WARNING - Browser Extentions are reading every word you write in ChatGPT - AND Selling it!

A Reddit user's viral investigation has exposed a critical privacy flaw: free browser extensions are harvesting and selling data from private ChatGPT conversations. The user, who typed an obscure medical peptide only into a ChatGPT prompt, was served a targeted ad for it on Reddit hours later. Since OpenAI states it does not sell user data, the culprit was traced to browser extensions with 'Allow this extension to read and change all your data on websites you visit' permissions set to 'On all sites.' These extensions, often posing as helpful AI tools, gain full DOM access, allowing them to scrape every word typed into ChatGPT and other sites.

The post details a security audit of common extensions. 'AI Prompt Helper for ChatGPT and Claude' demanded access to all sites and could not be restricted, forcing its removal. Others like 'Dark Reader' and 'Easy Auto Refresher' also had full access, which the user changed to 'on click.' Reputable tools like 'Keepa Amazon Price Tracker' correctly limit access to specific domains. The core issue is the business model: many free extensions aim for a large user base to then auction the harvested data—now considered their intellectual property—to ad-tech data brokers. This poses a significant risk for professionals discussing sensitive business, legal, or personal information in what they believe is a private AI chat interface.