Category: Security & Privacy

Featured Chrome extension with millions of users caught harvesting AI interactions

Posted on by Martin Brinkmann

Several Chrome and Microsoft Edge extensions, designed to protect users online, were discovered to include AI harvesting code that captured, among other things, every AI prompt and response made in the browser it was installed in.

This is the second major discovery by security researchers at KOI. In July, the company discovered 18 malicious Chrome extensions with millions of installations that ran malicious tasks in the background.

Security researchers at KOI discovered Urban VPN Proxy by chance. The Chrome extension had over 6 million users, a 4.7 star rating at the Chrome web store, and a featured badge by Google.

Featured meant that Google reviewed the extension manually to ensure that it follows “technical best practices” and meets “a high standard of user experience and design”.

The makers of the extension, which was also installed by over 1.3 million Microsoft Edge users via Microsoft’s own extensions store, promised unhindered access to any website and the unblocking of content.

According to KOI, the extension did not always have AI harvesting functionality baked into it. This started on July 9, 2025 with the release of version 5.5.0. It shipped with AI harvesting enabled by default.

This meant that AI interactions of any user who updated the extension to the new version or installed it anew were collected.

KOI says the following gets captured:

  • Every prompt you send to the AI
  • Every response you receive
  • Conversation identifiers and timestamps
  • Session metadata
  • The specific AI platform and model used

The extension supports ten major AI platforms, including ChatGPT, Gemini, Claude, Microsoft Copilot, Grok, Meta AI, Perplexity, and DeepSeek, according to KOI.

It injects scripts into the AI platform’s website whenever a supported site is loaded in the browser. From there, it manipulates browser functions to route all network requests through itself. These requests get parsed and then exfiltrated by a background service worker.

A quick search for extensions that use the same code revealed three additional extensions, available on both the Chrome and the Microsoft Edge web store.

These are 1ClickVPNProxy, Urban Browser Guard, and Urban Ad Blocker. All eight extensions have an accumulated user count of over 8 million.

How could this have been prevented?

Unlike Mozilla, which reviews the updates of featured extensions for Firefox as well, neither Google nor Microsoft seem to do that. This is a loophole that gets exploited over and over again: create or buy a harmless extension that is useful, get the feature badge by passing the manual review, and release an update with malware code later on, as (some?) updates seem to be accepted automatically.

So, if you use extensions, Firefox is the safer bet, but only for featured extensions. This has downsides of its own, including that it takes longer before updates become available.

Mozilla reassures Firefox users that AI will be completely optional and include a kill-switch feature

Posted on by Martin Brinkmann

Many makers of web browsers are evolving the browsers that they develop into AI-based browsers. How and to what degree depends much on the company or organization that is involved. From integrating options to chat with AI and basic AI features, such as getting a summary of a webpage, to agentic browsers, like Perplexity, that are designed to act on the user’s behalf.

Mozilla’s new CEO Anthony Enzor-DeMeo published his vision for the organization and its main software, Firefox, about a week ago. While much of what Enzor-DeMeo wrote resonated well with large parts of the community — turning Mozilla into the most trusted software company — it was a single pargraph that stood out and incurred the ire of parts of the community.

Firefox will grow from a browser into a broader ecosystem of trusted software. Firefox will remain our anchor. It will evolve into a modern AI browser and support a portfolio of new and trusted software additions.

While Enzor-DeMeo did state that “AI should always be a choice” and that it should be something that “people can easily turn off”, Firefox users expressed their concern over the AI-focus that the new Mozilla head described in the post.

The official Firefox for Web Developers account on Mastadon published several clarifications to address user concerns. The posts are attributed to Jake Archibald, who is Mozilla’s Web Developer Relations lead.

The main takeaways are the following two statements regarding AI:

  • All Firefox AI features will be opt-in.
  • Firefox will get a “kill-switch” for all AI features, which disables them completely.

Mozilla would introduce AI features in Firefox in a way that I would like all browsers to follow: make them opt-in, instead of opt-out. There are certainly users out there that use AI and will use AI features in browsers. Heck, some might even spring on the agentic-bandwagon and let AI buy stuff for them or to other things.

