Popular Chrome VPN extension FreeVPN.One accused of secretly collecting users’ screenshots

FreeVPN.One, a popular Google Chrome VPN extension with over 100,000 installs, has been recently exposed for covertly spying on users. Independent researchers at Koi Security discovered that the extension captured screenshots of every website users visited, then sent these images to servers operated by its anonymous developer.

According to the researchers, the extension’s privacy policy initially stated that screenshots would only be collected if users enabled an AI Threat Detection Feature. However, data collection took place without user consent, and the feature was enabled by default for all users. On every page load, a hidden background process would gather a screenshot alongside the site’s URL, the browser tab ID, and a unique identifier. This occurred even on trusted platforms, contradicting the developer’s claim that only suspicious sites were monitored. They also asserted that screenshots were not stored and only analyzed briefly, but this could not be confirmed once data left users’ devices.

FreeVPN.One also carried Google’s Featured badge on the Chrome Web Store, which signals adherence to best practices, yet it requested permissions beyond those required by typical VPNs, allowing it to inject scripts into every site. Despite promises to fix this in a future update, all users remained vulnerable in the meantime, and efforts to verify the developer’s identity led only to a Wix-hosted template page, with no further responses to requests for proof.