Medical records, Social Security numbers, online banking details. It turns out that even the most popular and least shady AI web browser assistants are very good at collecting and sharing sensitive user data. Greater transparency seems a must.
All this is happening without adequate safeguards, found a new study led by researchers from UCL and Mediterranea University of Reggio Calabria in Italy.
The study is the first large-scale analysis of generative AI browser assistants and privacy. It uncovered widespread tracking, profiling, and personalization practices that pose serious privacy concerns. The authors are calling for greater transparency and user control over data collection and sharing practices.
Sure, these browser assistants integrate powerful capabilities of generative AI in web browsers to provide rich experiences such as question answering, content summarization, and agentic navigation.
However, the analysis of browser extensions such as ChatGPT for Google, Merlin, or Copilot (not to be confused with the Microsoft app of the same name) showed that they also collect extensive personal data from users’ web activity.
For the study, the researchers simulated real-world browsing scenarios by creating the persona of a “rich, millennial male from California,” which they used to interact with the browser assistants while completing common online tasks. The results of the experiment were telling, to say the least.
Several assistants transmitted full webpage content – including any information visible on screen – to their servers. One assistant, Merlin, even captured form inputs such as online banking details or health data.
Extensions like Sider and TinaMind shared user questions and information that could identify them (such as their IP address) with platforms like Google Analytics, enabling potential cross-site tracking and ad targeting.
Only one web browser assistant, Perplexity, did not show any evidence of profiling or personalization.
ChatGPT for Google, Copilot, Monica, and Sider showed the ability to infer user attributes such as age, gender, income, and interests, and used this information to personalize responses, even across different browsing sessions.
Only one web browser assistant, Perplexity, did not show any evidence of profiling or personalization.
The issues arise because instead of relying on local in-browser models, these assistants largely depend on server-side APIs, which can be auto-invoked without explicit user interaction.
When invoked, they collect and share webpage content, often the full HTML DOM (the standard object model and programming interface for HTML), and sometimes even the user's form inputs, with their first-party servers.
“Though many people are aware that search engines and social media platforms collect information about them for targeted advertising, these AI browser assistants operate with unprecedented access to users’ online behaviour in areas of their online life that should remain private,” said Dr Anna Maria Mandalaroi, senior author of the study from UCL Electronic & Electrical Engineering.
The experiments even revealed that some assistants, including Merlin and Sider, did not stop recording activity when the user switched to the private space, as they’re meant to.
Researchers say regulatory oversight of AI browser assistants is urgently needed to protect users’ personal data.
Moreover, even though the study was conducted in the US, and so compatibility with UK/EU data laws such as GDPR was not included, the extensions would most probably violate the rules in these regions as well, given that privacy regulations in those places are more stringent.
Your email address will not be published. Required fields are markedmarked