As long as this is optional, and not enabled by default, I would not mind much, especially if other features do not get pushed down the priority letter in favor of AI features.

How many browser users want AI in their browsers, or would start using the features once they land without knowing about them prior? I find that number hard to estimate. AI is a trend at the moment, and while companies have created some useful features powered by AI, it has not been proven yet that AI is a feature that can sustain itself once the hype ebbs down.

Now it is your turn. Have you tried AI features in browsers or elsewhere already? Is there anything that you liked in particular, or did not like? Feel free to leave a comment down below.

Brace yourself, OpenAI to introduce ads into its apps

Posted on by Martin Brinkmann

The free AI ride is as good as over. Free meaning no ads in this case. The writing was on the wall: AI processing, infrastructure and upkeep are expensive and companies can only burn through a specific amount of money before investors demand a return on their investment or they run into payment issues.

ChatGPT is probably the most used AI out there. You can use it in apps or on the official website, and it is also found in many third-party apps.

Soon, ChatGPT may introduce advertisement into its Android application, reports Tibor Blaho on X. Hhe user found references to ads in the last Android beta.

Strings, such as AdTarget, SearchAd, or ApiSearchAd were discovered in the beta. While version 1.2025.329 of ChatGPT did not include any ads during tests, the existence of the strings suggests that ads are coming.

It is likely that OpenAI will limit ads to free users, which make the bulk of users right now. Turning on ads could boost the company into the upper-elite of advertising, rivaling the likes of Meta (not Google, for obvious reasons).

It is unclear how ads will look like and if they will be easily distinguishable from the AI’s output to the user’s request.

The question is, what will users do when they encounter ads in ChatGPT? Will they keep on using the software or switch to another, one that does not have ads yet? It will be interesting to see.

Ads may also lead to a credibility problem, especially if the ad highlights a product that the AI also recommended in the answer to the user.

Now You: Do you use an AI right now? If so, which and how is your experience so far? If not, why not? Feel free to leave a comment down below.

Gemini in Gmail may have been enabled by default, and turning it off takes other features with it

Posted on by Martin Brinkmann

If you are using Google’s Gmail email service, you may have stumbled upon Smart Features already, especially if you are using the web-version of the service. Up until recently, Smart Features did not include AI, but this changed in 2025.

Now, Google has baked its AI Gemini into the Smart Features of Gmail. Depending on where you live, Smart Features are enabled by default. Note that while Google claims that Smart Features are not turned on for user in the European Union (Japan, UK and Switzerland are the three other regions), they were in fact enabled in one of my accounts.

So, what do you get with Smart Features?

  • Automatic email filtering and categorisation.
  • Smart Compose.
  • Smart Reply.
  • Nudges (suggests emails to reply to or follow-up on)
  • Summary cards above emails.
  • Grammar, spelling, and auto-correction.

Some of these features are powered by AI nowadays and Gemini, Google’s AI, needs access to your data for the features to work. Google claims that personal data is not used for training and that everything is kept within the boundaries of the account.

However, if you prefer that Gemini does not access your emails at all, your only option is to turn of the Smart Features in Gmail.

Here is how that is done:

  1. Load https://mail.google.com/mail/u/0/#settings/general in a web browser.
  2. Scroll down to Smart Features in Settings under General.
  3. Remove the checkmark of the Smart Features box.
  4. Confirm the removal.
  5. Gmail restarts.

Smart Features should be turned off now.

Note that you may also need to click on “Manage Workspace smart feature settings”, if the account is a Google Workspace account and not just a single Gmail account.

There you can turn off Smart Features for Gmail and other Google products.

Again, when you enable the feature you do not get any auto-corrections anymore as well. That is a trade-off for some, others may use the functionality that their browser provides for that anyway.

Now You: do you use Gmail as your mail provider or another service? Black Friday might be a good option to make a switch, as plenty of deals are live already or will be offered in the coming weeks.

Google Search

Google is starting to show ads in AI Mode

Posted on by Martin Brinkmann

The number one advertisin company on the Internet seems to have found another place to show you ads. Reports are coming in that more and more users are starting to see ads in AI Mode.

