This Study’s List of the Most Invasive AI Browser Extensions Includes a Few You Probably Use

Browser extensions, even those from trusted sources, are not without privacy and security risks. I have already written about add-ons that manage to bypass the official store’s protection measures and even some that “wake up” as malware after functioning normally for several years. So it’s no surprise that a multitude of AI-powered browser extensions, collectively installed by tens of millions of users, can also invade your privacy.

Researchers from data removal service Incogni examined browser extensions available in the Chrome Web Store that included “AI” in their name or description and used AI as part of their core functionality. By analyzing the data collected and the permissions required, they assessed both the likelihood of the extensions being used maliciously and their potential to cause significant damage if compromised.

AI-powered browser extensions collect a lot of user data

Incogni found that website content, such as text, images, sounds, videos, and hyperlinks, was the most commonly collected type of data (by nearly a third of AI-powered extensions). More than 29% of the extensions studied collect personally identifiable information (PII) (e.g. name, address, email, age, ID number) from users. Other forms of data collected include user activity, authentication information, personal communications, location, financial and payment information, web history, and health information.

The most invasive extensions fall into the category of programming and math aids (such as Classology AI and StudyX), followed closely by meeting assistants and audio transcribers. Writing and personal assistants also pose privacy risks, and many of them are also among the most downloaded AI-based extensions in Chrome.

How Popular AI-Driven Chrome Extensions Compare on Privacy

Incogni also assigned “privacy invasiveness” scores to the most downloaded AI-based extensions, a combination of the amount of data collected and the general and sensitive permissions required:

1. Grammarly: AI Writing Assistant and Grammar Checker App (tied for first place)

2. Quillbot: AI writing and grammar checking tool (tied for first place)

3. Sider: Chat with all AI (tied for 3rd)

4. AI Grammar Checker & Paraphraser — LanguageTool (tied for 3rd)

5. Google Translate (tied for 4th place)

6. WPS PDF – Easily read, edit, fill, convert and discuss PDFs with AI (tied for 4th)

7. Monica: All-in-one AI assistance (tied for 4th)

8. AI Chat for Google (tied for 4th)

9. Immersive translation – Web and PDF translation

10. Search ChatGPT

Grammarly and Quillbot were found to collect personal information and website content along with location data such as region, IP address and GPS coordinates. Grammarly also harvests user activity through network monitoring, clicks, mouse and scroll positions, and keystroke logging. Although both also require sensitive permissions, such as the ability to inject code into websites and access active browser tabs, they pose a relatively low risk of being used maliciously.

How to protect your personal information

Browser extensions that use AI aren’t bad per se, but you need to be aware of what information they collect and what permissions they require. The most commonly required type of sensitive permissions is script, which allows the extension to interact with pages when you browse online, and activeTab, which allows it to read or modify the page for the current session.

When you add an extension (or install an app or program), carefully review the permissions requested. If they aren’t essential for the extension to work (or if they are but don’t seem warranted), you risk putting your data or device at risk by allowing them. As Incogni points out, users must decide how much privacy to sacrifice to use apps and services.