Normal view

Meta confirms it’s working on premium subscription for its apps

29 January 2026 at 22:06

Meta plans to test exclusive features that will be incorporated in paid versions of Facebook, Instagram, and WhatsApp. It confirmed these plans to TechCrunch.

But these plans are not to be confused with the ad-free subscription options that Meta introduced for Facebook and Instagram in the EU, the European Economic Area, and Switzerland in late 2023 and framed as a way to comply with General Data Protection Regulation (GDPR) and Digital Markets Act requirements.

From November 2023, users in those regions could either keep using the services for free with personalized ads or pay a monthly fee for an ad‑free experience. European rules require Meta to get users’ consent in order to show them targeted ads, so this was an obvious attempt to recoup advertising revenue when users declined to give that consent.

This year, users in the UK were given the same choice: use Meta’s products for free or subscribe to use them without ads. But only grudgingly, judging by the tone in the offer… “As part of laws in your region, you have a choice.”

As part of laws in your region, you have a choice
The ad-free option that has been rolling out coincides with the announcement of Meta’s premium subscriptions.

That ad-free option, however, is not what Meta is talking about now.

The newly announced plans are not about ads, and they are also separate from Meta Verified, which starts at around $15 a month and focuses on creators and businesses, offering a verification badge, better support, and anti‑impersonation protection.

Instead, these new subscriptions are likely to focus on additional features—more control over how users share and connect, and possibly tools such as expanded AI capabilities, unlimited audience lists, seeing who you follow that doesn’t follow you back, or viewing stories without the poster knowing it was you.

These examples are unconfirmed. All we know for sure is that Meta plans to test new paid features to see which ones users are willing to pay for and how much they can charge.

Meta has said these features will focus on productivity, creativity, and expanded AI.

My opinion

Unfortunately, this feels like another refusal to listen.

Most of us aren’t asking for more AI in our feeds. We’re asking for a basic sense of control: control over who sees us, what’s tracked about us, and how our data is used to feed an algorithm designed to keep us scrolling.

Users shouldn’t have to choose between being mined for behavioral data or paying a monthly fee just to be left alone. The message baked into “pay or be profiled” is that privacy is now a luxury good, not a default right. But while regulators keep saying the model is unlawful, the experience on the ground still nudges people toward the path of least resistance: accept the tracking and move on.

Even then, this level of choice is only available to users in Europe.

Why not offer the same option to users in the US? Or will it take stronger US privacy regulation to make that happen?


We don’t just report on threats – we help protect your social media

Cybersecurity risks should never spread beyond a headline. Protect your social media accounts by using Malwarebytes Identity Theft Protection.

Malicious Chrome extensions can spy on your ChatGPT chats

28 January 2026 at 15:34

Researchers discovered 16 malicious browser extensions for Google Chrome and Microsoft Edge that steal ChatGPT session tokens, giving attackers access to accounts, including conversation history and metadata.

The 16 malicious extensions (15 for Chrome and 1 for Edge) claim to improve and optimize ChatGPT, but instead siphon users’ session tokens to attackers. Together, they have been downloaded around 900 times, a relatively small number compared to other malicious extensions.

Despite benign descriptions and, in some cases, a “featured” badge, the real goal of these extensions is to hijack ChatGPT identities by stealing session authentication tokens and sending them to attacker-controlled backends.

Possession of these tokens gives attackers the same level of access as the user, including conversation history and metadata.

In addition to your ChatGPT session token, the extensions also send extra details about themselves (such as their version and language settings), along with information about how they’re used, and special keys they get from their own online service.

Taken together, this allows the attackers to build a picture of who you are and how you work online. They can use it to keep recognizing you over time, build a profile of your behavior, and maintain access to your ChatGPT-connected services for much longer. This increases the privacy impact and means a single compromised extension can cause broader harm if its servers are abused or breached.

According to the researchers, this campaign coincides with a broader trend:

“The rapid growth in adoption of AI-powered browser extensions, aimed at helping users with their everyday productivity needs. While most of them are completely benign, many of these extensions mimic known brands to gain users’ trust, particularly those designed to enhance interaction with large language models.”

How to stay safe

Although we always advise people to install extensions only from official web stores, this case proves once again that not all extensions available there are safe. That said, installing extensions from outside official web stores carries an even higher risk.

Extensions listed in official stores undergo a review process before being approved. This process, which combines automated and manual checks, assesses the extension’s safety, policy compliance, and overall user experience. The goal is to protect users from scams, malware, and other malicious activity. However, this review process is not foolproof.

Microsoft and Google have been notified about the abuse. However, extensions that are already installed may remain active in Chrome and Edge until users manually remove them.

Malicious extensions

These are the browser extensions you should remove. They are listed by Name — Publisher — Extension ID:

  • ChatGPT bulk delete, Chat manager — ChatGPT Mods — gbcgjnbccjojicobfimcnfjddhpphaod
  • ChatGPT export, Markdown, JSON, images — ChatGPT Mods — hljdedgemmmkdalbnmnpoimdedckdkhm
  • ChatGPT folder, voice download, prompt manager, free tools — ChatGPT Mods — lmiigijnefpkjcenfbinhdpafehaddag
  • ChatGPT message navigator, history scroller — ChatGPT Mods — ifjimhnbnbniiiaihphlclkpfikcdkab
  • ChatGPT Mods — Folder Voice Download & More Free Tools — jhohjhmbiakpgedidneeloaoloadlbdj
  • ChatGPT pin chat, bookmark — ChatGPT Mods — kefnabicobeigajdngijnnjmljehknjl
  • ChatGPT Prompt Manager, Folder, Library, Auto Send — ChatGPT Mods — ioaeacncbhpmlkediaagefiegegknglc
  • ChatGPT prompt optimization — ChatGPT Mods — mmjmcfaejolfbenlplfoihnobnggljij
  • ChatGPT search history, locate specific messages — ChatGPT Mods — ipjgfhcjeckaibnohigmbcaonfcjepmb
  • ChatGPT Timestamp Display — ChatGPT Mods — afjenpabhpfodjpncbiiahbknnghabdc
  • ChatGPT Token counter — ChatGPT Mods — hfdpdgblphooommgcjdnnmhpglleaafj
  • ChatGPT model switch, save advanced model uses — ChatGPT Mods — pfgbcfaiglkcoclichlojeaklcfboieh
  • ChatGPT voice download, TTS download — ChatGPT Mods — območbankihdfckkbfnoglefmdgmblcld (original: obdobankihdfckkbfnoglefmdgmblcld)
  • Collapsed message — ChatGPT Mods — lechagcebaneoafonkbfkljmbmaaoaec
  • Multi-Profile Management & Switching — ChatGPT Mods — nhnfaiiobkpbenbbiblmgncgokeknnno
  • Search with ChatGPT — ChatGPT Mods — hpcejjllhbalkcmdikecfngkepppoknd

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

❌