In a shocking expose, FreeVPN.One, one of the top Google Chrome VPN extensions with more than 100,000 installs, has been found snooping on its users secretly. Independent security researchers at Koi Security discovered that the extension was taking screenshots of all the sites accessed by users and sending them to servers managed by its faceless developer. The findings have raised serious privacy concerns, online safety, and the integrity of VPN services listed on the Chrome Web Store.

How FreeVPN.One Spied on its Users

As per researchers, FreeVPN.One promised a secure and private browsing experience. But background processes, well hidden from view, had some other story to tell. The extension took an automatic screenshot of each page a user visited in Chrome, the URL of the site, browser tab ID, and a distinct identifier. All this information was then sent to the developer's servers without users receiving any kind of consent.

The privacy policy of the extension first indicated that screenshots would only be gathered if users activated an AI Threat Detection Feature. To our surprise, this feature was activated automatically, so data collection had been done for everyone who installed the extension. Even worse, screenshots were being taken on trusted and familiar websites, in clear contravention to the developer's assurances that suspicious sites alone were being monitored.

Why This Is a Major Security Risk

When users install a VPN extension, the expectation is enhanced privacy and security, not surveillance. FreeVPN.One’s actions not only breached user trust but also exposed sensitive browsing activity to potential misuse.

The developer further asserted that screenshots were not retained and merely briefly analyzed. Yet, as researchers noted, as soon as data is taken out of a user's device, it's impossible to determine for how long it's retained or what happens to it. This vulnerability poses a hazardous situation where personal data might be misused, sold, or even distributed to nefarious parties.

The Misleading Chrome Web Store Badge

Perhaps most concerning is that FreeVPN.One bore the Featured badge on the Chrome Web Store, which generally indicates that an extension adheres to Google's best practices. Users often rely on this badge as a mark of trustworthiness, but here, it was deceptive.

Researchers also pointed out that FreeVPN.One was asking for permissions way more than regular VPN extensions. It could insert scripts into all the sites users browsed, basically granting it total access to web usage. All this, even though the developer assured these problems would be addressed in an eventual update, the truth being that more than 100,000 users were put under surveillance.

Anonymous Developer and Lack of Accountability

Efforts to identify the developer of FreeVPN.One resulted in a Wix-hosted template page, further fueling suspicion regarding the company's authenticity. When contacted for evidence of transparency, researchers received no substantive replies. The lack of responsibility only adds weight to the argument that this extension was created with ill intentions over protection for users.

How to Stay Safe from Malicious VPNs

This episode serves as a reminder that not everything labeled VPNs and Chrome extensions can be trusted. Free VPNs are downloaded by users who assume they are increasing privacy, but some of them end up victimizing users.

Here are some tips to stay safe:

• Avoid Free VPNs: Most free VPNs generate revenue by logging and selling user data. Always research before installing.

• Check Permissions: If an extension asks for unnecessary permissions (like accessing all sites), it’s a red flag.

• Look Beyond Badges: Even if an extension has a Chrome Web Store Featured badge, always cross-check independent reviews.

• Use Trusted Providers: Stick to well-known and transparent VPN providers with a proven track record in security.

The revelation of FreeVPN.One's secret spying operations is a wake-up call for all Chrome users. While VPNs are designed to protect privacy, the bad guys usually take advantage of this trust in order to collect information. With over 100,000 users already impacted, this case is a wake-up call for increased tightening of vetting of extensions on the Chrome Web Store.

They need to be watchful, well-informed, and take active steps to secure their digital life. Because, in the online world, lost privacy can't always be regained.