FreeVPN.One, a verified Chrome extension with over 100k installs on the Chrome Web Store, is taking screenshots of sites users visit.
If you really want privacy, use Tor which is free-as-in-speech-and-beer
Chrome VPN Extension With 100k Installs Screenshots All Sites Users Visit
Submitted 7 months ago by IHeartBadCode@fedia.io to technology@lemmy.world
https://cyberinsider.com/chrome-vpn-extension-with-100k-installs-screenshots-all-sites-users-visit/
Comments
nymnympseudonym@lemmy.world 7 months ago
FreedomAdvocate@lemmy.net.au 7 months ago
I feel like browser extensions are one of the worst things to have come to the internet in terms of security. People just install them like they’re nothing, assuming they’re safe and secure because they’re on the extension store - not a terrible assumption for the average person, tbf.
Basically every single extension you install is like “hey give me access to everything you type and everything you click on and every site you visit, and I’ll change every instance of the word “Elon” to “fElon” for you. Sound fair?”, and everyone just goes “Hell yeah! Let’s do it!”.
DahGangalang@infosec.pub 7 months ago
Malicious VPN is FreeVPN.One
Maybe shouldn’t be trying to save people clicks, but I would have appreciated this in a top comment.
NuXCOM_90Percent@lemmy.zip 7 months ago
And this is why I am so obnoxious any time someone says “I found this plugin to block fandom wikis” or “I have this plugin to fix youtube embeds”.
Code is only as safe as the people you trust to review it. And no, being open source doesn’t matter in that regard. Yes, it theoretically increases the number of eyes on but how many of those eyes who ACTUALLY look at the code are doing it with every release AND understand how to spot a vulnerability or a… whatever this is.
Same with VPNs. NEVER trust a VPN. And sure as fuck never use a free one for anything remotely sensitive. Understand what your risk of exposure is and that, at the best of times, you are trusting a company to be telling the truth that they aren’t keeping a log of every single thing you nutted to.
And before someone says “That is why I do everything over tor!”: Maybe also understand the concept of digital fingerprints and WHY it is that Google is able to know someone is pregnant even before they are late.
Understand the risks and consequences of every action you take and act accordingly. And understand that there really is no one size fits all solution.
FreedomAdvocate@lemmy.net.au 7 months ago
NEVER trust a VPN.
The only exception to this is IMO ones that have been proven in court to keep NO logs, like they claim. The only one I know of that has been tested is PrivateInternetAccess, which is why they’re the only VPN I’ve used for like 10 years.
NuXCOM_90Percent@lemmy.zip 7 months ago
You mean the court case from almost ten years ago?
Yeah, that sounds safe. I mean, Google is still all about Do No Evil, right?
user224@lemmy.sdf.org 7 months ago
And sure as fuck never use a free one for anything remotely sensitive.
I think ProtonVPN might might be an exception here. They’re pretty trustworthy as far as I know, and have some free servers.
But my go-to is Mullvad, mainly for the flat pricing. I hate how most only have good prices if you buy a full year or so.
Anomnomnomaly@lemmy.org 7 months ago
I used Anonine (Sweden based) for 10yrs and never had a single problem visiting any site… I use a VPN 24/7 because I value my privacy and don’t want every fucker tracking my everymove and that includes my ISP.
Recently switched to Proton because streaming from legal sites like iplayer and netflix had become impossible unless it was turned off. Proton actually works with them.
AlecSadler@lemmy.blahaj.zone 7 months ago
+1 for mullvad
puppycat@lemmy.blahaj.zone 7 months ago
proton was the only good free VPN, but apparently the CEO was recently praising trump and shit so that’s obviously caused a lot of users to stop using it and telling others to not use it.
Kyrgizion@lemmy.world 7 months ago
- People who value their privacy (or “have something to hide”) have a need of a service that provides anonymity
- This turns said service in the ideal place to start any and all surveillance because your subjects have already self-selected for being “interesting” (especially if you intend to go after low hanging fruit)
- Therefore I must conclude that people using VPNs and TOR, no matter how legitimate their reasons, are in fact advertising that they have something to hide which current status quo is very interested in knowing…
1rre@discuss.tchncs.de 7 months ago
With China, UK and afaik US (at least some states) attitude to regulation, a VPN is turning more into a necessity to browse the open internet rather than a tool for people who value privacy though
toiletobserver@lemmy.world 7 months ago
Chrome Vpn = virulent prying nuisance
felbane@lemmy.world 7 months ago
Chrome = virulent nonsense at this point
When they changed the behavior of the android version to only allow google password manager or a third party manager, they lost my interest completely (and they were already on the cliff’s edge because of the adblocker bullshit).
Exported all of my gpass passwords and switched fully to vaultwarden and Firefox mobile.
The internet is steadily regressing.
Grandwolf319@sh.itjust.works 7 months ago
Am I the only one that sees this shit and thinks:
We are entering an age of very, very inefficient software, which is like a new layer to enshitification.
VitabytesDev@feddit.nl 7 months ago
That’s spyware, not inefficient
Truscape@lemmy.blahaj.zone 7 months ago
Andy and Bill’s law 2.0, let’s go
Zorque@lemmy.world 7 months ago
Bruh, we entered that age like a decade ago. It’s just a lot more commonplace now.
PattyMcB@lemmy.world 7 months ago
Inefficient? That’s downright intrusive and misleading, at best
Grandwolf319@sh.itjust.works 7 months ago
Fully agree, but also on a macro economic level, we are gonna waste sooo much resources not even for the profit motive, just because they don’t want to make quality software
Anomnomnomaly@lemmy.org 7 months ago
Look… if you’re the sort of person who still uses chrome and thinks a vpn chrome extension is the bees knees… well… that’s on you.
P.S. Microsoft have the perfect tool for you too… it’s called ‘recall’