Unsafe Web Browsing Alert: Popular Chrome Extension, FreeVPN.One, Secretly Screens and Transmits Users' Visited Pages to Unidentified Developer, Causing Privacy Concerns to Soar
In a recent report by Koi Security, it has been revealed that the popular Google Chrome extension FreeVPN.One, with over 100,000 installs, has been secretly taking screenshots of all its users' visited websites. The extension, which claims to be the fastest free VPN for Chrome and has a "Featured" badge awarded by Google, has raised serious concerns about user privacy.
According to Koi Security, the extension enables permissions such as tabs and scripting, allowing it to inject a script into every website visited. This script is designed to take a screenshot of the page and send it to a domain controlled by the software's anonymous developer.
The report details a slow transition of FreeVPN.One from an innocuous VPN to a privacy-invading extension between April and July. The developer of FreeVPN.One admits to using anonymized usage data to build their threat intelligence database, whether or not the AI Protection is enabled.
However, the developer's claims of compliance and security scanning have been contradicted by cybersecurity researchers from Koi Security. The domain associated with the email provided for contacting the developer redirects to a page for Phoenix Software Solutions, but there is no corporate presence for this company. The developer's linked domain, phoenixsoftsol.com, is a free Wix page without corporate details.
The AI Threat Detection Feature in FreeVPN.One is supposed to transmit a snapshot (screenshot) and related page information to secure servers and vetted analysis partners. However, seconds after any page loads, a background trigger in FreeVPN.One takes a screenshot and sends it to aitd.one/brange.php, bundled with the page URL, tab ID, and a unique user identifier.
FreeVPN.One's privacy policy states that its data collection features are only enabled if users opt-in to the AI Threat Detection Feature. However, the policy no longer mentions that FreeVPN.One is operated by CMO Ltd., and a copy from June 20 is missing the section about anonymized usage data and a disclaimer about the system being in beta.
This incident serves as a reminder that users should be cautious when trusting online services, especially those that claim to enhance privacy and security. VPN providers often make ludicrous claims about their benefits, and trust in these services would be better placed elsewhere.
For up-to-date news, analysis, and reviews on technology and Google News, follow Tom's Hardware. Users are encouraged to follow Tom's Hardware on Google News to get these updates in their feeds. It's important to stay informed about such developments to protect your online privacy and security.
