The FreeVPN.One spying scandal has shaken trust in privacy tools. The Chrome VPN extension, previously verified and widely trusted, secretly captured full-page screenshots of users’ browsing and sent them to remote servers—all without consent.
How the Spyware Worked
Researchers at Koi Security uncovered that FreeVPN.One, despite its verified badge and over 100,000 installs, introduced stealthy screenshot capture functionality in early 2025.
Starting July 17, the extension began silently grabbing screenshots of users’ active tabs and uploading them—along with URL, tab ID, and a unique user identifier—to a remote server by employing AES-256-GCM encryption with RSA key wrapping. The spying occurred automatically in the background, without any user prompt—even before interacting with any feature designating “AI Threat Detection”.
Scope and Permissions
While a VPN extension typically only needs proxy and storage permissions, FreeVPN.One required access to all URLs, tabs, and scripting capabilities—opening the door to persistent surveillance.
The data captured included highly sensitive content—banking details, messages, passwords, and even personal photos—rendered on users’ screens during browsing.
Developer Claims and Platform Liability
The extension’s developer attempted to justify the behavior as a security scan tool, but offered no transparency or proof. The extension remained on the Chrome Web Store, retaining its verified status even after researchers raised the alarm.
Why It Matters
If a privacy tool starts spying on users, the impact is twofold—compromised trust and genuine risk. The FreeVPN.One spying case underscores how even trusted browser extensions can turn invasive overnight. This breach should serve as a call-to-action for users and platforms to prioritize transparency, security audits, and privacy-first design.
Conclusion
The FreeVPN.One spying controversy reveals a chilling reality: a supposedly secure VPN tool was quietly capturing screens and exposing personal data. Without explicit user notification or consent, this behavior betrays the core promise of privacy tools. It’s time for stricter oversight and smarter security protocols across app ecosystems.
0 responses to “FreeVPN.One Spying Caught in the Act”