Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Businesses Privacy Security The Almighty Buck

Top VPN Provider Accused of Sharing Customer Traffic With Online Advertisers (bleepingcomputer.com) 55

Catalin Cimpanu, reporting for BleepingComputer: On Monday, the Center for Democracy & Technology (CDT) -- a US-based privacy group -- filed a complaint with the US Federal Trade Commission (FTC) accusing one of today's largest VPN providers of deceptive trade practices. In a 14-page complaint, the CDT accuses AnchorFree -- the company behind the Hotspot Shield VPN -- of breaking promises it made to its users by sharing their private web traffic with online advertisers for the purpose of improving the ads shown to its users. In its complaint to the FTC, the CDT is not accusing Anchor Free of secretly injecting ads, as users are well aware of this practice, but of not respecting promises made to its customers. More specifically, the CDT says that AnchorFree does not respect a pledge made in marketing materials that it won't track or sell customer information.
This discussion has been archived. No new comments can be posted.

Top VPN Provider Accused of Sharing Customer Traffic With Online Advertisers

Comments Filter:
  • by JohnFen ( 1641097 ) on Tuesday August 08, 2017 @02:52PM (#54967555)

    Your VPN provider has access to your traffic. If anyone aside from you or the party you're communicating with has access to your traffic, your communications are not secure -- even if that "anyone" uses the acronym "VPN".

    • by Anonymous Coward

      There is middle ground between "secure" and "not secure". You'll never stop the most determined, so all you can do is try. Well, except in your case, you just give up without a fight.

    • Your VPN provider has access to your traffic. If anyone aside from you or the party you're communicating with has access to your traffic, your communications are not secure -- even if that "anyone" uses the acronym "VPN".

      You need to understand that there is no longer any money to be made in creating solutions for the 1% of internet users that still give a shit about security and anonymity.

      That's not even taking into account governments who vehemently despise anonymous communications.

      You want secure communications? Open your wallet.

      • by JohnFen ( 1641097 ) on Tuesday August 08, 2017 @03:25PM (#54967943)

        Open my wallet? I have no problems paying for things. The issue is -- where can I find a service that I can trust, paid or not? I submit that I can't. Not to say they don't exist, but that it's impossible to tell who they are.

        • Re: (Score:3, Insightful)

          by geekmux ( 1040042 )

          Open my wallet? I have no problems paying for things. The issue is -- where can I find a service that I can trust, paid or not? I submit that I can't. Not to say they don't exist, but that it's impossible to tell who they are.

          Yes, it's impossible. That much is true. But the larger problem is you represent the fraction of a percent who still cares. The other 99.999% of society doesn't give a shit about privacy, so you will never find a viable solution for security.

          There is no longer any money in privacy. Therefore, there is no justified reason for anyone to provide it. No matter how you feel about that, it is true.

        • Here's what I did. Perhaps it would work for your level of security / privacy needs:

          1. Rent VPS (Virtual Private Server) running linux. From my vendor, I get 2TB of data transfer per month for less than $5.00.

          2. Set up OpenVPN [openvpn.net] on remote CentOS linux server.

          3. Install OpenVPN on my laptop. Verify against DNS leakage [dnsleaktest.com].

          That process took about 15 minutes to set up and it's pretty straightforward. Security may be additionally enhanced by locating the remote VPS in another country, though your performan
          • Yeah, I've been running my own VPN for about a decade now -- pretty similar to your setup, except I don't rent a host, I run it on my own set of servers at home.

            I'm still exposed to my ISP, of course. Also, this isn't a solution that the average person can really do.

        • 1. Pay VPN service with bitcoins 2. Access VPN through TOR
          • Bitcoin is not a good tool for this. The payment is not anonymous, and the fact that *a transaction occurred* cannot be forgotten.

            A better option would be to pay for a VPN with cash.

      • by Rick Schumann ( 4662797 ) on Tuesday August 08, 2017 @04:36PM (#54968555) Journal
        "Open your wallet", he says, LOL. That won't work either. Everyone is going to LIE TO YOUR FACE about their so-called 'privacy policy', and even if they don't? Someone upstream of them will be doing the spying anyway. The best you can do is use Tor, cross your fingers that some criminals aren't compromising your exit node to either steal your identity or infect your computer with something, and make the hard choice between not being able to use all those websites that don't work because you're on Tor, or accessing them 'in the clear' and knowing that your very personally identifiable traffic is being logged by your ISP. Then if that wasn't bad enough, most people are still using Windows, so never mind ISPs spying on you, your own computer is already spying on you.

