Privacy Practices of Browser Agents

TL;DR

This paper systematically evaluates the privacy risks of eight popular browser agents using a comprehensive framework, revealing 30 vulnerabilities related to data leaks, tracking, and privacy feature failures.

Contribution

Introduces a novel framework with 15 measurements to assess privacy risks in browser agents and applies it to identify vulnerabilities in recent tools.

Findings

Identified 30 privacy vulnerabilities across eight browser agents.

Discovered issues like disabled privacy features and auto-completion of sensitive data.

Framework effectively highlights privacy risks in automated browsing tools.

Abstract

This paper presents a systematic evaluation of the privacy behaviors and attributes of eight recent, popular browser agents. Browser agents are software that automate Web browsing using large language models and ancillary tooling. However, the automated capabilities that make browser agents powerful also make them high-risk points of failure. Both the kinds of tasks browser agents are designed to execute, along with the kinds of information browser agents are entrusted with to fulfill those tasks, mean that vulnerabilities in these tools can result in enormous privacy harm. This work presents a framework of five broad factors (totaling 15 distinct measurements) to measure the privacy risks in browser agents. Our framework assesses i. vulnerabilities in the browser agent's components, ii. how the browser agent protects against website behaviors, iii. whether the browser agent prevents cross-site tracking, iv. how the agent responds to privacy-affecting prompts, and v. whether the tool leaks personal information to sites. We apply our framework to eight browser agents and identify 30 vulnerabilities, ranging from disabled browser privacy features to "autocompleting" sensitive personal information in form fields. We have responsibly disclosed our findings, and plan to release our dataset and other artifacts.