You must log in or register to comment.
I downloaded the Urban VPN Proxy chrome extension using https://robwu.nl/crxviewer/ and grepped the source code.
At no point is window.fetch reassigned with their own function. There is no “window.fetch” anywhere in their code.
Also the variables
sendClaudeMesages, etc in their first screenshot only appear there and are not used anywhere else in the code. Whatever those config variables are for, they don’t do anything.The rest of their code screenshots are legit (notice the legit ones have a smaller font?) but without window.fetch the whole thing can’t do what they say it does.
Moreover, large chunks of that article is written with a LLM (it’s koi.ai so I shouldn’t be surprised) and ends with a pitch for their services.
This doesn’t look right.
When a company writes a blog post, 95% of the time it’s intended to juice their SEO rankings, rage-bait to go viral and boost their social media profile, or an ad disguised as an article. Be very skeptical of company blogs.
Obviously tho, any free VPN is going to monitor your traffic and sell your data, don’t use them. I’m sure Urban VPN is sketchy as hell the point is koi.ai is trying to make money by polluting our information space.
A security researcher had been using online AI as a personal planner and therapist for months before thinking, " Hey maybe my data isn’t private?"
Wtf?
Koi, an AI company with ties to industry titans like OpenAI, complains extensions scrape your AI data: “How dare you swipe when I have rightfully stolen?”
This is an interesting, technically sound and chilling read. I haven’t verified the claims made in the article, but I would in no way be surprised to find that data brokers create browser extensions that exfiltrate specifically conversations with chatbotsb like Gemini, chatgpt etc.
A few weeks ago, I was wrestling with a major life decision. Like I’ve grown used to doing, I opened Claude and started thinking out loud-laying out the options, weighing the tradeoffs, asking for perspective.
Perhaps they should have used a local LLM, or at least a no-log API + UI, instead of freakin Claude!?
They didn’t use Claude, this whole article is fake.
Privaxy extensions that exfil user data are not privacy extensions. Urban VPN Proxy and other Urban extensions can go diaf. Saved you a read.
