VPNs (Virtual Private Networks) are meant to be a safe zone on the Internet, sheltering you from malicious hackers, Internet providers, and the government by concealing your real IP access and encrypting your connection. But what if a VPN decides to spy on you?
Well, something similar has recently happened. The creators of Hotspot Shield VPN, AnchorFree, were accused of “unfair and deceptive trade practices” as claims were spread that they collect too much browsing-related user information so that they could show more targeted advertisements.
On 7 August, 2017, a complaint was issued by the US Centre for Democracy and Technology (CDT), blaming Hotspot Shield for applying logging practices and using third-party tracking libraries so that more personalized advertising could be implemented. The complaint was given to the Federal Trade Commission (FTC) and consisted of twelve pages.
To quote the complaint, the VPN service “monitors information about users’ browsing habits”, and all of this is happening while people browse the Internet using Hotspot Shield VPN. It is also stated that the VPN intrusively uses tracking cookies to gather data about its users, and collaborates with unknown third parties that implement the data when displaying targeted ads and marketing messages.
This information caught the attention of users and security experts because this is not what the developers of a VPN should do – the primary goal of such a network is concealing as much data as possible not leaking a thing. Keeping in mind that most Virtual Private Networks have implemented adware, the actions of Hotspot Shield VPN are questionable.
However, it should be admitted that some information can indeed be collected by VPNs, but this info should only be non-private. CDT wrote that the application “must engage in some logging to monitor bandwidth or to enforce restrictions”, for example, it should keep track on the number of devices that currently use the service.
Despite this statement, it is obvious that Hotspot Shield VPN went a bit overboard – the data collected helped the developers track the users’ general location, displaying advertising as well. The most compromising thing, however, is the fact that it gave a promise to “connect advertisers to unique users that are frequent visitors of travel, retail, business and finance websites”.
He said that no IP addresses are stored and that private users’ data is never exposed to any kind of third parties.
At the moment it is being investigated whether any of AnchorFree’s actions were legal or not.