Just a moment...
alternativeto.net

Cybersecurity firm Koi Security revealed that FreeVPN.One, a Chrome VPN extension with over 100,000 users, has been secretly capturing and transmitting screenshots of users’ browsing activity to remote servers[1][2].

The spyware functionality was introduced in July 2025 after earlier updates expanded the extension’s permissions. According to researcher Lotan Sery from Koi Security, “FreeVPN.One shows how a privacy branding can be flipped into a trap”[3].

When confronted, the developer claimed screenshots were only taken of suspicious sites and were encrypted, but researchers found evidence of capture on trusted sites like Google Photos[4]. The extension’s “AI Threat Detection” feature discloses taking screenshots, but Koi Security found most surveillance occurred silently in the background[5].

The case highlights growing risks with free VPN services, particularly as demand increases due to new online safety regulations in the UK requiring age verification[3:1].

  1. GIGAZINE - Chrome VPN Extension Accused of Secretly Capturing User Screenshots ↩︎

  2. It’s FOSS - Google Verified FreeVPN Caught Red-handed Spying on its Users ↩︎

  3. VARINDIA - Chrome VPN Extension Accused of Secretly Capturing User Screenshots ↩︎ ↩︎

  4. It’s FOSS - Google Verified FreeVPN Caught Red-handed Spying on its Users ↩︎

  5. Instagram - Dhaka Chronicles post about FreeVPN.One spying ↩︎

  • Zerush@lemmy.mlOP
    2·
    5 days ago

    There is, eg Proton VPN is trustworth, also Windscribe or Calyx, but all free VPN are very limited (few free servers, speed, data limit…), because of this not very usefull for the daily tasks, apart of some protection on certain sites. But generally there isn’t any really valid VPN as browsere extension, because it can’t create an tunel BEFORE the browser connect to the ISP, that is only possible with an desktop VPN.

    • stupid_asshole69 [none/use name]@hexbear.netEnglish
      1·
      5 days ago

      You’re right about the vpn-as-browser extension (kinda, a lot of those packages act as proxies and override the hosts dns settings, so they do accomplish a lot), but as someone who has used proton and windscribe free and paid you can’t really rely on or trust them. Between drops, rotating endpoints and —I’ll admit that I’m guessing at this last one but my experience and many people I’ve talked to seem to corroborate it— generally being lowest quality of service and first to go when there’s a problem it’s clear that even the “top tier” of free VPNs aren’t to be relied on.

      VPN access is literally cheaper than it’s ever been, there’s more transparency and clear information available than ever before and the most basic bar to pass for privacy is being able to figure out a way to conduct business privately (it’s cash).

      That’s not to say there shouldn’t be free VPNs, that there isn’t a purpose or use for them, but that people shouldn’t trust or rely on them in any way.

      • Zerush@lemmy.mlOP
        1·
        4 days ago

        Agree, free VPN, more free VPN extensions must be taken always with a grain of salt. Extensions are always mere proxies, maybe only usefull to skip country restrictions (reliables are VPNLY and CyberGhost extensions and very few more). By far the worst is HOLA VPN, which, instead of public servers simply exchange the IPs of its users, robbing bandwith without security. Dangerous crap.

          • Zerush@lemmy.mlOP
            1·
            4 days ago

            Yes, like also some others, but…

            https://www.security.org/ said

            About CyberGhost You may recognize the name Kape Technologies. They own several VPNs. See what we thought of its other VPNs in our ExpressVPN review, CyberGhost review, and Private Internet Access review. The company is officially based in the U.S., but CyberGhost is located in Romania (also in Germany) which is good news.

            Romania is not a member of any of the Eyes alliances and has refused to adopt the data-retention laws made mandatory by the European Union. CyberGhost also has a no-log policy that Deloitte audited in 2022.1 The company even published the full report on its website to demonstrate complete transparency.

            About VPNLY, it’s a Swiss company, Privacy Policy

            Free VPN Unlimited AG Rigistrasse 3, CH-6300 Zug, Switzerland

            Anyway, as said before, the extension from both are not really VPN services, but proxies, both with no logs/tracking policy and no data limits, no account needed, which make them good for country restrictions and streaming, for what you can use these safely.

            VPNs for desktop

      • Tenderizer78@lemmy.mlEnglish
        1·
        4 days ago

        This discussion is on whether the free VPN’s are (probably) not secretly taking your data. Proton, Windscribe, and Calyx are slow and unreliable but since they have a paid model too and the service they’re providing you is comparatively very cheap for them to offer, there’s no reason to believe they’re keeping your data.