Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label protect user privacy. Show all posts
protect user privacy
Chrome Extensions customer data privacy data security Data Theft Free VPN free VPN risks online privacy concerns Privacy protect user privacy

FreeVPN.One Chrome Extension Caught Secretly Spying on Users With Unauthorized Screenshots

 

Security researchers are warning users against relying on free VPN services after uncovering alarming surveillance practices linked to a popular Chrome extension. The extension in question, FreeVPN.One, has been downloaded over 100,000 times from the Chrome Web Store and even carried a “featured” badge, which typically indicates compliance with recommended standards. Despite this appearance of legitimacy, the tool was found to be secretly spying on its users.  

FreeVPN.One was taking screenshots just over a second after a webpage loaded and sending them to a remote server. These screenshots also included the page URL, tab ID, and a unique identifier for each user, effectively allowing the developers to monitor browsing activity in detail. While the extension’s privacy policy referenced an AI threat detection feature that could upload specific data, Koi’s analysis revealed that the extension was capturing screenshots indiscriminately, regardless of user activity or security scanning. 

The situation became even more concerning when the researchers found that FreeVPN.One was also collecting geolocation and device information along with the screenshots. Recent updates to the extension introduced AES-256-GCM encryption with RSA key wrapping, making the transmission of this data significantly more difficult to detect. Koi’s findings suggest that this surveillance behavior began in April following an update that allowed the extension to access every website a user visited. By July 17, the silent screenshot feature and location tracking had become fully operational. 

When contacted, the developer initially denied the allegations, claiming the screenshots were part of a background feature intended to scan suspicious domains. However, Koi researchers reported that screenshots were taken even on trusted sites such as Google Sheets and Google Photos. Requests for additional proof of legitimacy, such as company credentials or developer profiles, went unanswered. The only trace left behind was a basic Wix website, raising further questions about the extension’s credibility. 

Despite the evidence, FreeVPN.One remains available on the Chrome Web Store with an average rating of 3.7 stars, though its reviews are now filled with complaints from users who learned of the findings. The fact that the extension continues to carry a “featured” label is troubling, as it may mislead more users into installing it.  

The case serves as a stark reminder that free VPN tools often come with hidden risks, particularly when offered through browser extensions. While some may be tempted by the promise of free online protection, the reality is that such tools can expose sensitive data and compromise user privacy. As the FreeVPN.One controversy shows, paying for a reputable VPN service remains the safer choice.
Read more »
Technology
anonymous chatbot access DuckDuckGo AI Chat no AI training data OpenAI GPT-3.5 protect user privacy Technology

DuckDuckGo Launches Anonymous Chatbot Service to Protect User Privacy

 


Concerned about modern chatbots learning from your personal data? DuckDuckGo has introduced a free and “anonymous” solution for users to interact with popular chatbots without compromising their privacy.

The new service, DuckDuckGo AI Chat, ensures that all interactions between users and AI models, including OpenAI’s GPT-3.5 Turbo, Anthropic’s Claude 3 Haiku, and Meta’s Llama 3, remain private. “Just like searches on DuckDuckGo, all chats are completely anonymous and cannot be traced back to any individual,” the company stated in a blog post. 

This was made possible through agreements with chatbot providers like OpenAI and Anthropic, preventing them from using DuckDuckGo users’ queries for AI training. Additionally, DuckDuckGo submits its own IP address with each chat inquiry to further protect user anonymity.

“DuckDuckGo does not save or store any chats,” the company clarified. “While the underlying model providers may temporarily store chats to generate responses and ensure functionality, all metadata is stripped, making it impossible to link chats to individuals.”

Chatbot providers have also committed to deleting any saved information within 30 days. When users try DuckDuckGo AI Chat, they can choose from four chatbot programs. DuckDuckGo will then display a privacy policy page, assuring users, “You retain all intellectual property rights in your Prompts and Outputs.” However, due to privacy controls, no chatbot can save a history of past conversations. This new feature is accessible via a chat tab next to the DuckDuckGo search box, and users can disable it in the settings panel.

Currently, DuckDuckGo AI Chat supports only the older GPT-3.5 Turbo model, not the latest GPT-4. However, the company is considering a “paid plan for access to higher daily usage limits and more advanced models.” Meanwhile, OpenAI’s ChatGPT allows users to opt out of AI model training.
Read more »
Subscribe to: Posts (Atom)