Cybersecurity firm Koi Security revealed that FreeVPN.One, a Chrome VPN extension with over 100,000 users, has been secretly capturing and transmitting screenshots of users’ browsing activity to remote servers[1][2].
The spyware functionality was introduced in July 2025 after earlier updates expanded the extension’s permissions. According to researcher Lotan Sery from Koi Security, “FreeVPN.One shows how a privacy branding can be flipped into a trap”[3].
When confronted, the developer claimed screenshots were only taken of suspicious sites and were encrypted, but researchers found evidence of capture on trusted sites like Google Photos[4]. The extension’s “AI Threat Detection” feature discloses taking screenshots, but Koi Security found most surveillance occurred silently in the background[5].
The case highlights growing risks with free VPN services, particularly as demand increases due to new online safety regulations in the UK requiring age verification[3:1].
GIGAZINE - Chrome VPN Extension Accused of Secretly Capturing User Screenshots ↩︎
It’s FOSS - Google Verified FreeVPN Caught Red-handed Spying on its Users ↩︎
VARINDIA - Chrome VPN Extension Accused of Secretly Capturing User Screenshots ↩︎ ↩︎
It’s FOSS - Google Verified FreeVPN Caught Red-handed Spying on its Users ↩︎
Instagram - Dhaka Chronicles post about FreeVPN.One spying ↩︎
If you’re not paying for it, your not the customer, you’re the product.
People using a free VPN get exactly what they pay for.
Totally worth every penny. Zero cost, zero privacy.
wait! so 0€ is 0 privacy… so 1€ is 1 privacy? so its possible to purchase multiple privacies??? :O
It’s not linear though. Price of perfection is infinite, and it ramps up quickly. With 1 € you’ll get a tiny bit of privacy, but if you want double that, the price is probably more like 5-20 €.
Freedom isn’t free, its a hefty fuckin fee …
When confronted, the developer claimed screenshots were only taken of suspicious sites and were encrypted
??? What’s the point? If you collect sensitive data, it doesn’t matter if you transfer them encrypted or not. What a bullshit argument. You still collect it.
I wonder if he is ashamed of himself.
100000 users and one screenshot per page load.
Curious how many of the not free, but super cheap ones are also doing this and we just haven’t found out yet.
