VPNs are presumed to be the holy grail of internet privacy, but recent accusations against Hotspot Shield bring back every netizen’s worst fear—nothing can truly protect you online.
This has compelled users worldwide to do a background check on their VPN providers.
It’s a well-known fact that numerous companies that provide VPN services are newly incorporated, and to consumers, that’s bad news.
Accusations Against Hotspot Shield VPN
Initially released in 2005 by developer AnchorFree, Hotspot Shield has now grown to serve more than 500 million users.
It was also extensively used during the Arab Spring protests by citizens in Egypt, Tunisia and Libya to bypass government censorship.
The company had a solid foundation and had won over many users and critics alike, until now.
The Center for Democracy & Technology (CDT), a nonprofit organization that fights for consumer privacy rights, has accused Hotspot Shield of violating their privacy policies.
A complaint was filed with the Federal Trade Commission earlier this month.
The document runs 14 pages long and has listed a host of findings that could implicate AnchorFree, Inc.
The primary accusation is in regards to the “anonymous browsing” feature that Hotspot Shield is popularly known for.
If CDT is to be believed, AnchorFree is guilty of attempting to make extra money by redirecting users to its partner websites.
In an interview last year, AnchorFree CEO David Gorodynasky made it clear that Hotspot Shield wouldn’t be able to use private data even if they wanted to, because of their “zero knowledge” approach.
This essentially means that even legal authorities, such as governments, cannot ask Hotspot Shield to share user data.
Gorodynasky also claimed that about 97 percent of the VPN software’s user base was running the free edition of the app, which supports ads.
Trackers, Injections & Empty Promises
A peek into the investigation CDT conducted, with the help of Carnegie Mellon University, would shake the confidence of most loyal users.
A team of researchers who reverse engineered the application found that it contained at least five different tracking libraries from third-party sources.
The team also concluded that sensitive data, such as MAC (Media Access Control) addresses and device IMEI numbers, were also passed on to these third-party sources.
Anybody with a decent amount of computer knowledge can figure how serious these violations are.
These aren’t bugs or anomalies in the software functionality; there seems to be a clear intent behind placing third-party trackers.
If researchers have gone to the extent of stripping down the source code and reverse engineering the app, the evidence presented might hold enough water for Hotspot Shield’s business to drown.
Unfair & Deceptive
Imagine using HotSpot Shield to browse a commercial website only to be redirected to a page that is heavily loaded with advertisements.
Would an average user have an explanation as to what is happening? This is exactly what CDT terms “unfair and deceptive” trade practices.
It is no secret that most social networking websites sell user data to make money.
In fact, it’s part of their terms of service. But for a VPN provider to borrow a page from their book is a pretty daring move, likely driven by the assumption that they’d get away with committing the deed.
Consumers use VPNs because they don’t feel safe on the network they’re using.
An unsecured network can leak your private details and shove ads down your throat.
HotSpot Shield is now accused of the very same practice it is supposed to protect users from.
Context for the Future
While there’s no way for users to verify the authenticity of the VPN services they receive, it is recommended that you opt for VPN companies that have a prior history of being transparent and morally inclined to their users.
The Hotspot Shield case can be passed off as a blip on the radar that will hopefully serve as a warning to other VPN providers around the globe.
CDT’s report is damaging, and AnchorFree seems to be heading for a conviction and an array of compensation lawsuits, offering us a reminder that maybe internet privacy is something that one cannot buy.