Hotspot Shield VPN Accused of Spying On Its Users' Web Traffic
8.8.2017 thehackernews Privacy

"Privacy" is a bit of an Internet buzzword nowadays as the business model of the Internet has now shifted towards data collection.
Although Virtual Private Network (VPN) is one of the best solutions to protect your privacy and data on the Internet, you should be more vigilant while choosing a VPN service which actually respects your privacy.
If you are using popular free virtual private networking service Hotspot Shield, your data could be at a significant risk.
A privacy advocacy group has filed a complaint with the Federal Trade Commission (FTC) against virtual private networking provider Hotspot Shield for reportedly violating its own privacy policy of "complete anonymity" promised to its users.
The 14-page-long complaint filed Monday morning by the Centre for Democracy and Technology (CDT), a US non-profit advocacy group for digital rights, accused Hotspot Shield of allegedly tracking, intercepting and collecting its customers' data.
Developed by Anchorfree GmbH, Hotspot Shield is a VPN service available for free on Google Play Store and Apple Mac App Store with an estimated 500 million users around the world.
Also Read: Secure VPNs (Get Lifetime Subscription) To Prevent ISPs From Spying On You
VPN is a set of networks conjugated together to establish secure connections over the Internet and encrypts your data, thereby securing your identity on the Internet and improving your online security and privacy.
The VPN services are mostly used by privacy advocates, journalists, digital activists and protesters to bypass censorship and geo-blocking of content.
Hotspot Shield does just Opposite of What All it Promises
The Hotspot Shield VPN app promises to "secure all online activities," hide users' IP addresses and their identities, protect them from tracking, and keep no connections logs while protecting its user’s internet traffic using an encrypted channel.
However, according to research conducted by the CDT along with Carnegie Mellon University, the Hotspot Shield app fails to live up to all promises and instead logs connections, monitors users' browsing habits, and redirects online traffic and sells customer data to advertisers.
"It is thusly unfair for Hotspot Shield to present itself as a 48 mechanism for protecting the privacy and security of consumer information while profiting off of that information by collecting and sharing access to it with undisclosed third parties," the CDT complaint reads.
"Consumers who employ Hotspot Shield VPN do so to protect their privacy, and Hotspot Shield’s use of aggressive logging practices and third-party partnerships harm its consumers' declared privacy interests."
Hotspot Shield also found injecting Javascript code using iframes for advertising and tracking purposes.
Reverse engineering of the apps source code also revealed that the VPN uses more than five different third-party tracking libraries.
Researchers also found that the VPN app discloses sensitive data, including names of wireless networks (via SSID/BSSID info), along with unique identifiers such as Media Access Control addresses, and device IMEI numbers.
Also Read: Secure VPN Services — Get Up to 91% Discount On Lifetime Subscriptions
The CDT also claims that the VPN service sometimes "redirects e-commerce traffic to partnering domains."
If users try to visit any commercial website, the VPN app redirects that traffic to partner sites, including ad companies, to generate revenue.
"For example, when a user connects through the VPN to access specific commercial web domains, including major online retailers like www.target.com and www.macys.com,the application can intercept and redirect HTTP requests to partner websites that include online advertising companies," the complaint reads.
The CDT wants the FTC to start an investigation into what the Hotspot Shield's "unfair and deceptive trade practices" and to order the company to stop mispresenting privacy and security promises while marketing its app.