When something online is labeled as “free,” it’s tempting to give it a try. After all, who doesn’t like saving money? But in cybersecurity, free often comes with hidden costs, and sometimes those costs are higher than you could ever imagine.
A recent example proves the point. The Chrome extension FreeVPN.One, which had over 100,000 users and even carried a verified badge in the Chrome Web Store, was caught secretly capturing screenshots of user activity and transmitting them to external servers. That means anything you did in your browser - emails, financial logins, personal documents - could have been silently recorded.
What Happened with FreeVPN.One
The extension claimed to provide an “AI Threat Detector,” supposedly to analyze pages for security issues. In reality, it started capturing screenshots just over a second after pages loaded, even on trusted services like Google Sheets and Google Photos. This wasn’t limited to suspicious sites; it was indiscriminate.
When researchers exposed the behavior, the developer argued that the screenshots were part of a background scanning function.
But tests showed that data was being gathered far more aggressively than advertised. To make matters worse, Google hasn’t yet removed the extension from the Chrome Web Store.
Why Free Isn’t Always Free
This case is a textbook example of the dangers of free tools:
-
Data becomes the product: If you’re not paying for the service, it’s possible your information is the real currency.
-
Security trade-offs: Free extensions or apps may have limited vetting. Even “verified” tools can become malicious after an update.
-
Business risk: Unmanaged or unapproved browser extensions create a back door into company systems. Sensitive data can leak without anyone realizing until it’s too late.
What You Can Do
-
Audit your extensions and apps regularly. If you don’t remember why you installed it, or if it hasn’t been updated by a reputable developer, remove it.
-
Stick with trusted providers. A reliable VPN or security service should come from a company with a track record and transparent policies.
-
Educate your team. Employees often download free tools to “make their jobs easier.” They need to understand that these shortcuts can expose the business to serious risk.
Good security service providers can help here too. VPN solutions that are properly vetted, tested, and deployed as part of a larger security strategy give you the privacy and protection you expect, without the hidden risks. Working with a provider also helps make sure that your employees are using tools that are approved and safe, rather than grabbing whatever looks free in an app store.
The FreeVPN.One incident is just one reminder of a larger truth: in cybersecurity, free often means risky. Protecting your business requires investment in tools you can trust and the peace of mind that comes with knowing your data is safe.