Cybersecurity firm Koi Security revealed that FreeVPN.One, a Chrome VPN extension with over 100,000 users, has been secretly capturing and transmitting screenshots of users’ browsing activity to remote servers[1][2].
The spyware functionality was introduced in July 2025 after earlier updates expanded the extension’s permissions. According to researcher Lotan Sery from Koi Security, “FreeVPN.One shows how a privacy branding can be flipped into a trap”[3].
When confronted, the developer claimed screenshots were only taken of suspicious sites and were encrypted, but researchers found evidence of capture on trusted sites like Google Photos[4]. The extension’s “AI Threat Detection” feature discloses taking screenshots, but Koi Security found most surveillance occurred silently in the background[5].
The case highlights growing risks with free VPN services, particularly as demand increases due to new online safety regulations in the UK requiring age verification[3:1].
GIGAZINE - Chrome VPN Extension Accused of Secretly Capturing User Screenshots ↩︎
It’s FOSS - Google Verified FreeVPN Caught Red-handed Spying on its Users ↩︎
VARINDIA - Chrome VPN Extension Accused of Secretly Capturing User Screenshots ↩︎ ↩︎
It’s FOSS - Google Verified FreeVPN Caught Red-handed Spying on its Users ↩︎
Instagram - Dhaka Chronicles post about FreeVPN.One spying ↩︎
??? What’s the point? If you collect sensitive data, it doesn’t matter if you transfer them encrypted or not. What a bullshit argument. You still collect it.
I wonder if he is ashamed of himself.