Hotspot Shield VPN Accused of Breaking Privacy Promises
A privacy non-profit has urged the Federal Trade Commission (FTC) to investigate alleged deceptive and unfair trade practices by the provider of the popular Hotspot Shield Free VPN.
The tool, produced by Hotspot Shield, has managed to attract around 500 million customers from around the world with promises of “anonymous browsing” and claims that it keeps “no logs of your online activity or personal information.”
It even distances itself from other “disreputable” free VPN services which “make their money tracking and selling their users’ activities.”
Hotspot Shield Free VPN claims to clear any browsing info after each session, but it actually “deploys persistent cookies and concedes that it works with unaffiliated entities to customize advertising and marketing messages”, the FTC filing continues.
CDT’s research was aided by Carnegie Mellon University’s Mobile App Compliance System, which it claims found “undisclosed data sharing practices with third party advertising networks.”
“Further analysis of Hotspot Shield’s reverse-engineered source code revealed that the VPN uses more than five different third-party tracking libraries, contradicting statements that Hotspot Shield ensures anonymous and private web browsing.”
Hotspot Shield also redirects e-commerce traffic to partner websites that include online advertising companies, CDT claimed.
It also argued that consumers using the paid for version of the VPN have become victims of credit card fraud.
This could be because the app doesn’t transmit mobile carrier information through an HTTPS connection, rendering it susceptible to leaks or attacks from malicious third parties, the FTC complaint alleges.
Media reports quote David Gorodynasky, CEO of parent company AnchorFree, as saying the claims are “unfounded”.
Source: Information Security Magazine