AI Browser Assistants: Convenience at the Cost of Privacy

Generative AI browser assistants, including ChatGPT for Google, Merlin, and Copilot, promise to make browsing smarter and faster. They summarize content, help with searches, and provide instant insights. However, a recent study by University College London and Mediterranea University of Reggio Calabria uncovered a major concern. These tools may be collecting and sharing sensitive data without the user’s consent.

The findings raise questions about privacy and transparency. While these assistants can be useful, the risks may outweigh the benefits if personal data is exposed.

What the Study Found

Extensive Data Collection
The research showed that most AI browser assistants send full webpage content to their servers. This includes form inputs and sensitive information such as banking details and health records. In one striking example, Merlin captured Social Security numbers entered into forms. Only Perplexity avoided profiling or storing user data.

Third-Party Tracking and Targeting
The study also revealed that some extensions forward user prompts and identifiers to analytics platforms. Sider and TinaMind were among those named. This information can be used for targeted advertising and cross-site tracking, raising additional privacy concerns.

Profiling Across Browsing Sessions
Assistants such as ChatGPT for Google, Copilot, Monica, and Sider went further by building user profiles. They inferred personal details like age, income, and interests, then applied this data to personalize results. This profiling persisted across multiple browsing sessions, creating a detailed record of the user’s online habits.

Why This Matters

Potential Privacy Law Violations
Collecting sensitive information without consent could break privacy laws. In the US, regulations such as HIPAA and FERPA protect health and educational records. In the EU, GDPR sets strict limits on data collection and usage. These practices may violate both.

Lack of User Awareness
Most users are unaware of how much data these tools can access. AI assistants often have permission to read both public and private browsing information. Without clear disclosure, this creates a hidden risk.

How to Protect Yourself

1. Be Selective
   Do not install AI browser assistants that are vague about data practices. Always read the privacy policy before use.
2. Choose Privacy-Conscious Tools
   Perplexity was one of the few tools in the study that did not store or profile data. Tools with similar approaches are safer.
3. Demand Transparency
   Extension marketplaces should clearly display privacy risks. Developers can add safeguards, such as local processing and keyword-based exclusions.
4. Support Stronger Regulations
   Policymakers should introduce rules to protect users from invasive data collection. This includes stricter consent requirements and independent audits.

Conclusion

AI browser assistants can improve productivity and make browsing more efficient. However, they may also collect, store, and share personal information in ways users do not expect. By making informed choices, using privacy-friendly tools, and pushing for transparency, you can reduce the risks. In the world of AI, staying aware is your best defense.