Here is a useful advice straight at the top – do not utilize free VPN. Many will have stern reservations, as demonstrated by security researchers in Koi, who claim that they have discovered a particularly popular chrome variant Taking unauthorized screenshots and spying on its users.
The accused Chrome extension is called freevpn.one and currently sitting at over 100,000 downloads in the Chrome Web Store – complete with the desired “badge, which apparently means compliance with the recommended practices (via practices (through the recommended practices (through the recommended practices (through via via Sweclockers).
After discovering the extension and looking at the code, scientists Koi discovered that Freevpn.ond grabbed the screenshots of exactly 1.1 seconds after loading any page before they sent them back to the house server with URL page address, booklet identifier and a unique user identifier.
The VPN extension has a tool “scanning with AI threats”, which, according to his privacy policy, can send screenshots of specific pages and URLs to its safe and sound servers. However, according to the Koi team, Freevpn.on, it turned out that he is busy with screenshots on each page long before the tool implementation, and its users are not smarter.
It also gets worse. Koi claims that VPN not only categorizes and called the geolocation of the house and data of the devices along with the screenshots in recent months, but the latest version also introduces AES-256-GCM encryption with the RSA key packaging (I only know what some of these words mean), which means releasing his discovery to his home server, is now very hard to detection.
The KOI team believes that spy behavior started in April this year, when the rights update enabled the extension of access to each site that the user visited. It seems that the quick order of update over the next few months has increased its access to permissions, which Koi characterizes as an experimenting developer to see how far they can push the extension without raising suspicions.
It is said that keeping a still screenshot, along with location tracking and data exfiltration, began on July 17. In the next update, the aforementioned encryption was added, along with the transition to a recent subdomain.
Koi contacted the only extension developer to obtain a comment that he initially answered, denying her findings. Dev claimed that the automatic interception of screenshots was part of the background scan function and would only cause if the domain seemed suspicious – but scientists claim that they observed screenshots on the richness of trusted sites, including Google Arrets and Google Photos.
Asked to provide evidence of the ID card in the form of a company profile, GitHub account or LinkedIn website, the team claims that the developer has ceased to respond to their emails, leaving one known address that corresponds to the WIX free level page.
Name me amateur if you want, but it doesn’t seem to me the most reliable behavior. At the time of writing, Freevpn.one is still available on Google Web Store – with a 3.7 -star side of review now full of enraged comments from users regarding the Koi investigation.
Even if behavior with a screen screenshot was a justified error, it seems that the time of free tool in the sun may end, although the fact that it is still available with the same “badge” is disturbing. I hope that he will soon be searched from the store, with an critical lesson. Pay for a trustworthy vpn, people. Free is usually not worth the risk.
The best game monitors 2025
