Your AI Therapist Is Being Wiretapped: The Urban VPN Scandal

The evolution of the scam is almost poetic in its cruelty. We used to lose sleep over credit card theft or leaked passwords—tangible, yet replaceable losses. However, the new frontier of data theft isn’t your wallet; it’s your brain.

The Urban VPN Scandal

If you’ve ever treated ChatGPT like a therapist, a senior engineer, or a confidant, you might want to sit down for this one. Urban VPN, a free VPN service with millions of users and a glowing “Featured” badge on the Chrome Web Store, has been caught red-handed stealing the most intimate data you produce: your conversations with AI. And the kicker? It was doing it even when you thought the VPN was turned off.

So is Urban VPN safe, or is it a spy in your pocket? Let’s figure it out.

The “Off” Switch Was a Lie

Most users assume that when a VPN extension is toggled off, it’s dormant. It’s a reasonable assumption—and it’s exactly what Urban VPN banked on to pull off this heist.

Security researchers at Koi Security discovered that the Urban VPN browser extension (both on Chrome and Edge) isn’t just tunneling traffic; it is actively injecting code into the webpages you visit, exploiting the broad permissions granted at installation. Specifically, it uses a stealthy script—often labeled as chatgpt.js or claude.js—that injects itself directly into the DOM of major AI platforms:

  • ChatGPT
  • Gemini
  • Claude
  • Perplexity
  • Microsoft Copilot
  • Grok
  • DeepSeek
  • Meta AI 

This script doesn’t care if your VPN is connected to a server in Timbuktu or completely disabled. Starting from version 5.5.0 released in July 2025, the extension has the right to “collect the prompts and outputs queried by the End-User or generated by the AI chat provider” enabled by default—without so much as a warning.

The mechanics are simple yet devious. The Urban VPN extension wiretaps the connection between your browser and the chatbot’s servers, siphoning off every prompt you typed and every answer the AI gave. It then packages it up and ships it to a data broker—specifically, BiScience, a company Urban VPN is conveniently affiliated with.

So is Urban VPN safe to use? If you define “safety” as having your thoughts exfiltrated while you sleep, then sure. However, this incident highlights significant VPN browser extension security risks that go far beyond simple IP leaks.

Why Your AI Chat History Is Dangerous

You might be thinking, “So what? They know I asked for a cookie recipe.” But let’s be real. That’s not what you’re using AI for. People talk to LLMs (large language models) with a level of honesty they rarely show their spouses, raising valid AI chatbot privacy concerns. Consider these scenarios:

  • Corporate espionage. Developers paste proprietary code into ChatGPT to debug it. Marketing teams paste confidential strategy docs to get summaries. Urban VPN just became the world’s most efficient corporate espionage tool.
  • Medical conditions leak. Users discuss depression, anxiety, and other medical conditions and fears. Makes you think about how fragile the privacy of chats with AI assistant tools is when third-party extensions are involved.
  • Legal risks. Lawyers draft contracts and case strategies in these chats. Who knows what consequences this may entail if such sensitive data leaks out?

And this is just the tip of the iceberg. Imagine a hacker knowing not just your credit score, but your deepest insecurities and your company’s unpatched vulnerabilities, all linked to real names. This violation of the privacy of AI chat conversations isn’t metadata; it’s a potential disaster.

🧠 Also read: Digital ID and VPNs: How Privacy Fears Reshape Online Behavior

Do All Free VPNs Leak Data?

It is easy to look at the Urban VPN dumpster fire and decide to burn the entire concept of “free software” to the ground. But while free VPN privacy risks are real, let’s not throw the baby out with the bathwater. There is a critical distinction between a free VPN that exists to harvest your data and one that exists to upsell you a premium service.

💡 Quick tip: Types of VPN Explained: How Each Works and Which Is Best for You

The former—like Urban—offers “unlimited” everything because you are the merchandise. The latter, often called “freemium,” offers a secure but limited experience (fewer servers, capped speeds) to entice you into a paid tier. These legitimate providers are vital tools for users navigating the tightening noose of internet regulations.

🧠 Also read: Age Verification & Digital ID: A 2025 Privacy Reality Check

A trustworthy free VPN won’t hide its limitations; it will annoy you with them. It won’t inject code into your browser; it will ask you to upgrade. In an era where digital ID laws and age verification standards are effectively de-anonymizing the web, these tools remain one of the last lines of defense for those who can’t afford (or simply don’t need) a paid subscription.

🧠 Also read: USA Digital ID and Online Age Verification: What Americans Should Know in 2025

Demonizing all free options plays right into the hands of censorship by raising the barrier to entry for privacy. The goal isn’t to avoid free tools. It is to learn the difference between a privacy shield and a tracking device dressed in a trench coat.

💡 Quick tip: How to Set Up a VPN at Home (Beginner-Friendly Guide)

So What Should I Do Now?

First, if you have the Urban VPN Chrome extension (or the Edge version), uninstall it immediately, as simply turning it off does nothing. Second, it’s a clear nudge to reassess your trust in the “Featured” badge on the Chrome Web Store. Urban VPN had 4.7 stars and millions of downloads. It was “trusted.”

