In 2008, Hotspot Shield burst onto the market as a free VPN. Since then, it has developed into so much more. There are issues like a subpar policy when it comes to your privacy. Plus, it has limited servers and no way to unblock Netflix. But the question is, is Hotspot Shield really safe to use? There is only one way to decide, and that is to take a look at the bare bones of this VPN. So, let’s get started.
Security: What Are the Security Tools in Apps?
Countless queries have been placed on sites like Reddit when it comes to whether Hotspot Shield is reliable and trustworthy. You can see our full analysis here, but for now, let’s look at the security offered by this VPN.
Kill Switch (Only available for Windows)
If your VPN connection fails, your computer is sent hurtling back into public mode. This means that your IP address will no longer be protected by encryption and be open to dangerous individuals, including hackers and the government.
That is why Hotspot Shield has fitted their VPN with a kill switch feature. This inclusion makes sure to cut off the entire internet connection when your VPN connection has been lost.
The connection is only restored when the VPN’s connection becomes available again, which helps keep all your data and browsing history safe.
Private DNS & Leak Protection
The Windows app comes with built-in DNS leak protection. It is on automatically and can be toggled off if you want. There is no access to WebRTC leak protection, which makes it even less safe to use.
Testing for leaks, there were very few found except when using the Chrome extension.
Several tests have shown that the real location and IP address weren’t leaked. But the DNS address of several websites was. This is bad as it can alert these sites that you are using a VPN and cause them to instigate their security protocols.
To secure and keep your traffic safe, Hotspot Shield utilizes a 256-bit AES encryption system. That, coupled with the addition of perfect forward secrecy, offers a heightened level of security.
This will mitigate most of the danger. This protocol is a key agreement that changes the encryption key if it ever becomes compromised.
There aren’t many choices when it comes to protocols, as Hotspot Shield uses its property protocol called Catapult Hydra. This protocol, which is used by several premium cyber-security companies like McAfee, is a faster version of the OpenSSL protocol.
It helps increase the speed very well when dealing with long distances.
At least that is what they said, but we don’t agree completely. OpenVPN is still a MUCH more complete solution and therefore, we think that Hotspot Shield should implement it as well.
To stabilize your VPN connection, the team at Anchorfree, Hotspot Shield parent company, developed software called Anchorfree HSS VPN Adapter. This will help secure and strengthen your connection through an adapter driver.
If you’re a devoted privacy lover, then there are several things about Hotspot Shield that will draw your attention and not in a good way. The company itself is based in the US, which is a chief member of the 5 Eyes Alliance.
Hotspot Shield collects your real IP address (though this is deleted after every session), email address, user name, unique mobile ID, hardware type, OS version, language, and network information.
Though some of these are good, like your user name and email address for ease of use, the rest do not make us feel safe. This is especially because of such vague terms as “network information”.
External Audit: Is Hotspot Shield Safe?
Even with the 2017 complaint that we will discuss in the next section, this VPN still has not submitted itself to a private third-party audit. By not doing this, it leaves the users unsure of the reliability and trustworthiness of the Hotspot Shield product.
Issues and Scandals the Company Has Faced in the Past
In 2017, CDT went to the Federal Trade Commission with complaints about the logging practices of Hotspot Shield. They stated that Hotspot Shield logs user connection data and IP addresses to help third-party marketers target individual users with ads.
This, according to the CDT, would be a reason for the FTC to get involved, as these were unfair and deceptive acts.
We looked for an answer to what the FTC found, but there were no clear findings available even through Reddit.
On top of this issue in 2018, there was a bug found in the app by a security researcher. This bug allowed user data to leak, including the Wi-Fi network and the country the user was in.
All of these issues leave us feeling like some privacy issues just can’t be ignored. And since that is the primary reason for investing in a VPN, Hotspot Shield just doesn’t cut the mustard in the safe and secure category.
Conclusion: Hotspot Shield Can’t Be Trusted
All in all, this service simply lacks the features and security measures to keep your data safe. From the lack of a kill switch on anything but Windows to poor leak protection, Hotspot Shield has been the brunt of many Reddit rants.
For this purpose, ExpressVPN is our top choice. Check it out using the button below.
Thalia has been working in the online tech industry for over two years, after studying computer sciences at University. Her focus is primarily on VPNs, privacy, and online security.