Loading...

AI Browser Tools May Risk Your Privacy, Study Finds

tech security
16 August 2025
AI Browser Tools May Risk Your Privacy, Study Finds
New Research Shows How Generative AI Extensions Handle Sensitive Data

A recent study conducted by researchers from University College London (UCL), University of California, Davis, and the Mediterranea University of Reggio Calabria has raised significant privacy concerns regarding popular generative AI browser assistants. These tools, designed to enhance web browsing with features like summarization and search assistance, are reportedly collecting and sharing sensitive user data without proper safeguards.

The research, which is set to be presented at the USENIX Security Symposium, is groundbreaking as it provides the first large-scale analysis of how these AI-powered browser extensions handle user privacy. The study highlights that many of these tools, including well-known names like ChatGPT for Google, Merlin, and Microsoft Copilot, engage in extensive tracking and profiling of users, capturing sensitive information such as medical records and social security numbers.

Alarmingly, the analysis showed that some assistants transmit full webpage content, including any visible information, back to their servers. For instance, the assistant Merlin was found to capture sensitive form inputs, like online banking details and health data. Other extensions, such as Sider and TinaMind, were noted for sharing user-identifiable information, like IP addresses, with analytics platforms, potentially enabling cross-site tracking and targeted advertising.

Among the ten assistants evaluated, only Perplexity demonstrated a commitment to user privacy by not engaging in profiling or personalisation practices. The study underscores the need for greater transparency and user control over data collection and sharing practices by these AI tools.

Dr. Anna Maria Mandalari from UCL, a senior author of the study, emphasized the unprecedented access these AI assistants have to users' private online activities, often without transparency or user consent. She noted the potential breaches of privacy legislation, such as the Health Insurance Portability and Accountability Act (HIPAA) in the US, due to improper data handling.

The research involved simulating real-world browsing scenarios using a fictional persona to interact with the browser assistants, revealing that some assistants failed to stop tracking when users switched to private browsing modes.

Dr. Aurelio Canino, another author of the study, called for urgent regulatory oversight to protect personal data as generative AI becomes more integrated into digital life. The study advocates for privacy-by-design principles, suggesting that developers implement local processing or require explicit user consent for data collection.

The research mentioned in this article was originally published on University College London's website