Jump to content

Hotspot Shield VPN Reported to FTC For Alleged Privacy Breaches


Recommended Posts

Hotspot Shield VPN, a popular service that claims to enhance users' privacy while providing anonymity, has been reported to the Federal Trade Commission. The Center for Democracy & Technology has called for an investigation, claiming that the service logs user activity and employs third-party tracking mechanisms to deliver targeted advertising.



With online privacy becoming an increasingly hot topic, large numbers of companies are offering products which claim to stop third-parties from snooping on users’ Internet activities.

At the forefront are Virtual Private Networks (VPN), which push consumer traffic through encrypted tunnels and remote servers to hide activity from ISPs while offering varying levels of anonymity.


Claims made by VPN companies are often scrutinized by privacy advocates but if a complaint filed this morning by the Center for Democracy and Technology
(CDT) gains momentum, there could be a government investigation into one of the most popular.


Developed by AnchorFree, Inc. and initially released more than nine years ago, the Hotspot Shield application allows users to connect to a VPN service. According to its makers, it’s been downloaded 75 million times and provides “anonymous web surfing with complete privacy.” That claim, however, is now under the spotlight.


In a complaint filed this morning with the Federal Trade Commission, CDT notes that Hotspot Shield makes “strong claims” about the privacy and security of its data collection and sharing practices, including that it “never logs or stores user data.” Crucially, the company also claims never to track or sell its customers’ information, adding that security and privacy are “guaranteed.”


Countering, CDT says that Hotspot Shield engages in logging practices that contradict its claims, noting that it collects information to “identify [a user’s] general location, improve the Service, or optimize advertisements displayed through the Service.”


The complaint says that IP addresses and unique device identifiers are regularly
collected by Hotspot Shield but the service gets around this issue by classing neither sets of data as personal information.


CDT says it used Carnegie Mellon University’s Mobile App Compliance System to gain insight into Hotspot Shield’s functionality and found problems with privacy.

“CMU’s analysis of Hotspot Shield’s Android application permissions found undisclosed data sharing practices with third party advertising networks,” the group notes.


“While an ad-supported VPN may be beneficial in certain instances, it should not be paired with a product or service that tells users that it ensures anonymity, privacy, and security.”


CDT also says that Hotspot Shield tries to cover its back with a disclaimer that the company “may not provide a virtual IP Address for every web site you may visit and third-party web sites may receive your original IP Address when you are visiting those web sites.” But this runs counter to the stated aim of the service, CDT writes.


Accusing Hotspot Shield of unfair and deceptive trade practices, CDT calls on the Commission to conduct an investigation into its data collection and sharing practices.


Hotspot Shield is yet to respond to the complaint or accusations but in a 2014 blog post, welcomed the FTC’s involvement in online security issues.

Full complaint here, courtesy Ars


Article source

Link to comment
Share on other sites

  • Replies 7
  • Views 1.2k
  • Created
  • Last Reply

Look....another Hola VPN type con-artists !! When I first heard something fishy about Hotspot...I merely had used it for 2-3 months tho not frequently.. and ended it removing due to poor quality and the fishy BTS behaviour that was reported ...and now they're proving that right so far that you cant trust a "free" VPN.... which also serves you ads or profiling you.

The level of Irony here over 9000 !!

Link to comment
Share on other sites

Ballistic Gelatin

It will be very interesting to see where this case goes. I dumped HSS in favor of a paid service more than a year ago, and I now take such claims as "complete privacy" with a half a grain of salt.

Link to comment
Share on other sites

VPN Provider Accused of Sharing Customer Traffic With Online Advertisers


"Hotspot Shield’s marketing claims that it does not track, log, or sell customers’ information, but its privacy policy and a source code analysis reveal otherwise," the CDT wrote in a press release yesterday.


"The VPN promises to connect advertisers to users who frequent websites in particular categories and while most VPNs prevent internet service providers from seeing a user’s internet traffic, that traffic is often visible in unencrypted form to Hotspot Shield," the CDT adds. "VPNs typically log data about user connections to help with troubleshooting technical issues, but Hotspot Shield uses this information to identify user locations and serve advertisements."


