Concerns Raised Over Privacy-Breaching VPN Extension
Recently, cybersecurity experts have uncovered unsettling activities from a well-known virtual private network (VPN) extension. This VPN, which is accessible through a popular web browser, is reportedly capturing screenshots of user web activity and sending them to an external server, all without the users' consent or knowledge. Despite this, the extension remains available for use.
A Privacy Tool Turned Trap
A leading cybersecurity firm's investigation has exposed how this VPN extension, despite its privacy-focused branding, has turned into a potential trap for unsuspecting users. The extension has been granted verified status and is also prominently featured on the browser's web store. The browser's security measures, which include automated scans, human reviews, and monitoring for changes in code or behavior, have seemingly failed to detect this harmful behavior. This incident underscores the need for more robust security across all major browser marketplaces.
The VPN Extension Scandal Amid the Online Safety Act
This revelation comes at a time when VPNs are gaining increased attention due to the introduction of the UK's Online Safety Act. This Act mandates certain websites to verify the age of their visitors. The recent investigation shows that even children could be at risk from such malicious VPNs if they are not adequately protected.
Unwanted Screenshot Capturing
The research reveals that the VPN extension, which had over 100,000 verified installations at the time of the investigation, is stealthily taking screenshots shortly after each page load and transmitting them to an external server. This behavior was introduced recently, after making minor updates that requested additional permissions to access all sites and inject custom scripts.
The Developer's Response
The developer of the VPN extension insists that it complies with all browser web store policies, and that any screenshot functionality is disclosed in their privacy policy. They claim that all collected data is encrypted and handled according to standard practices for browser extensions. They also claim that screenshots would only be triggered "if a domain appears suspicious" and that these screenshots "are not being stored or used", but are "only analyzed briefly for potential threats". However, this claim was refuted by the researchers who found evidence of screenshot capturing on trusted domains.
How Did This Slip Through?
How did such behavior find its way into the browser's web store? The answer might lie in the extension's longevity. It has been in existence for years, providing the services it promised for the most part. Only recently has it started to covertly capture screenshots.
A Hidden Threat Detection Feature
Despite the extension's apparent breach of the developer declaration that states user data is "not being used or transferred for purposes unrelated to the item's core functionality," there is a mention of an "advanced AI Threat Detection" feature with a "passive mode" in the product overview. This mode supposedly monitors the websites users view and scans them if deemed suspicious. However, it doesn't explicitly state that "scanning them visually" equates to "sending screenshots of everything you do to an external server without user consent."
Further Investigation
Questions have been raised as to whether the browser's parent company is investigating this report on the extension, and whether it plans to remove it from its web store while doing so. As of the time of this report, the extension remains active and available for download.
