Hotspot Shield is a US-based VPN launched in 2008 that is best known for its free plan. In this review, we tested the premium version to see whether it competes with market-leading VPNs.
Bleeping Computer Rating: 8.6
What impressed us:
- Fast speeds. Ideal for streaming in HD and making video calls.
- Works to watch popular streams. Accesses Netflix USA and a few other regions.
- Servers in 80+ countries. Makes it easy to bypass region blocks and censorship.
- Basic free plan. Allows you to get a US IP address from anywhere for free.
- Strong encryption. Protects your data against hackers and data snoops.
- Easy to use. Hotspot Shield is a basic VPN that is easier to use than many.
- Allows torrenting. You can use Hotspot Shield to torrent privately and secure against the threat of hackers.
- Kill switch. Cuts your internet if the VPN connection drops out.
- No-logs policy. Does not maintain any records of your IP, the servers you connect to, or your browsing activities once a session is over.
- Obfuscation. Enabled by default in its Hydra protocol.
- Apps for all popular platforms. Windows, macOS, iOS, Android, and Firestick.
- Chrome and Firefox proxy extensions.
- Split tunneling is available on Windows, Android, iOS, and macOS.
- Includes a 45-day money-back guarantee to test the service risk-free.
- Auto-protect feature connects to Hotspot Shield automatically when you join a new WiFi network.
- WireGuard protocol for fast speeds and robust security.
What could improve:
- Based in the USA. Raises concerns over warrants and gag orders.
- Has not had an independent audit of its apps, network, and policy.
- Harvests device-level identifiers such as advertising IDs.
- Source IP is exposed for the duration of the VPN connection, but is deleted once the session ends. Creates the potential for real-time tracking.
- Keeps records of the domains you visit on an anonymized basis.
- Live chat window is a bot unless you log in to the member’s area.
- No port forwarding. Makes it less suitable for torrenting with some clients.
Editor’s opinion:
With subscriptions that start at $7.99 per month, there is no doubt in my mind that Hotspot Shield is on the pricier side. I can think of numerous competing VPNs that outperform Hotspot Shield on features, and privacy, and cost between 5 and 6 dollars less.
Admittedly, this VPN service has attempted to improve its privacy policy in recent years. However, it still collects a significant amount of data. Some of this data, such as the domains you visit, is anonymized, but this practice leads to concerns over possible de-anonymization risks. Hotspot Shield uses your IP address to determine your location and ISP, raising questions about potential user identification or time correlation attacks.
The connection speeds offered by Hotspot Shield are fast and they compete with some of the fastest VPNs on the market. Users who prefer to use open-source protocols will be happy to know that the fastest protocol available is WireGuard. This means you shouldn’t need to use its proprietary protocol (other than for streaming some services that didn’t work with WireGuard, more on this later).
I was able to use Hotspot Shield to watch Netflix US and British TV channels such as BBC iPlayer and Channel 4, which shows that it is pretty decent for bypassing region locks. This makes Hotspot Shield a good option for home users who want to prevent ISP tracking, bypass workplace blocks, and use public WiFi safely. However, given its limited feature set compared to other VPNs, the cost of a premium subscription is hard to justify.
Hotspot Shield VPN – Overview
Hotspot Shield was originally launched in 2009 in Switzerland. However, it was acquired by Aura in 2022, which means the VPN is now officially headquartered in the US. This raises some privacy concerns due to US warrants and gag orders, and the fact that the US is part of the Five Eyes alliance.
The good news is that Hotspot Shield keeps no long-term records of user activities, the user's IP home address, or the VPN servers they use. This should mean that the VPN has nothing useful to hand over even if it is served a warrant.
On the other hand, being based in the US means that Hotspot Shield could be subject to a gag order, and begin harvesting user data secretly. To prevent users from needing to worry about this, Hotspot Shield has a warrant canary on its website. Of course, a warrant canary must be taken with a pinch of salt because it relies on honesty from the provider (more on this later).
Hotspot Shield is best known for its free plan, which allows users to connect to a server location in the USA without paying. This free plan has been used during protests and severe internet blocks in many countries around the world. For example, it was widely used during the Arab Spring in 2011.
