Hotspot Shield VPN accused of logging user data and selling it to advertisers • Graham Cluley
/
This article is more than 4 years
Privacy researchers have accused Hotspot Shield VPN of logging user data and selling it to advertisers despite claims to the contrary.
In a complaint filed with the Federal Trade Commission (FTC), the Center for Democracy and Technology (CDT) is requesting a government investigation into Hotspot Shield’s data security and data-sharing practices. Hotspot Shield is a popular VPN and Wi-Fi security solution, with hundreds of millions of users across Android, iOS, and desktop platforms.
CDT states in its file that Hotspot Shield collects user communication data such as IP addresses, unique device identifiers, and other “application information” during use. This may be because the VPN does not consider these pieces of data as sources of personal information. It says a lot in its privacy policy.
Newsletter Subscription
Security news, tips and advice.
Except as described in this Notice, AnchorFree does not collect any personal information about you when you use the Service. “Personal information,” also referred to as personally identifiable information, is information that may be associated with a specific individual. Examples of personal information include name and email address and postal address, mobile phone number, credit card or other billing information. Please note, however, that for the purposes of this Privacy Notice, AnchorFree does not include your IP address or unique device identifier within identifying personal information.”
These recording allegations directly contradict comments by David Gorodyansky, founder and CEO of AnchorFree, who said the following for Huffington Post Back in May:
“Because AnchorFree is a mission-driven company, we never log or store user data. Our perspective is to protect users not only from bad guys like hackers, identity thieves, websites and ISPs, but also to protect users from their selves (/we). We believe that the best A way to protect user data is not to collect it.”
But allegations of deceptive business practices and misleading data security statements do not end there. CDT continues to accuse Hotspot Shield of injecting Javascript code into users’ browsers for the purposes of advertising and tracking. They also charge the VPN for selling customer data to advertisers, using multiple third-party tracking libraries, “redirecting e-commerce traffic to partner domains”, transmitting carrier data over a non-HTTPS web connection, and mishandling private payment information customers, as evidenced by some users’ claims regarding credit card fraud resulting from their purchase of the Elite version of the VPN.
Anchor Free categorically denied the CDT complaint. As quoted in a statement submitted to Tom’s guide:
“We strongly believe in online consumer privacy. This means that the information Hotspot Shield users provide to us is never linked to their online activities when they use Hotspot Shield, we do not store users’ IP addresses and protect the user’s personally identifiable information from third parties and ourselves. Recent Claims Contrary to that presented by the non-profit advocacy group the Center for Democracy and Technology, it is unfounded.While we commend CDT for their dedication to protecting users’ privacy, we were surprised by these allegations and appalled that CDT did not contact us to discuss their concerns.AnchorFree prides itself on being transparent about its data practices and would be happy to participate in a discussion to clarify the facts and better understand the nature of CDT’s concerns. We are communicating with the appropriate groups and will remain committed to defending the privacy and internet freedom of all our users.”
The FTC has not yet responded to the CDT’s complaint as of this writing.
we are in Graham Cluley Security News We firmly believe in the value of VPNs when it comes to protecting the privacy and anonymity of web users. Of course, not all VPNs are created equal; Some engage in deceptive policies such as those set forth in the CDT statutory deposit.
As a result, it is important for users to carefully review a VPN’s privacy policy before downloading a solution to their device. Doing so may not reveal everything the company does with customer data, but it can provide a useful at-a-glance. (With regard to Hotspot Shield, I think many people would consider unique IP addresses and device identifiers to fall into the category of personal information.)
Generally, users should also look for a paid VPN solution instead of a free one. Free VPN providers have to make their money somehow, and they probably do so by selling user data to advertisers.
Found this article interesting? Follow Graham Cluley on Twitter to read more exclusive content we have.
[ad_1]
Don’t forget to share this post with friends !
