Are your AI Chrome extensions spying on you? What to watch for
Summary
New research from data removal service Incogni reveals that over half of sampled AI-branded Chrome extensions collect user data, with nearly a third gathering personally identifiable information (PII). These extensions, downloaded approximately 115.5 million times, pose significant privacy risks. The study, conducted between January 5 and January 7, analyzed 442 AI Chrome extensions, focusing on required permissions and declared data collection. Grammarly and Quillbot were identified as particularly privacy-damaging due to their prevalence and high-risk scores. Forty-two percent of extensions use "scripting" to capture user input, potentially affecting 92 million users. "Programming and mathematical helpers" were found to be the riskiest category, followed by "meeting assistants and audio transcribers" and writing assistants, while "audiovisual generators and text and video summarizers" were the least invasive.
Key takeaway
For engineering leaders evaluating AI productivity tools, you should scrutinize the data collection practices and permission requests of browser extensions. Prioritize solutions that minimize data egress from the host device, especially for sensitive information. Unjustified permissions, like a writing assistant requesting precise location data, are red flags that warrant immediate uninstallation to mitigate significant privacy and security risks to your organization's data.
Key insights
Many AI-powered browser extensions collect significant user data, including PII, posing substantial privacy risks.
Principles
- Unjustified permissions indicate privacy risks.
- Data leaving the host device is an unacceptable risk.
- Prevalence amplifies privacy damage.
Method
Incogni analyzed 442 AI Chrome extensions for permissions, declared data collection, and risk scores between January 5-7, considering risk-impact and risk-likelihood.
In practice
- Review extension permissions carefully.
- Be wary of location data requests.
- Prioritize extensions that process data locally.
Topics
- Browser Extensions
- Data Privacy
- AI Productivity Tools
- Personally Identifiable Information
- Chrome Extensions Security
Best for: CTO, VP of Engineering/Data, Director of AI/ML, Security Engineer, Software Engineer, IT Professional
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by News and Advice on the World's Latest Innovations | ZDNET.