Users’ privacy violated by Hotspot Shield VPN

Hotspot Shield VPN privacy

VPNs (Virtual Private Networks)[1] are meant to be a safe zone on the Internet, sheltering you from malicious hackers, Internet providers, and the government by concealing your real IP access and encrypting your connection. But what if a VPN decides to spy on you?

Well, something similar has recently happened. The creators of Hotspot Shield VPN, AnchorFree, were accused of “unfair and deceptive trade practices” as claims were spread that they collect too much browsing-related user information so that they could show more targeted advertisements.[2]

On 7 August, 2017, a complaint was issued by the US Centre for Democracy and Technology (CDT), blaming Hotspot Shield for applying logging practices and using third-party tracking libraries so that more personalized advertising could be implemented[3]. The complaint was given to the Federal Trade Commission (FTC)[4] and consisted of twelve pages.

To quote the complaint, the VPN service “monitors information about users’ browsing habits”, and all of this is happening while people browse the Internet using Hotspot Shield VPN. It is also stated that the VPN intrusively uses tracking cookies[5] to gather data about its users, and collaborates with unknown third parties that implement the data when displaying targeted ads and marketing messages.

This information caught the attention of users and security experts because this is not what the developers of a VPN should do – the primary goal of such a network is concealing as much data as possible not leaking a thing. Keeping in mind that most Virtual Private Networks have implemented adware, the actions of Hotspot Shield VPN are questionable.

It is evident that the developers breached their own Privacy Policy contract, as it is stated that the anonymity of the users will be protected because the program never collects user info.

However, it should be admitted that some information can indeed be collected by VPNs, but this info should only be non-private. CDT wrote that the application “must engage in some logging to monitor bandwidth or to enforce restrictions”, for example, it should keep track on the number of devices that currently use the service.

Despite this statement, it is obvious that Hotspot Shield VPN went a bit overboard – the data collected helped the developers track the users’ general location, displaying advertising as well. The most compromising thing, however, is the fact that it gave a promise to “connect advertisers to unique users that are frequent visitors of travel, retail, business and finance websites”.

However, the chief executive officer of the accused company, David Gorodyansky, stated that they did not intend to breach their Privacy Policy and that no harm was actually done.[6] According to him, the data collected by Hotspot Shield VPN is strictly non-personal and not related to the people’s online activities in the slightest.

He said that no IP addresses are stored and that private users’ data is never exposed to any kind of third parties.

At the moment it is being investigated whether any of AnchorFree’s actions were legal or not.

About the author
Lucia Danes
Lucia Danes - Malware and spyware analyst

Lucia Danes is a news editor at She is extremely passionate when it comes to helping people deal with various online threats, so she wants her articles to be understood even by those with no IT background.

Contact Lucia Danes
About the company Esolutions

The world’s leading VPN