Not what we expected
Arguably the most popular free VPN on the market.
It has been downloaded 50 000 000+ times from Android store, 86k reviews on iOS market and a “well-done badge” from us for being one of the top 10 most searched VPNs on Google.
AnchorFree Inc. is the US company founded in 2005 by David Gorodyansky. The organisation owns both HotSpot Shield and Betternet VPN yet seems to keep growing fast. Every service has its flaws, so does HotSpot Shield. In this post, you will find out the pros and cons and our honest personal experience…
Precaution! Potential Phishing and Malware Sites
Some of us have fat fingers.. and sometimes typos just happen.
We found two suspicious sites that you should never confuse with original Hotspotshield.com website.
- hotspotshield.tk – Potential phishing site
- hotspotshield.gq – Contains malware (DO NOT VISIT!)
Phishing websites are fraudulent websites created to steal visitors passwords or other details by imitating the original website.
*24.05 UPDATE: Both have been changed since publishing the review
Now let’s get back to the VPN itself.
☒ Logs Your Data
There are two types of personal information HotSpot Shield collects:
The personal information you choose to give them by creating an account, contacting customer support and making the payment through credit card or Paypal:
And personal information they automatically collect. These include your e-mail, username, unique mobile ID:
They try to make it really clear – “We do not collect any logs..”:
Yet it’s hard to believe.
There are two things that happened in year 2017 and 2018 that keep us alert.
- August 2017 – the Center for Democracy and Technology issued an open complaint to the FTC which they state “concerns undisclosed and unclear data sharing and traffic redirection occurring in Hotspot Shield Free VPN that should be considered unfair and deceptive trade practices under Section 5 of the FTC Act.” CDT and Carnegie Mellon University researchers found some shady data sharing practices with Ad networks.
- February 2018 – a security researcher disclosure bug in the app that results in a leak of user data like Wireless network name and the country user is located.
☑ NO WebRTC or DNS Leaks Found
More than 22 VPNs leak your data. This usually happens due to software misconfiguration or buggy architecture.
Website visitor, whose data leaks, could be personally identified by seeing their exact location and timezone.
You may wonder, does HotSpot Shield leak?
Subscribing to their service and using 5 different web-based leak testing tools, we were able to figure it out. We’ve got the evidence:
In case of a leak, you would see our REAL IP address instead of the Japanese one. At the time of the test, we weren’t in Japan.
Just to help you better understand what is WebRTC and DNS leaks, read those two definitions:
WebRTC (Web Real-Time Communication) is a tool that allows browsers to have real-time P2P connections with visited websites.
A DNS is used when resolving internet hostnames into IP addresses at ISP level. A leak is an act of storing, filtering or monitoring the traffic.
☑ HotSpotShield Abroad
When traveling to China, you must be ready for a surprise.
Most of the websites you use today are blocked, which means your business or personal relationships might suffer. Even for educational purposes, it takes a lot of research to find a suitable alternative for the Western version. Unfortunately, you cannot count on Google Scholar or Youtube.
Government has banned about 10 000+ domains and 86.5% of VPNs. This wouldn’t be a problem unless you knew which ones are approved, which are not.
But China hasn’t released an official list.
This is why we tested HotSpot Shield on our own and found a remarkable discovery:
Using China Unicom ISP, the website itself wasn’t accessible. You see… I tried it at least 5 times:
But this isn’t the end of it. If you do have HotSpot Shield installed in your device before arriving the mainland, you get lucky. Sorry… you don’t only get lucky, you actually get access to the whole world!
It’s one of the 7 VPNs that worked in China. It’s a big deal!
☑ 2500+ Servers in 28 Countries
This number of servers might sound a lot. Imagine it, 2500 pure physical devices spread all over the world, and you bet that maintaining them is not cheap!
In over 28 countries, you can access 26 U.S cities and places like London, Berlin, and Sydney.
