**AI Web Browsers: A Double-Edged Sword in Privacy and Personalization**
In a pioneering study showcased at the 2025 USENIX Security Symposium, researchers revealed the complex dynamics of AI-driven web browsers, featuring well-known names such as ChatGPT for Google, Sider, Monica, Merlin, MaxAI, Perplexity, HARPA, TinaMind, and Microsoft’s Copilot, in their handling of user data. The results provoke substantial concerns regarding privacy, as these AI browsers scrutinize, retain, and retrieve user information in potentially obscure ways.
**The Experiment: Real-World Scenarios and Privacy Tests**
The research group recreated a range of real-world browsing situations, including reading news articles and viewing YouTube videos, alongside more sensitive endeavors like accessing adult content and completing tax forms. These scenarios took place in both private and public environments to assess the strength of privacy protections. The outcomes were disturbing, showing that numerous AI extensions recorded not just visuals and textual information but also sensitive data, such as medical histories, social security numbers, and preferences on dating platforms.
One of the most troubling discoveries was that the Merlin extension sent out banking information and health records, while others like Merlin and Sider AI logged activity even in private browsing modes. This raises doubts about how much users can trust these applications with their personal data.
**Data Transmission and Storage: A Closer Look**
By decoding data traffic, researchers found that multiple AI assistants sent webpage content to their own servers and external trackers. Specifically, Sider and TinaMind sent user prompts and identifying details, including IP addresses, to Google Analytics, facilitating cross-site user tracking. Microsoft’s Copilot was observed to save chat histories from earlier sessions in the browser’s background, implying that these records could remain across various browsing sessions.
Additionally, AI tools like Google, Copilot, Monica, ChatGPT, and Sider employed user activity data to create profiles based on age, gender, income, and interests. This profiling was leveraged to tailor responses during browsing sessions, emphasizing the compromise between personalization and privacy.
**Perplexity: The Most Private Option?**
Among the AI assistants examined, Perplexity emerged as the most privacy-aware choice. It could not remember past interactions, and its servers did not access private data. However, it continued to assess page titles and user location, suggesting that even the most private options are not entirely devoid of data collection.
**Conclusion: Navigating the Privacy-Personalization Trade-Off**
The research highlights the necessity for enhanced transparency and user command over data collection within AI web browsers. As these tools become further embedded in our digital lives, users need to recognize the potential privacy hazards and make well-informed decisions regarding which tools to adopt. The findings also advocate for more stringent regulations and standards to guarantee that AI technologies uphold user privacy while providing the advantages of personalization and improved browsing experiences.