The paid service increases the usefulness of the service by providing access to servers in 80+ countries. It has apps for all popular platforms, which means you can use it on laptops, desktop computers, smartphones, tablets, and even Android TVs. The only real issue is that the VPN is quite expensive, which makes competing services more attractive.
Hotspot Shield – Highlights
- Basic free plan
- Fast speeds
- Works to watch Netflix US
- Apps for all popular devices
- Easy to use
- No-logs policy and strong encryption
- WireGuard protocol is now available
- Servers in 80+ countries
- 45-day money-back guarantee
Hotspot Shield review
I tested Hotspot Shield on Windows, iOS, and Android. I used our carefully crafted VPN testing methodology, which allowed me to assess every aspect of the VPN and compare it to other market-leading services. I analyzed Hotspot Shield’s performance across seven critical areas: Features, Pricing, Streaming, Speed, Privacy, Security, and Customer Support.
Hotspot Shield features
Hotspot Shield offers custom apps for Windows, Mac, iOS, Android, Android TV, and FireTV. It can be set up manually on Linux. Some features may be app-specific, so it is worth checking feature availability in the apps you intend to use. For example, the auto-protect feature is replaced with an 'always on' VPN feature on iOS.
In addition to its main clients, HSS makes browser extensions for Chrome and Firefox. However, it is important to note that this is a proxy that changes your location within your browser, without providing you with the additional encryption benefits of the full VPN client.
Hotspot Shield's simultaneous connection allowance lets you connect up to 10 devices, which is usually enough for most power users. However, there are competing services that let you connect an unlimited number of devices for less than half the price of Hotspot Shield.
Hotspot Shield provides some limited support for VPN-compatible routers and firmware types. This kind of setup will let you secure all the devices in your home without the need to install and connect to the VPN on individual devices. Compatible router firmware includes AsusWRT, Asus Merlin, DD-WRT router, FreshTomato, and GL.iNet.
Global server network
Hotspot Shield offers an extensive global server network, with over 1,800 servers across more than 80 countries. This vast network is key to bypassing region-specific blocks and accessing a range of international services.
Whether you're looking to stream regional TV platforms, engage in native language searches while traveling, or have the ability to bypass censorship, Hotspot Shield's servers make this possible. You can access internet banking and region-specific services like government gateways, which are often restricted abroad for security reasons.
In the US alone, Hotspot Shield has servers in 27+ cities, enhancing access to local content, bypassing sports blackout restrictions, and securely using state-specific online services, such as gambling websites.
Some of Hotspot Shield's server locations are virtual. Unlike physical servers that are located in the country of the IP address they provide, virtual servers use special DNS routing to give you an IP address from the selected country while physically routing your data through a server in a different location. It is important to understand this distinction for privacy reasons, as the physical location of the server might fall under different jurisdictions, potentially affecting how your data is handled.
Unfortunately, Hotspot Shield doesn't specify which servers are physical or virtual in its app or server list. Instead, the website refers to all locations as ‘virtual locations. For most users, virtual servers pose no significant concern, as they still provide an IP address for the desired location. However, they can be problematic for users who want to know where physical servers are for privacy and jurisdictional reasons.
If the latter applies to you, we would recommend opting for a VPN that clearly labels virtual servers on its website or its apps (such as ExpressVPN, Private Internet Access, or CyberGhost VPN) or a VPN that exclusively uses physical servers for its entire network (such as NordVPN or PrivateVPN).
Kill switch
A VPN kill switch is an important feature for maintaining online privacy. It automatically cuts your internet connection if your VPN connection fails to stop you from leaking data to local networks or your ISP. Hotspot Shield has a kill switch that runs in the background in its apps for Windows, macOS, Android, and iOS.
Some VPNs have an app-based (reactive) kill switch rather than a system-level one. The app-based kill switch can only cut your internet when the VPN app is running, which may not cover all leaks, especially if the VPN app crashes.
Unfortunately, Hotspot Shield's website does not specify which kind of kill switch it uses in its apps. For this reason, I decided to run a VPN connection security test.
To test the kill switch feature, I intentionally crashed the VPN connection using Task Manager. To monitor changes in my IP address continuously, I used a page refresh tool set to check my IP address at one-second intervals. This method provides me with real-time insights into my network connection status, allowing me to see whether the kill switch is reliable.
