Contemporary LLM-based chatbots (e.g., ChatGPT, Claude) inherently couple users’ personally identifiable information (PII) with conversational data, posing severe privacy risks. Cryptographic or trusted execution environment (TEE)-based privatization approaches remain impractical due to prohibitive computational overhead and platform dependency. To address this, we propose ProxyGPT—the first network-layer proxy-based anonymization system designed specifically for AI chatbots. It leverages volunteer browser proxies to forward user queries, thereby decoupling identity from dialogue history. ProxyGPT integrates TLS-backed data provenance, end-to-end encryption, and anonymous micropayments to jointly ensure security, usability, and long-term sustainability. Human evaluation confirms a statistically significant improvement in users’ perceived privacy protection, while incurred latency remains within acceptable bounds. The system is fully open-sourced.

AI-powered chatbots (ChatGPT, Claude, etc.) require users to create an account using their email and phone number, thereby linking their personally identifiable information to their conversational data and usage patterns. As these chatbots are increasingly being used for tasks involving sensitive information, privacy concerns have been raised about how chatbot providers handle user data. To address these concerns, we present ProxyGPT, a privacy-enhancing system that enables anonymous queries in popular chatbot platforms. ProxyGPT leverages volunteer proxies to submit user queries on their behalf, thus providing network-level anonymity for chatbot users. The system is designed to support key security properties such as content integrity via TLS-backed data provenance, end-to-end encryption, and anonymous payment, while also ensuring usability and sustainability. We provide a thorough analysis of the privacy, security, and integrity of our system and identify various future research directions, particularly in the area of private chatbot query synthesis. Our human evaluation shows that ProxyGPT offers users a greater sense of privacy compared to traditional AI chatbots, especially in scenarios where users are hesitant to share their identity with chatbot providers. Although our proof-of-concept has higher latency than popular chatbots, our human interview participants consider this to be an acceptable trade-off for anonymity. To the best of our knowledge, ProxyGPT is the first comprehensive proxy-based solution for privacy-preserving AI chatbots. Our codebase is available at https://github.com/dzungvpham/proxygpt.