Hotspot Shield
Hotspot Shield is a VPN service that has been around since 2008, making it one of the older players in the market. The service gained notoriety for its use by dissidents during the Arab Spring protests in the early 2010s. However, its reputation took a hit in 2016 when researchers cited Hotspot Shield in a research paper for using tracking libraries in their VPN service. A year later, the Center for Democracy and Technology accused the company of engaging in unfair and deceptive trade practices. In 2018, a researcher discovered a data leak, further eroding Hotspot Shield’s reputation. As a result, many websites stopped recommending the service.
Despite these negative events, Hotspot Shield got a fresh start in 2019 when it became part of the Pango family of products. The VPN service was then acquired by a company called Aura in July 2020. With these recent changes in ownership, we felt it was a good time to take another look at Hotspot Shield. During our research and testing, we identified both positives and negatives of the service, and we also uncovered some interesting facts about Hotspot Shield and its parent companies. While we will delve into the corporate complexities at a later time, our findings provide a comprehensive overview of Hotspot Shield and its suitability as a VPN provider.
Baked with adware
Similar to VPN 360, the Hotspot Shield app routinely pings multiple advertising domains which is immediately a red flag. Any company that injects tracking codes into their apps immediately lose credibility in my eyes, and I take all of their promises and core principles with a grain of salt. I also discovered the app pinging various subdomains from yahoo.com There are much, much better VPNs that fight to protect your privacy – for less money. Here are the most commonly accessed domains from the app:
- adcolony.com
- adtilt.com
- unity3d.com
- doubleclick.net
- supersonicads.com
- dewrain.life
- ssacdn.com
A complicated history
The corporate structure of Hotspot Shield is complex, and it has undergone significant changes over the years. The VPN service was developed by AnchorFree in 2008, a company based in Redwood City, California. Despite being a popular VPN service, Hotspot Shield faced a setback in 2017 when the Center for Democracy and Technology accused AnchorFree of deceptive trade practices. In 2018, a security researcher discovered a bug in the Hotspot Shield client that exposed user data.
In 2019, Hotspot Shield joined Pango, a new company that offers a suite of security and privacy products. Like AnchorFree, Pango is based in Redwood City, California.
In July 2020, Pango joined Aura, a digital security company. According to Hari Ravichandran, the founder, and CEO of Aura, the goal of all this activity is to:
…build the best all-in-one digital protection platform for consumers. With the scale achieved through these transactions, we continue our journey to build and expand our integrated security platform. Our vision is fueled by our commitment to make digital security simple, user-friendly and accessible to everyone.
Shady logging practices
Sure enough, when I clicked on the VPN’s privacy policy on its website, I was redirected to Aura’s general policy for all of its products. While Hotspot Shield claims it doesn’t store any information that can be linked back to you, Aura states it logs the following:
- Information about the domains you access when connected.
- Usage information such as connection timestamps, frequency of use, and bandwidth used.
- Device information including identifiers, operating systems, browser type, internet service provider, and network information.
- Approximate location information (obtained from logging your IP address, albeit encrypted).