Think your late-night ChatGPT brainstorming sessions are completely confidential? A historic new U.S. court ruling just proved that your AI chat history can (and will) be used against you in a lawsuit

The Delaware Court of Chancery just sent shockwaves through the tech and business worlds by using a CEO’s ChatGPT logs as the ultimate smoking gun in a massive $250 million acquisition dispute. The case revealed that the executive had actively used the AI to map out a step-by-step playbook on how to bypass a stock buyout agreement and push out the company's founders under false pretexts. Even though the CEO tried to delete his chat history to cover his tracks, it didn't save him — the court used the recovered AI strategy as concrete, undeniable proof of bad faith.

This isn't just a wild corporate scandal; it marks a massive shift in digital privacy. U.S. courts are increasingly requesting AI chat histories as standard evidence during the pre-trial "discovery" phase. Because your daily conversations with cloud-based chatbots are saved indefinitely on tech company servers, they enjoy zero legal immunity. If a lawyer subpoenas the developer, your entire prompt history is fair game.

We’ve always hammered home one golden rule: if your data lives on someone else's server, it is never truly private. Treating a cloud-based AI like a confidential diary or a secret business co-pilot is a dangerous trap. If you wouldn’t want a judge, a competitor, or a data broker reading your prompts, you shouldn't be typing them into a chatbot in the first place.

Will knowing your AI history can be legally dragged into a courtroom change how you use chatbots for work or personal projects?

You probably have Google’s Location History enabled right now. Or at least Google really wants you to. Apps like Google Maps constantly push users toward enabling location tracking to unlock “better experiences”: personalized recommendations, traffic predictions, trip timelines, automatic photo grouping, reminders about places you visited, and other convenience features that quietly depend on Google knowing where you are — and where you’ve been.

Although Location History is technically off by default, Google repeatedly prompts users to turn it on across Android setup screens and apps like Maps, Photos, and Assistant. Once enabled, it keeps collecting location data in the background, even when you are not actively using Google services. Over time, it builds an extremely detailed timeline of your movements, routines, and habits.

That timeline can reveal far more than many people realize: where you sleep, where you work, which clinics you visit, which bars you frequent, when you attend religious services, therapy appointments, or someone else’s apartment at 11 p.m.

Most users would probably consider that information deeply private. The US government, however, is now arguing otherwise. And that argument sits at the center of a major Supreme Court case that could reshape digital privacy in America

The case that can change how location data is seen

The case revolves around Okello Chatrie, who was seen on surveillance footage speaking on his cellphone while robbing the Call Federal Credit Union in Midlothian, Virginia, on May 20, 2019. According to investigators, Chatrie entered the bank armed, threatened employees, and escaped with roughly $195,000 in cash.

Police had few leads, but they noticed him talking on the phone during the robbery. That detail led investigators to request a geofence warrant from Google. A geofence warrant is a type of warrant that forces the company to hand over location data for every device detected within a certain area during a certain timeframe. In this case, authorities requested data for all devices within roughly 150 meters of the bank during the robbery window. Privacy advocates supporting Chatrie later compared the search area to several football fields laid side by side — large enough to sweep in nearby homes, businesses, and even a church, not just the bank itself.

Google then searched through its Location History database and returned anonymized data tied to devices that had been inside the area. Investigators initially received information linked to 19 devices. From there, without obtaining additional warrants, police requested additional location history for selected devices over a longer time window to study their movements before and after the robbery. Eventually, authorities asked Google to fully de-anonymize three accounts.

One of them belonged to Okello Chatrie. Investigators later searched his home and reportedly found around $173,000 in cash, along with firearms and clothing connected to the robbery. The location data ultimately became one of the key pieces of evidence used in the case against him.

As of 2026, the case — Chatrie v. United States — is being debated at the US Supreme Court, which will decide whether these kinds of geofence warrants violate the Fourth Amendment’s protections against unreasonable searches.

Private or not?

The US government’s position is essentially this: users voluntarily enabled Location History, voluntarily shared that data with Google, and therefore cannot expect it to stay private. Prosecutors also argue that location data reflects movements people made in public spaces anyway, so collecting those records is not the same as rummaging through someone’s house or personal diary. Privacy advocates and Chatrie’s legal team strongly disagree with that framing.

For starters, while Location History is technically optional, Google has spent years aggressively nudging users to enable it. During Android setup, inside Google Maps, Photos, Assistant, and other apps, users are repeatedly encouraged to turn it on in order to “improve” their experience or unlock certain features. Once enabled, the setting quietly expands across devices and services, continuously collecting location data in the background. Turning it back off is possible, but Google hardly makes that process obvious. Internal company messages cited in court filings even described parts of the interface as feeling designed to discourage people from figuring out how to fully disable tracking.

And then there is the bigger issue: just because something technically happens “in public” does not mean people expect the government and less so a private company like Google to build searchable historical records of it.

You may walk into a pharmacy in public. You may visit a therapist’s office, a casino, or someone else’s apartment building in public. That does not mean most people expect every one of those visits to be logged, stored for years, and later searchable by police through a giant corporate database.

For its part, Chatrie’s legal team argues that Location History is far more revealing than ordinary business records that the government compares it to. Over time, it can expose routines, relationships, political activities, medical concerns, religious beliefs, and countless other deeply personal details. And despite Google initially providing anonymized device IDs, privacy advocates argue that location data is notoriously easy to re-identify. A few location points are often enough to determine where someone lives, where they work, and ultimately who they are.

That concern is not theoretical. Court filings in the case note that Google itself has the ability to de-anonymize users internally. Researchers and privacy experts have also repeatedly demonstrated how supposedly anonymous location datasets can be linked back to real individuals using publicly available information.

In other words, the government is effectively arguing that one of the most sensitive forms of personal data people generate today should receive weaker constitutional protections simply because it happens to sit on Google’s servers instead of inside a filing cabinet at home.

Why it raises privacy concerns

Now let’s zoom out a bit and look at why geofence warrants worry privacy advocates far beyond this one robbery case.

The Fourth Amendment was written specifically to protect people against broad, suspicionless government searches. It states that warrants must be based on probable cause and must particularly describe the place to be searched, and the persons or things to be seized. In simple terms, the government is supposed to know who or what it is looking for before it starts digging through private information.

Traditionally, investigators identified a suspect first and then sought permission to search that person’s property or records. Geofence warrants turned that logic entirely upside down. Police now first collect data on everyone present within a digital perimeter and only afterward narrow down potential suspects. In practice, these warrants quietly pull innocent people into investigations simply because their devices happened to be nearby. Residents, employees, customers, commuters, delivery workers, and passersby can all end up inside a law enforcement dragnet without ever knowing it.

And while authorities often describe the process as anonymous, location data is rarely anonymous in any meaningful sense. Movement patterns are deeply personal by nature. A few location points can often expose where someone lives, where they work, who they spend time with, and what places they regularly visit.

We already explored how revealing mobile location data can become in our article on Webloc and the hidden market for location intelligence. The same kinds of datasets collected for advertising, analytics, and app features have quietly fueled an entire industry built around tracking people’s movements, profiling behavior, and selling location intelligence to private companies and government agencies alike. Geofence warrants effectively tap into that same ecosystem. If you want a deeper look at how valuable and invasive location data has become, that story is well worth reading.

Treating this kind of information as fair game simply because it was uploaded to a cloud service risks normalizing a surveillance model where authorities can retrospectively map the movements of entire groups of people whenever they choose. And once systems like that exist, history suggests they rarely remain limited for long.

What begins as a tool for investigating serious crimes can gradually expand into broader forms of monitoring, especially once governments grow accustomed to having access to massive pools of behavioral data collected by private companies.

Google moved location history on device, but problem is still here

Partially in response to the growing backlash around geofence warrants and mass location tracking, in December 2023, the company said it would begin moving Location History data from the cloud directly onto users’ devices, with the transition rolling out throughout 2024. By July 2025, large-scale geofence searches against Google’s centralized Location History database were effectively no longer possible in the same form, simply because Google no longer stored everyone’s movement history together on its own servers.

