Musk promised truth-seeking AI. When Grok 4 tackles politics, it searches Musk's posts first. Tests show 54 of 64 citations came from him. Accident or intent? The answer matters for every AI system we build.
Experienced developers work 19% slower with AI coding tools but think they're 20% faster. New study challenges AI's flagship use case and shows why self-reported productivity gains can't be trusted.
Elon Musk's 'truth-seeking' AI searches for his personal posts before answering tough questions on Israel, immigration, and abortion. Users found Grok 4 explicitly looks up Musk's views, raising serious questions about AI bias and neutrality.
Browser extensions promised to help users plant trees and boost productivity. Instead, they secretly turned nearly 1 million browsers into web scrapers for a commercial operation disguised as 'bandwidth sharing.'
💡 TL;DR - The 30 Seconds Version
👉 Mellowtel library infected nearly 1 million browsers through extensions claiming to share "unused bandwidth" but actually scraping websites secretly.
📊 245 browser extensions across Chrome (45), Edge (129), and Firefox (71) contained the malicious code, with most still active.
🔒 The library removes security headers from every website users visit, making browsers vulnerable to attacks normally blocked.
🏭 Mellowtel's creators also run Olostep, a commercial web scraping service that likely uses infected browsers as scraping nodes.
🚨 Google removed 12 Chrome extensions for malware, but 233 extensions remain active across all browsers.
🌍 Corporate networks face particular risk as employee browsers can provide access to internal systems through VPN connections.
Browser extensions promise to make your life easier. Plant virtual trees. Block ads. Organize your tabs. What they don't mention is turning your computer into a web scraping bot.
Security researchers discovered that a library called Mellowtel has infected nearly 1 million browsers with code that secretly scrapes websites. The company markets itself as helping extension developers monetize their work through "consensual bandwidth sharing." Users think they're supporting their favorite extensions by sharing unused internet capacity.
The reality is far less charitable. Mellowtel injects hidden web pages into every site you visit, scrapes the content, and sends it back to Amazon Web Services servers. Your browser becomes an unwitting participant in a commercial web scraping operation.
Mellowtel's GitHub page reads like a tech startup's dream manifesto. "Open-Source, Consensual, Transparent," it declares. The company promises developers an easy way to earn money without compromising user privacy. Users can "decide if they want to support you by sharing a fraction of their unused internet bandwidth."
The technical reality tells a different story. Once installed, Mellowtel waits for a delay period to avoid detection tools. Then it creates a websocket connection to AWS Lambda functions and starts receiving scraping requests. The library injects invisible iframes into whatever website you're visiting, loads the target URLs secretly, and extracts their content.
This isn't passive bandwidth sharing. It's active web scraping using your browser as cover.
Web browsers include security features specifically designed to prevent this kind of behavior. Content Security Policy headers and X-Frame-Options tell browsers not to load certain content inside iframes. These protections exist for good reason.
Mellowtel bypasses these safeguards by requesting broad permissions from browser extension stores. The library uses declarativeNetRequest permissions to strip away security headers from every website you visit. It removes Content-Security-Policy, X-Frame-Options, and several other protection mechanisms.
Your browser becomes more vulnerable to attacks that would normally be blocked. Mellowtel claims it restores these headers after completing its scraping, but creates a window of vulnerability across all your web browsing.
The people running Mellowtel aren't hiding their true business model very well. Security researcher Jacob Tuckner traced the library's creators to a company called Olostep, which sells "The World's Most Reliable and Cost-effective Web Scraping API."
Olostep's documentation shows how customers can submit URLs for scraping, specify which country the request should appear to come from, and choose data formats. The service promises to avoid bot protection and parallelize requests with ease.
The connection becomes clear when you realize Mellowtel's scraping requests follow the same pattern as Olostep's API. Browser extensions running Mellowtel effectively become nodes in Olostep's commercial scraping network.
Even the "Idle Forest" extension that Mellowtel showcases as an example turns out to be run by Mellowtel employees. The supposed independent developer advocating for tree planting is actually part of the scraping operation.
Tuckner's research found Mellowtel embedded in extensions across all major browsers. Chrome hosts 45 affected extensions, Edge has 129, and Firefox contains 71. Nearly 1 million users have installed extensions containing this library.
Google has started removing Chrome extensions for malware, with 12 of the 45 known extensions now inactive. Edge and Firefox have been slower to respond, with only 8 and 2 extensions removed respectively.
Some extension developers have removed Mellowtel from newer versions after learning about its true functionality. Others continue running the library, either unaware of what it does or choosing to ignore the implications.
This isn't the first time browser extensions have been used to collect user data at scale. In 2019, researchers exposed a similar operation called Nacho Analytics that swept up browsing data from 4 million users.
That collection included surveillance videos from Nest cameras, tax returns, billing invoices, business documents, and presentation slides. The dragnet captured travel itineraries, private Facebook photos, patient information, and proprietary data from Tesla, Blue Origin, and major pharmaceutical companies.
