AnchorFree prides itself on being transparent about its data practices and would be happy to engage in a discussion to clarify the facts and better understand the nature of the CDT’s concerns. While we commend the CDT for their dedication to protecting users’ privacy, we were surprised by these allegations and dismayed that the CDT did not contact us to discuss their concerns.
![code hotspot shield vpn code hotspot shield vpn](https://lastwp.b-cdn.net/wp-content/uploads/2019/05/hotspot-shield-black-friday-sale-768x333.jpg)
The recent claims to the contrary made by a non-profit advocacy group, the Center for Democracy and Technology, are unfounded. This means that the information Hotspot Shield users provide to us is never associated with their online activities when they are using Hotspot Shield, we do not store user IP addresses and protect user personally identifiable information from both third parties and from ourselves. “We strongly believe in online consumer privacy. As quoted in a statement provided to Tom’s Guide: It also charges the VPN with selling customer data to advertisers, using multiple third-party tracking libraries, “redirecting e-commerce traffic to partnering domains,” transmitting Mobile Carrier data over a non-HTTPS web connection, and mishandling customers’ payment information, as evidenced by some users’ claims of credit card fraud resulting from their purchase of the Elite version of the VPN.ĪnchorFree has flat-out denied the CDT’s complaint.
#Code hotspot shield vpn code#
The CDT goes on to accuse Hotspot Shield of injecting Javascript code into users’ browsers for advertising and tracking purposes. We believe the best way to protect user data is to not collect it.”īut the claims of deceptive trade practices and misleading data security statements don’t end there. Our perspective is to protect the users not only from the bad guys like hackers, identity thieves, websites and ISPs, but to also protect the users from their (/our) selves. “Given that AnchorFree is a mission-driven company, we never log or store user data. These allegations of logging directly contradict the comments of David Gorodyansky, founder and CEO of AnchorFree, who said the following to The Huffington Post back in May: Please note, however, that for purposes of this Privacy Notice, AnchorFree does not include your IP address or unique device identifier within the definition of Personal Information.” Examples of Personal Information include name, email address, mailing address, mobile phone number, and credit card or other billing information. “Personal Information,” also referred to as personally identifiable information, is information that may be tied to a specific individual.
![code hotspot shield vpn code hotspot shield vpn](https://pccrackmac.com/wp-content/uploads/2021/03/hotspot-shield-2-360x253.jpg)
![code hotspot shield vpn code hotspot shield vpn](https://venturebeat.com/wp-content/uploads/2018/05/screen-shot-2018-05-02-at-2-03-28-pm.jpg)
![code hotspot shield vpn code hotspot shield vpn](https://i.pinimg.com/originals/2b/d8/d6/2bd8d64fdea05f95af86d1936dfb5ce3.png)
Yibelo has also publicly released a proof-of-concept (PoC) exploit code-just a few lines of JavaScript code-that could allow an unauthenticated, remote attacker to extract sensitive information and configuration data.“Except as explained in this Notice, AnchorFree does not collect any Personal Information about you when you use the Service. "User-controlled input is not sufficiently filtered: an unauthenticated attacker can send a POST request to /status.js with the parameter func=$_APPLOG.Rfunc and extract sensitive information about the machine," the vulnerability description reads. There are other multiple endpoints that return sensitive data including configuration details," Yibelo claims. " generates a sensitive JSON response that reveals whether the user is connected to VPN, to which VPN he/she is connected to what and what their real IP address is & other system juicy information. This server hosts multiple JSONP endpoints, which are surprisingly accessible to unauthenticated requests as well that in response could reveal sensitive information about the active VPN service, including its configuration details. The vulnerability, assigned CVE-2018-6460, has been discovered and reported to the company by an independent security researcher, Paulos Yibelo, but he made details of the vulnerability to the public on Monday after not receiving a response from the company.Īccording to the researcher claims, the flaw resides in the local web server (runs on a hardcoded host 127.0.0.1 and port 895) that Hotspot Shield installs on the user's machine. However, an 'alleged' information disclosure vulnerability discovered in Hotspot Shield results in the exposure of users data, like the name of Wi-Fi network name (if connected), their real IP addresses, which could reveal their location, and other sensitive information.