OkayFreedom VPN Service injecting html code into forms

Bluscream

Bluscream

Retired Staff
Contributor
May 8, 2015
967
934
211
OkayFreedom's service executable (Not the UI executable, so it doesn't stop when you kill OkayFreedom.exe; you have to stop the service) does inject HTML code in forms that seem to support it for whatever reason.

Here's me talking about this in the Adguard Telegram Group
Bluscream, [16.01.18 07:11]
Did anyone here know that "OkayFreedom" VPN is injecting html elements into forms?

Bluscream, [16.01.18 07:12]
Just found out about that because of a VT comment https://www.virustotal.com/#/file/3...605347e8a6ab85ad0a8bed5f1cb928d4399/community

Denis Novitsky, [16.01.18 07:12]
Had no idea. Any proof?

Bluscream, [16.01.18 07:12]
https://www.google.com/search?q="OKAYFREEDOM_INJECTED"

Denis Novitsky, [16.01.18 07:12]
Sounds shifty as hell.

Bluscream, [16.01.18 07:12]
yeah

Bluscream, [16.01.18 07:13]
I don't know if it's worth a blogpost tho

Bluscream, [16.01.18 07:15]
OkayFreedom doesn't even have to be started for that

Bluscream, [16.01.18 07:15]
The service does it

Denis Novitsky, [16.01.18 07:18]
hm

Denis Novitsky, [16.01.18 07:18]
i wonder if that is reflected in their privacy policy

Denis Novitsky, [16.01.18 07:20]
> As a result, it is not possible for Steganos to ascertain the content an OkayFreedom user has accessed.

well, they pretty much lie in their very first paragraph

Denis Novitsky, [16.01.18 07:20]
https://www.okayfreedom.com/en/privacy

Denis Novitsky, [16.01.18 07:21]
absolutely no words about any kind of http injections

DrDeda, [16.01.18 07:27]
[In reply to Denis Novitsky]
it's in the 101 of VPN usage: "Never use proprietary software"

Denis Novitsky, [16.01.18 07:28]
i agree, at least when it comes to free VPNs

DrDeda, [16.01.18 07:30]
which part of "never" don't you understand?

Andrey Meshkov, [16.01.18 09:33]
[In reply to Bluscream]
don’t use google for that

Andrey Meshkov, [16.01.18 09:33]
publicwww is your friend:
https://publicwww.com/websites/"OKAYFREEDOM_INJECTED"/
Click to expand...
 
I

IEX

Member
Jan 30, 2017
3
0
33
Eh, that's what you get with a free VPN. I highly suggest either ProtonVPN freedomVPN
 
You must log in or register to reply here.
Top