Hotspot Shield

Hotspot Shield VPN Accused of Spying On Its Users’ Web Traffic

If you have ever used or still using popular free Virtual Private Networking (VPN) service Hotspot Shield, you need to read this as your data could be at a very significant risk.

A standard Virtual Private Network (VPN) should provide secured and anonymous connections on the internet by encrypting user data, but it obvious not all VPNs are staying true to respecting users’ privacy. There is need to be extra careful when selecting any most especially now that data collection is now an important internet business practice.

VPN services are mostly used by privacy advocates, journalists, digital activists and protesters to bypass censorship and geo-blocking of contents.

A 14 page-long complaint was however  filed on Monday by a privacy advocacy group with the Federal Trade Commission (FTC) against virtual private networking provider Hotspot Shield for violating its own privacy policy of “complete anonymity” promised to its users.

The group accused Hotspot Shield of allegedly tracking, intercepting and collecting its customers’ data.

The Hotspot Shield VPN app promises to “secure all online activities,” hide users’ IP addresses and their identities, protect them from tracking, and keep no connections logs while protecting its user’s internet traffic using an encrypted channel.

Hotspot Shield was developed by Anchorfree GmbH as a free VPN app on google playstore and Apple Mac App Store with over 500 million users around the world.

However, according to research conducted by the CDT along with Carnegie Mellon University, the Hotspot Shield app fails to live up to all promises and instead logs connections, monitors users’ browsing habits, redirects online traffic and sells customer data to advertisers.

“Consumers who employ Hotspot Shield VPN do so to protect their privacy, and Hotspot Shield’s use of aggressive logging practices and third-party partnerships harm its consumers’ declared privacy interests.”

Hotspot Shield was also found injecting Javascript code using iframes for advertising and tracking purposes.

Reverse engineering of the apps source code also revealed that the VPN uses more than five different third-party tracking libraries.

Researchers also found that the VPN app discloses sensitive data, including names of wireless networks (via SSID/BSSID info), along with unique identifiers such as Media Access Control addresses, and device IMEI numbers.

The CDT also claims that the VPN service sometimes “redirects e-commerce traffic to partnering domains.”

If users try to visit any commercial website, the VPN app redirects that traffic to partner sites, including ad companies, to generate revenue.

“For example, when a user connects through the VPN to access specific commercial web domains, including major online retailers like and, the application can intercept and redirect HTTP requests to partner websites that include online advertising companies,” the complaint reads.

The CDT wants the FTC to start an investigation into what the Hotspot Shield’s “unfair and deceptive trade practices” and to order the company to stop mispresenting privacy and security promises while marketing its app.



Leave a Reply