AI Mode? It is a new option in Google Search that you may use to ask Google’s Gemini AI questions and get answers. The mode supports deep search functionality, which Google says is its “most advanced research tool in Google Search”.

Anyway, if you select the mode, you may now also get a good chunk of advertisement according to Bleeping Computer and several other sites and Internet users.

Earlier this year, Google started to show ads in AI Overviews. Unlike AI Mode, which users need to select actively, AI Overviews are attached to regular search results pages on Google Search.

Not all AI chats and modes show advertisement right now. However, there is a very good chance that many will in the not so distant future. These businesses can’t run on love alone and there does not seem to be enough money in selling paid memberships.

So, in the future, you will pay with your data and your eyes on ads when you use the majority of AI chats that will be still around in a year or two.

Speaking of which, if you are subscribed to a Gemini plan, you are still going to see ads in AI Mode and AI Overviews (of course), unless you use a content blocker.

Phishing: Don’t let your eyes deceive you

Posted on by Martin Brinkmann

Phishing is a constant battle and problem on today’s Internet. While it is easy to spot most phishing attacks, if you are experienced, many Internet users fall for these attacks.

The use of AI in attacks helps attackers, even though AI is also used by the developers of security solutions. It is an arms race that has been going on for a long time.

I stumbled upon a new phishing post on LinkedIN recently. It showed a phishing email that looked like it came from noreply@microsoft.com. Upon closer inspection, it came from noreply@rnicrosoft.com.

You may spot the difference easily, but depending on the mail client that you are using, it may not be as easy to figure out that the phishing email does not come from the microsoft.com domain, as the m has been replaced by the two letters r and n.

It is simple, but very effective, especially in an age where everyone seems to be in a hurry.

This goes to show that threat actors do not always have to come up with new sophisticated schemes for their attacks. Sometimes, it is enough to register lookalike-domains by replacing just one or two characters in a domain name.

This goes hand in hand with registering domain names that look like the real deal, but are not, like microsoft-support.com.

What is the best line of defense in those cases? Never, ever, click on links in emails. Also, do not call, text, or interact with anything else in emails. Instead, verify, if you are unsure.

For instance, if you do get a password reset email, but did not request a password reset, it is very likely that this is fake. You could visit the website directly and sign-in to your account to find out, or contact support, if there is any.

Have another tip regarding the threat of phishing? Feel free to leave a comment down below.

Firefox 143.0.3 is out with security fixes and more

Posted on by Martin Brinkmann

Mozilla released a new point update for its Firefox web browser today. Firefox 143.0.3 is a security update that fixes also some non-security issues in the open source browser.

The new update is available already via the browser’s automatic update feature. Existing users may speed up the installation of the update by selecting Menu > Help > About Firefox. This opens a small window in the browser that displays the current version and a check for updates.

Firefox should pick up the update automatically at this point, but you need to restart the browser once to complete the installation. Opening the page again after installation should reveal the new version.

The official security release notes reveal that Mozilla addressed two security vulnerabilities in the release. Both have a severity rating of high. They affect the JavaScript engine and the Canvas2D component of the browser. Mozilla makes no mention of exploits in the wild, but it is still recommended to update quickly.

The non-security release notes list six issues that Mozilla fixed or improved in the release. Probably the most noteworthy is a fix for extension not updating via the add-ons manager of the browser.

Another issue fixes a Firefox crash that could happen when certain extensions are installed. These caused a storage issue that could lead to Firefox crashing on start of the browser.

Firefox users who noticed long delays when opening certain websites may also see improvements after installing Firefox 143.0.3. Mozilla reduced the delays, which happen on certain websites if the network blocks UDP connections.

The three remaining fixes address minor problems in Firefox, such as Firefox View sections not collapsing or expanding as expected. You can check out the full release notes on Mozilla’s website.

Who would have thought? Customers of Samsung fridges are not happy about ads their smart fridges started to show

Posted on by Martin Brinkmann

Do fridges, toasters and other household appliances may come with “smart functionality” or wireless connectivity these days. In the case of some, TVs for instance, the functionality may also be used to display advertisement to users and collect data about users.