Unfortunately, my test revealed that Hotspot Shield's kill switch does not activate upon crashing the VPN application, indicating that it’s app-based. This makes the VPN less attractive to people with an elevated threat model or who torrent, for example.
The Hotspot Shield kill switch only works when you use the Hydra protocol. Users who prefer non-proprietary protocols like WireGuard or OpenVPN (not offered by Hotspot Shield) will need to opt for an alternate VPN service.
Bandwidth allowance and data use
Premium Hotspot Shield subscribers are not subjected to any bandwidth restrictions or data caps. You can use the VPN on an unlimited basis using up to 10 devices. You can watch as many movies and TV shows, download as many torrents, make as many video calls, play as many games, and surf the web as much as you like. You can also connect and disconnect from as many servers as necessary and as frequently as you like.
The free plan, by contrast, restricts you to 500 MB per day. Although useful in an emergency, that’s not enough for streaming video and other data-intensive tasks.
Split tunneling
Hotspot Shield provides split tunneling in its Windows, Android, iOS, and macOS apps. This allows you to easily route most of your traffic through the VPN while allowing specific apps to use your normal internet connection. It comes in useful when you want to download torrents through the VPN but want to watch a local TV service or streaming platforms (or anything else) using your regular home IP address. You can choose to bypass both apps and domains from the VPN. By contrast, the Route via VPN feature only works for routing websites exclusively through the VPN.
Obfuscation
If you want to connect to your VPN using an extra layer of obfuscation, you can do so by choosing Hotspot Shield’s proprietary Hydra protocol. The only caveat is that this is a closed-source protocol, and Hotspot Shield is not forthcoming about the type of obfuscation the custom protocol provides. Notably, Hotspot Shield does not work in China.
If you want a VPN with advanced obfuscation capable of bypassing strict VPN blocks in countries like China, the UAE, and Iran, then consider another service.
Auto-protect feature
This feature connects the VPN automatically when you join a new WiFi network. It is designed to protect you when using public WiFi hotspots, by ensuring that your data is always protected when connecting to unknown networks. This also helps to protect you against Evil Twin hotspots.
Auto-connect feature
This feature connects the VPN to the last server used as soon as you launch the app. This saves you from having to do anything but open the app and means that if you set Hotspot Shield to launch at start-up, the VPN will automatically protect you every time you start your computer.
What features does Hotspot Shield lack?
Due to the high cost of a Hotspot Shield premium subscription, we felt it was worth highlighting features that this VPN does not have. The list below shows common features provided by market-leading VPNs, many of which cost less than Hotspot Shield:
- MultiHop: Routes your data through two servers for added privacy.
- Port forwarding: Allows you to forward VPN traffic to specific ports for torrenting or hosting reasons.
- Ad blocking.
- Tracker blocking.
Subscriptions & pricing
Hotspot Shield’s pricing structure is one of the easiest to understand, but it provides fewer options than some competitors. You can pick from either a one-month subscription that costs US$9.99 or a yearly play that costs US$7.99 per month. Both these plans provide access to all Hotspot Shield features and apps, so other than providing a discount to users willing to commit longer, there is nothing to set the plans apart.
The monthly price is very competitive, so if you only require a VPN on vacation or for some other short-term reason, Hotspot Shield is worth considering. However, anybody looking for a long-term VPN subscription may prefer to shop elsewhere. The cheapest monthly cost for Hotspot Shield is expensive compared to other leading providers, including Surfshark ($2.49), CyberGhost VPN ($2.03), PrivateVPN ($2.00), and NordVPN ($3.99).
Dedicated IPs are not available with Hotspot Shield, so you will need to seek an alternate provider if you require one.
30-day money-back guarantee
If you're still undecided or want to compare Hotspot Shield with another high-quality VPN, you can take advantage of its 30-day money-back guarantee. This refund policy lets you try the VPN on all your devices and check it works with your streaming accounts. If you aren't happy with the experience, you can request a full refund.
Payment options
Hotspot Shield accepts various payment methods. You can pay using a credit or debit card (Visa, Mastercard, AMEX, or Discovery) and PayPal. Hotspot Shield doesn't accept Bitcoin or any other cryptocurrency payment, so you cannot pay anonymously.
