Discord had a quest: use Perplexity's Comet browser for 15 minutes, get 5,000 orbs. That's way more than the usual 700.
People got suspicious. Then someone ran it through a malware scanner, saw scary numbers, and panic spread everywhere.
Within hours, Discord servers were posting warnings:
"Comet roots itself into your registry, scrapes your files for AI training, leaves your computer vulnerable."
People were uninstalling it, changing all their passwords, running "deep cleaners."
The problem? Almost none of it was true.
One of the actual "proof" was a Triage scan showing a 9/10 malware score. People saw the number and freaked out without understanding what it actually meant.
Here's what the scan flagged and what it actually means:
"Renames multiple files"
The installer is unpacking browser files. Chrome does this. Edge does this. Every Chromium browser does this.
"Drops startup file"
The browser adds itself to Windows startup. Annoying? Yes. Should ask permission? Yes. Malware? No.
"Reads SSH keys"
It's not stealing your SSH keys. It's accessing Windows Credential Manager to import passwords from other browsers. That's how password import works.
Triage is a tool for malware analysis, it flags behaviors that could be bad. It doesn't understand context.
When you install a browser, all of these are normal. People just saw "malware score 9/10" and panicked.
People kept posting links to articles as proof Comet was dangerous.
Every single article was about the same thing:
a prompt injection bug from August that Brave found and Perplexity fixed.
Prompt injection means you could trick the AI assistant by hiding instructions on a webpage. That's a bug. It got patched months ago.
But people presented it like it was current news proving Comet steals your files. That's either stupid or dishonest.
Perplexity is worth billions (recently valued at $20 billion in September 2025). They have investors like NVIDIA and Jeff Bezos.
Their CEO, Aravind Srinivas, is a former OpenAI researcher.
If they wanted training data, they scrape the web. Legally. Like every AI company.
Why would they:
- Risk billions in lawsuits
- Breaking GPDR
- Destroy their reputation
- Potentially face criminal charges
All to get your screenshots and maybe tax documents?
Your personal files aren't valuable training data. The entire internet is better data and completely legal to use.
This would be corporate suicide for literally zero benefit.
Someone did a real analysis and found something actually suspicious:
Comet detects if it's running in a virtual machine and might change its behavior.
That's weird. Malware does this to hide from analysis. But some legitimate software does it too (to disable features that don't work in VMs).
Perplexity should explain why their browser does this. That's a fair question.
But "this one behavior is unexplained" is not the same as "it's definitely stealing all your files."
A YouTuber named SomeOrdinaryGamers made a video about Comet, and suddenly everyone was convinced Comet "steals everything".
The goalposts shifted from "it's scraping your files" to "the privacy policy proves they're collecting all your data."
Let's actually read what the policy says.
What Comet collects:
- Browsing data: URLs you visit, search queries, downloads, cookies. This is what every browser collects.
Chrome does this. Firefox does this. Edge does this. It's how browsers work.
- Technical data: Your OS, hardware specs, crash reports, IP address. Again, standard.
Browsers need this for updates, security patches, and bug fixes.
Optional sync data: If you sign in to your Perplexity account, you can sync passwords, bookmarks, and settings across devices.
This is optional. You don't have to sign in.
Settings and preferences: Your privacy settings, appearance choices, tracking preferences.
So they can remember how you configured the browser.
The key part everyone ignored:
"However, you have the option to block Comet from using this information, as well as browsing history, to improve Comet and search functionality. Furthermore, if you browse in Incognito Mode, we will not collect or store Browsing Data or records of your downloads."
You can turn off data collection. Incognito mode doesn't collect browsing data. There's literally a toggle at perplexity.ai/account/preferences to disable AI data retention.
What they DON'T do:
"We do not 'sell' or 'share' (as those terms are defined under the CCPA) personal information, nor have we done so in the preceding 12 months."
They're not selling your data to advertisers. They explicitly state this under CCPA compliance.
