The in -depth AI developed in China has raised many confidentiality and security problems since its launch, certain governments no longer offering service or launching surveys on its data management practices. In terms of confidentiality, however, the Chinese chatbot may not be the worst offender.
According to recent surfhark data, one of the best VPN suppliers on the market, Google Gemini takes the gold medal for the most swallowed data AI application. Deepseek comes, in fact, only Fifth out of the 10 most popular applications for collecting aggressive data.
Surfhark researchers have also found that 30% of the chatbots analyzed share user data, such as contact details, location and research and navigation history, with third parties, including data brokers.
The real cost of using the AI chatbots
As Tomas Stamulis, Safety Director at Surfshark explains, the applications we use every day regularly collect our personal information. Although some of this data are necessary for the functionality of applications, others are linked to our identities. He said: “AI Chatbot applications can go even further by treating and storing conversations.”
To determine the real price of confidentiality set to AI chatbots, surfhark researchers examined the confidentiality details of the 10 most popular applications on the Apple App Store. They then compared the number of data types that each application collects, whether it be data related to its users, and if the application includes third -party advertisers.
The analysis revealed on average 11 different types of data on the 35 possible. As mentioned above, Google Gemini Stands out as the most swallowed service, collecting 22 of these data types, including very sensitive data such as a specific location, user content, list of device contacts, navigation history, etc.
Among the applications analyzed, only Google Gemini,, Co -pilotAnd Perplexity were found to collect precise location data. The controversial In depth Chatbot is on the right in the middle, collecting 11 unique data types, such as the entry of users such as cat history. The main problem here – and what attracted confidentiality complaints under the RGPD rules – is that the supplier’s privacy policy claims to keep this data as long as it is necessary on the servers located in China.
His rival, Catis hot on Gemini heels, with 10 types of data collected. These include coordinates, user content, identifiers, use data and diagnostics. It should also be noted that, although Chatgpt also collects cat history, you can choose to use temporary cats instead to make sure that this information is deleted after 30 days – or request the deletion of personal data from its training sets.
The collection of applications data is however only one side of the confidentiality problem.
Indeed, Stamulis explains: “These data could be used within the company or shared on third -party networks, to potentially reach hundreds of partners, and leading to highly targeted advertisements or an increase in spam calls.”
Researchers also found that 30% of these chatbot applications also follow user data. This means that user or device data collected from the application are linked to third -party data for targeted advertising or advertising measurement.
Co -pilot,, PoeAnd Jasper are the three applications that collect data used to follow you. Essentially, these data “could be sold to data brokers or used to display targeted advertisements in your application,” said Surfshark experts. Copilot and Poe only collect peripheral IDs for this purpose, while Jasper brings together device IDs, product interaction data, advertising data and other use data, which refers to “any other data on user activity in the application”.
“As a general rule, the greater the information, the greater the risk of data leaks,” said Stamulis, adding that cybercriminals are known to exploit these incidents to create personalized phishing attacks that could cause massive financial losses.
Stamulis recommends being aware of the information you provide to chatbots, revising your sharing settings and deactivation of cat history as far as possible.
