AnchorFree’s Hotspot Shield Virtual Proxy Network (VPN), which promises to mask your traffic and protect your information from the prying eyes of ISPs, has been caught logging connections, monitoring users’ browsing habits, redirecting online traffic, and selling user data to advertisers.
The 14-page-long complaint claims:
“Hotspot Shield makes strong claims about the privacy and security of its data collection and sharing practices. CEO David Gorodyansky has stated that “we never log or store user data.” The company’s website promises “Anonymous Browsing” and notes that Hotspot Shield keeps “no logs of your online activity or personal information.”
VPNs are supposed to provide an encrypted tunnel for data exchange on an untrusted network. But VPN providers can see their users’ unencrypted traffic and analyse that traffic to monetize via advertising. They can also provide user information to law enforcement if the authorities ask for it.
Privacy advocacy groups like CDT are trying to sort the good from the bad, but their limited search cannot find and analyse all VPN services. A hefty number of Android based VPN services are full of malware, spyware, adware, and code injection.
Many security researchers advise users to setup their own VPN. Self-identified hacker Sven Slootweg argues not to use a VPN service at all:
“If you absolutely need a VPN, and you understand what its limitations are, purchase a VPS and set up your own.”