The digital rights advocacy group Center for Democracy & Technology (CDT) urged US federal trade authorities to investigate VPN provider AnchorFree for deceptive trade practices.
“The Center for Democracy & Technology asks the Federal Trade Commission
(Commission) to investigate the data security and data sharing practices of Hotspot
Shield Free Virtual Private Network (VPN) services, a product of AnchorFree, Inc.
Hotspot Shield Free VPN promises secure, private, and anonymous access to the internet.” reads the compliant. As detailed below, this complaint concerns undisclosed and unclear data sharing and traffic redirection occurring in Hotspot Shield Free VPN that should be considered unfair and deceptive trade practices under Section 5 of the FTC Act. “
“Hotspot Shield tells customers that their privacy and security are ‘guaranteed’ but their actual practices starkly contradict this,” said Michelle De Mooy, Director of CDT’s Privacy & Data Project, in a statement. “They are sharing sensitive information with third party advertisers and exposing users’ data to leaks or outside attacks.”
The experts that analyzed the source code of the application discovered the company is using several tracking libraries, it is very curious considering the company’s motto was “Don’t let ISPs monetize your web history: Use Hotspot Shield,”.
“Contrary to Hotspot Shield’s claims, the VPN has been found to be actively injecting
“inline frame,” is an HTML tag that can be used to embed content from another site or
service onto a webpage; iframes are frequently used to insert advertising, but can also be used to inject other malicious or unwanted code onto a webpage. Further analysis of Hotspot Shield’s reverse-engineered source code revealed that the” continues the compliant.
“VPN uses more than five different third-party tracking libraries, contradicting 34
statements that Hotspot Shield ensures anonymous and private web browsing.”
The CDT claims the VPN application gathers location data to optimize the advertising features, and it collects IP addresses, unique device identifiers, and other information (SSID/BSSID network names, MAC addresses, and device IMEI numbers.).
The CDT filing argues AnchorFree collects more data than normally needed to VPN service providers for their operations.
(Security Affairs – Hotspot Shield, VPN)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.