Browser extensions, even ones from trustworthy sources, are not without privacy and security risks. I’ve written before about add-ons that manage to slip through official store safeguards and even some that “wake up” as malware after operating normally for several years, so it should come as no surprise that a host of AI-powered browser extensions—collectively installed by tens of millions of users—may also be invading your privacy.
Researchers at data removal service Incogni looked at browser extensions available in the Chrome Web Store that included “AI” in their name or description and employed AI as part of their core functionality. By analyzing the data collected and permissions required, they assessed both how likely extensions are to be used maliciously and their potential to cause significant damage if compromised.
AI-powered browser extensions collect extensive user data
Incogni found that website content, such as text, images, sounds, videos, and hyperlinks, was the most commonly collected data type (by nearly a third of AI-powered extensions). More than 29% of extensions investigated harvest personally identifiable information (PII)—name, address, email, age, identification number, for example—from users. Other forms of data collected include user activity, authentication information, personal communication, location, financial and payment information, web history, and health information.
The most invasive extensions fall in the programming and mathematical aid category (such as Classology AI and StudyX), followed closely by meeting assistants and audio transcribers. Writing and personal assistants also pose privacy risks—and many of these are also among the most downloaded AI-powered extensions in Chrome.
How popular AI-powered Chrome extensions stack up on privacy
Incogni also assigned “privacy-invasiveness” scores to the most downloaded AI-powered extensions, a combination of the amount of data collected and both general and sensitive permissions required:
-
Grammarly: AI Writing Assistant and Grammar Checker App (tied for #1)
-
Quillbot: AI Writing and Grammar Checker Tool (tied for #1)
-
Sider: Chat wiht all AI (tied for #3)
-
AI Grammar Checker & Paraphraser — LanguageTool (tied for #3)
-
Google Translate (tied for #4)
-
WPS PDF — Read, Edit, Fill, Convert, and AI Chat PDF with Ease (tied for #4)
-
Monica: All-in-One AI Assist (tied for #4)
-
AI Chat for Google (tied for #4)
-
Immersive Translate — Translate Web & PDF
-
ChatGPT search
Grammarly and Quillbot were found to collect PII and website content as well as location data like region, IP address, and GPS coordinates. Grammarly also harvest user activity through network monitoring, clicks, mouse and scroll positions, and keystroke logging. While both also require sensitive permissions—such as the ability to inject code into websites and access active browser tabs—they have a relatively low risk of being used maliciously.
How to protect your personal information
Browser extensions that use AI aren’t inherently bad, but you should be aware of what information they are collecting and what permissions they are requiring. The most common type of sensitive permissions required are scripting, which allows the extension to interact with pages as you navigate online, as well as activeTab, which lets it read or modify the page for the current session.
When adding an extension (or installing an app or program), carefully review the permissions requested. If they aren’t essential to the extension’s functionality–or if they are but don’t seem justified—you may be putting your data or device at risk by allowing them. As Incogni points out, users have to decide how much privacy to sacrifice in order to use apps and services.
