Half of Chrome AI extensions are harvesting your data - see the surprising worst offenders

AscentXmedia/iStock/Getty Images Plus via Getty Images

Follow ZDNET: Add us as a preferred source on Google.

ZDNET's key takeaways

• Browser extensions are tracking more of your data.
• Many AI productive tools are collecting tons of personal information.
• Users should be wary of unjustifiable permissions requests.

Browser extensions have increasingly been a security risk as publishers get sneakier about the code they can hide in them. AI is only increasing that threat, especially when it comes to tracking user data -- and some of your most commonly used apps are doing a lot of the scraping. 

New research from data removal service Incogni finds that more than half of a sample set of AI Chrome extensions collect user data. Almost a third are "gathering personally identifiable information (PII)."

"These were downloaded around 115.5 million times, meaning they could collectively have as many users," writes Incogni, one of ZDNET's favorite data removal services.

Also: 5 browser extension rules to live by to keep your system safe in 2025

Here are the most invasive extensions identified by the study, along with steps you can take to protect your privacy.

Findings

Now in its second year, Incogni's study analyzed 442 "AI-branded" Chrome extensions between January 5 and January 7, examining what permissions each required and the data each could reveal. It also took into account "The personal data the extensions' developers admit to collecting through their voluntary declarations and, finally, the risk-impact and risk-likelihood scores associated with each extension."

Also: I put 2025's leading data-removal services to the test, and there was a clear winner

The company noted that Grammarly -- a product in a suite of tools owned by a company that now goes by Superhuman -- and AI content detector Quillbot "are the most potentially privacy-damaging," especially given their prevalence in Incogni's dataset, with over two million downloads. Other offenders with "both a high risk likelihood and high risk impact" included Nily AI Sidebar and EaseMate.

Specifically, the company noted that 42% of extensions use "scripting" -- the request that extensions make to capture what you type or change what you see -- and deemed it especially risky. That could be affecting 92 million users, according to Incogni. 

Incogni

Nearly a third of extensions collected website content and PII, but Incogni noted that "it seems that more users are likely to [share] user activity than any other data type."

Also: OpenAI just unveiled its Google Translate competitor, and ChatGPT already wins in a big way

Overall, the extensions that Incogni classified as "programming and mathematical helpers" were the riskiest, based on the data they collect and the permissions they require. Those were closely followed by "meeting assistants and audio transcribers" and writing assistants -- Incogni recommends users be extra cautious with these categories. 

Some categories of extensions proved less dangerous than others, though; the research found that "audiovisual generators and text and video summarizers" were the least invasive on average.

Risks

So what are the dangers of having these extensions crawl your activity and personal information? Using data from Chrome-Stats, Incogni evaluated each extension based on how easily a developer or third party could make it act against a user's interests and the level of damage that such a breach could cause. 

Also: Stop using ChatGPT for everything: My go-to AI models for research, coding, and more (and which I avoid)

Only 10 out of the study's total 442 hit high in both metrics: 

Incogni

Google Translate came in at #4, while ChatGPT Search was at #10. 

What to watch for 

Incogni recommended several factors that may indicate an unnecessary level of data collection by your Chrome extensions. While functional permissions make sense for extensions to work properly, others take too many liberties. 

"Problems begin when an extension requires a level of permission that can't be justified given its stated purpose," Incogni's report notes. "A writing assistant extension that requires access to precise location data, for example, might and should raise suspicions."

While Incogni added that a challenge in this research was determining justifiable permissions and data collection, the company settled on a base guideline that users can refer to. 

Also: Is your AI model secretly poisoned? 3 warning signs

"The only objective criterion that could be applied when deciding whether to install a given extension is: does personal data leave the host device? If it does, then the extension represents an unacceptable risk under this approach," the research said. Ultimately, it's up to users how much privacy they're willing to sacrifice for added convenience.