Urban VPN Proxy is the latest free VPN spying on users – here's how to stay safe

News
By published

Security researchers estimate that over 8 million users have been affected

malware
Image Credit: Flickr (Image credit: Shutterstock)
  • Urban VPN Proxy browser extension was caught harvesting users' AI chats
  • Security researchers estimate that over 8 million users have been affected
  • The incident comes as a stark reminder to only use reputable VPN apps

The free Urban VPN Proxy Chrome extension has recently made headlines after being caught silently stealing every AI prompt its users enter into their chatbots.

This comes as security researchers at Koi Security dissected the VPN extension and found a concealed script that captures the full text of each AI prompt, compresses it, and forwards the data to two analytics endpoints owned by Urban VPN for then selling it to a data broker for advertising and profiling purposes.

While that's surely a shock for Urban VPN Proxy's eight million estimated users impacted across Chrome and Edge, it's certainly not an isolated incident. Quite the opposite, actually – malicious (often free) VPN apps are so widespread that even Google issued a security alert on this danger in its November fraud advisory report. Rather than an unfortunate event, the Urban VPN Proxy case is yet another stark reminder to download only the best VPN apps.

More than 8 million Urban VPN users at risk

Screenshot of Urban VPN Proxy on the Chrome App Store

(Image credit: KOI Security)

Urban VPN Proxy has a hidden module that activates whenever the browser contacts any of the supported AI platforms: ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, xAI Grok, and Meta AI.

As uncovered by Koi's researchers, the data harvesting code was added in its July 9, 2025, update (version 5.5.0), with these activities occurring regardless of whether the user is connected to the VPN.

Although the extension advertises an AI Protection feature that warns users about sharing sensitive data, the underlying harvesting routine runs independently of that toggle. This means disabling the warning doesn’t stop the data from being stealthily removed.

Once captured, the conversation payload is compressed and transmitted in real time to analytics.urban-vpn.com and stats.urban-vpn.com, where it’s aggregated and subsequently handed off to BiScience, a broker that sells behavioral and browsing data to advertising platforms such as AdClarity and Clickstream OS.

Because the extension updates silently through the browsers’ auto-update mechanism, users receive the invasive code without any prompt or consent, effectively turning a privacy-focused tool into a data-leak vector.

The scale of the breach is considerable, with the researchers estimating over eight million affected users, with six million on Chrome alone and additional installations on related extensions (1ClickVPN Proxy, Urban Browser Guard, Urban Ad Blocker) that embed the same harvesting script.

The types of information captured range from mundane queries to highly sensitive content, including medical questions, financial details, proprietary code snippets, and personal dilemmas.

Exposure of such data opens avenues for identity theft, financial fraud, corporate espionage, and the creation of detailed user profiles that can be leveraged for targeted advertising, contradicting the privacy guarantees a VPN is supposed to provide.

The need for reputable VPNs

Numerous free VPN extensions have been flagged for spying, bundling adware, or acting as gateways for malware. TechRadar recently reported a free Chrome VPN extension that silently took screenshots of every webpage a user visited, effectively turning the browser into a surveillance tool.

Another notorious case involved the “Free Unlimited VPN” extensions, which were removed in May 2025 after years of stealing user data, only to reappear later with even more aggressive behavior.

Besides a handful of secure free VPN apps operating under a freemium system, the great majority of free services lack the revenue to fund rigorous security audits and transparent privacy policies. To recoup costs, they may monetize user traffic through undisclosed data collection, excessive permissions, or advertising.

In contrast, reputable VPN providers such as NordVPN operate under clear privacy commitments, undergoing independent audits and enforcing strict no-logs policies. Selecting a vetted VPN service ensures that encryption is applied end-to-end rather than merely tunneling traffic to a data-selling server farm. By avoiding free, unverified VPN extensions and opting for reputable, audited providers, users can better protect their AI interactions and online privacy.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

TOPICS
Mark Gill
Mark Gill
Tech Security Writer

Mark is a Tech Security Writer for TechRadar and has been published on Comparitech and IGN. He graduated with a degree in English and Journalism from the University of Lincoln and spent several years teaching English as a foreign language in Spain. The Facebook-Cambridge Analytica data scandal sparked Mark’s interest in online privacy, leading him to write hundreds of articles on VPNs, antivirus software, password managers, and other cybersecurity topics. He recently completed the Google Cybersecurity Certificate, and when he's not studying for the CompTIA Security+ exam, Mark can be found agonizing over his fantasy football team selections, watching the Detroit Lions, and battling bugs and bots in Helldivers 2.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.