![](/static/66c60d9f/assets/icons/icon-96x96.png)
![](https://lemmy.one/pictrs/image/0f5e05b5-d351-4add-9667-1df4c43091b4.png)
The harm is that it’s installed. There is no reason for doing this. It can be done on demand in one second if the user subscribes to their VPN.
It also shows once once again that they keep on doing their shady shit and still cannot be trusted (or at least that they are a bunch of incompetent developers).
Backblaze posts stats regularly on their site, for example: