Phia, the AI-powered shopping browser extension co-founded by Phoebe Gates and Sophia Kianni, experienced explosive growth in 2025. It raised tens of millions in venture funding, surpassed one million downloads, and earned media praise, including recognition as a TIME Best Invention. Marketed as an intelligent tool that compares prices across 40,000+ retailers and surfaces discounts in real time, Phia positioned itself as a helpful AI shopping assistant.
However, two serious controversies have exposed significant issues with its data collection practices and affiliate monetization methods. In November 2025, independent security researchers revealed that the extension was capturing and transmitting full HTML snapshots of nearly every webpage users visited — including sensitive banking and email content. Then, in July 2026, Bloomberg, prominent affiliate marketing expert Ben Edelman, and others documented that Phia had been engaging in cookie stuffing and forced-click techniques, quietly claiming commissions on purchases it did not legitimately refer.
These incidents highlight critical failures in transparency, data minimization, consent, and compliance with both privacy regulations and affiliate network rules.
Background: Rapid Rise and Broad Permissions
Phia launched around April 2025 as a Chrome browser extension (with companion iOS support). Users install it from the Chrome Web Store, after which it activates during browsing — particularly on retail sites — to analyze pricing and suggest better deals or coupons.
The extension requests broad permissions at install time. According to its Chrome Web Store listing, it discloses handling of personally identifiable information, authentication information, web history, and website content.
The key permission grant is the ability to “read and change all your data on all websites.” This is implemented via content scripts that match broad host permissions (such as ), allowing injection and DOM access across virtually every site the user visits.
Technically, browser extensions like Phia typically consist of content scripts that run in the context of web pages and can read/modify the DOM, background service workers (Manifest V3) or persistent background pages that handle long-running tasks, network requests, and message passing, and popup or side panels for the user interface.
This architecture gives extensions powerful capabilities but also creates substantial privacy and security risks when data flows exceed what is necessary or disclosed.
The 2025 Privacy Scandal: Full HTML Capture via logCompleteHTMLtoGCS
The first major issue surfaced in November 2025 when security researcher Maahir Sharma (formerly at Meta) observed unusual background network activity while testing the extension on Amazon and Gmail.
Technical details of the data collection:
– The extension contained a function named logCompleteHTMLtoGCS (or logCompleteHtmlToGcs).
– On nearly every page load, the content script or background process captured the complete HTML of the current webpage.
– This raw HTML was compressed and transmitted via background API calls (GraphQL queries were also observed) to Phia’s servers at api.phia.com.
– Data was uploaded to what appears to be Google Cloud Storage (GCS), based on the function name.
– The behavior occurred even on non-retail sites and without additional user interaction beyond the initial broad permission grant.
– Captured content included highly sensitive pages, such as bank account statements (e.g., Revolut) and private email inboxes (e.g., Gmail).
Multiple independent researchers replicated the findings, including Kushagra Sharma, Eyal Arazi (LayerX Security), Alexandre Pauwels (University of Cambridge), Charlie Eriksen (Aikido Security), and Nick Nikiforakis (Stony Brook University).
Phia’s privacy policy at the time stated that the company collected “limited technical data” primarily from “retail sites” and generally excluded personally identifiable information. The actual implementation — full-page HTML capture across the entire web — directly contradicted these representations.
Phia’s response and changes:
After being notified, Phia removed the full HTML logging feature. The company stated that data was handled in an “aggregate, anonymous way” solely to identify retail sites and improve product features. They claimed it was not stored long-term and was not sold or distributed. The current version reportedly logs only URLs (though URLs themselves can contain sensitive parameters such as search terms, session IDs, or account references).
Phia pointed to its Chrome Web Store disclosures, privacy policy, and cookie consent banner as evidence of compliance. Critics noted that the policy did not adequately disclose the scope of scraping and that users were not proactively notified about prior data transmissions.
Regulatory implications:
This practice raised clear concerns under data minimization and purpose limitation principles in laws such as the GDPR (Article 5) and various U.S. state privacy statutes (e.g., CCPA/CPRA). Capturing full HTML of banking and email pages far exceeded any legitimate purpose for a shopping price-comparison tool.
The 2026 Cookie Stuffing Scandal: Forced Clicks and Affiliate Link Injection
In July 2026, Bloomberg published a detailed investigation, corroborated by testing from Capital One Shopping and independent researcher Ben Edelman, revealing that Phia’s extension was manipulating affiliate tracking.
Technical mechanisms identified by Ben Edelman (July 9, 2026 analysis):
- Forced / Auto-Dropped Clicks
– Phia used a server-side feature flag called enable_coupon_auto_drop.
– This flag was controlled via requests to https://featureassets.org/v1/initialize, which returned different values based on user-agent (e.g., iOS devices received true).
– When enabled, the extension automatically loaded Phia’s affiliate tracking links in background tabs during the checkout flow on retailers such as Nordstrom, Walmart, Nike, and Zara.