There’s a note written underneath an official article about locations: The availability of Virtual Locations may vary depending on the device (platform). And of course, also whether you are using the free version or paid one.
☒ Netflix (NOT working)
But apparently, the amount of CPUs doesn’t guarantee streaming sites to work. As an example, we had a really hard time to watch Netflix. To be strictly honest, it didn’t work at all.
We connected to 3 random servers, refreshed cookies between each test and the aftermath was exactly the same:
Another alternative would be P2P.
So we took an initiative and tried to turn the zero to a hero.
Below you see how we were able to successfully download a movie using HotSpot Shield. Chaplin is great (It was copyright free):
Did You Know?
- HotSpot Shield Free version has a daily limit of 500 MB
- Back in 2012, HotSpot Shield usage grew rapidly due to the Flashback virus. More than 500 000+ Mac users were affected and HotSpot Shield was used as a protection.
- Achorfree has offices both in California and Germany.
☑ Fast Server Speeds
It ranks as 11th fastest VPN on the list.
This is what gives us hope. So far, it hasn’t shown too many great signs.
Speed tests are a hassle and let me tell you why.
Due to their large server base, it would be a month worth of testing to see the whole picture, and even this wouldn’t guarantee it matches everyone else’s perspective.
Speed tests vary by location, local internet speed, and your hardware. And there are 3 variables to consider: ping, download and upload speed.
PS: The most important of them for you is probably download, which has the most effect on your streaming experience, for gamers, ping plays a huge role as well.
Here’s the result we got by connecting to three servers across the globe:
☒ TLS 1.2 with ECDHE, AES 128-Bit Encryption
Encryption is the core of VPN
HotSpot Shield is equipped with TLS 1.2 (Transport Layer Security). TLS is a now a deprecated predecessor of SSL (Secure Sockets Layer), which is way more advanced. So it makes us think why do they use old technologies?
They are also in the past with the encryption key sizes. The use of 128-bit AES instead of modern 256-bit is incomprehensible. As an example, to crack 128-bit key, it would take 1.02 x 10^18 years, with 256-bit, around 3.31 x 10^56 years.
It may not sound too bad yet the difference is huge.
With the changing time, softwares should have stronger encryption to secure from online attacks. Hackers are continuously involving in breaking old and weak encryptions. 256-bit encryption and 2048-bit RSA key is a must for VPNs.
Hotspot Shield used to have IPSec and OpenVPN protocols but according to their support team, they found performance and latency challenges and decided to build their own – Catapult Hydra. Here’s a list of benefits you should get:
- Faster server connection;
- Time to the first byte for each client connection inside the tunnel saves 1.2 RTTs
- Inside the tunnel, fewer data will be transferred
- Long-distance connection speed is 2.4x faster than for OpenVPN tunnel between the same client and server
This last one may be the truth because OpenVPN does slower your speed and we saw pretty good results with their software.
Better speed and performance has always impact on the security and that’s why we have our doubts.
Support effectiveness could be measured by contact channels, response time and communication quality.
We submitted a request and started the timer in place. Only simple questions were asked and probably half of the answers could have been found from their article base. The response time though… was 1697 min = 28 hours = 1 day, ranking them as the 37th by response speed.
Anything urgent leaves you with empty hands. There’s no live chat to be used.
FREE combined with great is not often heard, HotSpot Shield is no exception.
Picking the complimentary option gives you 500MB of daily bandwidth, smaller server park, and ads. The premium includes some improvements like faster speeds and
The cost on a monthly basis is quite… stunning:
- $12.99 / month
- $5.99 / year
- $2.99 / 3-years
If you are buying through Europe IP. The cost is way higher… The monthly fee skyrockets to €15.99.
On the bright side, they have one of the longest money-back-guarantees we have seen – 45 days.
Our Verdict – Final Thoughts
But let’s face it. There’s something unusual about this private network.
…It looks like a VPN but technically is a PROXY.Not what we expected. Suspicious business practices.