Top VPN Provider Accused of Sharing Customer Traffic With Online Advertisers (bleepingcomputer.com)

← Back to Stories (view on slashdot.org)

Top VPN Provider Accused of Sharing Customer Traffic With Online Advertisers (bleepingcomputer.com)

Posted by msmash on Tuesday August 8, 2017 @06:45AM from the smells-fishy dept.

Catalin Cimpanu, reporting for BleepingComputer: On Monday, the Center for Democracy & Technology (CDT) -- a US-based privacy group -- filed a complaint with the US Federal Trade Commission (FTC) accusing one of today's largest VPN providers of deceptive trade practices. In a 14-page complaint, the CDT accuses AnchorFree -- the company behind the Hotspot Shield VPN -- of breaking promises it made to its users by sharing their private web traffic with online advertisers for the purpose of improving the ads shown to its users. In its complaint to the FTC, the CDT is not accusing Anchor Free of secretly injecting ads, as users are well aware of this practice, but of not respecting promises made to its customers. More specifically, the CDT says that AnchorFree does not respect a pledge made in marketing materials that it won't track or sell customer information.

13 of 55 comments (clear)

Min score:

Reason:

Sort:

Again, is anyone surprised? by JohnFen · 2017-08-08 06:52 · Score: 4, Interesting

Your VPN provider has access to your traffic. If anyone aside from you or the party you're communicating with has access to your traffic, your communications are not secure -- even if that "anyone" uses the acronym "VPN".
1. Re:Again, is anyone surprised? by JohnFen · 2017-08-08 07:25 · Score: 4, Insightful
  
  Open my wallet? I have no problems paying for things. The issue is -- where can I find a service that I can trust, paid or not? I submit that I can't. Not to say they don't exist, but that it's impossible to tell who they are.
2. Re:Again, is anyone surprised? by geekmux · 2017-08-08 07:32 · Score: 2, Insightful
  
  Open my wallet? I have no problems paying for things. The issue is -- where can I find a service that I can trust, paid or not? I submit that I can't. Not to say they don't exist, but that it's impossible to tell who they are.
  Yes, it's impossible. That much is true. But the larger problem is you represent the fraction of a percent who still cares. The other 99.999% of society doesn't give a shit about privacy, so you will never find a viable solution for security.
  There is no longer any money in privacy. Therefore, there is no justified reason for anyone to provide it. No matter how you feel about that, it is true.
3. Re:Again, is anyone surprised? by Hadlock · 2017-08-08 07:36 · Score: 5, Interesting
  
  Yep, I interviewed at another company, it came out about halfway through that the reason why they're profitable is that they provide a free VPN service, then monitor mobile app traffic over the VPN to get aggregate use stats on various top 1000 apps and then sell that usage info. The world's largest investment banks are buying up this data to determine if they want to buy or sell stocks like Snapchat, etc.
  
  --
  moox. for a new generation.
4. Re:Again, is anyone surprised? by Rick+Schumann · 2017-08-08 08:36 · Score: 3, Interesting
  
  "Open your wallet", he says, LOL. That won't work either. Everyone is going to LIE TO YOUR FACE about their so-called 'privacy policy', and even if they don't? Someone upstream of them will be doing the spying anyway. The best you can do is use Tor, cross your fingers that some criminals aren't compromising your exit node to either steal your identity or infect your computer with something, and make the hard choice between not being able to use all those websites that don't work because you're on Tor, or accessing them 'in the clear' and knowing that your very personally identifiable traffic is being logged by your ISP. Then if that wasn't bad enough, most people are still using Windows, so never mind ISPs spying on you, your own computer is already spying on you.
  
  The only way we'll have any real privacy on the Internet ever will be when there is a combination of strict privacy laws with stiff penalties for violating them, and 100% encryption on all traffic, including DNS lookups. Don't hold your breath waiting for it, there's too much money on the table, every Internet-related company with skin in the game would fight tooth and nail to prevent it from ever happening. As-is if you want any modicum of privacy you may as well start formulating an exit strategy for the Internet, and learn to get along without it in the long run, in this game the only way to win is to not play.
5. Re:Again, is anyone surprised? by JohnFen · 2017-08-08 10:22 · Score: 2
  
  Also, if you use TOR, a lot of sites make you identify yourself in some other way before you can use them, which defeats the purpose.
  Well, in fairness, that entirely depends on what you're using Tor for. If your purpose is to keep your identity a secret from the entity you're communicating with, then yes -- identifying yourself to them is counterproductive.
  If, however, your purpose is to foil third parties who want to glean information from your communication, identifying yourself to the endpoint you're intending to talk to doesn't impact that at all.
How else are they supposed to make money? by known_coward_69 · 2017-08-08 07:06 · Score: 2

selling t-shirts and coffee cups?
1. Re:How else are they supposed to make money? by geekmux · 2017-08-08 07:25 · Score: 2
  
  selling t-shirts and coffee cups?
  Yes. Seems to work for OpenBSD.
I would be more shocked by bravecanadian · 2017-08-08 07:06 · Score: 2

If most of the VPN providers aren't selling customer / traffic data.
You know what they say... by The+MAZZTer · 2017-08-08 07:16 · Score: 2

...if you aren't paying for it, you're not the customer. If you aren't the customer, you're the product.
At least, I'm assuming this wasn't a paid service...
1. Re:You know what they say... by jmcharry · 2017-08-08 07:22 · Score: 2
  
  They charge for the service.
2. Re:You know what they say... by JohnFen · 2017-08-08 07:23 · Score: 5, Interesting
  
  That statement is obsolete, since you're often the product even when you are paying for it.
3. Re:You know what they say... by pnutjam · 2017-08-08 08:12 · Score: 2
  
  They are a free provider with a paid option, this seems to impact their free service which is understood by users to inject ads.
  For reference:
  https://www.bestvpn.com/hotspo...
  
  Stick with a legitimate paid company, I use airvpn and have a referal in my signature. I've also had good luck with piavpn.
  
  --
  Cheap storage VM.