AnchorFree, the owner of the popular free VPN Hotspot Shield, has released its 2017 transparency report, which reveals the remarkable number of subpoena’s it has received from the US Government.
Readers may recall that the privacy protection offered by Hotspot Shield was questioned earlier this year after it was revealed how the company not only collects user data but also shares it with advertisers.
But in their annual transparency report, it is revealed that handing user data over to advertisers is not the only potential privacy risk users face. In their report, AnchorFree list the number of data requests they receive from national governments in much the same way that Google, Apple, and many other tech firms do.
More than three-quarters of requests from the USA
AnchorFree revealed that in 2017 they have received 81 formal requests for user data from governments and a huge 63 of those came from the US Government. To put that in some sort of context, the next highest was France, who made 7 requests.
Of the 63 requests from the US Government, 38 were classified in the report as being a subpoena. For those not familiar with the term, a subpoena is a tool which certain Government bodies are empowered to use to access limited amounts of a company’s customer data.
In the case of AnchorFree, this is thought to mean things like usernames, phone numbers, email addresses, how long they have used Hotspot Shield, and other such information.
Multiple server searches
As well as a regular flurry of subpoenas and perhaps more worrying, AnchorFree also received four search warrants which empowered law enforcement bodies to access Hotspot Shield servers. They also received one such court order thought to require similar access.
Not many Hotspot Shield users will be too happy that their VPN is opening up its servers to such inspection on a regular basis, especially given what we already know about their rather cavalier attitude to user privacy.
However, it must be said that AnchorFree is at pains to note that they do not associate IP addresses with user information and so believe that there is no risk to user privacy from such searches. Being a US-based company, they have little choice but to comply with legal orders issued in the USA, even if they know it will impact on customer confidence.
There were also 38 legal requests that AnchorFree has classified in their transparency report as ‘other’. This is likely to be mostly made up of requests from overseas which have no legal effect in the USA and letters from foreign governments.
VPN scrutiny and the benefits of off-shoring
It is to AnchorFree’s credit that they release such a transparency report, although its contents are unlikely to please many of their users. But even for those who don’t use Hotspot Shield, the report is an interesting insight into the extent of the scrutiny many VPN providers will find themselves under.
They are receiving more than one legal request for customer data every week, which they are required to comply with. This means that some user data is being handed over each time, even if it is not the actual activity records the Government would probably like to have access to.
AnchorFree is not the only VPN provider to make such revelations either. Cyberghost is just one other popular VPN provider which has revealed a similar pattern of requests.
What this tells us above all else are the clear benefits of opting for a VPN such as ExpressVPN or NordVPN which is headquartered offshore. These two providers are based in Panama and the British Virgin Islands, two countries where governments do not have the legal power to access such customer data even if the providers were storing it (which neither of these two does).
US-based VPN providers are not required to retain user data at the moment, but they are subject to US law in all other regard and for those VPN users with a genuine passion for privacy, this makes overseas-based providers a much more attractive proposition.