That was undeniably a good thing for privacy. But the bigger problem did not magically disappear together with Google’s old cloud-based database.

As the Electronic Frontier Foundation (EFF), the ACLU, and other privacy groups warned in their Supreme Court filing supporting Chatrie, this case was never really just about Google. It is about the broader idea that companies can quietly accumulate enormous amounts of behavioral data on millions of people and that governments may later treat those databases as fair game for investigations.

Google is hardly the only company collecting location data. Countless apps, data brokers, advertising firms, telecom providers, and analytics companies still gather and monetize extremely detailed information about where people go and what they do. Entire industries now exist around buying, selling, analyzing, and sharing location intelligence.

That is exactly why this case matters so much even after Google changed its systems, and this is where the case stops being just about one robbery and starts becoming a much bigger fight over what “private” even means in the digital age.

What you can do

The uncomfortable reality is that modern smartphones are tracking machines by design. There is no magic switch that gives you every convenience feature without any privacy tradeoff.

That said, reducing how much location data gets collected in the first place still matters a lot.

If you do not actively use Google Maps Timeline or similar features, consider turning off Location History entirely and deleting old location records from your Google account. It is also worth reviewing which apps actually need constant access to your location and switching unnecessary permissions to “While Using the App” — or removing them altogether. In most cases, there is little reason to keep precise geolocation enabled all the time if you are not actively using navigation, maps, or location-based features at that moment. And more broadly, it is worth remembering that convenience features often quietly outlive the reasons you originally enabled them for.

The Supreme Court’s decision, expected later this summer, could end up affecting far more than just geofence warrants. The case may help decide how much privacy people actually have over sensitive digital data stored by companies like Google, and how easily governments can access it.

Google has published its yearly Ads Safety Report for 2025, in which it disclosed the numbers behind bad ads, with its focus being on the key role of Gemini-powered tools in identifying and stopping them. And when you look at these numbers, it’s hard not to feel impressed, at least at first glance: over 8.3 billion bad ads blocked or removed, 4.8 billion ads restricted, and just under 25 million advertiser accounts suspended. Google emphasizes that 99% of all policy-violating ads were blocked before they could ever be served to users — again, claiming that Gemini’s role was instrumental in that. We are not here to deny credit where it’s due: fighting bad ads is important. But this is also something Google is expected to do as the platform owner. The results are commendable, but they also highlight how predatory and hostile the advertising ecosystem can be.

How AI helps Google detect ‘bad ads’

Google’s main claim in favor of an AI-based approach when evaluating an ad’s legitimacy is that it doesn’t base the enforcement decision purely on keywords, but rather can understand and analyze more complex signals like account age, behavioral cues, and campaign patterns. Bad actors often design their scam ads to mimic legitimate ones, and they take advantage of generative AI to quickly mass-produce different variants, so that some would eventually trick the old pattern matching-based enforcement systems.

Before AI, these older systems looked more like a checklist, checking whether an ad contains certain words, symbols, URL mismatches, formatting tricks, or policy-triggering product categories. Does the ad use banned wording? Does the landing page match the display URL? Does it contain suspicious formatting like F₹€€!? These checks are useful, but they are also fragile and much easier to circumvent by inventive word choices and other clever ploys. For example, something like ‘Lose 20 pounds in a week!’ would be rather easy to detect and flag even under the old system. But imagine a landing page full of false claims, fake testimonials, and hidden subscription terms — and it becomes much harder. No single element indicates a scam, so the checklist approach has a high chance of approving the ad. But an AI system that understands context has a better chance of marking the ad as ‘bad’ with a higher degree of certainty. A good analogy would be airport security marking an individual as suspicious not just based on the illegal items they have in their baggage (the old system), but instead because of their weird behavior, like using different names, only buying one-way tickets, or changing routes frequently.

