A study by researchers from the University of London and the Mediterranean University of the Calabria region, published on the occasion of the Usenix security symposium, shows the danger that browsers have with generative characteristics of artificial intelligence.
To do this, the researchers analyzed nine AI extensions, including Chatgpt, Merlin, Gemini and Copilot. The study highlights “many” personal data “of serious confidentiality problems.”
Data collection even in private navigation
Because to succeed in guiding the user, these AIS must also analyze their activity on the web, whose content of a page, what is happening there and, in particular, the data that can be entered for forms such as banking data and health data. Several of these AIS have demonstrated their ability to deduce age, sex, income and interests of a user. Only an artificial intelligence does not make this profile: perplexity.
To succeed in their evidence, the researchers simulated the profile of a “rich and millionaire man of California”, particularly when interacting with AI attendees. During their navigation on the web, they saw contextualized YouTube videos according to the profile, read items and bought things on Amazon accordingly. They also activated the “private navigation” mode.
Preserve confidentiality more than convenience
During this simulation, they were able to observe that the attendees of IA asked the trackers to analyze the incoming and outgoing data “in real time”. “Although many people know that search engines and social networks collect information about them for specific advertisements, these AI attendees for browsers work with unprecedented access to online behavior of users in areas that must remain private,” explains Dr. Anna Maria Mandalari, the main author of the study.
It also specifies that this important collection is not trivial for companies that manage these AI, since then these data to third parties “in a world where massive tricks are frequent.” No AI company also makes possible to know specifically and easily what is collected and for what purposes.
However, keep in mind that this study is based on US rules in terms of personal data. It can be estimated that in Europe, where the GDPR is present, the data is a little less vampire by these AI attendees. However, this study sounds the alarm for the future: “As the generative is increasingly integrated in our digital lives, we must ensure that confidentiality is not sacrificed for the benefit of convenience,” says Aurelio Canino, co -author of the study.
Source: BFM TV
