Search papers, labs, and topics across Lattice.
This paper performs a systematic measurement of web tracking in 20 popular AI chatbots, analyzing network traffic to identify the exposure of both conversation content and user identity to third parties. The study reveals that the majority of chatbots (17/20) share information with third parties, including plaintext conversation text, URLs, and user identifiers. Notably, some chatbots expose user identity through support widgets and analytics, even sharing hashed emails in certain instances.
Your AI chatbot conversations aren't as private as you think: most leak conversation content and user identity to third-party trackers.
AI chatbots are becoming a primary interface for seeking information. As their popularity grows, chatbot providers are starting to deploy advertising and analytics. Despite this, tracking on AI chatbots has not been systematically studied. We present a systematic measurement of web tracking on 20 popular AI chatbots. Under controlled settings using a sensitive prompt, we capture and compare network traffic in normal chats and, where supported, private chats. We search for exposure of two categories of information: content, including prompts, prompt-derived titles, chat URLs, and chat identifiers; and identity, including names, emails, account identifiers, first-party cookies, and explicit IP/User-Agent fields in payloads. We find that 17 of 20 chatbots share information with at least one third party. Three chatbots share plaintext conversation text, including both prompt and response snippets, with Microsoft Clarity through session replay. Fifteen chatbots share conversation URLs or chat identifiers with third-party advertising, analytics, or social endpoints. Several chatbots expose user identity through support widgets, analytics, advertising, and session replay tags; in some cases, hashed emails are shared.