What people claim vs what the policy says:
Claim: "They're scraping all your files for AI training"
Policy: Collects browsing data (URLs, searches) with an opt-out option. No mention of scanning local files.
Policy: Collects browsing data (URLs, searches) with an opt-out option. No mention of scanning local files.
Claim: "They're stealing your passwords"
Policy: Passwords are only saved if you create a Comet profile and choose to save them. This is standard browser functionality.
Policy: Passwords are only saved if you create a Comet profile and choose to save them. This is standard browser functionality.
Claim: "They're tracking everything you do"
Policy: You can disable tracking. Incognito mode exists. There's a "Do Not Track" option.
Policy: You can disable tracking. Incognito mode exists. There's a "Do Not Track" option.
Claim: "The privacy policy proves they're malicious"
Reality: It's a standard Chromium browser privacy policy. Read Chrome's privacy policy sometime - it's nearly identical.
Reality: It's a standard Chromium browser privacy policy. Read Chrome's privacy policy sometime - it's nearly identical.
People saw:
- High reward (5000 orbs instead of 700)
- An AI company that's unfamilar to them
- Scary scan results they didn't understand
- Old news about a patched bug
- Already didn't trust AI companies
So they believed it without asking for proof.
When people who actually tested it said they found nothing and the claims made no business sense, everyone ignored them.
Because fear spreads faster than facts.
People panicked when an announcement was made in a Roblox Discord server.
Everyone became cautious, started doing virus scans, running uninstallers.
When the Triage scan / news articles got debunked, people moved to the privacy policy.
When the privacy policy turned out to be standard, people moved to "but a YouTuber said so".
When you point out the YouTuber didn't read the policy closely, they move to "but it COULD be doing something worse".
At some point, you have to ask:
"what evidence would actually convince me?"
If the answer is "nothing," you're not being skeptical, you're just committed to the conclusion.
Is collecting browsing data for AI features something you're comfortable with? That's a personal choice.
Chrome collects data for Google's services. Firefox collects telemetry. Safari sends data to Apple. All browsers collect something.
The question isn't "does it collect data", they all do.
But the question is:
- What data specifically?
- Can you opt out?
- Are they transparent about it?
- Do they sell it?
For Comet:
- Standard browsing data (URLs, searches, technical info)
- Yes, you can opt out and use Incognito
- Yes, it's in the privacy policy
- No, they don't sell it (per CCPA disclosure)
No. You might not want an AI browser analyzing your searches. You might not trust Perplexity with your data. Those are valid positions.
Does this mean the privacy policy proves malicious intent?
Also no. It's a standard policy for a Chromium-based browser with AI features. Read Chrome's privacy policy if you don't believe me.
Decide if you're comfortable with what they collect. But don't let people convince you that a standard privacy policy is proof of malware.
The panic kept shifting because each claim got debunked. Maybe that should tell you something about the quality of the claims.
If you just want the 5,000 orbs without dealing with any of this, there's a way to complete Discord quests without actually installing anything.
Amia from Discord Previews made a script that tricks Discord into thinking you completed the quest.
It's a simple Node.js script, you just run it in your DevTools and get the orbs without ever touching Comet.
This works for any Discord quest, not just this one. It's basically gaming Discord's detection system by sending the right signals to their API.
Is this against Discord's terms of service? Probably. Will you get banned? Unlikely, but maybe don't do this on your main account if you care.
But if your takeaway from this whole panic is "I don't trust any of this but I still want my cosmetics," this is your ticket.
There's no evidence Comet is malware. There's no evidence it scrapes your files. The panic was built on misread security scans and people who wanted to believe AI companies are evil.
Does Comet have that one weird VM detection thing? Yes, and Perplexity should explain it.
Is it "definitely malware stealing your data"? No.
The problem isn't just about this browser.
But how easy it is to spread panic and rumors when people don't understand what they're looking at.
Before you share the next "malware warning", ask yourself:
- Do I understand what this scan actually detected?
- Is there real evidence or just vibes?
- Does this claim even make logical sense?
Don't panic first and ask questions later. That's how bullshit spreads.