Posted on August 9, 2017 at 7:40 PM
HotSpot Sheild VPN Provider Selling Users Data
A new controversy in the world of VPNs has occurred revolving around a Virtual Private Network provider Hotspot Shield. The provider has been established in 2008 in the US and since has managed to get downloaded half a billion times. The way in which the provider got to this number was due offering free service for the 97% of their users.
But a non-profit group under the name of Center for Democracy and Technology has filed a complaint with the Federal Trade Commission in which it expressed their concern about the VPN provider conducting unfair and deceptive trade practices. The complaint was 14 pages long. But here’s where things start to get interesting – it’s clearly stated that in Hotspot’s terms of service they have the right to collect user activity information and share the acquired information with third parties.
Diving deeper into the issue, CDT has been contacted in order to find out what exactly the group thought Hotspot Shield did wrong. Joseph Jerome of CDT has stated that the provider’s privacy policy isn’t as clear as it should be, in addition to being shoved underneath statements on the App Store that say that the VPN has no logs, shares no personal information and protects anonymity. Jerome believes this is contradictory and goes against Section 5 of the FTC Act’s prohibition against unfair and deceptive trade practices.
And yes, once you go to the App Store or Android Play Store, you can see that the statement of the VPN app being able to disguise your online identity and give you access to blocked apps all while you stay anonymous, secure and private is standing next to their privacy policy that says it otherwise.
Just by skimming through Hotspot Shield’s privacy policy, you can notice a few red flags, such as the statement that AnchorFree doesn’t collect any personal information, except as explained in the policy. Further on, they say that what they classify as personal information is name, email, mailing address, credit card number or other billing information and mobile phone number. What they exclude out of their definition of personal information are IP addresses and unique device identifiers.
This idea is, of course, completely crazy, making the 14 pages long complaint from CDT very understandable.
Hotspot Shield has been found to have many other issues, too. According to a recent study, it has been discovered that the apps contain tracking software, which means it both records its users’ activities and sells the acquired data to advertisers. The researchers from Commonwealth Scientific and Industrial Research Organization found five different tracking libraries in the code of Hotspot Shield.
As if this isn’t enough, the study also found that the VPN provider redirects users to affiliate links once they enter certain websites, which means that Hotspot Shield gets a commission in case their users buy anything from the connected sites.
Hotspot Shield has been contacted to comment on the issue and a statement has been received.
Among other things, the official statement said that the information provided to the company by their users is never associated with their online activities. They denied storing user IP addresses and stated that they protect their users’ personally identifiable information from themselves as well as third parties.
They added that the claims made by CDT were unfounded and while they are glad that the group is concerned about their users’ privacy being protected, they weren’t glad that CDT didn’t try to contact the provider first and ask them the questions they had.
But even this statement made official by Hotspot Shield’s spokesperson isn’t aligned with their privacy policy in which they say that IP addresses aren’t considered as personal information. After contacting Tim Tsoriev from AnchorFree, he responded by agreeing that the privacy policy sends a wrong message and added that they are in the process of updating it to reflect the real way their system works.