Samsung recently announced that its smart fridges would start showing ads. A software update introduced the feature and first reactions of customers are not exactly glowing.

The company introduced the change for some of its Family Hub refrigerators in the United States. This turned the screen of the device into a vehicle for ads. And who does not love ads, especially for items that cost thousands of Dollars?

Techspot reports that the update introduced new Terms of Service and a Privacy Notice that covers the addition of advertisement. Samsung’s smart fridge displays the ads on the fridge’s screen. It appears when the screen is idle, which likely means most of the time and only if users have selected certain themes, including weather, daily board, or color.

Users may enable certain themes to avoid ads for now. If the cover screen is set to art mode, which displays photos, then no ads are shown. A setting to fully disable ads is not provided, but users may block certain ads from reappearing.

You could disconnect the fridge from the network, but might not be able to use most of its functions in that case.

Samsung says that the advertisements “are designed to enhance value for owners”. I’m pretty certain that most owners would beg to differ.

Maybe next time, it would be better to buy a “dumb” fridge or other items, especially if the provided functionality is not adding value or has the chance of being turned into something that is highly annoying or invasive.

Proton Emergency Contact

Proton launches Emergency Access feature for paid accounts

Posted on by Martin Brinkmann

Proton AG has been quite busy lately. It launched Proton Authenticator, a free open-source two-factor authentication app, and the privacy-friendly AI Lumo in the past month.

Today, the company announced a new feature for paid members. Emergency Access is designed to provide a way into a user’s account under certain circumstances, such as injury or death.

Proton writes in a new blog post:

With our new Emergency Access feature, you can grant permission to trusted contacts to securely access your Proton Account after a set period of time, ensuring nothing important is lost if you’re unable to enter your account due to death or illness.

Proton users may select up to five trusted contacts who may access a user’s account either immediately or after a select wait time that they may set in advance. For this to work, the trusted contacts do need a Proton Account of their own.

When a trusted contact requests access, one of two things happens: if the user set up a wait time, they may approve or deny the request in that period. Once the wait time is over, the request is granted automatically and the trusted contact gains access to the entire account.

For instance, if you set the wait time to four weeks, you have four weeks to allow or deny the request.

Emergency access can be disabled at any time by the account owner. Furthermore, Proton notes that it is applying to the entire Proton account of the user and not just a single application.

Proton users may set up the feature under Recovery > Add emergency contact. There they may add email addresses of their trusted contacts. Proton notes that the emails need to be associated with a Proton account.

Trusted contacts may request emergency access under Settings > Recovery.

Now You: do you have set up emergency options for accounts that support it? Feel free to leave a comment down below.

Android

Starting next year, all Android apps need to be registered by verified developers, even sideloaded ones

Posted on by Martin Brinkmann

Android users have two main options to install apps on their devices. Through Google Play, if the marketplace for apps is installed, or through sideloading. Up until now, releasing apps through Google Play required a verified developer account. This meant that the developer had to verify their identity before apps could be published.

Starting in 2026, developers who do not publish their apps through Google Play will also be required to verify their identity, if they want their apps to be installed on certified Android devices. A certified Android device, in a nutshell is any device with installed Google services.

Google says that it won’t check apps that are registered through the new program but not made available through Google Play. However, developers are required to use a new special Android Developer Console for sideloading.

Furthermore, the verification process requires that developers provide Google with personal information, including their name, address, email, and phone number, and verification of their identity, for instance by providing Google with documentation that confirms the identity.

Google plans to invite select developers of applications from October 2025 onward and enable free registrations from March 2026 on.

The sideloading of apps by unverified developers will be blocked in the countries Brazil, Indonesia, Singapore, and Thailand from September 2026 on. More countries are added to the list starting in 2027.

Google claims that the new process is designed to “better protect users from repeat bad actors”, as it will make it harder for malware actors to quickly release new malicious apps after Google has taken down an app from a developer.

The change will make it difficult for malware creators, as they need a certificate to distribute their malicious apps outside of Google Play. However, it is also giving Google access to additional data and ends the anonymous development and distribution of apps.

Now You: what is your take on this? Good decision by Google to stop malware and threat actors in their tracks, or a move to gain access to even more data and control?