Urban VPN Proxy is a Chrome browser extension developed by Urban Cyber Security Inc. Recently it has come under fire for its truly awful practices of data collection. With more than six million installs and a 4.7 rating on the Google Chrome Web Store, the extension is a success. It proactively secures online identities and private users’ IP addresses. Revised and Expanded on Jul 9, 2025. At the same time, it has raised important questions about user privacy and our approach to sensitive information.
The newest version, 5.5.0, introduced default settings that would enable this type of AI data harvesting with no explicit consent from users. This update provided Urban VPN Proxy the ability to collect highly sensitive information. It contained user prompts, AI chatbot outputs, unique identifiers for the conversation, and other metadata from sessions on multiple AI chatbots.
Data Harvesting Practices Unveiled
With its extensive data collection methods, Urban VPN Proxy has raised red flags for privacy advocates, security experts, and users. For example, the extension aggregates all of the prompts that users type into widely-used AI chatbots. These generative AI chatbots are OpenAI’s ChatGPT, Microsoft Copilot, and Google Gemini. It’s actually using a custom JavaScript executor that triggers on every chatbot conversation—almost like intercepting chat conversations.
The extension then collects the information and transmits it to two remote servers controlled by Urban Cyber Security, Inc. This should trigger significant alarm about how and why they are using this data. According to Urban VPN’s updated privacy policy, the data collected includes “the prompts and outputs queried by the End-User or generated by the AI chat provider.” The policy goes on to state that this information is used commercially and provided to their business partners.
“The harvesting feature sends that exact sensitive data – and everything else – to Urban VPN’s own servers, where it’s sold to advertisers.” – Idan Dardikman
The potential consequences of such data practices are immense. In effect, users share significant amounts of very detailed personal information without consciously realizing it with a company that has consistently made questionable privacy-related disclosures. BIScience, the company responsible for Urban VPN Proxy, has come under fire before. They were outed for amassing sensitive, private user browsing histories through dark pattern policies.
Removal from Chrome Web Store
In light of these disclosures, Google quickly made some changes. Then, they deleted Urban VPN Proxy and three additional extensions from the Chrome Web Store. Even before removal, Google had already removed the ‘Featured’ badge from these extensions—a safer play that suggests that a manual review was in process. This badge usually means that extensions have gone through a thorough review process and have reached certain quality benchmarks.
“These badges signal to users that the extensions have been reviewed and meet platform quality standards,” – Idan Dardikman
The removal raises questions about whether Google acted on its own accord or if the developers chose to withdraw the extensions voluntarily. Unfortunately, the Chrome Web Store does not help to make this distinction clear.
“There’s no way to know for certain whether Google removed them or the developers pulled them voluntarily,” Dardikman stated.
Prior to its takedown, Urban VPN Proxy claimed more than 1.3 million installations from the Microsoft Edge Add-ons marketplace. That’s a long tail of users that can be affected by these practices.
User Impact and Concerns
Issues with Urban VPN Proxy go far beyond its penchant for data harvesting. Today, users have to turn to extensions such as this one to protect their online activities from would-be eavesdroppers as they browse the internet. The extension’s claim of providing “best secured Free VPN access to any website” now stands in stark contrast to the privacy violations that have emerged.
Dardikman drew attention to an often overlooked implication. It’s easy for users to underestimate the risks from these extensions because they’re enticed by high reviews and attractive functionality. He noted that “for many users, a Featured badge is the difference between installing an extension and passing it by – it’s an implicit endorsement from Google and Microsoft.”
Additionally, users were left with sporadic warnings against giving proprietary information to AI firms. It was largely due to the extension’s protection feature. As this most recent episode demonstrates, such promises were hardly effective at stopping massive data mining operations.