9 million installs and surveillance: the list of exposed VPN services you should remove

Fake and unethical VPN services promise full anonymity and protection — yet in reality have repeatedly been caught spying, leaking data, or monetizing user traffic in covert ways. Below is a detailed overview of verified cases: specific exposed VPNs, the mechanisms behind their violations, and the key lessons for both users and the VPN market.

1. Why fake VPNs have become a critical issue

The VPN market has grown dramatically in recent years due to website blocks, increased surveillance, and rising cybercrime. This environment attracts countless “free” or obscure VPN services and browser extensions exploiting user trust. They promise “no-logs”, “military-grade security”, and “anonymity”, but in reality may harvest data, leak logs, or even turn user devices into nodes of someone else’s network. A crucial principle: if a VPN is free, the user — and their data — are likely the product.

2. Documented cases of exposed VPN services

Below are only those VPN apps and extensions that were exposed in reputable journalistic investigations or technical research reports (i.e., documented cases, not rumors).

2.1. FreeVPN.One — an extension that captured webpage screenshots

In 2025, security researchers discovered that the popular free extension FreeVPN.One for Google Chrome (hundreds of thousands of installs) began silently capturing screenshots of nearly every visited webpage after one of its updates.

• Platform: Google Chrome extension.
• What researchers found: a few seconds after a page loaded, the extension took a screenshot, collected the URL, tab ID, browser information, and device details, then sent the data to an external server under a feature labeled “AI Threat Detection”.
• Transparency problem: the privacy policy vaguely mentioned protection from malicious sites, but the extension captured screenshots of regular websites — including email, social networks, banking pages, and other sensitive content.
• Risk to users: potential exposure of passwords, personal messages, and confidential on-screen data present at the moment the screenshot was captured.

2.2. Hola VPN — turning users into nodes of a P2P network

Hola VPN marketed itself as a free VPN/proxy, but investigations revealed that the service operates as a peer-to-peer network: other users’ traffic can pass through your IP. This traffic was later resold through the commercial service Luminati (now Bright Data).

• Platform: browser extensions and standalone apps.
• The core issue: by installing a “free VPN”, the user unknowingly becomes a resource for external traffic. Your IP may then be used for scraping, automated requests, or — in the worst case — activities of questionable legality.
• Risks: service bans, legal complaints, blacklisted IP addresses, and a complete mismatch between user expectations and the service’s real behavior.

2.3. The UFO VPN cluster and related free apps

In 2020, researchers discovered that a massive database (around 1 TB) belonging to a group of VPN apps tied to Hong Kong–based Dreamfii HK Limited was openly exposed online — despite their advertised “no-logs” policy.

The following VPN apps were named in reports:

• UFO VPN
• FAST VPN
• Free VPN
• Super VPN
• Flash VPN
• Safe VPN
• Rabbit VPN

Leaked data included IP addresses, timestamps, protocols used, and sometimes network identifiers — enough to correlate a specific user with their activity. This directly contradicts the apps’ claims of “zero logs”, demonstrating the risks of trusting opaque “free VPNs” with unclear ownership and no public audits.

2.4. Onavo Protect — a VPN used for product analytics

Onavo Protect, acquired by Facebook (Meta), was promoted as a free mobile VPN protecting traffic and saving data. Later it became public that the collected VPN data was used for deep behavioral analytics — including which apps users install and how often they use competing services.

• Platform: mobile devices (iOS, Android).
• Concerns: clear conflict of interest: a VPN owned by a major advertising and social-media company gaining access to detailed browsing and usage telemetry for business intelligence purposes.
• Outcome: after public criticism and regulatory pressure, the app was removed from the App Store and later shut down entirely.

3. What these exposed VPN cases have in common

Despite their differences, these services share several recurring patterns:

• Marketing vs. reality. Promised “no-logs” and “absolute privacy” did not reflect actual data handling practices.
• Opaque monetization. Users had no idea how the service made money: data sales, traffic resale, or hidden analytics were uncovered only after investigations.
• Poor communication of risks. Legal entities, infrastructure details, and operational risks were vague or undisclosed.
• Focus on mass adoption over trust. These services chased downloads and ratings rather than audits, transparency, or user trust.

4. Consequences for users and the VPN market

For users, installing a random “free VPN” may result in the opposite of security: increased tracking, data leaks, or having their IP used for someone else’s purposes.

For the VPN market, such scandals damage the industry’s reputation, forcing reputable providers to invest more in audits, transparency, and independent verification to maintain user trust.

At the same time, regulators are paying increased attention to the VPN segment. Some countries have discussed or introduced requirements for registration, log retention, and cooperation with authorities. This increases the compliance burden but filters out the most problematic operators.

5. Practical recommendations for VPN users

Based on the exposed cases, users should adopt the following best practices:

• Check ownership and jurisdiction. If it’s unclear who runs the service, where it’s registered, or how it monetizes itself — that’s a major red flag.
• Read independent reviews, not just the provider’s website. Search the VPN name with terms like “data leak”, “logs”, “investigation”, or “security”.
• Understand monetization. A completely free VPN without a transparent business model almost always profits from data, ads, or traffic resale.
• Look for evidence of real privacy practices. Independent audits, technical whitepapers, and transparent infrastructure matter more than flashy marketing claims.
• Be cautious with browser extensions. Especially those requesting elevated permissions or promising “super fast free protection” without clear explanations.

In the long term, trust in the VPN industry will depend on whether providers embrace transparency and verifiable practices rather than relying on slogans. The cases of FreeVPN.One, Hola VPN, the UFO VPN cluster, and Onavo Protect highlight a key truth: a VPN is not a magic anonymity button — it is a service that receives all your traffic.