A privacy advocacy group has filed a complaint with the Federal Trade Commission (FTC) against Hotspot Shield, a popular free VPN service, for reportedly violating the claim of “complete anonymity” promised to its users.

The Center for Democracy and Technology (CDT) filed its 14-page complaint Monday, in which the organization accuses Hotspot Shield and parent company AnchorFree of performing a number of undisclosed practices that may violate a user’s privacy including data sharing and traffic redirection.

Read: What Are VPNs, How Do You Use Them And Do You Need A Virtual Private Network?

The CDT takes issue with how Hotspot Shield is marketed to users. The virtual private network (VPN) promises not to track, log or sell customers’ information while protecting the user’s internet traffic using an encrypted connection.

According to researcher conducted by the CDT along with researchers at Carnegie Mellon University, Hotspot Shield fails to live up to its promise of protection and instead keeps logs of user activity to identify the user’s location and serve advertisements.

According to the complaint, Hotspot Shield can intercept and redirect those requests. If a user tries to go to a commercial website, the VPN may redirect that traffic to partner websites, including advertising companies. Such a redirect may be performed to generate revenue for AnchorFree, but also puts user data at risk.

The complaint from the CDT also accuses the app of insecure and unreasonable data security practices, including reportedly failing to secure customer payment data—users who have paid for the “Elite” version of the VPN has reported credit card fraud after their purchase—and failing to properly encrypt mobile carrier information, making user information susceptible to theft in the case of a breach.

Read: VPN Services Report Huge Increase In Downloads, Usage Since Broadband Privacy Rules Were Repealed

The complaint, which accuses Hotspot Shield and AnchorFree of “unfair and deceptive trade practices,” is troubling given how popular the product is. According to the app’s description in the Mac App Store, Hotspot Shield has been downloaded more than 500 million times. The Android version of the app boasts between 50-100 million downloads and nearly one million reviews with an average of a 4.2 star rating.

Hotspot Shield is by far one of the most popular VPNs on the market and given the product is used by those hoping to improve their security online, the findings from the CDT and Carnegie Mellon University is likely troubling for its many users.

A standard VPN enables a device to send and receive information across a public network as if it was connected directly to a private network. It obscures the location of the user while creating an encrypted tunnel to transfer data from the user’s device to the VPN server and vice versa. By filtering information through the remote server, the VPN shields that data from anyone on the same public network, including internet service providers.

VPNs saw a sizable uptick in usage after the United States Congress voted to repeal protections that required internet service providers to get permission before collecting sensitive information from users.

Hotspot Shield is not the first VPN to come under fire for shady practices. In 2015, Hola VPN received criticism for its practice of selling user bandwidth which could then be bought and used for distributed denial of service (DDoS) attacks.

RELATED STORIES
Security Security Security Privacy