An internationally popular free VPN service, Hotspot Shield, intercepts user traffic and collects substantial data on users that contradict’s the company’s promise to offer complete anonymity, according to a 14-page complaint filed Monday by the Center for Democracy and Technology.
The accusations filed with the Federal Trade Commission says Hotspot Shield has “undisclosed data sharing and traffic redirection practices” that violate its promise to users. Privacy is an issue across the entire VPN landscape: The small but profitable software projects hold immense power over millions of users, many of whom do not know important details about the products.
“People often use VPNs because they do not trust the network they’re connected to, but they think less about whether they can trust the VPN service itself,” Michelle De Mooy, Director of CDT’s Privacy & Data Project, said in a statement. “For many internet users, it’s difficult to fully understand what VPNs are doing with their browsing data. That makes clear and accurate disclosures and practices essential.”
Hotspot Shield’s parent company, the Swiss-American tech firm AnchorFree, did not respond to a request for comment or questions about whether it has ever undergone an independent security audit. As with most VPNs, the answer appears to be a resounding no.
Hotspot Shield is on of the many free VPNs that dot the top of mobile app stores. Popular in large part due to the price point, free VPNs are often looked at suspiciously by security experts because the underlying finances suggest that many free VPNs are snooping on and selling data, often without permission, in order to reach profitability. Put more simply: How do you pay for servers if the product is free?
VPN usage notably rose following the latest U.S. presidential election. Within the last month, Russia and China took steps to ban VPN usage in their own countries as a way to more thoroughly control the internet within their own borders.