AI tools can make things easy and seem like magic, but using them has trade-offs. Incogni’s researchers studied AI-powered Chrome browser extensions to check how risky they are, what permissions they need, and how they collect data.
They looked at 70 AI-powered Chrome extensions in 7 important categories. This study shows the actual risks of these extensions. Some AI extensions might be more dangerous than you expect.
AI Chrome Extensions: Assessing the High-Risk Majority
High Risk Extensions:
Most AI Chrome extensions fall into the high-risk category.
The risk level depends on the permissions an extension needs. If it requires a lot of permissions, it can be very harmful if misused.
Risk Likelihood:
This measures how likely it is for a Chrome extension to turn bad. It considers the reputation of the extension and how long it’s been available.
Many AI extensions ask for many permissions, which could be dangerous if they are compromised. Out of 70, 48 have a high or very high risk level.
The good news is that 60% of extensions are unlikely to be compromised, even if they have the potential to cause harm.
AI-Writing Extensions:
When it comes to AI-writing extensions, all 10 of them are considered high-risk.
This category has the highest-risk extensions, and they make up more than 20% of all high-risk extensions.
So, it’s essential to be cautious, especially with extensions that have both high-risk impact and high risk likelihood scores. We found 10 such extensions, including audio-visual generators and personal assistants.
More Than 59% of Extensions Gather User Data
More than half, specifically 59%, of the Chrome extensions that were looked into were found to gather user data. This data collection is a separate issue from permissions, even though sometimes permissions are needed to collect data. To understand the extent of data collection by these AI Chrome extensions, researchers from Incogni delved into their data gathering practices.
The extensions they studied, on average, collect around 1.4 pieces of information each. This average includes those 41% of extensions that claim they don’t collect any data at all. Within the seven categories of AI extensions examined, each category had at least one extension that gathers personally identifiable information (like your name, address, or identification number), user activity (which can involve monitoring your internet activity and tracking your mouse movements or keystrokes), and website content. Interestingly, none of the extensions were found to collect health information.
The researchers at Incogni discovered that a significant portion of these extensions are collecting rather private types of data. Specifically, 44% of the 70 extensions studied collect personally identifiable information, 21% collect user activity data, and 11% gather users’ location data.
While some types of user data aren’t collected as frequently, they are still noteworthy. Among the AI-powered categories, only writing and personal assistant extensions were found to collect a user’s web history. Examples of such extensions include HyperWrite and Magical: ChatGPT AI Writer & Text Expander. Moreover, personal assistants were the only category collecting financial and payment information, with Jasper and Monica being among those extensions.
Now, if we zoom in on individual extensions, we can see that HyperWrite collects the most data points, a total of 6. Following closely behind, four extensions gather 5 data points each: Grammarly, Magical: ChatGPT AI Writer & Text Expander, Guidde, and Jasper.
Top 5 Trending AI Chrome Extensions: A Quick Look
1.Grammarly
Grammarly is the most popular Chrome extension with 10 million users. It collects data like personally identifiable information, location, and user activity. Users grant it permissions for things like scripting. It has a high risk impact but a very low risk likelihood.
2.QuillBot
QuillBot is the second most popular with 2 million users. It collects data such as website content, personally identifiable information, location, and user activity. It asks for permissions like scripting and activeTab. It also has a high risk impact but a very low risk likelihood.
3.WebChatGPT
ChatGPT with Internet Access is the third most popular with 1 million users. Surprisingly, it doesn’t collect any user data points and only requests one permission: storage. However, it has a high risk impact and a very high risk likelihood.
4.Monica
Monica is the fourth most popular with 700,000 users. Users give up data points like personally identifiable information, financial info, and personal communications. It asks for 3 permissions, including scripting. It has a high risk impact but a low risk likelihood.
5.ChatGPT for Search – Support
GPT-4 shares the fourth spot with 700,000 users. It doesn’t collect user data points but requests 4 permissions, including scripting. It has a moderate risk impact and likelihood.
Conclusion
In conclusion, In the world of technology, we now have incredible tools powered by advanced language models and clever algorithms. These tools are like pioneers in the “wild west” because they’re so new and groundbreaking.
Some well-known tools, like Grammarly, have the potential to cause problems, but in reality, they’re very unlikely to do so because they have a great reputation. On the other hand, some extensions pose a higher risk both in terms of potential harm and the likelihood of causing issues. These aren’t the best choice if you want to prioritize privacy and security.
To make smart choices when using AI-based Chrome extensions, it’s important to look at their risk ratings, what permissions they need, and how they handle data. While it might take some time, doing this is crucial to protect your data and keep your privacy intact.
