Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Surveillance. Show all posts
User Privacy
Chrome Extension Cyber Security Data Surveillance FreeVPN User Privacy

FreeVPN.One Extension Turns from Privacy Tool to Surveillance Threat

 

Security researchers at Koi Security have discovered troubling behavior from FreeVPN.One, a popular Chrome VPN extension with over 100,000 installations that has begun secretly capturing and transmitting users' screenshots to remote servers. 

Threat discovery 

The extension, which had maintained legitimate functionality for years, recently shifted its behavior in July 2025 to silently capture screenshots approximately one second after each page load. These screenshots are then transmitted to external servers—initially unencrypted, but later obfuscated with encryption after updates. The malicious behavior was introduced gradually through smaller updates that first requested additional permissions to access all websites and inject custom scripts. 

Developer's response

When confronted, FreeVPN.One's developer claimed the extension "is fully compliant with Chrome Web Store policies" and that screenshot functionality is disclosed in their privacy policy. The developer provided various justifications, including that screenshots only trigger "if a domain appears suspicious" as part of "background scanning". 

However, Koi researchers refuted this, providing evidence of activation on trusted domains including Google's own sites. The developer also claimed screenshots are "not being stored or used" but "only analyzed briefly for potential threats"—a distinction researchers found unconvincing. 

Chrome web store failures

This incident highlights significant security gaps in Google's Chrome Web Store review process. Despite Google's claims of performing security checks through automated scans, human reviews, and monitoring for malicious behavior changes, FreeVPN.One managed to maintain its verified status and featured placement while conducting these activities. 

The extension appears to have exploited a patient approach—operating legitimately for years before introducing malicious functionality, effectively bypassing security measures. While the product overview mentions "advanced AI Threat Detection" with "passive mode" monitoring, it fails to clearly state that "scanning them visually" means sending screenshots to remote servers without notification or opt-out options. 

Current status

As of the article's publication, Google had not responded to inquiries about investigating the extension or removing it from the Chrome Web Store. The FreeVPN.One extension remained active and available for download despite the security findings, raising concerns about user protection in browser marketplaces. This case demonstrates how privacy-branded extensions can become surveillance tools, exploiting user trust while bypassing platform security measures.
Read more »
Personal Information
Cyber Security Data Privacy Data protection data security Data Surveillance Personal Data Personal Information

New York Lawmaker Proposes Bill to Regulate Gait Recognition Surveillance

 

New York City’s streets are often packed with people rushing to work, running errands, or simply enjoying the day. For many residents, walking is faster than taking the subway or catching a taxi. However, a growing concern is emerging — the way someone walks could now be tracked, analyzed, and used to identify them. 

City Councilmember Jennifer Gutierrez is seeking to address this through new legislation aimed at regulating gait recognition technology. This surveillance method can identify people based on the way they move, including their walking style, stride length, and posture. In some cases, it even factors in other unique patterns, such as vocal cadence. 

Gutierrez’s proposal would classify a person’s gait as “personal identifying information,” giving it the same protection as highly sensitive data, including tax or medical records. Her bill also requires that individuals be notified if city agencies are collecting this type of information. She emphasized that most residents are unaware their movements could be monitored, let alone stored for future analysis. 

According to experts, gait recognition technology can identify a person from as far as 165 feet away, even if they are walking away from the camera. This capability makes it an appealing tool for law enforcement but raises significant privacy questions. While Gutierrez acknowledges its potential in solving crimes, she stresses that everyday New Yorkers should not have their personal characteristics tracked without consent. 

Public opinion is divided. Privacy advocates argue the technology poses a serious risk of misuse, such as mass tracking without warrants or transparency. Supporters of its use believe it can be vital for security and public safety when handled with proper oversight. 

Globally, some governments have already taken steps to regulate similar surveillance tools. The European Union enforces strict rules on biometric data collection, and certain U.S. states have introduced laws to address privacy risks. However, experts warn that advancements in technology often move faster than legislation, making it difficult to implement timely safeguards. 

The New York City administration is reviewing Gutierrez’s bill, while the NYPD’s use of gait recognition for criminal investigations would remain exempt under the proposed law. The debate continues over whether this technology’s benefits outweigh the potential erosion of personal privacy in one of the world’s busiest cities.
Read more »
protecting sensitive data
Chinese Data Breach Data Leak data security Data Surveillance database Database Breach Personal Information protecting sensitive data

Massive Data Leak Exposes Billions of Records in Suspected Chinese Surveillance Database

 

Cybersecurity experts have uncovered a massive trove of sensitive information left exposed online, potentially placing millions of individuals at significant risk. The discovery, made by researchers from Cybernews in collaboration with SecurityDiscovery.com, revealed an unsecured database totaling 631 gigabytes—containing an estimated four billion individual records. 

