AdGuard blog: Ad-blocking extensions that sell your data to advertisers - sounds absurd, but it’s reality

Gandalf_The_Grey · 2026-06-02T13:32:20-0500

People install ad blockers to escape ads and trackers. So discovering that some ad-blocking extensions openly reserve the right to collect and sell users’ browsing data — potentially even to the same advertisers they claim to “protect” users from — feels almost satirical. But according to new research from cybersecurity company LayerX Security, that is exactly what might be happening.

LayerX researchers analyzed privacy policies of 6,666 extensions. Using a combination of AI classification and manual review, they identified at least 82 extensions whose policies explicitly allow user data to be sold, shared, licensed, or commercially transferred to third parties. Of them 75 were still listed in the Chrome Web Store at the time of the research which came out in April 2026.

Some examples highlighted in the report include:

Stands AdBlocker (3 million users)

Poper Blocker (2 million users)

All Block — ad blocker for YouTube (500,000 users)

TwiBlocker (80,000 users)

Urban AdBlocker (10,000 users)

According to LayerX, some of these extensions disclose collecting browsing activity, behavioral profiles, ad interaction data, and even inferred sensitive interests derived from visited URLs.

To be clear: these are not mainstream privacy-focused tools like AdGuard, uBlock Origin, or Ghostery. But they still have massive audiences numbering in the millions. And this is likely only the visible tip of the iceberg. In fact, the problem is far from new. More than five years ago, we identified dozens of fake ad blockers that amassed millions of installs while engaging in deceptive behavior, ranging from collecting user data to injecting ads and tracking scripts into web pages.

Ad-blocking extensions sell data to advertisers | AdGuard

Think your ad blocker protects your privacy? New research suggests some popular browser extensions may be collecting, profiling, and even selling user data to advertisers. Here’s how to spot the red flags before you install.

adguard.com

Extension Developers Sell The Data of At Least 6.5 Million Users - And It’s All Completely Legal - LayerX

Your Extensions Sell Your Data - And It's Perfectly Legal

layerxsecurity.com

Halp2001 · 2026-06-02T13:53:08-0500

The irony is that some ad blockers end up selling the very data they should protect. That breaks user trust and highlights why sticking to reputable projects like uBlock Origin or AdGuard is essential. In the end, it’s about broken expectations: a tool meant for defense turning into another exposure channel.

LinuxFan58 · 2026-06-02T15:53:25-0500

I always check the privacy policy. When there is none, it is a show stopper.

When you look at the Privacy section of Stands Adblocker everything seems to be okay, so Google does zero vetting or checking! When you click on the privacy policy it clearly states that "Stands may also disclose your Personal Data to service providers and affiliates", so the approved USE CASES to which Google refers in the privacy section, do relate to the privacy policy (published or not) of the developer.

When I first read the text I thought that Google had defined a number of approved used cases and developers were committing themselves to those "approved use cases", but is nothing solid, just some fancy text. So to some extend I can understand why people think the privacy policy is okay

Zero Knowledge · 2026-06-02T22:24:22-0500

LinuxFan58 said:
I always check the privacy policy. When there is none, it is a show stopper.

You must be the only one in Europe who does that. I don't bother anymore after reading some industry leading EDR's policies years ago. Horrible stuff to any eyes.

Either companies sell your data or steal your data or actively work and conspire with governments to collect, identify and compromise you. It's no win situation all around.

cartaphilus · 2026-06-02T23:40:17-0500

Gandalf_The_Grey said:
Ad-blocking extensions sell data to advertisers | AdGuard

Think your ad blocker protects your privacy? New research suggests some popular browser extensions may be collecting, profiling, and even selling user data to advertisers. Here’s how to spot the red flags before you install.

adguard.com

Extension Developers Sell The Data of At Least 6.5 Million Users - And It’s All Completely Legal - LayerX

Your Extensions Sell Your Data - And It's Perfectly Legal

layerxsecurity.com

Honestly I trust ADGuard as much as the extensions that ADGuard mentions.

You will always be a product just look at the: "pay a subscription fee to forgo ads in movies and shows" then "we offer an ad supported subscription for the price that used to be ad free but don't worry you have option to pay extra $$$ to be ad free". Then after a few years when brand is established: "now we have 3 subscription models, 1) same price as used to be ad-free but now it's basically your standard TV model with ads every 10 min. 2) the price of our former ad-free plus up but now with limited ads or 3) $$$$$$ tier that behaves like "1" used to be but now for 3 times the price.

LinuxFan58 · 2026-06-02T23:45:24-0500

Zero Knowledge said:
You must be the only one in Europe who does that. .

Yes that will be text on my head stone

I know privacy is a lost cause, but I am trying to limit my foodprint as much as practically is possible. With AI checking policies is actually become less of a nuisance.

Zero Knowledge · 2026-06-03T01:49:03-0500

LinuxFan58 said:
Yes that will be text on my head stone

I know privacy is a lost cause, but I am trying to limit my foodprint as much as practically is possible. With AI checking policies is actually become less of a nuisance.

The problem is that you expect software companies, applications and services to obey and implement privacy policies correctly. What they say and do is different, even more so behind closed doors faced with national security letter or warrant by intelligence/police or threats unless they obey their masters. Live in reality not in fantasy land.

