this post was submitted on 15 Dec 2025
32 points (92.1% liked)

Technology

1340 readers
56 users here now

Tech related news and discussion. Link to anything, it doesn't need to be a news article.

Let's keep the politics and business side of things to a minimum.

Rules

No memes

founded 6 months ago
MODERATORS
rimu@piefed.social
32
8 Million Users' AI Conversations Sold for Profit by "Privacy" Extensions (www.koi.ai)
submitted 3 days ago* (last edited 3 days ago) by King@sh.itjust.works to c/technology@piefed.social
8 comments fedilink hide all child comments
 

Hacker News.

top 8 comments
sorted by: hot top controversial new old
[–] rimu@piefed.social 14 points 3 days ago* (last edited 3 days ago) (1 children)

I downloaded the Urban VPN Proxy chrome extension using https://robwu.nl/crxviewer/ and grepped the source code.

At no point is window.fetch reassigned with their own function. There is no "window.fetch" anywhere in their code.

Also the variables sendClaudeMesages, etc in their first screenshot only appear there and are not used anywhere else in the code. Whatever those config variables are for, they don't do anything.

The rest of their code screenshots are legit (notice the legit ones have a smaller font?) but without window.fetch the whole thing can't do what they say it does.

Moreover, large chunks of that article is written with a LLM (it's koi.ai so I shouldn't be surprised) and ends with a pitch for their services.

This doesn't look right.

When a company writes a blog post, 95% of the time it's intended to juice their SEO rankings, rage-bait to go viral and boost their social media profile, or an ad disguised as an article. Be very skeptical of company blogs.

[–] rimu@piefed.social 9 points 3 days ago

Obviously tho, any free VPN is going to monitor your traffic and sell your data, don't use them. I'm sure Urban VPN is sketchy as hell the point is koi.ai is trying to make money by polluting our information space.

[–] Blue_Morpho@lemmy.world 14 points 3 days ago

A security researcher had been using online AI as a personal planner and therapist for months before thinking, " Hey maybe my data isn't private?"

Wtf?

[–] XLE@piefed.social 11 points 3 days ago

Koi, an AI company with ties to industry titans like OpenAI, complains extensions scrape your AI data: "How dare you swipe when I have rightfully stolen?"

[–] halfdane@lemmy.world 2 points 3 days ago

This is an interesting, technically sound and chilling read. I haven't verified the claims made in the article, but I would in no way be surprised to find that data brokers create browser extensions that exfiltrate specifically conversations with chatbotsb like Gemini, chatgpt etc.

[–] brucethemoose@lemmy.world 1 points 3 days ago* (last edited 3 days ago) (1 children)

A few weeks ago, I was wrestling with a major life decision. Like I've grown used to doing, I opened Claude and started thinking out loud-laying out the options, weighing the tradeoffs, asking for perspective.

Perhaps they should have used a local LLM, or at least a no-log API + UI, instead of freakin Claude!?

[–] rimu@piefed.social 7 points 3 days ago

They didn't use Claude, this whole article is fake.

[–] Blaster_M@lemmy.world 1 points 3 days ago

Privaxy extensions that exfil user data are not privacy extensions. Urban VPN Proxy and other Urban extensions can go diaf. Saved you a read.