A new filing against the company HotSpot Shield, that makes a VPN app exemplifies the user privacy difficulties with VPN services and apps. Even when downloaded from Apple’s own App Store, VPN providers can often present as much a benefit as they do risk.
In a new filing brought to light by ZDNet, the privacy advocacy group Center for Democracy & Technology has stated that Hotspot Shield isn’t as anonymous as it lead users to believe. The group worked with Carnegie Mellon to discover that the application and service utilized various data sharing practices with different advertising networks.
From the filing:
Hotspot Shield’s description for its iOS and Android mobile applications declares a “no logs” policy; however, its Privacy Policy, which covers and includes its Hotspot Shield services, describes more elaborate logging practices.
The definition, and explanations to users, as to what constitutes as “logging” in Hotspot Shield’s policies may need to be clarified. The filing states that “VPN providers generally create two types of logs: connection logs and usage logs.” The latter being much more invasive on a user’s browsing data. It appears that Hotspot Shield takes usage logs and “user connection data” to “identify [a user’s] general location, improve the Service, or optimize advertisements displayed through the Service.”
The discovery of the Hotspot Shield data sharing practices by the CDT came after Congress had repealed privacy rules originally put in place by the FCC. The rules set to be enacted in 2018 would require ISPs to “seek permission from customers for collecting and sharing sensitive personal information.” Many shared concerns that ISPs would begin selling user browsing data and around that time, many VPN providers took to promoting themselves further as a “safe alternative”. Hotspot Shield was no exception.
Continuing that conversation, we touched on finding the best VPN service for your iPhone and iPad. We made specific points on free services and even the apps found in the App Store:
…our first recommendation is do not use a free VPN service provider. Maintaining VPN data servers cost real money, so any company willing to offer free VPN servers to its users means it’s most likely selling that user data.
Normally the iOS App Store is a great location to dive in and discover applications to solve problems you may have, but you should be extra careful here. In the case of VPN applications, you want to find one that hs been thoroughly vetted. Sites like That One Privacy Site have set out to build detailed comparisons against as many VPN providers as possible. Keeping in line with the President’s FCC ruling, looking for a VPN provider that doesn’t keep logs on data usage is a great start.
Once investigation by the FTC into Hotspot Shield’s supposed deceptive practices is concluded, we’ll hopefully see a more transparent shift in the VPN services realm. As Michelle De Mooy, Director at the CDT’s Privacy and Data project, puts it “For many internet users, it’s difficult to fully understand what VPNs are doing with their browsing data. That makes clear and accurate disclosures and practices essential.”
Check out 9to5Mac on YouTube for more Apple news:
FTC: We use income earning auto affiliate links. More.
Comments