The CDT would like the FTC to investigate the VPN provider based on its complaint. Below are some of the other accusations put forward by the privacy group:


 → Hotspot Shield VPN client for Android collects other sensitive information, such as names of wireless networks (via SSID/BSSID information), and other unique identifiers such as Media Access Control addresses and device IMEI numbers.
 → The VPN has been found to be actively injecting JavaScript codes using iframes for advertising and tracking purposes.
 → VPN uses more than five different third-party tracking libraries,  contradicting statements that Hotspot Shield ensures anonymous and private web browsing.
 → Hotspot Shield further redirects e-commerce traffic to partnering domains.
 → Consumers have reported instances of credit card fraud after purchasing the “Elite” paid-version of Hotspot Shield VPN.
 → Hotspot Shield also reveals that the app does not transmit Mobile Carrier information through an HTTPS connection.
 → AnchorFree made deceptive claims to the media and in its promotional materials.


Link to comment
Share on other sites

I never trusted ; in Hotspot Shield VPN.

I used it less than a month.

It injects into windows things that are recognized; like virus or malware.

Depending on the tool you use to analyze your computer.

But that's just my opinion.;)

Link to comment
Share on other sites

7 hours ago, snf said:

I never trusted ; in Hotspot Shield VPN.

I used it less than a month.

It injects into windows things that are recognized; like virus or malware.

Depending on the tool you use to analyze your computer.

But that's just my opinion.;)

Yes i never used it before  besides the fact most free ones log i started out with another free one and  they were blocking p2p sites .. so i found some  good vpn giveaways here before and the ones in the last few years are not very good vpns with limited giveaways so i use a paid provider  for a long time now .

Link to comment
Share on other sites



"Privacy" is a bit of an Internet buzzword nowadays as the business model of the Internet has now shifted towards data collection.

Although Virtual Private Network (VPN) is one of the best solutions to protect your privacy and data on the Internet, you should be more vigilant while choosing a VPN service which actually respects your privacy.

If you are using popular free virtual private networking service Hotspot Shield, your data could be at a significant risk.

A privacy advocacy group has filed a complaint with the Federal Trade Commission (FTC) against virtual private networking provider Hotspot Shield for reportedly violating its own privacy policy of "complete anonymity" promised to its users.


The 14-page-long complaint filed Monday morning by the Centre for Democracy and Technology (CDT), a US non-profit advocacy group for digital rights, accused Hotspot Shield of allegedly tracking, intercepting and collecting its customers' data.

Developed by Anchorfree GmbH, Hotspot Shield is a VPN service available for free on Google Play Store and Apple Mac App Store with an estimated 500 million users around the world.


VPN is a set of networks conjugated together to establish secure connections over the Internet and encrypts your data, thereby securing your identity on the Internet and improving your online security and privacy.

The VPN services are mostly used by privacy advocates, journalists, digital activists and protesters to bypass censorship and geo-blocking of content.

Hotspot Shield does just Opposite of What All it Promises

The Hotspot Shield VPN app promises to "secure all online activities," hide users' IP addresses and their identities, protect them from tracking, and keep no connections logs while protecting its user’s internet traffic using an encrypted channel.

However, according to research conducted by the CDT along with Carnegie Mellon University, the Hotspot Shield app fails to live up to all promises and instead logs connections, monitors users' browsing habits, and redirects online traffic and sells customer data to advertisers.
"It is thusly unfair for Hotspot Shield to present itself as a 48 mechanism for protecting the privacy and security of consumer information while profiting off of that information by collecting and sharing access to it with undisclosed third parties," the CDT complaint reads. 
"Consumers who employ Hotspot Shield VPN do so to protect their privacy, and Hotspot Shield’s use of aggressive logging practices and third-party partnerships harm its consumers' declared privacy interests."
Hotspot Shield also found injecting Javascript code using iframes for advertising and tracking purposes.

Reverse engineering of the apps source code also revealed that the VPN uses more than five different third-party tracking libraries.

Researchers also found that the VPN app discloses sensitive data, including names of wireless networks (via SSID/BSSID info), along with unique identifiers such as Media Access Control addresses, and device IMEI numbers.



The CDT also claims that the VPN service sometimes "redirects e-commerce traffic to partnering domains."

If users try to visit any commercial website, the VPN app redirects that traffic to partner sites, including ad companies, to generate revenue.

"For example, when a user connects through the VPN to access specific commercial web domains, including major online retailers like www.target.com and www.macys.com,the application can intercept and redirect HTTP requests to partner websites that include online advertising companies," the complaint reads.

The CDT wants the FTC to start an investigation into what the Hotspot Shield's "unfair and deceptive trade practices" and to order the company to stop mispresenting privacy and security promises while marketing its app.



Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...