Speed tests
I tested Hotspot Shield using the WireGuard protocol to get the best speeds possible. I found it to be an extremely fast VPN, which is a testament to the quality of the servers that make up its network.
The tests were carried out using a dedicated test machine in the USA. It has download speeds of at least 1 Gbps per second. This allowed me to check the VPN’s top speed. For consistency, I always test VPNs using the same three server locations (the US, the UK, and Hong Kong).
We had to select WireGuard in the settings menu because, by default, the app automatically chose Hydra. In our tests, WireGuard proved to be two to three times faster than Hydra.
Below, you can see the results of our server-based tests:
UK (London) | 272 Mbps | 308 Mbps | 419 Mbps | 333 Mbps |
US (New York) | 451 Mbps | 196 Mbps | 396 Mbps | 347 Mbps |
Hong Kong | 232 Mbps | 338 Mbps | 251 Mbps | 273 Mbps |
Global average | 317 Mbps |
Home broadband tests
We acknowledge that the average home internet user will have broadband or mobile internet that is much slower than our test server. To account for this, I also carried out home broadband tests. These results allow you to get a practical look at how the VPN might perform in a regular home environment.
I tested Hotspot Shield using a Virgin Media broadband connection in the UK. The tests were carried out using an ASUS Zenbook 14 laptop. On the day of testing, my baseline internet speed (without the VPN) was 23 Mbps.
- UK server (Coventry). Download speed of 20 Mbps. This is a 13% drop.
- US server (New York). Download speed of 21 Mbps. This is an 8.7% drop.
- Hong Kong (Hong Kong). Download speed of 18 Mbps. This is a 21.7% drop.
As you can see, Hotspot Shield performed well in the home broadband tests. The average drop in speed across all three locations was 14%. We were also happy to see that the servers had decent consistency across the different locations. Perhaps the biggest disappointment was that the UK server gave me the slowest result – even though I was testing from the UK.
This small gripe aside, however, it seems fair to say that Hotspot Shield is a fast VPN that is suitable for streaming, gaming, making video calls, and torrenting.
Streaming
Accessing popular streams with a VPN is increasingly challenging because streaming providers do their best to block VPNs. Most VPNs do not work with Netflix, Hulu, HBO Max, Disney+, and BBC iPlayer. So, how does Hotspot Shield perform?
It started by testing Hotspot Shield to access Netflix US. I connected to the streaming-optimized server and found that it worked with Netflix without issue. I also tested it with Hulu, Disney Plus, and Prime Video, and found that, again, it worked.
Next, I tried the UK streaming server to watch the British Netflix catalog. Again, the VPN worked without any problems. However, when I switched to a server in Japan, I could not access the local catalog. This appears to reveal that Hotspot Shield is only optimized for streaming UK and US services (which are the only streaming-optimized servers it currently provides in its apps).
If you are interested in streaming content from other countries, I would recommend testing it without streaming accounts using the money-back guarantee.
I continued testing the UK server to watch BBC iPlayer, ITVX, and Channel 4.
On the WireGuard protocol, the BBC detected the VPN and served me a location error. ITV also gave me an error message while connected to the UK streaming server. Finally, the VPN did not work to watch Channel 4’s streaming service.
The tests thus far had been carried out on WireGuard. To be thorough, I decided to change to the Hydra protocol. I was surprised to find that the VPN suddenly worked without any issues. I doubled back to re-test Channel 4, BBC iPlayer and ITVX, and they all worked.
To make sure I wasn’t going mad, I switched back to WireGuard and tested again. The results were conclusive, the WireGuard protocol was not working to watch British TV platforms.
Conclusion? You will have much better results for streaming if you stick to using Hotspot Shield set to Hydra. My main issue with these results is that most VPNs purposely provide WireGuard to give subscribers better speeds for activities like streaming.
The fact that Hotspot Shield’s implementation of the WireGuard protocol was instantly noticed and blocked by every British streaming provider I tested is rather disappointing.
