Cybersecurity firm Koi Security revealed that FreeVPN.One, a Chrome VPN extension with over 100,000 users, has been secretly capturing and transmitting screenshots of users’ browsing activity to remote servers[1][2].
The spyware functionality was introduced in July 2025 after earlier updates expanded the extension’s permissions. According to researcher Lotan Sery from Koi Security, “FreeVPN.One shows how a privacy branding can be flipped into a trap”[3].
When confronted, the developer claimed screenshots were only taken of suspicious sites and were encrypted, but researchers found evidence of capture on trusted sites like Google Photos[4]. The extension’s “AI Threat Detection” feature discloses taking screenshots, but Koi Security found most surveillance occurred silently in the background[5].
The case highlights growing risks with free VPN services, particularly as demand increases due to new online safety regulations in the UK requiring age verification[3:1].
GIGAZINE - Chrome VPN Extension Accused of Secretly Capturing User Screenshots ↩︎
It’s FOSS - Google Verified FreeVPN Caught Red-handed Spying on its Users ↩︎
VARINDIA - Chrome VPN Extension Accused of Secretly Capturing User Screenshots ↩︎ ↩︎
It’s FOSS - Google Verified FreeVPN Caught Red-handed Spying on its Users ↩︎
Instagram - Dhaka Chronicles post about FreeVPN.One spying ↩︎
You’re not making an argument against VPNs, but against the concept of trust. It’s good argument and I don’t think you’re going far enough, consider the old ass reflections on trusting trust and take a look at your browser of choice’s root ca store too!
There’s a lot farther you could go in making that argument and many conclusion that could be drawn from it.
On the other hand, zero-trust frameworks and packages exist, we can use the past as a predictor of future outcomes and based on actual outcomes we can place more or less trust in various software packages, services and companies.