VPNs typically log data about user connections to help with troubleshooting technical issues, but Hotspot Shield uses this information to identify user locations and serve advertisements.
The VPN promises to connect advertisers to users who frequent websites in particular categories and while most VPNs prevent internet service providers from seeing a user’s internet traffic, that traffic is often visible in unencrypted form to Hotspot Shield.
Hotspot Shield’s marketing claims that it does not track, log, or sell customers’ information, but its privacy policy and a source code analysis reveal otherwise.
That makes clear and accurate disclosures and practices essential,” said Michelle De Mooy, Director of CDT’s Privacy & Data Project. For many internet users, it’s difficult to fully understand what VPNs are doing with their browsing data. “People often use VPNs because they do not trust the network they’re connected to, but they think less about whether they can trust the VPN service itself. In an online environment increasingly hostile to private browsing, CDT and other advocates have frequently recommended VPN use to mask internet traffic, and VPN use has soared recently in the U.S. As a result, the Center for Democracy & Technology (CDT) has asked the Federal Trade Commission (FTC) to investigate the data security and data sharing practices of Hotspot Shield Free Virtual Private Network (VPN) services, which we believe should be considered unfair and deceptive trade practices. However, a popular free VPN, Hotspot Shield, promises to protect its users’ privacy but has undisclosed data sharing and traffic redirection practices that violate that promise. For many Americans looking to protect their online privacy, virtual private networks, or VPNs, are a good option.