Top VPN Provider Accused of Sharing Customer Traffic With Online Advertisers

Catalin Cimpanu, reporting for BleepingComputer: On Monday, the Center for Democracy & Technology (CDT) -- a US-based privacy group -- filed a complaint with the US Federal Trade Commission (FTC) accusing one of today's largest VPN providers of deceptive trade practices. In a 14-page complaint, the CDT accuses AnchorFree -- the company behind the Hotspot Shield VPN -- of breaking promises it made to its users by sharing their private web traffic with online advertisers for the purpose of improving the ads shown to its users. In its complaint to the FTC, the CDT is not accusing Anchor Free of secretly injecting ads, as users are well aware of this practice, but of not respecting promises made to its customers. More specifically, the CDT says that AnchorFree does not respect a pledge made in marketing materials that it won't track or sell customer information.

Again, is anyone surprised?

[JohnFen]

Your VPN provider has access to your traffic. If anyone aside from you or the party you're communicating with has access to your traffic, your communications are not secure -- even if that "anyone" uses the acronym "VPN".

Re:Again, is anyone surprised?

[Hadlock]

Yep, I interviewed at another company, it came out about halfway through that the reason why they're profitable is that they provide a free VPN service, then monitor mobile app traffic over the VPN to get aggregate use stats on various top 1000 apps and then sell that usage info. The world's largest investment banks are buying up this data to determine if they want to buy or sell stocks like Snapchat, etc.

Re:Again, is anyone surprised?

[Rick+Schumann]

"Open your wallet", he says, LOL. That won't work either. Everyone is going to LIE TO YOUR FACE about their so-called 'privacy policy', and even if they don't? Someone upstream of them will be doing the spying anyway. The best you can do is use Tor, cross your fingers that some criminals aren't compromising your exit node to either steal your identity or infect your computer with something, and make the hard choice between not being able to use all those websites that don't work because you're on Tor, or accessing them 'in the clear' and knowing that your very personally identifiable traffic is being logged by your ISP. Then if that wasn't bad enough, most people are still using Windows, so never mind ISPs spying on you, your own computer is already spying on you.

The only way we'll have any real privacy on the Internet ever will be when there is a combination of strict privacy laws with stiff penalties for violating them, and 100% encryption on all traffic, including DNS lookups. Don't hold your breath waiting for it, there's too much money on the table, every Internet-related company with skin in the game would fight tooth and nail to prevent it from ever happening. As-is if you want any modicum of privacy you may as well start formulating an exit strategy for the Internet, and learn to get along without it in the long run, in this game the only way to win is to not play.

Re:You know what they say...

[JohnFen]

That statement is obsolete, since you're often the product even when you are paying for it.