The open instance, which lacked any form of password protection, was quickly taken offline once the exposure was reported, but experts remain unsure about how long it had remained publicly accessible. The data, according to the investigation, appears to primarily concern Chinese citizens and users, with entries collected from various platforms and sources. 

Cybernews researchers believe this is not a random collection, but rather a systematically curated database. They described it as a tool capable of constructing detailed behavioral, social, and financial profiles of nearly any individual included in the records. The structured and diverse nature of the data has led analysts to suspect that the repository may have been created as part of a broader surveillance or profiling initiative. 

Among the most alarming elements of the database is the presence of extensive personally identifiable information (PII). The exposed details include full names, birth dates, phone numbers, financial records, bank card data, savings balances, debt figures, and personal spending patterns. Such information opens the door to a wide range of malicious activities—ranging from identity theft and financial fraud to blackmail and sophisticated social engineering attacks. 

A large portion of the exposed records is believed to originate from WeChat, the popular Chinese messaging app, which accounts for over 805 million entries. Another 780 million records relate to residential data tied to specific geographic locations. Meanwhile, a third major portion of the database labeled “bank” contains around 630 million records of financial and sensitive personal data. 

If confirmed, the scale of this leak could surpass even the National Public Data breach, one of the most significant data security incidents in recent memory. Experts are particularly troubled by the implications of a centralized data cache of this magnitude—especially one that may have been used for state-level surveillance or unauthorized commercial data enrichment. 

While the server hosting the information has been taken offline, the potential damage from such an exposure may already be done. Investigators continue to analyze the breach to determine its full impact and whether any malicious actors accessed the data while it was left unsecured.
Read more »
User Safety
Data Surveillance Data tracking Mobile Security User Privacy User Safety

An Unusual Tracking Feature Identified on Millions of iPhone Users

 

Millions of iPhone users across the globe discovered an interesting new setting that was automatically switched on in their iPhones. The latest software version included a new setting called "Discoverable by Others''. It can be located under 'Journalling Suggestions' in iPhone's privacy and security settings. Journalling Suggestions was included in the new Journal app, which was launched with iOS 17.2 in December 2023. 

When enabled, the feature accesses past data stored on the user's iPhone. Music, images, workouts, who they've called or texted, and significant locations are all included in the data. It is used to suggest what times to write about in the Journal app.

The feature is enabled by default and stays so even after a user deletes the Journal app. According to Joanna Stern, a senior personal technology correspondent for The Wall Street Journal, Apple has confirmed that customers' phones can use Bluetooth to locate nearby devices associated with their contact list. However, the phone does not save any information about the detected contacts. This feature offers context to enhance Journalling suggestions.

The firm has also denied disclosing users' identities and locations to anyone. To clarify their point, Apple provided an example of holding a dinner party at your home with pals listed in your contacts. According to the tech behemoth, the system may prioritise the event in Journalling Suggestions. This is because it recognises that the number of guests made it more than just another night at home with your family.

As per Apple's support page, if you disable the 'Discoverable by Others' option to avoid yourself from being counted among your contacts, the 'Prefer Suggestions with Others' feature will also be turned off. This implies that the Journalling Suggestions feature will be unable to determine the number of devices and contacts in your vicinity.
Read more »
Youtube
Ad Blockers Cyber Security Data Surveillance EU online privacy concerns spying allegations targeted ads Youtube

Allegations of Spying in the EU Hit YouTube as it Targets Ad Blockers

 

YouTube's widespread use of ads, many of which are unavoidable, has raised concerns among some users. While some accept ads as a necessary part of the free video streaming experience, privacy advocate Alexander Hanff has taken issue with YouTube and its parent company, Google, over their ad practices. Hanff has filed a civil complaint with the Irish Data Protection Commission, alleging that YouTube's use of JavaScript code to detect and disable ad blockers violates data protection regulations.

Additionally, Hanff has filed a similar complaint against Meta, the company behind Instagram and Facebook, claiming that Meta's collection of personal data without explicit consent is illegal. Meta is accused of using surveillance technology to track user behavior and tailoring ads based on this information, a practice that Hanff believes violates Irish law.

These complaints come amid a growing focus on data privacy and security in the EU, which has implemented stricter regulations for Big Tech companies. In response, Google has expanded its Ads Transparency Center to provide more details on how advertisers target consumers and how ads are displayed. 

The company has also established a separate Transparency Center to showcase its safety policy development and enforcement processes. Google has committed to continued collaboration with the European Commission to ensure compliance with regulations.

Hanff's complaints could be the first of many against Google, Meta, and other tech giants, as legislators and the public alike express increasing concerns over market competition and data privacy. 

If additional regulations are implemented, these companies will have to adapt their practices accordingly. The potential impact on their profits remains to be seen, but compliance could ultimately prove less costly than facing financial penalties.
Read more »
Subscribe to: Posts (Atom)