Phia, an AI shopping agent co-founded by Bill Gates’ daughter Phoebe Gates, has been collecting more than just users’ fashion preferences through its desktop browser extension.
TL;DR
- AI shopping assistant Phia collected sensitive user data, including full webpage content, even from non-shopping sites.
- Researchers discovered Phia's extension logged all visited URLs, potentially reconstructing complete browsing history.
- Phia removed the data collection feature after being notified but did not inform users or confirm data deletion.
- Experts warn that Phia's practices may violate privacy regulations like GDPR and state-level U.S. laws.
According to four cybersecurity researchers speaking with Coins2Day , the company's browser extension, designed to help users compare prices, has been collecting a significant volume of user data. The researchers discovered that an earlier iteration of the extension sent a copy of every webpage a user accessed, even those with sensitive content like bank statements and personal emails, to Phia's servers, regardless of whether the user was actively shopping online.
The AI shopping startup secured its fresh off an $8 million seed funding round, spearheaded by Silicon Valley venture capital firm Kleiner Perkins. This round saw contributions from notable investors such as Hailey Bieber, Kris Jenner, and Sheryl Sandberg. Phia was recognized in October as one of TIME’s Best Inventions of 2025.. Since its launch in April, the New York-based company has experienced swift expansion, attracting hundreds of thousands of users across its app and desktop browser extension.
Dublin-based former Meta software engineer Maahir Sharma was the initial person to identify privacy concerns related to the AI browser extension.
“I began by testing it on Amazon,” he told Coins2Day. “But what really caught my attention was the number of requests being sent, transmitting product page details back to their servers.”
He stated that transmitting retail site data for comparison and other AI-driven features was somewhat anticipated, but he became alarmed after observing the same network calls occurring in the background while he was checking his Gmail.
“Why was the extension making requests when I hadn’t interacted with it at all,” he said. “I discovered that the URL of every tab I visited was being logged, which was a red flag. Technically, this meant my complete browsing history could be reconstructed from this data alone.”
He discovered that the extension not only monitored browsing habits but also covertly gathered complete copies of every webpage a user accessed, transmitting them to Phia's servers via a hidden code function labeled “logCompleteHTMLtoGCS.”
Essentially, the extension extracted the complete HTML code—the underlying text dictating a webpage's appearance and functionality—then compressed it and transmitted the data to the company's servers via automated data transfers called API requests, according to researchers. This implies that each page a user visited was being duplicated, bundled, and sent away discreetly, apparently without the user's permission or awareness.
“I tested it using a Revolut account while the extension was installed. And, unsurprisingly, that activity was logged as well,” he said, referring to the popular digital bank. “At that point, I was honestly at a loss for words.”
Coins2Day,'s review of Sharma's findings was followed by replication from three separate researchers, including Accolite software engineer Kushagra Sharma, and an additional review by two cybersecurity specialists.
Following Sharma's contact with Phia late last week to notify them of the problem and ask for remedial actions, the company took down the feature that gathered users' HTML pages. However, they didn't inform users about the potential privacy breach or verify the fate of the transmitted data. Coins2Day initially brought these privacy issues to light.
Security researcher Charlie Eriksen from Aikido Security, after examining the discoveries, commented that the reason for the initial existence of the “archive” functionality within the browser extension remained ambiguous.
“Not only do I not believe the ‘archive’ feature should ever have existed, and question why it was ever implemented, but they have no right to do any such thing under their own privacy policy,” he said. “I’ve seen quite a few messed-up things in my career. This one must be among some of the crazier things.”
A spokesperson for Phia said: “All versions of Phia, current and previous, performed logging in an aggregate and anonymous way for the purpose of identifying and discovering new retail websites. To determine when to appear, the extension previously logged webpage content to understand if the site was a shopping destination. It was also to identify and support additional retailers as they were discovered. Phia currently only logs URLs. Phia has never in the past, or at present stored this data.”
Privacy red flags
According to cybersecurity experts and legal professionals who spoke to Coins2Day. , the quantity of personal data sent to the company’s servers is exceptionally high and may represent a significant breach of privacy.
“The original version collected full page contents, and it was running as a background service. It collected pretty much all web pages for all users, which is a huge security and privacy violation,” Eyal Arazi, head of product strategy at LayerX Security which replicated Sharma’s findings, said.
According to Phia’s own privacy policy, the company “generally excludes personally identifiable information” and collects limited technical data only from “retail sites.” In a Chrome Store disclosure, the company also stated that users’ data is “not being used or transferred for purposes that are unrelated to the item’s core functionality.”