Sorrento · 2026-06-03T02:49:04-0500

Its still well worth at least trying, companies may or may do what they promise but some effort I still feel is well worth it, as the saying goes: 'I may have a cold but I don't want pneumonia; - As my cat says 'look where I would have been if I had got off the table when you first told me to, but I persisted'...,

Zero Knowledge · 2026-06-03T04:19:17-0500

Yes but you have to acknowledge the world that we live in. Privacy policies are meaningless because they are broken or not enforced.

No one is going to prison for you, not a $5 a month VPN provider or even huge companies with trillions to fight court orders won't protect you.

Accept and move on, but live in reality. As others have said stay safe not paranoid.

LinuxFan58 · 2026-06-03T05:46:42-0500

Zero Knowledge said:
Yes but you have to acknowledge the world that we live in. Privacy policies are meaningless because they are broken or not enforced.

Accept and move on, but live in reality. As others have said stay safe not paranoid.

I rather use MalwareBytes Browser Guard than Symantec Browser Guard, because MBAM has more transparant and tighter privacy policy. Emsisoft and Gdata also have fair data retention and privacy policies (Emsisoft none, Gdata keeps only malware links for 6 days).

Generated (ad) income and user base counts, We can vote with our wallet and software installations/digtal services. Besides functionality, performance and price, I take privacy policy also into consideration. In the EU we live in a relatively free world with institutions protecting consumer interest, so even when I also consider privacy a lost cause, I do believe in regulations to limit abuse of personal data.

Funny thing is that this list proofs your point that companies can tell you in their privacy policy they limit the use, but in practice don´t care (because the money abuse generates and stock value increase). When you can´t win, that does not mean you have to surrender (it happened in the past, have a look at the Russian-Finnish winter war, or the US-Canadian border wars and it happens now with Russian - Ukrainian and US - Iranian conflicts).

Sorrento · 2026-06-03T06:48:28-0500

Zero Knowledge said:
Yes but you have to acknowledge the world that we live in. Privacy policies are meaningless because they are broken or not enforced.

No one is going to prison for you, not a $5 a month VPN provider or even huge companies with trillions to fight court orders won't protect you.

Accept and move on, but live in reality. As others have said stay safe not paranoid.

I'm not talking about illegal or shady activities which i avoid anyway, I'm thinking about basic privacy, I appreciate the world we live in but a few basic precautions when using extensions or software, it takes seconds why not do it? The same applies preventing infections, how we do things does make a difference, both in cyber life & physical...

lokamoka820 · 2026-06-03T09:08:11-0500

When it comes to privacy products, I don't bother reading company policies, not because I distrust what's written, but because they often require legal expertise to fully understand. Instead, I rely on resources with proven reputations for prioritizing privacy, such as Privacy Guides.

Zero Knowledge · 2026-06-03T18:29:07-0500

Sorrento said:
I'm not talking about illegal or shady activities which i avoid anyway, I'm thinking about basic privacy, I appreciate the world we live in but a few basic precautions when using extensions or software, it takes seconds why not do it? The same applies preventing infections, how we do things does make a difference, both in cyber life & physical...

You have to consider different countries laws and culture. Back in the day Napster, LiimeWire, AudioGalaxy had privacy policies but did it matter? No, people got huge fines anyway. Now torrent clients have agreements before using that you have to click YES that you will not use it for piracy. There are other cases like posting anti government material that is illegal in certain countries, do you think services/software in those countries obey their privacy policies? Do they even have them? And we haven't even talked about activists or journalists which is a matter of life or death in some countries.

But the major question is do you read the privacy policies of every service/software you use?

Zero Knowledge · 2026-06-03T18:31:22-0500

LinuxFan58 said:
Funny thing is that this list proofs your point that companies can tell you in their privacy policy they limit the use, but in practice don´t care (because the money abuse generates and stock value increase). When you can´t win, that does not mean you have to surrender (it happened in the past, have a look at the Russian-Finnish winter war, or the US-Canadian border wars and it happens now with Russian - Ukrainian and US - Iranian conflicts).

my point exactly, I'm happy you pointed that out. They don't care because they earn less money. Get caught they pay the fine or fight it for years until the EU caves.

In WAR you say? Nothing matters but survival. I doubt Russia or Ukraine cares much about privacy policies when drones are flying into residential apartments.

Search

Search

AdGuard blog: Ad-blocking extensions that sell your data to advertisers - sounds absurd, but it’s reality

Gandalf_The_Grey

Level 85

Ad-blocking extensions sell data to advertisers | AdGuard

Extension Developers Sell The Data of At Least 6.5 Million Users - And It’s All Completely Legal - LayerX

Halp2001

Level 10

LinuxFan58

Level 14

Zero Knowledge

Level 29

cartaphilus

Level 20

Ad-blocking extensions sell data to advertisers | AdGuard

Extension Developers Sell The Data of At Least 6.5 Million Users - And It’s All Completely Legal - LayerX

LinuxFan58

Level 14

Zero Knowledge

Level 29

Sorrento

Level 29

Zero Knowledge

Level 29

LinuxFan58

Level 14

Sorrento

Level 29

lokamoka820

Level 46

Zero Knowledge

Level 29

Zero Knowledge

Level 29

You may also like...