8M users' AI conversations sold for profit by "privacy" extensions

Original Article ↗ Hacker News Discussion ↗

Free VPNs and Extension Trust

  • Many commenters see “free” VPN/browser extensions as inherently untrustworthy: if you’re not paying, you’re likely the product.
  • People are unsurprised a VPN needing “access to all sites and data” turned out to be spyware; they see this as the default for free VPNs and many Chrome extensions.
  • Some treat all extensions as having local-code-level privilege and keep extremely small, vetted sets (often just adblockers, dark mode, password managers). Others avoid extensions entirely after seeing data leakage.

Google, Manifest V3, and Review Failures

  • Strong criticism of Google’s extension ecosystem: malicious extensions can be “Featured” with a claimed manual review, while useful ones (e.g. adblockers) are constrained or targeted.
  • Several doubt that meaningful manual review happens, or that it’s continuous; once an extension is in and badged, later malicious updates may slide through.
  • Manifest V3 is seen as primarily an adblocker-crippling move, not a serious security improvement, even though banning remote scripts did at least make static analysis easier.
  • Comparison with Mozilla: some trust Firefox’s “Recommended” program and its manual review of every update more than Chrome’s process, though others note that even Mozilla allows minified code and has let bad extensions slip.

Data Harvesting, Economics, and Legality

  • The data broker angle (clickstream and AI chat logs tied to device identifiers) is viewed as classic surveillance capitalism rather than a one-off mistake.
  • Speculation on value: beyond ads, logs can fuel market research, brand monitoring, and possibly model training.
  • EU commenters frame this as a textbook GDPR violation: deceptive consent, continued collection after opt-out, and likely processing of sensitive categories. They urge reporting to data protection authorities.

AI Conversations as a New Privacy Vector

  • Several are struck by how deeply people confide in LLMs (life decisions, personal issues, medical questions). That makes leaked chat histories uniquely sensitive and potentially life-damaging.
  • Concerns that growing horror stories could make LLMs unusable for honest introspection.

Mitigations and Structural Fixes

  • Proposed fixes:
    • More granular, runtime permissions for extensions (per-site, per-action), with alerts on suspicious exfiltration.
    • Continuous automated + human review, possibly with AI-assisted scanning.
    • Sandboxed extension models and open-source, self-hosted VPNs.
  • Underneath is a broader pessimism: current incentives reward abusive design, and regulation and user education are struggling to keep up.