“Its privacy policy fails to highlight this scraping, and emphasizes ‘fundamental principles’ which seem to be in direct contradiction with the data they were actually collecting,” Alexandre Pauwels, a cybersecurity researcher at the University of Cambridge who also analysed the browser extension, said. “Although Phia seems to have addressed the issue, this does not tell us whether or not they have deleted the data itself.”
Experts pointed out that these actions seem to go against the company's public statements regarding minimal data gathering and might breach privacy regulations like the EU's GDPR, which limits handling sensitive personal information without clear permission, and different U.S. State privacy statutes. The browser add-on isn't presently advertised for use beyond the U.S., though European customers can still download and utilize it.
“The practices described would likely breach several core principles of the UK and EU GDPR, including transparency, data minimisation, and lawful basis for processing,” Chris Linnell, associate director of Data Privacy at Bridewell, a cyber security company, told Coins2Day. “Similar principles apply in the United States, though the impact varies by state-level privacy laws.”
Steven Roosa, who leads the U.S. Digital Analytics and Technology Assessment Platform at the law firm Norton Rose Fulbright, concurred that a range of state statutes might be relevant in comparable scenarios.
“Speaking generally, there are various laws that can be potentially implicated in these situations: One is the general state privacy laws. If [a company] is collecting communications between a user and an endpoint, for example, like a user in their bank, they could potentially expect attention from plaintiffs’ attorneys,” he said.
In a statement, a Phia spokesperson said: “As to Phia’s identification of website traffic, this does not constitute a collected or stored usage of Personally Identifiable Information (PII), as also indicated in Phia’s Privacy Policy. Given our transparency and disclosures across Google Chrome’s Web Store, Phia’s Privacy Policy, and Phia’s cookie consent banner, we maintain our compliance standards within any regulations that protect consumers from unfair or deceptive practices.”
Researchers say despite changes, there are still privacy concerns
Despite the recent update, numerous researchers who examined the extension indicated that the updated version continues to pose a risk of revealing private user data.
“In the newer version, they collect only the page URLs. That said, page URLs can also contain sensitive information. For example, a lot of times they can contain search terms or certain identifiable information. If you have a customer ID or national ID in the URL, for whatever reason, that will be collected,” Arazi said.
While the Phia browser tool does not collect URL data for certain websites that the company appears to have “whitelisted”—essentially designated as off limits for data collection—researchers at LayerX Security noted this list was dynamic and resulted in some strange behaviors. They found that the browser does not collect Google search data, for example, but does collect Microsoft Bing search results.
“Since users have to log in [to Phia] with their Gmail/Apple email account, this means that Phia has the ability to perfectly reconstruct the users’ browsing history (regardless of the sites being visited) and associate that history with real user identities,” Nick Nikiforakis, the CEO of cyber security startup LinkSentry and an associate professor of computer science at Stony Brook University said. “From a software engineering point of view, this is unnecessary.”
A Phia representative stated that the firm's “Chrome extension functions like any standard shopping browser extension, logging website URLs in an anonymous, aggregate manner.”
“This momentary check allows us to determine whether a site is a shopping website and to support additional retailers as they are discovered. This data is immediately discarded—it is not collected or stored for future use. Phia does not sell or distribute any user information. All permissions are transparently displayed before downloading from the official app store, and users provide explicit consent in compliance with applicable privacy laws,” they added.
Rapid AI development is creating new security gaps
Sharma, a security researcher with years of experience examining organizations and startups, believes this problem reflects a broader pattern he's observed in today's AI startup landscape.
“The vulnerabilities I’ve seen in startups over the past year have been alarming. These companies are moving at a pace that’s easily ten times faster than what we once considered a standard software development lifecycle,” he said.
Sharma attributes the increase in security vulnerabilities to trends like “vibe-coding”, where developers utilize natural language prompts to guide AI in generating, improving, and fixing code, as opposed to manual line-by-line coding. Agentic AI browsers and their integrated features, including OpenAI’s Atlas and Perplexity’s Comet, also present inherent security dangers. Certain security experts have even debated the value of these browsers for users, given the deep access they need that must be provided for them to be effective.
“While browser extensions may appear harmless, they are, in fact, extremely potent tools that can have wide-ranging access to personal data—and there’s virtually no oversight of them,” Or Eshed, CEO of LayerX Security said. “It’s difficult to say for certain whether this data exposure is the result of malice or malpractice, but the end result is the same.”