Gemini takes all this context into account to determine the intent behind the ad and is (at least according to Google itself) very good at identifying scams — over 600 million ads associated with scams were removed and 4 million accounts were suspended for scam-related activity in 2025. Another thing going for Gemini is the ability to automatically process user feedback. According to Google, its teams were able to take action on four times as many user reports as in 2024 as a result of AI integration.

AI shift is happening in ad blocking

The clash between the old and the new approaches to detecting bad ads in Google’s ad ecosystem is not without similarities to ad blocking in general. Many years ago, blocking an ad was as simple as matching the server used to deliver the ad to a set list of ‘bad’ domains. Anything coming from adserver.example.com would get blocked, and that’s that. DNS filtering still works more or less in the same way: it is less flexible, but very efficient, lightweight, and system-wide. Today, ad blockers face entirely different, much harder challenges. Ads and other unwanted requests often blend in with the useful content. Modern filtering rules are nothing like the short, simple rules from the early days of ad blocking. They are extremely complex, and filtering syntax resembles a literal programming language more than anything else.

💡

For a sneak peek into the lives of real filter developers, check out this article on AGLint, a tool designed to help them create filtering rules faster and more easily.

Ad blocking syntax has been constantly evolving to keep up with ever steeper challenges — so far, rather successfully. But the fact that the traditional, filtering rules-based approach hasn’t been replaced by AI so far doesn’t mean that ad blocker developers have dismissed the thought of using AI in ad blocking. On the contrary, they have been exploring AI’s potential in the context of blocking ads, and often in quite unexpected ways. Attempts to use various forms of machine learning (ML) for ad blocking go as far back as at least 2019, when Brave developed AdGraph, a tool that blocked ads and trackers in real time. It showed surprisingly high accuracy, but required deep browser integration and constant maintenance, so it didn’t take off in popularity. There were a few other experiments and research projects that tried to take advantage of ML, but none managed to achieve widespread adoption.

In recent years, with the rapid advancement of AI technologies, the idea of using AI for ad filtering has come up increasingly often. For instance, it was one of the main points of discussion at the last year’s Ad Filtering Dev Summit. At AFDS 2025, several speakers touched on the role of AI in the ad-blocking landscape in their presentations — Ritik Roongta from NYU spoke about how AI can help evaluate ad content, especially for allow-listed ads that may be non-intrusive but still harmful, and Anton Lazarev from Brave explained why ad blockers will stay highly relevant even in the era of AI agents and agentic browsers.

AdGuard’s experiment: Can an LLM spot an ad?

AdGuard has been exploring the same direction. Maxim Topciu, AdGuard’s Web Extensions division Team Lead, has conducted his own research to answer the question: can a blocker understand what appears on the page and decide whether it should be hidden? As we already mentioned, filter lists remain powerful but have limitations: they require manual maintenance, struggle with native advertising, and face additional constraints, like the ones introduced under Manifest V3. Wouldn’t it be great if an ad blocker could determine what is an ad and what is not all by itself? The idea itself wasn’t new, as is evident from the past attempts by Brave and others to achieve similar results, but Maxim went a bit further. One of the advantages of LLMs is that they can make it relatively quick to turn an idea into a working prototype. So Maxim created not one, but three of such prototypes, each analyzing and blocking ads in its own way.

Maxim tested the prototypes on X’s feed. One blurred all the posts, analyzed their content, and then unblurred the ‘good’ ones. The second prototype did the same, but analyzed each post as an image, not as a block of code. The third one allowed the user to set certain criteria, and the LLM would check if the post matched them before deciding whether to hide the post or not. All three approaches worked, but all had their own drawbacks — after all, they were prototypes and very far from being end products.

The experiment showed that AI-based ad blocking is technically possible, but at the same time it became apparent that AI is not yet ready to replace the traditional filter-based approach.

