It’s very fast, but is it safe?
Hotspot Shield is a secure VPN that uses AES-128 encryption and leak protection to secure your Internet traffic as it travels across the network.
we discovered No IP, DNS, or WebRTC leaks When using desktop and mobile applications, however, browser extensions were not secure. They leak DNS requests and WebRTC information, which means your ISP will be able to view your browsing activity.
Hotspot Shield lock key
The Windows app comes with a VPN kill switch that protects your IP address if your internet connection suddenly drops.
The kill switch is disabled by default, and is not currently available for macOS, Android, or iOS, and is a major oversight for a VPN with a large user base.
It also does not activate when changing servers, which It temporarily reveals your real IP address. This flaw may only expose your personal information for a few seconds, but it’s still a privacy concern.
Evidence of DNS Leaks But No WebRTC Protection
Windows users will find that DNS leak protection is enabled by default. IPv6 and WebRTC leak protection are not built in, so privacy-conscious users should disable these settings in their browser.
No additional features
If you expect advanced features like split tunneling, double hop, or an ad blocker, Hotspot Shield is not for you.
However, there is a Domain Bypass feature that allows you to route certain websites outside the VPN tunnel.
If you are looking for a VPN with lots of extra security options, NordVPN is a good alternative with lots of extras.
Previous security flaws
It is also worth noting that security researchers found a major vulnerability in Hotspot Shield code in February 2018.
The flaw allowed hackers to see the real location of users via their WiFi network name. This was later addressed and fixed. Read Hotspot Shield’s clarification on the incident here.
The amount of third-party trackers in the Android app and the lack of transparency regarding its communication protocol are also points of concern.
Hotspot Shield’s security offering is not as powerful as the best VPNs on the market. It offers strong encryption and overall security, but VPN kill switch issues and browser extension leaks are an issue. However, the VPN is more than secure enough for normal use, live streaming, and protect your data over public WiFi.
Please note: If you have Hotspot Shield on Windows, you must update to the latest version of the software, as older versions have a security vulnerability.
Hydra VPN: Hotspot Shield’s Unique Communication Protocol
Hotspot Shield does not use standard VPN protocols such as OpenVPN. Instead, IKEv2 offers and its own protocol called Hydra VPN (formerly Catapult Hydra).
Not much information about Hydra VPN is available online.
We know Hydra VPN is optimized to deliver lightning-fast speeds. This is due to its focus on the data transfer aspect of VPN performance, which supposedly makes long-distance connection speeds 2.4 times faster than connections using OpenVPN.
According to Hotspot Shield, Hydra VPN is based on TLS 1.2. It uses 128-bit AES encryption, and 2048-bit RSA certificates for server authentication, and includes perfect forward secrecy.
For regular users, Hydra’s VPN encryption is More than safe enough to keep you safe.
We spoke to a Hotspot Shield representative to understand exactly how Hydra VPN works. We were told:
“[Hydra VPN] It is based on the OpenSSL library (as used by OpenVPN). It is an improvement of the transport protocol: it works inside VPN tunnels that have already been created to increase the speed of reliable data transfer.
In particular, this is an improvement of TCP: when packets are lost randomly during long distance connections, Hydra VPN does not confuse this loss with last mile congestion and does not reduce throughput like the old TCP protocol.
These improvements are implemented packets that are already encrypted inside a secure tunnel. Hydra VPN can increase the throughput of any type of VPN tunnel, including OpenVPN and IPSEC. “
One problem with proprietary technology like this is that there is no simple way to know exactly what is happening behind the scenes. Most closed source protocols cannot be reviewed by independent security experts.
We usually recommend OpenVPN as the most reliable and trustworthy VPN protocol. OpenVPN is fast, secure, and open source, so anyone can check your code for bugs or improvements.
In the case of Hydra VPN, Hotspot Shield claims that the code has been evaluated by experts from some of the world’s largest security companies, including BitDefender and McAfee. These companies use the Hotspot Shield Software Development Kit (SDK) to provide VPN services within their applications.
This means that although the code is not publicly available, its functionality and security have been evaluated. If you trust these companies, you can extend that trust to Hotspot Shield, and if you don’t trust them, you’d better opt for an alternative.
Despite its speed and security, it’s surprising that Hotspot Shield doesn’t offer at least a few other popular VPN tunneling protocols in situations where its own protocol might not be the best choice.
IP, DNS and WebRTC Leaks
We tested the Hotspot Shield desktop client, mobile apps, and browser extensions for data leaks. Security is more than just a protocol in use – it has to be used correctly, especially when it comes to leaks that could reveal your identity.
we No IP, DNS, or WebRTC leaks recorded During our tests of premium and free desktop and mobile apps. Our real IP address and UK location remained hidden, which meant the VPN was protecting our identity.
The VPN does not support IPv6 traffic, so if your ISP provides you with an IPv6 address, your personal data may leak. In order to prevent this You must disable IPv6 on any device you are using. This isn’t perfect, but there are a few VPNs that support IPv6, including Perfect Privacy.
While the desktop and mobile apps haven’t leaked any of our private information, both the Chrome extension and the Firefox add-on suffer from weaknesses. Chrome extension leaks DNS requests and Firefox add-on leaks WebRTC requests – even with WebRTC leak blocking enabled.
This means that your ISP can still see the websites you visit when you’re connected to a Chrome extension, and your real IP address and location are revealed when you use the Firefox extension.
Many other VPNs have had WebRTC issues with Firefox recently due to the 73.0 update, but there is an easy solution that you can take to protect yourself. It’s hard to solve chrome DNS leak issue, so we don’t recommend downloading it.
Trackers, Malware, and Permissions
It is not enough to know how a VPN encrypts your data – it is also important to know if it is installing any unexpected add-ons on your device, including malware and trackers.
We used the εxodus tool to see how many trackers and permissions the Hotspot Shield Android app is using, and we were pretty shocked by the results.
The app code has seven trackers, which is more than average for the best VPN. These trackers include:
- Google Ads
- Google CrashLytics
- Google Firebase Analytics
Most of these trackers allow Hotspot Shield to see how users interact and interact with the app. This helps create marketing analytics profiles and determines how users respond to problems such as crashes.
While this may help with the application’s performance and usability By no means perfect for privacy. After all, VPNs can work just fine without trackers – for example, the Astrill code has zero.
The tool also found 13 device permissions. This app grants access to view network and WiFi connections, retrieve running apps, and prevent your phone from sleeping, among other things. None of these permissions are specifically related.
We also put Hotspot Shield .exe download file through two different devices to scan for viruses and malware to make sure it is safe to use. Fortunately, we found that Hotspot Shield does not contain any viruses.