Cybersecurity & Standards, Government Surveillance, Privacy & Data
Hotspot Shield VPN’s Privacy and Security Promises Contradict Practices
In March, just after Congress repealed rules that would have required internet service providers (ISPs) to get permission before using customers’ sensitive information, virtual private network (VPN) companies with apps reported a huge spike in downloads. Consumers were looking for a way to control who could view their online activities by using a VPN, a technology that enables internet users to privately send and receive data across public networks. VPNs are frequently cited by advocates (and regulators) as one of the few ways for the public to obscure personal information online. But some VPNs fail to live up to their promises.
As detailed in the complaint CDT filed today with the Federal Trade Commission (FTC), we believe Hotspot Shield Free VPN (Hotspot Shield) has employed unfair and deceptive trade practices as defined under Section 5 of the FTC Act. Among other concerns, the complaint details the ways in which Hotspot Shield’s marketing claims around privacy and security directly contradict its actual practices and policies – the description of the Hotspot Shield app in Google’s Play Store announces, “Your privacy and security are guaranteed!”, while CDT’s investigation found the opposite.
Finally, Hotspot Shield makes it difficult for users to avoid harm by reading reviews or otherwise performing due diligence in choosing a VPN service; reviews are frequently manipulated by affiliates hired by VPNs.
Hotspot Shield’s surreptitious practices and deceptive claims are a betrayal of the trust placed in them by users. VPNs should be in the business of giving individuals a real option for confidential internet activity, and should not use deceptive claims to expose internet users to security risks or prey upon their limited ability to compare services.
Hotspot Shield’s actual practices and policies speak much louder than its claims, and we hope the FTC is listening.