– This set affiliate cookies and claimed credit without any affirmative user click or visible action.
– The feature was introduced in version 1.9.33 on December 13, 2025, and remained active for approximately seven months (including the critical holiday shopping period).
- Failure to Stand Down on Competing Referrals
– Phia monitored redirect chains and affiliate cookies from other publishers.
– In tests, even when a user arrived via a legitimate affiliate link (e.g., from Savings.com or Wirecutter), Phia’s telemetry showed detection of the competitor cookie but still proceeded to place its own.
– API responses included fields such as shouldStandDown (set to false) and canPlaceAffiliateCookie (set to true).
– Telemetry events were sent to https://p.phia.com/events, logging competitor detection while still allowing Phia’s tracking to override.
Phia operated across multiple major affiliate networks, including Impact.com, CJ Affiliate, Rakuten, and Awin. Bloomberg testing confirmed background tab injection and link replacement behavior on these platforms.
Violations of affiliate rules:
Major networks explicitly prohibit these practices:
– CJ Publisher Service Agreement: “Software may not be used to force clicks [or] perform redirects without an affirmative click by a user.”
– Rakuten Affiliate Network Policies: Prohibits forcing clicks or inserting cookies without the user knowingly taking action.
– Awin Code of Conduct: Publishers may only initiate tracking via a tracking link if the user voluntarily and intentionally interacts with it.
Impact.com suspended Phia’s account after the reports and stated it was reviewing affected transactions. Other networks were also notified.
Phia’s response:
Phia described the behavior as resulting from “a recent release our codebase” that caused misattributions for a subset of users. After being contacted by Bloomberg around July 7–9, 2026, the company deployed fixes within roughly 24 hours. Follow-up testing by Bloomberg confirmed the background tab behavior had been addressed. Phia maintained that it had previously been reviewed as compliant by the networks.
Edelman and others argued that the feature’s explicit naming (“auto_drop”), its persistence across multiple releases, and the server-side decisioning architecture made it difficult to characterize as a simple unintended bug.
Compliance, Privacy, and Business Implications with Phia
These incidents expose several systemic issues:
- Browser Extension Architecture Risks
Broad host permissions combined with background service workers enable persistent monitoring and data exfiltration with minimal user visibility. Message passing between content scripts and background processes, along with network request interception capabilities, creates powerful but high-risk environments.
- Data Minimization Failures
Capturing full HTML of every page (including non-retail sensitive content) violated core privacy principles. Even URL-only logging requires strong justification, clear disclosure, and robust controls against re-identification.
- Transparency and Consent Deficiencies
Chrome permission prompts are blunt instruments. Users granting “read and change all data on all websites” do not reasonably expect full-page HTML uploads or automatic affiliate link injection. Privacy policies that claim limited retail-site data collection while actual code behaves differently create significant deception risks.
- Affiliate Marketing Ecosystem Harm
Cookie stuffing and forced clicks divert revenue from legitimate publishers and creators who invest in content and traffic. Merchants end up paying commissions on traffic they would have received anyway. This undermines the incentive structure of the entire affiliate industry.
- Potential Legal and Regulatory Exposure
– Privacy laws: Failures in transparency, purpose limitation, and data minimization under GDPR, CCPA, and similar statutes.
– Unfair/deceptive practices: Misleading privacy disclosures and marketing claims.
– Contractual violations: Clear breaches of affiliate network terms, opening the door to account suspensions, commission clawbacks, and potential litigation from merchants or publishers.
– Historical precedent exists for aggressive enforcement in affiliate fraud cases.
What Happens Now?
For privacy and compliance professionals: Treat browser extensions with the same scrutiny as any high-privilege software. Request technical audits or conduct your own network traffic and code analysis when evaluating tools. Demand granular data flow documentation and evidence of data minimization. Monitor for similar patterns in the growing category of AI agents and shopping assistants.
For developers of browser extensions and AI tools: Apply strict least-privilege principles in manifest permissions. Clearly document and limit background data collection. Separate feature flags and decisioning logic transparently. Obtain meaningful consent for any data collection beyond core functionality.
For affiliate programs and merchants: Strengthen detection of forced-click and stand-down violations. Consider direct relationships with high-volume partners rather than relying solely on sub-affiliate models. Enforce contractual remedies promptly when violations are identified.
For users: Review extension permissions and consider privacy-focused alternatives. Be cautious of tools whose primary monetization appears to rely on aggressive affiliate tactics.
**Phia Moved Quickly to Remediate **
Phia moved quickly to remediate both issues once they became public. Nevertheless, the combination of undisclosed full-page HTML capture and systematic affiliate manipulation has damaged trust and sparked widespread discussion in tech, privacy, and affiliate marketing communities.
These cases underscore a broader lesson for the industry: Technical capability does not equal permission or compliance. As AI-powered tools become more deeply integrated into browsing and commerce, rigorous attention to data minimization, transparent consent, and respect for ecosystem rules will separate sustainable innovations from those that invite regulatory, legal, and reputational consequences.