Hotspot Shield touts itself as the VPN service that Angela Merkel should have used when hackers hacked her account.
But now a certain privacy group has claimed that the Federal Trade Commission must launch an investigation into the discrepancies the group has noticed in the VPN service’s official privacy policy.
A prominent privacy group has filed a new case with the Federal Trade Commission.
The new filing says that the FTC has to investigate VPN service provider Hotspot Shield.
For what?
For having a deceptive privacy policy which means shady trade practices.
The filing is around 14-pages long.
And the chief allegation on Hotspot Shield is that, as a VPN service provider, it is not transparent enough.
According to CDT, Center for Democracy and Technology (a Washington DC based group), Hotspot Shield has not kept its promises.
HotSpot Shield, as a VPN service provider, has also violated its promise of anonymous browsing.
How has it done that?
According to the new filing, the company has intercepted and redirected online web traffic to its partner websites.
These partner websites include third-party advertising companies.
Hotspot Shield is one of the most widely used VPN service providers in the world.
According to one statistic, Hotspot Shield provides VPN services to more than 500 million online users around the world.
The service allows these users to circumvent state censorship.
It also helps them bypass regional restrictions that exist on various streaming services and websites.
David Gorodyansky, the AnchorFree (the service’s parent company) chief executive had an interview with ZDNet.
At the time, he said that around 97 percent of all Hotspot Shield users ran the ad-supported but free version of the company’s software.
While talking to ZDNet New York newsroom, he also said that Hotspot Shield did not make any money from its user’s data.
Instead, the company had a zero-knowledge policy.
This policy ensured that governments could not demand any data on Hotspot Shield customers that the company did not store.
As per CDT, that isn’t the case.
According to the new filing, Hotspot Shield (the accused) logged user connections and used third-party tracking services to display focused advertisements to users.
The filing also said that Hotspot Shield engaged in serious logging practices that involved the user’s connection data.
And the company did not beyond of what is required to troubleshoot a user’s or service’s technical issues.
The company used IP addresses as well as user locations to “improve” their VPN services.
The filing also said that Hotspot Shield claimed that it used that data to optimize user-focused advertisements that it displayed via its VPN service.
Table of Contents
What Does CDT Want?
The CDT wants the Federal Trade Commission to come in and intervene.
And then use its authority to stop these deceptive and unfair trade practices and acts.
When Did CDT COme To Know About Hotspot Shield Malpractices?
According to various news reports, CDT (the privacy group) initiated its investigative measures against Hotspot Shield back in April.
The privacy group decided to do so after the US Congress decided to repeal existing broadband privacy rules.
These broadband privacy rules basically protected users by blocking internet service providers from selling their browsing history data to third-party advertising companies.
This action resulted in a surge for VPN services.
The demand went up to astronomical levels.
And all of that happened because of the repeal.
However, the repeal also kicked CDT into action and it decided to investigate Hotspot Shield.
As mentioned before, Hotspot Shield is considered as the largest VPN service provider in the VPN industry.
And by quite a margin as well.
CDT Didn’t Do it Alone. It Had Partners
The CDT, in an effort to augment their investigative efforts, joined hands with Carnegie Mellon University researchers.
The group then analyzed the Hotspot Shield app and its services.
They found that Hotspot Shield’s advertising networks had these undisclosed data-sharing practices.
The complaint also mentions the fact that upon further analysis, it discovered many other discrepancies as well.
Basically, CDT along with the University researchers reverse-engineered Hotspot Shield’s source code.
Upon doing so, they found out that this VPN service provider used around five (and upwards) different tracking libraries from third-party companies.
This fact basically contradicted what Hotspot Shield had said before.
Hotspot Shield, as a VPN service provider, had always maintained that it ensured that users had a private and anonymous web browsing experience.
The complaint from CDT also said that Hotspot Shield also monitored information regarding its users’ online browsing habits while the users had turned on its VPN service.
Moreover, researchers found some other disturbing facts as well.
They found that Hotspot Shield VPN app transmitted sensitive information regarding the cell carrier of mobile users.
And it transmitted that data over a connection with no encryption.
VPN Service Providers Are A Force Of Good. But Not All Of Them
VPN service providers all over the world provide users with lots of online tools that benefit their freedom.
Any online user who lives in a region or a country where government surveillance is strong, can use a VPN service provider.
Moreover, VPN service providers also take care of web censorship tools that have now become rife.
Moreover, a VPN service is also just a tool of convenience for people who want to conceal their online internet history and other web browsing traffic.
Internet service providers have also started to monitor their users.
VPN service providers can thwart internet service providers as well.
Additionally, VPN service providers are also very effective against law enforcement agencies who can come along at any time and invade privacy rights.
The problem with using VPN service providers is that users have to trust them.
And trust that they won’t monitor and log their data as well.
There is no point in using a VPN service if it is also going to monitor, collect and then sell user data.
Michelle De Mooy, who is the director of CDT’s Privacy And Data Project recently said that people used VPN service for different reasons.
But most of these users are people who don’t have any trust regarding the network they are connected to.
The problem with these people is that they don’t think that way when it comes to their VPN service providers.
It is entirely possible that a VPN service provider may also violate their privacy and anonymity needs.
Most of the online users have trouble in understanding that VPN service providers might do with their web browsing data.
And because of this difficulty, they seem to trust their VPN service providers more than their internet service providers.
This is the reason why VPN service providers must disclose their privacy policy practices as clearly and accurately as possible.
It is absolutely essential that VPN services come clean over this issue.
De Mooy also added that Hotspot Shield had failed to fulfill its promises.
It did not live up to its privacy commitments.
And it did not meet its customers’ reasonable expectations.
Hotspot Shield Doesn’t Agree With CDT
On the other hand, Gorodyansky recently said via an email interview this past Monday that he did not agree with the new CDT filing.
He said that they company strongly believed in protecting online user privacy.
Gorodyansky also said the company treated the information provided by Hotspot Shield users with utmost sincerity.
And the company did not associate the information with the company’s other online activities when the users had turned on Hotspot Shield.
Gorodyansky reiterated that the company did not store their customers’ IP addresses.
In fact, the company protected information that could identify its users from all third party companies as well as from the company itself.
Moreover, the chief executive also claimed that CDT, in its filing, reported unfounded claims.
He told reporters via an interview that the company commended CDT for the group’s dedicated to safeguarding user privacy.
But the allegations against the company, surprised Hotspot Shield staff.
He also said that the company felt dismayed that the Centre for Democracy and Technology did not contact the company in order to have a discussion on their privacy issues and findings.
He ended his comment by adding the AnchorFree prided itself for its transparency and its data practices.
Moreover, he said, the company would happily engage with anyone who wanted to have a discussion in order to clarify the actual facts.
According to Gorodyansky, AnchorFree would also cooperate with CDT to better understand its concerns.