Security
One of the biggest problems with Hotspot Shield is that it does not provide the OpenVPN protocol for its users. The popular, open-source VPN protocol has been subjected to many independent audits. It has been a VPN industry mainstay for the last 10 years, and it is a protocol that privacy advocates trust for preventing online tracking and data theft.
Hotspot Shield now provides the modern WireGuard protocol in its apps. This open-source protocol uses robust ChaCha20 encryption and other secure cryptographic primitives.
According to Hotspot Shield, its proprietary Hydra protocol implements robust AES-256 encryption and obfuscation by default. However, as the protocol is closed source we can neither verify nor refute these claims. This is what the Hotspot Shield website tells you about the protocol:
“Handshake is a standard TLS (Transport Layer Security) 1.2 only, no protocol downgrade allowed. It uses RSA certificates with 2048 bit key for server authentication and Elliptic Curve Diffie-Hellman algorithm (ECDHE) for Ephemeral Key Exchange.”
In theory, this proprietary protocol should provide strong online privacy levels, but you are putting your trust in the unknown. The VPN claims the protocol’s “code is evaluated by 3rd party security experts from more than 60% of the world’s largest security companies” but it has not published the results or details about those evaluations, so take those claims with a pinch of salt.
For this reason, we would tend to recommend sticking to the WireGuard or IKEv2 protocols, which are both recognized and trusted. Hotspot Shield implements IKEv2 using AES-256 encryption, which is robust.
Leak tests
To ensure the VPN is safe to use for online privacy purposes, I conducted tests to check for IP, DNS, and WebRTC leaks. I tested using an incognito window to ensure cookies and cache didn’t affect my results. I started by testing using the Hydra protocol:
As you can see, the VPN suffered from no IP, DNS, or WebRTC leaks that revealed my actual British location information.
It is worth noting, however, that the test resulted in IP address results in the US and Switzerland. I was testing the LA server, so a result in Switzerland is undesirable. Although this isn’t problematic in terms of privacy, it could potentially lead to issues when trying to access regional services.
Due to the problems I experienced when trying to stream while connected to the British streaming server, I decided to test it for leaks using the WireGuard protocol (which is the protocol that gave me problems). You can see the result below:
As you can see, the British streaming server registered an IP address in the US using the WireGuard protocol. This shows that the WireGuard protocol fails to provide an IP address in the required location. For this reason, we recommend sticking to Hydra for location spoofing purposes.
All in all, the results of the leak tests were a bit of a mixed bag. Considering the relatively high cost of a Hotspot Shield subscription, I would have hoped for better results.
Privacy
The most trustworthy and reliable VPNs for privacy promise never to store their subscribers' source IP address, logs of the VPN servers they use, or the traffic that passes through the servers, including details of the websites visited. This is important because a VPN that stores this data could be compelled to share it, lose it in a data breach, or potentially share it with unwanted third parties.
In the past (before the VPN was acquired by Aura) Hotspot Shield received widespread criticism due to its weak privacy policy, which allowed the VPN to harvest data and use it for marketing purposes. Thankfully, the VPN has since been acquired and has made an effort to update its privacy policy to improve things.
The premium VPN now includes a “no-log policy” that promises not to keep any usage logs or records of the servers users to which users connect. Despite this claim, we found quite a few questionable technicalities in the policy.
The VPN admits to storing the user's IP address for the duration of a session. It uses this to figure out the user's general location and internet service provider (ISP). Furthermore, Hotspot Shield subscribers must provide a payment method during sign-up. This payment information includes your real name.
Although knowing the user's ISP may not seem problematic, it could allow a user to be identified if they’re the only user connecting through a given ISP.
The policy admits that the VPN stores anonymized records of the websites and services visited by their subscribers. This means that the VPN analyzes every website visited by its users. Numerous studies have proven that anonymized data can often be re-identified. Due to improvements in AI, this problem is becoming more acute.
The policy also admits to collection of personal data such as account details, billing information, communications, usage information, device information, and diagnostic information. Most of that is par for the course and necessary for providing and improving the service but does not identify individual users.
The policy also states that the VPN will “Identify the locations of the VPN server utilized”.
This may not seem problematic at first glance because the VPN is tracking the location of a server rather than the exact server used. However, if the VPN has only one server in a particular location, knowing the location could be equivalent to knowing the exact server. Unfortunately, the policy does not indicate how long this information is stored.
