Big Help or Big Brother? Auditing Tracking, Profiling, and Personalization in Generative AI Assistants

Browser assistants have started to integrate powerful capabilities of GenAI in web browsers to offer functionalities such as question answering, content summarization, and agentic web navigation. These assistants, available today as browser extensions, raise significant privacy concerns because they can track detailed browsing activity (e.g., searches, clicks) and autonomously perform tasks such as form filling. In this paper, we analyze the design and behavior of GenAI browser extensions, focusing on how they collect, process, and share user data, and whether they profile users based on explicit or inferred demographic attributes and interests. We develop a novel prompting framework and perform network traffic analysis to audit the nine GenAI browser assistants for tracking, profiling, and personalization.

We find that GenAI browser assistants typically rely on server-side APIs rather than local models, and can be invoked automatically without explicit user interaction. GenAI browser assistants often collect and share full webpage content, including the HTML DOM and user form inputs in some cases, with their first-party servers. Some also share identifiers and user prompts with third-party trackers such as Google Analytics. This data collection and sharing happens even on pages containing sensitive information, such as health records or personal information such as names or social security numbers entered in a web form. Moreover, several GenAI browser assistants infer attributes (e.g., age, gender, income, interests) and use them to personalize responses across browsing contexts. Our findings show that GenAI browser assistants collect and share personal and sensitive information for profiling and personalization, highlighting the need for safeguards as they increasingly mediate web browsing.