Nacho Analytics shut down shortly after the exposure, but the underlying problem persists. Browser extensions provide a convenient way to access user data and network resources without clear disclosure or meaningful consent.
Corporate networks face particular risks from this kind of extension behavior. Mellowtel makes arbitrary web requests that appear to come from legitimate employee browsers. Security teams monitoring network traffic might flag these requests as suspicious without realizing they're coming from a browser extension.
The library also allows scraping requests to leverage whatever network access the host computer has. An employee connected to a corporate VPN effectively gives Mellowtel access to internal networks. While the library includes some code to prevent access to authentication cookies, that protection could be bypassed by extension developers or future updates.
Companies using Olostep's scraping service could potentially access internal corporate resources through employees' browsers without those employees' knowledge or consent.
Mellowtel exploits a real problem in browser extension development. Creating and maintaining extensions requires significant time and effort, but users rarely pay for them directly. Developers often struggle to find sustainable business models.
This creates opportunities for companies offering "monetization-as-a-service" solutions. Many of these services track user behavior to generate advertising profiles or inject affiliate links. Mellowtel's approach of turning users into scraping bots represents a new variation on this theme.
The company positions itself as a more ethical alternative to data harvesting, but the end result is similar. Users become unwitting participants in commercial operations they never explicitly agreed to join.
Why this matters:
• Browser extensions can access your computer's network and processing power for commercial purposes without clear disclosure, turning basic productivity tools into revenue-generating operations you never signed up for.
• The same techniques used for "bandwidth sharing" can potentially access corporate networks and internal resources, creating security risks that traditional monitoring might miss.
Q: How can I check if my browser extensions use Mellowtel?
A: Security researcher Jacob Tuckner published a complete list of affected extensions at his research site. You can also check extension permissions - Mellowtel requires "declarativeNetRequest" and access to "all URLs." Extensions asking for these broad permissions deserve extra scrutiny.
Q: What exactly is web scraping and why would companies pay for it?
A: Web scraping extracts data from websites automatically - prices, reviews, contact information, or content. Companies pay because large-scale scraping gets blocked by anti-bot systems. Using real user browsers makes scraping look legitimate and bypass these protections.
Q: How much money do extension developers actually make from Mellowtel?
A: Mellowtel doesn't publish payment rates. The company claims developers get "paid for bandwidth sharing" but likely earns far more from selling scraping access through Olostep. Most extension developers probably make pennies while Mellowtel captures the bulk of revenue.
Q: Why don't Chrome, Firefox, and Edge automatically catch this behavior?
A: Browser stores review extensions before publication, but millions of extensions make thorough analysis difficult. Mellowtel's code is open source and looks legitimate on surface review. The malicious behavior only becomes apparent through deeper technical analysis.
Q: Are there legitimate ways for browser extensions to make money?
A: Yes. Extensions can charge subscription fees, offer premium features, use clearly disclosed advertising, or sell to companies that maintain the original functionality. The key is transparency about what the extension does and how it generates revenue.
Q: What should companies do if employees have installed these extensions?
A: Remove affected extensions immediately. Review network logs for unusual traffic patterns. Consider blocking extension installations on corporate devices or requiring IT approval. Monitor for unauthorized access to internal resources that might have occurred through employee browsers.
Q: How is this different from legitimate bandwidth sharing services like VPNs?
A: VPN services clearly explain they route traffic through your connection and get explicit consent. Mellowtel disguises web scraping as "bandwidth sharing" and operates through browser extensions that users install for unrelated purposes like productivity or entertainment.
Q: What happened to Nacho Analytics, the similar 2019 case mentioned?
A: Nacho Analytics shut down shortly after Ars Technica exposed how it collected browsing data from 4 million users. The company collected sensitive information including tax returns, medical records, and corporate documents. Legal consequences for the operators remain unclear.
Q: How can I protect myself from similar schemes in the future?
A: Only install extensions from developers you trust. Review permission requests carefully - avoid extensions requesting broad access to all websites. Read reviews for mentions of suspicious behavior. Regularly audit your installed extensions and remove ones you don't actively use.
Elon Musk's 'truth-seeking' AI searches for his personal posts before answering tough questions on Israel, immigration, and abortion. Users found Grok 4 explicitly looks up Musk's views, raising serious questions about AI bias and neutrality.
Meta pays $200 million to poach Apple's AI chief, part of a billion-dollar talent grab targeting OpenAI and Google researchers. The twist? Meta's AI models currently rank 17th. Zuckerberg's betting talent can overcome performance gaps.
Musk launches Grok 4 with $300 monthly plan just one day after his AI posted antisemitic content. The timing highlights AI moderation challenges as companies race to release more powerful models while struggling with content control.
OpenAI launches AI-powered browser to challenge Google Chrome's dominance. The move targets Google's data collection engine that powers its $307B ad business. With 400M ChatGPT users as potential adopters, this could reshape the web.
Get the 5-minute Silicon Valley AI briefing, every weekday morning — free.