        The only way we'll have any real privacy on the Internet ever will be when there is a combination of strict privacy laws with stiff penalties for violating them, and 100% encryption on all traffic, including DNS lookups. Don't hold your breath waiting for it, there's too much money on the table, every Internet-related company with skin in the game would fight tooth and nail to prevent it from ever happening. As-is if you want any modicum of privacy you may as well start formulating an exit strategy for the Internet, and learn to get along without it in the long run, in this game the only way to win is to not play.
        • "Open your wallet", he says, LOL. That won't work either. Everyone is going to LIE TO YOUR FACE about their so-called 'privacy policy', and even if they don't? Someone upstream of them will be doing the spying anyway. The best you can do is use Tor, cross your fingers that some criminals aren't compromising your exit node to either steal your identity or infect your computer with something, and make the hard choice between not being able to use all those websites that don't work because you're on Tor, or accessing them 'in the clear' and knowing that your very personally identifiable traffic is being logged by your ISP. Then if that wasn't bad enough, most people are still using Windows, so never mind ISPs spying on you, your own computer is already spying on you. The only way we'll have any real privacy on the Internet ever will be when there is a combination of strict privacy laws with stiff penalties for violating them, and 100% encryption on all traffic, including DNS lookups. Don't hold your breath waiting for it, there's too much money on the table, every Internet-related company with skin in the game would fight tooth and nail to prevent it from ever happening. As-is if you want any modicum of privacy you may as well start formulating an exit strategy for the Internet, and learn to get along without it in the long run, in this game the only way to win is to not play.

          I would assume you are one of the rare humans who is actually intelligent enough to come to the conclusion that the only way to "win" is not to play. You are correct in that statement. The only way to communicate securely is to not use the internet to do it, so communication now comes at a cost.

          The statement regarding opening your wallet was addressing the generation of social media narcissists who demand everything for free. This is the same generation who no longer gives a flying fuck about security

        • The only way we'll have any real privacy on the Internet ever will be when there is a combination of strict privacy laws with stiff penalties for violating them, (...).

          That would be good, but I doubt it will happen.
          We should push for it, though.

          (...) and 100% encryption on all traffic, including DNS lookups. Don't hold your breath waiting for it, there's too much money on the table, every Internet-related company with skin in the game would fight tooth and nail to prevent it from ever happening.

          There is a solution for this, albeit not a popular one (yet).
          It is called Cjdns: https://en.wikipedia.org/wiki/... [wikipedia.org]
          A networking protocol (and a reference network called Hyperboria) using encrypted IPv6 where your address is also your public key. It can be run over the traditional network.
          If you care about privacy and security you can make your website available over Cjdns.

    • by Hadlock ( 143607 ) on Tuesday August 08, 2017 @03:36PM (#54968055) Homepage Journal

      Yep, I interviewed at another company, it came out about halfway through that the reason why they're profitable is that they provide a free VPN service, then monitor mobile app traffic over the VPN to get aggregate use stats on various top 1000 apps and then sell that usage info. The world's largest investment banks are buying up this data to determine if they want to buy or sell stocks like Snapchat, etc.

    • by AHuxley ( 892839 )
      But everything important has https in 2017 right?
      How much would anyone really be able to see that still has a much value as the http years?
  • I'm shocked. Shocked!
    Well, not that shocked.

  • by known_coward_69 ( 4151743 ) on Tuesday August 08, 2017 @03:06PM (#54967683)

    selling t-shirts and coffee cups?

    • by Anonymous Coward

      There is this thing called money. You can exchange it for goods and services. I'm surprised you haven't heard of it.

    • selling t-shirts and coffee cups?

      Yes. Seems to work for OpenBSD.

    • selling t-shirts and coffee cups?

      How about selling the VPN access itself. Anyone who trusts a freebie VPN provider is naïve at best, an idiot at worst.

      • these is mostly for cheapo people who don't want to buy stuff. no way you can sell it for the real price it costs to run it. Not like the upstream bandwidth is free

      • Agreed.

        I would agree with your statement even more if you removed the word "freebie" from it.

  • by bravecanadian ( 638315 ) on Tuesday August 08, 2017 @03:06PM (#54967695)

    If most of the VPN providers aren't selling customer / traffic data.

  • by The MAZZTer ( 911996 ) <megazzt.gmail@com> on Tuesday August 08, 2017 @03:16PM (#54967809) Homepage

    ...if you aren't paying for it, you're not the customer. If you aren't the customer, you're the product.

    At least, I'm assuming this wasn't a paid service...

  • ... that users have to trust their VPN providers as much, if not more than their internet provider not to also collect, monitor, or sell their data.
  • Anyone else notice this is one of the VPN's constantly advertised on slashdot? Glad to see slashdot is interested in promoting shady services.

You can tune a piano, but you can't tuna fish. You can tune a filesystem, but you can't tuna fish. -- from the tunefs(8) man page

Working...