Browser extensions, even those from reputable sources, come with inherent privacy and security challenges. Previous discussions have highlighted add-ons that manage to bypass official store protections and others that may transform into malware after functioning normally for extended periods. Therefore, it's not surprising that numerous AI-powered browser extensions, collectively utilized by millions, might also compromise your privacy.
Researchers from Incogni, a data removal service, examined browser extensions available in the Chrome Web Store that featured "AI" in their titles or descriptions and utilized AI as a core component. By analyzing the data they gather and the permissions they request, they evaluated the likelihood of these extensions being exploited maliciously and the potential harm they could cause if compromised.
AI-Powered Extensions and User Data Collection
Incogni discovered that the most frequently collected data type by AI-driven extensions includes website content, such as text, images, sounds, videos, and hyperlinks, with nearly one-third of these extensions engaging in this practice. Over 29% of the examined extensions also collect personally identifiable information (PII)--such as names, addresses, emails, ages, and identification numbers--from users. Other types of data gathered encompass user activity, authentication details, personal communications, location, financial information, web browsing history, and health data.
The extensions deemed most invasive primarily fall under the categories of programming and mathematical aids (like Classology AI and StudyX), closely followed by meeting assistants and audio transcription tools. Writing and personal assistant extensions also present privacy concerns, with many among the most downloaded AI-powered tools available on Chrome.
Assessing Privacy Risks of Popular AI Extensions
Incogni assigned "privacy-invasiveness" scores to the most downloaded AI extensions, evaluating the volume of data collected alongside the permissions required:
Grammarly: AI Writing Assistant and Grammar Checker App (tied for #1)
Quillbot: AI Writing and Grammar Checker Tool (tied for #1)
Sider: Chat with all AI (tied for #3)
AI Grammar Checker & Paraphraser -- LanguageTool (tied for #3)
Google Translate (tied for #4)
WPS PDF -- Read, Edit, Fill, Convert, and AI Chat PDF with Ease (tied for #4)
Monica: All-in-One AI Assist (tied for #4)
AI Chat for Google (tied for #4)
Immersive Translate -- Translate Web & PDF
ChatGPT search
Both Grammarly and Quillbot were found to collect PII and website content, alongside location data such as region, IP address, and GPS coordinates. Grammarly additionally tracks user activity through network monitoring, clicks, mouse movements, and keystroke logging. Despite requiring sensitive permissions--like the capability to inject code into websites and access active browser tabs--both extensions exhibit a relatively low risk of malicious use.
Safeguarding Your Personal Information
AI-utilizing browser extensions are not inherently harmful, but it's crucial to be aware of the information they are accumulating and the permissions they are requesting. The most common sensitive permissions involve scripting, allowing the extension to interact with web pages during your online navigation, as well as activeTab, which permits reading or modifying the current session's page.
When installing an extension (or any app or program), it's important to meticulously review the permissions sought. If they appear non-essential to the extension's functionality--or seem unjustified--you may risk exposing your data or device. As highlighted by Incogni, users must weigh how much privacy they are willing to sacrifice to utilize various applications and services.