VPN providers guarantee their customers complete privacy and protection against prying hackers and pesky advertisers. But do they all stick to these guarantees? Centre for Democracy and Technology (CDT) doesn't think so. It has recently filed with the Federal Trade Commission (FTC) a 14-page complaint against Hotspot Shield, a large and very popular VPN provider, alleging that the company and its VPN app track, intercept and collect the data of its customers and that it even supplies this information to its partnering domains. The CDT complaint opens up another chapter in the internet privacy debate and poses new serious questions about privacy on the Internet.
Is the privacy of US VPN users compromised?
VPN stands for Virtual Privacy Network, a system that is considered as the most efficient method to secure your privacy when browsing the Internet. When your computer connects to a VPN server that could be located anywhere in the world, you browse the internet from the location of the server, and not your own, making sure your identity is not disclosed. For that very reason, many governments want to keep track of what their domestic users are looking at, or what kind of information they are transmitting and try to curtail the use of VPN. Recently, Russia banned the use of VPN and China insisted with Apple to remove VPN apps for its stores there. But what about CDT's claims about the Hotspot Shield's misuse of their customer's data, many of which are located in the US?
Hotspot Shield is a service and app devised by the Swiss company Anchorfree GmbH, which is available for free also from both Google Play Store and Apple Mac App Store. The company itself claims that it has about 400 million users, while some claims go that the number of their users reaches 500 million.
In its claim, CDT insists that according to the research it conducted with Carnegie Melon University, Hotspot Shield logs the connections of its users, monitors their browsing habits and also redirects online traffic and sells the customer data it gathers to its affiliate advertisers.
Through the research that was conducted, CDT claims that Hotspot Shield injects a Java script code used for advertising and tracking purposes and that their VPN uses more than five different tracking libraries.
More privacy questions opened
CDT's goal is for the FTC to open an investigation into Hot Shield's practices and order this company to "stop misrepresenting privacy and security promises" in its marketing practices.
The suit itself opens a number of questions concerning the privacy of VPN users, and internet users in general. The first deals with the possibility that Hot Shield is really in breach of its contract with its end users. But then, if that proves to be the case, is it the only VPN provider that does so?
On the other hand, security analytics company Plixer and its CEO Michael Patterson are of the opinion that the CDT suit ignores internet market realities and that nothing on the internet can be done anonymously, and that nothing is free when you use a free service like the one Hot Shield Provides. But the question that remains unanswered is: what about our privacy and do we really always have to pay for it?