This creates heightened concerns when coupled with the ability for a Hotspot Shield account to be traced back to a user’s name (and IP address through their ISP). Under such circumstances, there could be enough of a paper trail to carry out a time-correlation attack.
Despite having improved, the Hotspot Shield privacy policy is far from ideal. Those seeking a true no-logs VPN may prefer to give this service a miss, especially considering it is based in the US.
Finally, it seems important to also note that the privacy policy for the free VPN plan is even weaker. Hotspot Shield openly admits to harvesting data from free users for profiling and marketing purposes. This means that anybody using the free VPN plan is subjected to more significant privacy invasions.
Customer support
Effective customer support is important for user satisfaction, and to support newcomers to VPNs who have less experience with using a VPN. Hotspot Shield offers live chat support on its website, but there is a caveat. Free plan users and prospective customers can only talk to a bot. Human agents are hidden away in the member’s area, which means you need to be a paying subscriber. This leaves you unable to ask questions before taking out a subscription.
While the live chat support is accessible 24/7, the expertise of the agents seems a little limited. They tend to guide you toward the knowledge base instead of providing in-depth answers, and if the information isn't available on the website, then they often won't be able to give you a straight answer.
The website’s support center is well-organized, with FAQs categorized by operating system, covering a broad spectrum of topics. However, some responses in the FAQs lack detailed information. For example, the guide for watching BBC iPlayer does not mention the need to use the Hydra protocol, which we found to be the only one that works.
The setup guides provided for various platforms, including routers, are clear and well-written. Hotspot Shield could be more forthcoming with technical details about their service’s security features. This transparency is crucial for users to be able to compare the service apples to apples with comparing platforms and to understand exactly what level of protection they are getting when they use the VPN.
Interacting with the support team also led me to some frustration. Agents would exit chats mid-conversation, requiring me to start again by providing my email and name.
The website's marketing includes claims like “World’s fastest VPN” were proven to be exaggerated during our testing. Given the cost of this VPN, we found that the drawbacks started to add up.
Although Hotspot Shield’s customer support is functional and includes live chat for paying subscribers, we found that there is room for improvement in areas like agent expertise, user experience, and transparency.
Is Hotspot Shield easy to use?
During our tests, we found the Windows, iOS, and Android apps for Hotspot Shield to be well-designed and easy to use. The VPN is pretty straightforward, in part because of its lack of advanced features.
The settings menu is easy to navigate, with each of the tabs providing you with clear access to the main features. Overall, we had no trouble getting used to the VPN. However, it is worth noting that the VPN protocol comes set to ‘Auto” by default. This usually defaults to the proprietary Hydra protocol. If you prefer to take advantage of WireGuard’s faster speeds, then change this before connecting to the VPN.
One noticeable drawback when using Hotspot Shield is its tendency to cause CAPTCHAs during Google searches. This happens because Hotspot Shield has assigned you an IP address already flagged by Google's automated systems as potentially dangerous. Having to fill in CAPTCHAs can be a touch frustrating, but should only happen when you first connect to the server.
Our verdict
Hotspot Shield is a popular VPN brand because of its free plan. However, its premium VPN service offers a much larger network of servers and access to streaming-optimized servers that work to watch British and American services.
The apps install easily and come with all the necessary features to prevent local networks, ISPs, and government snoops from monitoring your traffic. It also works to protect you against hackers on public WiFi. However, the customer support is a little lackluster.
Hotspot Shield’s privacy policy has some gray areas and data collection practices that may put privacy advocates off the service. If you are looking for a rock-solid no-logs VPN, then we would recommend shopping elsewhere.
The VPN now boasts the WireGuard protocol in its apps, which means you no longer have to use the proprietary Hydra protocol. The only caveat is that WireGuard didn't work with streaming services for us, so it may still be suffering from teething issues.
Overall, Hotspot Shield is a decent VPN. It posted impressive speed results on our test machine, and it performed moderately well on my home computer and broadband connection.
These small issues, as well as the relatively high cost of a subscription, mean that Hotspot Sheild Premium is struggling to compete with the very best VPNs on the market.
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now