Hotspot Shield VPN Accused of Spying On Its Users’ Web Traffic

c505218304b50c59c3659f6dda43bae7-links-1–>If you have ever used or still using popular free Virtual Private Networking (VPN) service Hotspot Shield, you need to read this as your data could be at a very significant risk.

A standard Virtual Private Network (VPN) should provide secured and anonymous connections on the internet by encrypting user data, but it obvious not all VPNs are staying true to respecting users’ privacy. There is need to be extra careful when selecting any most especially now that data collection is now an important internet business practice.

VPN services are mostly used by privacy advocates, journalists, digital activists and protesters to bypass censorship and geo-blocking of contents.

A 14 page-long complaint was however  filed on Monday by a privacy advocacy group with the Federal Trade Commission (FTC) against virtual private networking provider Hotspot Shield for violating its own privacy policy of “complete anonymity” promised to its users.

The group accused Hotspot Shield of allegedly tracking, intercepting and collecting its customers’ data.

The Hotspot Shield VPN app promises to “secure all online activities,” hide users’ IP addresses and their identities, protect them from tracking, and keep no connections logs while protecting its user’s internet traffic using an encrypted channel.

Hotspot Shield was developed by Anchorfree GmbH as a free VPN app on google playstore and Apple Mac App Store with over 500 million users around the world.

However, according to research conducted by the CDT along with Carnegie Mellon University, the Hotspot Shield app fails to live up to all promises and instead logs connections, monitors users’ browsing habits, redirects online traffic and sells customer data to advertisers.

“Consumers who employ Hotspot Shield VPN do so to protect their privacy, and Hotspot Shield’s use of aggressive logging practices and third-party partnerships harm its consumers’ declared privacy interests.”

Hotspot Shield was also found injecting Javascript code using iframes for advertising and tracking purposes.

Reverse engineering of the apps source code also revealed that the VPN uses more than five different third-party tracking libraries.

Researchers also found that the VPN app discloses sensitive data, including names of wireless networks (via SSID/BSSID info), along with unique identifiers such as Media Access Control addresses, and device IMEI numbers.

The CDT also claims that the VPN service sometimes “redirects e-commerce traffic to partnering domains.”

If users try to visit any commercial website, the VPN app redirects that traffic to partner sites, including ad companies, to generate revenue.

“For example, when a user connects through the VPN to access specific commercial web domains, including major online retailers like and, the application can intercept and redirect HTTP requests to partner websites that include online advertising companies,” the complaint reads.

The CDT wants the FTC to start an investigation into what the Hotspot Shield’s “unfair and deceptive trade practices” and to order the company to stop mispresenting privacy and security promises while marketing its app.




A passionate writer, with years of accumulated experiences in mobile tech tweaking due to his flair for gadgets. Cracking, tweaking hand held devices for maximum optimizations are what he loves to do. He's also a die-hard gamer and lover of exotic dogs. A graduate of Olabisi Onabannjo University, currently works with a tech firm. An aspiring Cyber Security expert. His aim is to publish relevant contents from his vast knowledge in mobile tech world.

Leave a Reply

%d bloggers like this: