is "Therapy/companionship"

https://archive.is/Y76c5

Some people are incapable of internal thought. They have to verbalise/write down their thoughts, so they can hear/read it back, and that's how they make progress. In a way, these people's brain do work like LLMs.

Delegating life decisions to AI is obviously quite stupid but it can really help lay out and question your thoughts even if it's obviously biased.

A certain type of person loves nothing more than to spill their guts to anyone who will listen. They don’t see their conversational partners as other equally aware entities—they are just a sounding board for whatever is in this person's head. So LLMs are incredibly appealing to these folks. LLMs never get tired or zone out or make snarky responses. Add in chatbots’ obsequious enabling, and these folks are instantly hooked.

ISPs are so heavily regulated that the will give any federal or government agency free access to future and past internet connection information that are directly tied to your real identity.

Meanwhile reputable VPN provider like mullvad offer there service without KYC and leave feds empty handed when they knock on there doors.

https://mullvad.net/en/blog/mullvad-vpn-was-subject-to-a-sea...

For the same reason you trust your ISP? It handles all your internet traffic; and depending on where you live, probably has government-mandated back doors, or is willing to cooperate with arbitrary requests from law-enforcement agencies.

That's why TLS exists, after all. All Internet traffic is wiretapped.

A lot of people from poor countries where they can't access a lot of websites/services and also can't pay for a VPN use these "free" VPNs

but other than that I would never trust anything other than Mullvad/IVPN/ProtonVPN

The use case is people that are urged to view something that is blocked (torrent / adult / gambling). They want it now, and they don't want to get involved with some shady company that slaps on a 2 year contract and keeps extending indefinitely. These people instead find "free vpn" in the web store and decide to give it a try.

VPNs are just one example. How many chrome extensions do you have that you don't use all the time, like adblockers, cookie consent form handlers or dark mode?

Yeah free VPN is totally a problem, but there's TLS so at least those users aren't getting their bank account information stolen.

I’m not sure there’s much more juice to squeeze here via automated or semi-automated means. They could perhaps be doing these kind of human-in-the-loop reviews themselves for all extensions that hit a certain install count, but that’s not a popular technique at Google.

Do you think Google wants to have the extensions system, given that this is how people block ads?

Google is doing code review on extensions?

Is this even a problem that code review could find? Once they have your conversation data what happens then isn't part of the plug-in.

Its the reason why they found it because the code was in extension. Before manifest v3, extensions could just load external scripts and there's no way you could tell what they were actually doing.

Let me ask you this way: How do you think they make money?

This was a nearly poetic way to put it. Thank you for ascribing words to a problem that equally frustrates me.

I spend a lot of time trying to think of concrete ways to improve the situation, and would love to hear people's ideas. Instinctively I tend to agree it largely comes down to treating your users like human beings.

And still, there is plenty of software that you can't run on anything but Windows. That's a major blocker at this point and projects like 'mono' and 'wine', while extremely impressive, are still not good enough to run that same software on Linux.

I would figure state actors don’t need to go through the trouble of a browser extension. But, yeah.

Download Valley strikes again!

Pretty easy to match up those logs with browser fingerprinting to identify the actual user. Then you have "do you want to purchase what Mr. Foo Bar is prompting the LLM?"

Not just advertising but market research. Loads of people want to know exactly what type of questions ppl are asking these chat bots

It would have been no less suprising to me had it been a US company but it certainly fits the cultural stereotype of callousness that particular country has been openly displaying in recent years.

And what are the odds that mossad are getting access to this data?

They are not. They found it by searching for extensions that had the capability to exfiltrate data.

> We asked Wings, our agentic-AI risk engine, to scan for browser extensions with the capability to read and exfiltrate conversations from AI chat platforms.

Thanks, the last fetched page on archive.org is from 2025-01-26 [1], removed after this date and before 2025-02-13. 155,477 users at the moment, 1 star reviews were mostly about not working. It's interesting that the developers didn't care to remove the button directing to the ff add-on page at least several months after the removal. Maybe was some kind of PR compromise, they probably thought that listing it with linking to a broken page was better than not listing at all.

A review page [2] mentions that this add-on is a peer-to-peer vpn, not having its own dedicated servers that already makes it suspicious.

[1] https://web.archive.org/web/20250126133131/https://addons.mo...

[2] https://www.vpnmentor.com/reviews/urban-vpn/

I doubt its the actual conversations but the aggregated insights that are valuable.

Think: is my brand getting mentioned more in AI chats? Are people associating positive or negative feelings towards it? Are more people asking about this topic lately?

Let's assume that people are discussing medical conditions in these conversations - I think that insurance companies would be pretty interested to get this kind of data in their hands.

I think this is most likely what happened. The update/review process for extensions is broken. Apparently you can add any malicious functionality after you’re in and also keep any badges and recommendations.

>What is their business model anyway?

They take a 5.5% fee whenever you buy credits. There's also a discount for opting-in to share your prompts for training.

Note that in the profile of a model in Openrouter, under Data Policy, there is a statement as "Prompt Training". Some of model will clearly stated that prompt training is true, even for paid models.

Probably not. All side effects need to go through the js side. So you can alway see where http calls are made

ublock requires access to all sites and data. Maybe they are trustworthy but who really knows?

Which "AI" has a native app?

Or you mean the web sites packed with a copy of chromium?

Correct. The article is about Chrome and MS Edge browser extensions.

> Exactly the kind of tool someone installs when they want to protect themselves online.

No. When you want to increase your security, you install fewer tools.

Each tool increases your exposure. Why is the security industry full of people who don't get this?

I prefer WG-Easy (https://github.com/wg-easy/wg-easy), which uses a Docker container, not ansible.

The only extensions I have installed are dark reader and ublock origin. Would be nice if I could disable auto updating for them somehow and run local pinned versions...

Same here, uBlock Origin and EFF's Privacy Badger are the only extensions I trust enough to install.

I imagine this would be a great use case for AI helping out?

Can we please, please stop using this absolutely deprecated proverb? As shown in YouTube lite, Samsung fridges with ads, cars with telemetry etc. etc. even if you paid, you are still subject to manipulation, spyware, ads and telemetry. It has absolutely nothing to do with payment.

4*

2*

What sort of argument is that? Just because I need to eat (also let's be real the developers/owners behind this app are not struggling to get food on the table), does excuse me doing unethical/illegal things (and this behaviour is almost certainly illegal in the EU at least).

There is a “contradictions” section that clearly explains why this is a scam of the highest order.

There are honest ways to make a living. In this case honest is “being transparent” about the way data is handled instead of using newspeak.

The guy that holds up people for money in the alley is a human too, people forget, and needs to pay for food and a place to live. Of course they do too.