Google’s use of Gemini to identify ‘bad’ ads and AdGuard’s own experiment, despite all their differences and despite serving different purposes, are pointing in the same direction: ad filtering is becoming more semantic. AdGuard’s experiment showed that LLMs can classify content by meaning, not only by selectors or URLs. A vision-based approach can analyze what users actually see, which helps when text is minimal or HTML is obfuscated. The crux of the decision when blocking an ad gradually shifts from “Does this web element match a rule?” to “What is it trying to do? What was the intent behind it?” If you could reliably detect every ad, sponsored post, tracker, and scam by determining their intents, there would be no need for filtering rules. But, evidently, we are not there yet. LLM-based approaches are still largely limited by cost, speed, and practicality. It appears that, while the role of AI in ad blocking is going to grow, it is not going to realistically replace traditional ad blockers in the near future, but rather complement them where filtering rules alone struggle.

Platform safety is not the same as user control

But this is also where the comparison between Google and independent ad blockers ends. The fundamental difference between Google’s use of Gemini and ad blockers’ use of AI lies in their goals. Google uses AI to enforce its own ad policies, while ad blockers exist to enforce the user’s preferences. Currently, users set these preferences by selecting the desired filter lists or by adding custom filtering rules. But AdGuard’s experiment showed that it is entirely within the realm of possibility to introduce user-controlled criteria to a future AI-based ad blocker, too. This is different from Google’s algorithms that do, indeed, block or restrict malicious and dangerous ads — which deserves praise — but doing so also lines up with Google’s own interests. Users don’t have any say in what exactly gets blocked and what comes through. An ad doesn’t have to violate Google’s guidelines to be unwanted. There are plenty of reasons why someone wouldn’t want to see an ad: it may be distracting, privacy-invasive, heavy, or simply irrelevant to the viewer. This is where the roots of the conflict lie: Google’s only concern is whether an ad is allowed inside its ecosystem and follows its rules. From the user’s point of view, the question is broader: do I want this ad on my device?

The anti-scam work that Google does is necessary, but also expected: it is its direct responsibility. The Ads Safety Report should not be read as a final answer to the problem of bad ads. Blocking billions of ads is cool, but even more ads remain. These numbers really put into perspective just how much harmful or questionable material flows through the online ad ecosystem. And this is where the true reason behind Google’s efforts lies. Google is an ad company first and foremost. Its business model is not based on selling Android phones or anything like that — it is centered around the ad ecosystem it has built, and most of its other, numerous branches support it in one way or another. Google has shown time and again that protecting its advertising business weighs heavily in its product decisions. Its safety work is no exception: it is also a necessary concession to keep users within the Google ad ecosystem.

We are not trying to say that Google’s anti-scam efforts are meaningless — of course, it’s better to have no, or close to no, fraudulent and dangerous ads on your phone. It’s even better when you, the user, are the one who controls what else you want or don’t want there. Google’s Ads Safety Report demonstrated how efficient AI can be at identifying unwanted content. Now it’s ad blockers’ turn to find an even better use for this powerful weapon and make it serve a good cause.

 At AdGuard, we’re all for digital cleanliness and privacy — that’s why we build our products. If you already have an ad blocker on all your devices and never shop on public Wi-Fi without a VPN, you’re doing great (honestly, that’s a solid foundation many people miss)

But there’s more to it! Digital self-care is about simple actions you can take for your protection and peace of mind. Here are a few steps to make your online life safer and a little lighter:

 Turn off unnecessary notifications
This reduces cognitive noise and stops apps from constantly fighting for your attention

 Check app permissions
Revoke access to features (like your mic or location) that an app doesn't actually need to function. If a simple calculator wants your contacts, it’s time to say no

 Delete unused accounts
Delete profiles you no longer use so they don’t become easy targets for attackers. It’s a great way to shrink your digital footprint and keep your sensitive info from sitting in forgotten databases

 Get a password manager
Let it generate and store unique passwords so you only have to remember one master key. This secures your accounts and saves you the mental drain of resetting passwords every time you forget them

 Declutter your apps
Remove software you haven’t opened in months to free up space and eliminate security risks from unpatched apps. Your device will feel much tidier after a little digital spring cleaning

 Use temporary emails
Get a separate “burner” mailbox for promos and one-time sign-ups to keep your main inbox clean and spam-free. You’ll breathe easier knowing your important emails aren’t getting buried under a mountain of spam