CDTs Math is wrong.
As a long time user, fan, and I consult a bit to Hotspot Shield, I'm disturbed by this. But I'm not seeing how the CDT came up with their findings. I just came back from BlackHat and wonder why actual security researchers havent come to this same conclusion? I understand where there is smoke there is fire, but something is amiss here. This seems to equate to a misunderstanding.
I’ve looked at and reviewed all the other VPNs and from what I can see, Hotspot Shield’s dedication to user privacy and integrity of protecting user data is compliant. There’s a reason why they have 500M users. It’s just better. They tell me, and I agree, specifically, Hotspot Shield does not log, store or pass to third parties the IP addresses of their users. Instead Hotspot Shield deletes the original IP address after the end of each session, protecting user privacy from websites, apps, ISP’s, criminal hackers, and malware. Deleting the IP addresses in real time, ensures that Hotspot Shield does not have the data either. They've had investigators and government agencies requesting IP addresses and data etc, and they just don't have it to give.
Another point, made by many is Hotspot Shield offers all users its products for free, which makes people suspect, but signup is anonymous without requiring registration. There is both a free and a premium Elite version available. I’ve used both and I made the investment in Elite. Hotspot Shield serves advertising to support it. From my research, advertisers get the country the user is from, but do NOT get the real user IP address from Hotspot Shield. In a similar way Hotspot Shield does not require any log in information to use its products, setting up an account with Hotspot Shield is optional and not required. They told me payment information is stored by Apple, Google, or Chase and never seen or stored by Hotspot Shield.
Thus Hotspot Shield does not have personally identifiable information of the user and then anonymizes the user further from other third parties (such as ISP’s or websites) from collecting such personally identifiable information. It can be argued that with 500M users, Hotspot Shield is the world’s most popular Internet Privacy platform and most trusted VPN. And FYI, 70% of the world’s largest security companies use Hotspot Shield’s technology integrated into their security suites. Hotspot Shield has passed security audits of all of its partners. AnchorFree, Hotspot Shield’s parent company, takes user privacy extremely seriously and deals with privacy with the absolute highest integrity.
And with countries like Russia and China banning VPNs, I'd think the larger concern here would be oppressive regimes further encroaching on citizens lives. Robert Siciliano