Perplexity Comet leaks your entire browsing history to their servers, and there’s no way to turn it off.
Update: as of June 27, 2026 on version 149.0.7827.197 this still reproduces.

Comet’s security and privacy posture is terrible. Much electronic ink has been spilled over Comet’s security holes, including a lot by me, so I won’t go into that too much here except to repeat that prompt injection attacks are essentially trivial to do. Until recently, you could ask Comet to summarize a Reddit post for you, and it could lead to a complete account take over. Maybe one day we’ll come up with better sandboxing for agentic browsing, but until then, you SHOULD NOT be using agentic browsing in any browser where you are logged into your banking or other sensitive accounts. If you’re using the ChatGPT Atlas browser, use logged out mode (and kudos to them for offering that UX affordance).
Leaking URLs to the backend
I dug through and turned off every single toggle in Comet browser’s Privacy and Security settings and found that Comet still leaks every URL you visit to their backend. I even turned off Comet Assistant, with no luck.
This is me simply navigating to my website in Comet: no prompting via AI, no asking questions, simply opening a URL.

Screen recording
I made a screen recording to show how Comet leaks the URL on navigation to their backend. To be comprehensive, I did the following steps as setup:
Test setup
- Check that the tool I’m using for inspecting HTTPS traffic (Proxyman) doesn’t have any existing recordings for my website (shivankaul.com) in Comet.
- Ensure that
comet://settings/privacyandcomet://settings/securityhave reporting toggles turned off. This includesImprove search suggestionsandImprove search results with external search engines. - Clear all browsing data, to not bias results.
- Check that the Comet version from
comet://versionis latest (at time of initial writing,141.0.7390.55on macOS arm64. Also reproduced on149.0.7827.197).
Test results
Then for my actual test, I did:
- Open a new tab and manually type in
shivankaul.comin Comet and press Enter. - Go to Proxyman
- See network calls to
https://www.perplexity.ai/rest/autosuggest/list-autosuggest?version=2.18&source=defaultwith a request body that contains"source_tab_url": "https://shivankaul.com/".
A positive note: Comet does adblocking!
It was cool to see that Comet uses Brave’s open-source adblock-rust engine and Brave’s filter lists to power their adblocking (though it took a few rounds of back-and-forth with their legal counsel to convince them to attribute the project correctly as required under MPL-2.0).


I can think of two reasons for Comet shipping adblocking:
- Adblocking is a table-stakes feature for all browsers, especially newbie ones trying to gain any market share at all.
- Agentic browsing benefits from blocking unhelpful cruft on websites. Fewer “subscribe to my newsletter!!!” popups means fewer tokens used by your agent trying to dismiss them, and less likely it’ll get confused trying to find Thanksgiving recipes.
I’m guessing it’s a combination of both.
Sounds like ChatGPT Atlas also plans to ship opt-in adblocking soon. Third-party adblocking is great for security and privacy, so I’m excited to see more browsers offering it.