China-developed Deepseek AI has raised lots of concerns about privacy and security since the launch, where some governments do not offer the service at all or launch studies of its data processing practice. In terms of privacy, the Chinese chatbot may not be the worst offender.
According to recent data from Surfshark, one of the best VPN providers on the market, Google Gemini takes the gold medal to the most data-hungry AI-Chatbot app. Deepseek actually comes only Fifth out of the 10 most popular applications for aggressive data collection.
Surfshark researchers also found a worrying 30% of the analyzed chatbots share user data, such as contact information, location and search and browser history, with third parties, including data brokers.
The real cost of using AI -Chatbots
As Tomas Stamulis, Chief Security Officer at Surfshark, explains, the apps we use every day regularly collect our personal information. While some of this data is needed for the functionality of the applications, others are linked to our identity. He said, “Ai Chatbot apps can go even further by treating and storing conversations.”
To determine the real privacy prize mark that was attached to AI -Chatbots, Surfshark researchers looked at the privacy of the 10 most popular apps in the Apple App Store. They then compared how many types of data each app collects, whether it collects data associated with its users and whether the app includes third -party ads.
The analysis revealed an average of 11 different types of data out of the 35 possible. As mentioned earlier, Google Gemini Stands out as the most data -hungry service, collects 22 of these data types, including very sensitive data such as precise location, user content, device contact list, browsing history and more.
Among the analyzed applications Google GeminiAt Copilotand Confusion was found to collect precise location data. The controversial Deepseek Chatbot stands right in the middle and collects 11 unique types of data, such as user input as a chat story. The main question here – and what attracted complaints about privacy according to GDPR rules – is that the provider’s privacy policy claims to keep this data as long as needed on servers located in China.
Its rival, ChatgptIs hot on Gemini’s heels, with 10 types of data collected. These include contact information, user content, identifiers, use data and diagnostics. It is also worth noting that while Chatgpt also collects chat history, you can choose to use temporary chat instead of ensuring that this info is deleted after 30 days – or asks for the removal of personal data from its training kit.
However, apps’ data collection is only one side of privacy.
This is because Stamulis explains: “This data could be used in the business or shared across third-party networks that potentially reach hundreds of partners and lead to heavily targeted ads or an increase in spam calls.”
Researchers also found that 30% of these chatbot apps also track user data. This means that user or device data collected from the app is linked to third-party data for targeted advertising or advertising measurement purposes.
CopilotAt Poeand Jasper are the three apps that collect data used to track you. Essentially, this data could be “sold to data brokers or used to display targeted advertisements in your app,” noted Surfshark experts. Copilot and POE collect only Device -IDs for this purpose, while Jasper collects device’s IDs, product interaction data, advertising data and other use data referring to “other data on user activity in the app”.
“As a rule, the more information is shared, the greater the risk of data leaks,” said stamulis, adding that cyber criminals are known to exploit these events to create personalized phishing attacks that can lead to massive economic losses.
Stamulis recommends paying attention to the information you provide chatbots, reviewing your sharing settings and disabling chat history whenever possible.