This scandal proves that app store verification is not something you should blindly take on faith. The badge means that a human checked the app and either didn’t find the scripts or was OK with them, even though the Store’s policy prohibits “transferring or selling user data to third parties”—literally what Urban VPN does. Google’s automated checks are even less effective; they primarily look for malware that breaks your computer, not spyware that quietly sells your soul.

VPNs are becoming more popular, but you must understand that specific Urban VPN security issues are often symptomatic of the broader “free” market. While a handful of freemium services exist that are safe and don’t touch your AI chats, many free VPN services are specifically built for collecting and selling data. In the Urban VPN case, you aren’t paying for the product because you are the product—and you are being sold by the kilobyte.

FAQs

Does Urban VPN sell your data?

Short answer: Yes. Long answer: It is practically their business model. While many free services vaguely mention “sharing data with partners,” the Urban VPN privacy issues have historically been a privacy minefield. In this specific scandal, they didn’t just sell metadata; they commodified the actual content of your AI chatting sessions.

How do I know if my data was stolen by Urban VPN?

If you had the Urban VPN extension for Chrome or Edge installed after July 2025 and used ChatGPT, Claude, Gemini, Perplexity, Microsoft Copilot, Grok, DeepSeek, or Meta AI, your data was likely harvested. The injection scripts were active by default.

What should I do if I used Urban VPN?

Uninstall it immediately. Review your AI chat history for sensitive data (passwords, API keys, medical info) and assume it is compromised. If you pasted corporate secrets, notify your security team.

Are paid VPN extensions safe?

Generally, yes, but tread carefully. Reputable paid VPNs sustain themselves through subscriptions, not by selling user logs. However, a standalone app is always safer than a browser extension because extensions have deeper access to your DOM (the structure of the webpage).

Can ChatGPT conversations be leaked?

Absolutely. While we often worry about OpenAI having a data breach, the leaked ChatGPT conversations in this scandal didn’t come from the server side—they were stolen right out of your browser. So ChatGPT conversation history privacy is only as strong as the device you are using. If your browser is compromised by a malicious extension, the encryption between you and OpenAI is irrelevant because the spy is sitting inside your house.

Can AI chatbots themselves leak my data?

Yes, but differently. Usually, AI chat privacy concerns regarding the chatbots themselves are about internal policies—most AI chatbot conversation privacy terms say that your chats may be used for training and safety moderation. The Urban VPN scandal is an external breach where a third party stole data in transit.

Who can see my ChatGPT conversations?

Under normal circumstances, only you and OpenAI—the ChatGPT conversation privacy policy states that your chats may be reviewed by trainers (unless you opt out). However, when you install a compromised extension like Urban VPN, that list expands to include data brokers, potential hackers, and whoever buys that data.

Don’t forget to share this post!
About The Author
Sviat Soldatenkov
Position: Tech Writer

Sviat is a tech writer at Outbyte with an associate degree in Computer Science and a master’s in Linguistics and Interpretation. A lifelong tech enthusiast with solid background, Sviat specializes in Windows and Linux systems, networks, and video‑streaming technologies. Today, he channels that hands‑on expertise into clear, practical guides—helping you get the most out of your PC every day.

Useful tools
Outbyte PC Repair Outbyte PC Repair
Take the bull by the horns: identify and resolve performance issues that might be affecting your PC.
Download
Outbyte AVarmor Outbyte AVarmor
With its powerful engine, Outbyte AVarmor identifies and removes viruses, malware, and spyware threats from your PC.
Download
Outbyte Driver Updater Outbyte Driver Updater
Manually searching for drivers can be quite tiresome, as finding correct driver versions may be difficult for a casual user.
Download
Camomile Camomile
Free CPU Optimization App. CPU optimization and longer battery life for your computer.
Download
People About Us
See what Outbyte users are saying about our software.
About Camomile
In-depth reviews of our products delivered to you by talented YouTube creators.
Boost CPU Efficiency for FREE! - Outbyte Camomile Review & Test (Lower Temps & Extend Battery Life)
Fix loud laptop fan and laptop overheating with Outbyte Camomile
Camomile: Free CPU Optimization App by Outbyte
How to check temperature of CPU with Outbyte Camomile
Recent articles
Jan 6, 2026
The UK Debates Age Checks for VPNs: Will It Protect Kids or Destroy Adult Privacy?
The United Kingdom is often viewed as a bellwether for internet regulation, and if the latest proposal from the House of Lords is any indication, the forecast is stormy. In a move that manages to be both...
Sviat Soldatenkov
Sviat Soldatenkov
Dec 23, 2025
NVVHCI Enumerator driver
Summary The NVVHCI Enumerator at NVIDIA is part of the virtual GPU setup and provides a driver to virtualization and remote display solutions. This allows multiple virtual GPUs on one device to share...
Yuri Thomopso
Dec 23, 2025
8 Solutions to Fix OOBEkeyboard Errors in Windows 10/11
The OOBEkeyboard-page.js errors interfere with setting up or operating your Windows 10 device. This type of system error generally occurs with important JavaScript files needed by the OS. Here is a guide...
Yuri Thomopso