A virtual private network, or VPN, like Hotspot Shield, is an important tool for protecting your privacy. They protect our online activity from the prying eyes of attackers on insecure networks, and from ISPs that sell our data. Hotspot Shield is easy to use, comes with an impressive collection of other tools, and blows away the competition in our speed tests. The core VPN product is expensive, however, and its privacy policies are complicated by the decision to monetize its free VPN with ads.
What Is a VPN?
When you connect with a VPN, it encrypts all internet activity from your PC and routes it to a server controlled by the VPN company. Anyone on the same network as you won’t be able to spy on your activity, and out on the web your true IP address and physical location are masked. This is especially useful if you find yourself using that sketchy, unsecured Wi-Fi at the local coffee shop. It’s also useful at home, where your ISP is eager to sell your anonymized data.
It’s important to know what a VPN can and can’t do, however. To really disguise yourself online, you should route your traffic through the labyrinthine Tor network. You should also protect your machine with standalone antivirus, protect your accounts by activating two-factor authentication wherever it’s available, and use a password manager to create unique, complex passwords for every site and service.
Pricing and Features
Hotspot Shield starts at $12.99 per month, which is significantly higher than the $10.10 per month average I have seen across the industry. This is where I talk about value, and how it’s not necessarily bad to charge more than average provided the company makes up for it somehow. The story is a bit more complicated because your Hotspot Shield subscription comes with a Pango account, which in turn grants you access to the 1Password password manager, RoboShield call blocker, and Identity Guard identity theft protection service. To give you a sense of value, 1Password alone costs $3.99 a month.
That’s certainly a lot for your dollar, and nearly puts the Pango suite of products in the same category as a security suite that includes VPN, or a more privacy-focused tool like Ghostery Midnight. I haven’t tested the other services included with a Pango account, but PCMag has reviewed some of them. This review focuses on Hotspot Shield as a standalone product, but it’s impossible to ignore this sizable bundle.
You can also spring for a one-year subscription, which will run you $95.88. Again, that’s pretty hefty compared to an industry average of about $73, but, again, the Pango account makes for a different value proposition. There’s also a three-year plan available for $107.64. That said, I advise readers to avoid long term subscriptions, at least at first. You won’t know whether a VPN will work for you until after you try it. So, grab the short-term deal and then upgrade if the service works well for you.
Other standalone VPNs come in significantly less costly than Hotspot Shield. Mullvad, our Editors’ Choice for cheap VPNs, costs a mere €5 ($5.55 USD at the time of writing) per month, and a limited ProtonVPN account can be had for just $5 per month.
Nothing is cheaper than free, and Hotspot Shield is one of the few services that offers a free VPN. Note that the free subscription of Hotspot Shield limits you to only certain VPN servers, and to 500MB of bandwidth per day. Still, that’s significantly more generous than TunnelBear, which limits free subscriptions to 500MB per month. Hotspot Shield does, however, monetize its free version on Android. See below for more on the privacy implications of this practice. ProtonVPN has the best free offering I’ve seen. While it does limit the servers you can use, it places no limits on bandwidth and is the only free VPN we’ve seen with no limits. In this review of Hotspot Shield, I used a monthly subscription.
You can snag a Hotspot Shield subscription by using a major credit card, or PayPal. Other services offer more privacy-friendly options. Mullvad accepts cash mailed to its corporate HQ, and Private Internet Access will take gift cards for places like Starbucks and others. Cryptocurrency support is also fairly common among VPNs, but not Hotspot Shield.
A subscription with Hotspot Shield lets you use five devices simultaneously, which is average for the industry. That seems to be changing, however. Several competitors now offer more, and some have ditched this limitation all together. Avira Phantom VPN, Encrypt.me VPN, Ghostery Midnight, Surfshark VPN, and Windscribe VPN all place no limit on the number of simultaneous connections.
(Note that Encrypt.met is owned by J2 Global, which in turn owns PCMag’s publisher Ziff Media.)
As with nearly every VPN service, Hotspot Shield lets you use P2P file sharing and BitTorrent on its network. It also includes a split tunneling feature, which lets you designate what traffic flows through the tunnel and what can travel in the clear. Hotspot Shield notably lets you designate domains that can be accessed without the VPN, which is handy for streaming video or using a bank that frequently blocks VPN traffic. You can also specify which apps should use the encrypted connection and which should not.
Despite the collection of services Hotspot Shield provides through Pango, that’s the end of the list for additional VPN and network tools. Hotspot Shield doesn’t provide access to the Tor anonymization network. It also doesn’t include multi-hop connections, which route your traffic through a second server for enhanced security. Both NordVPN and ProtonVPN offer these rare, if also rarely needed, features.
There’s more than one way to create an encrypted tunnel for your traffic. For the most part, you won’t have to worry about picking a particular VPN protocol, but I appreciate services that give consumers that option.
Hotspot Shield created its own protocol called Catapult Hydra and, until recently, used it exclusively to power Hotspot Shield. To be clear, in creating Catapult Hydra the company didn’t create a new encryption protocol. A new encryption protocol would require an enormous amount of scrutiny since an undiscovered flaw could be used to break it. Previously, a company representative explained that Catapult Hydra uses the Open SSL library to encrypt the data and that the new protocol is simply “an enhancement of the transport protocol.” The company had also previously told me that Hydra creates multiple channels for data to travel, with the goal of increasing speed and reliability.
While other VPN companies have pushed their own protocols, Hotspot Shield relies almost entirely on Hydra. IKEv2, a secure and modern option, is available on Windows and iOS. OpenVPN, the open-source protocol which I prefer, is available only on routers.
While it doesn’t appear that Hydra presents a security risk, I do prefer services that adopt open-source industry standards. To that end, I am glad to see that Hotspot Shield will be rolling out OpenVPN and IKEv2 across its service. That said, these protocols will likely be supplanted by WireGuard, a new open-source protocol that is the heir-apparent to OpenVPN. Mullvad has fully deployed WireGuard, and NordVPN is rolling it out as well. Hotspot Shield is moving in the right direction, but may soon find itself lapped by the competition.
Servers and Server Locations
Generally, you’ll want to connect to the VPN server that’s closest to your physical location. But if you’re traveling far from home, or need to spoof your location, you’ll want a VPN service that has many options to choose from. Hotspot Shield says it provides servers in “80+” countries. I count about 99 overall locations on the company’s website. That’s an excellent selection, and only a smidge behind the 94 countries served by ExpressVPN.
Especially notably is the variety of locations served by Hotspot Shield. It has servers in four African countries, while most of the competition ignores the continent entirely. It also has numerous server locations throughout Central and South America, regions that also receive very little support from other companies.Hotspot Shield provides servers in regions with repressive internet policies, such as China, Russia, Turkey, and Vietnam.
In my own testing, I’ve found that there isn’t a clear correlation between a VPN company offering more servers and better service for customers. The number of servers is mostly a reflection of the number of subscribers a particular VPN enjoys. That said, Hotspot Shield has a respectable 1,800-some servers available. ExpressVPN, Private Internet Access, and TorGuard VPN break 3,000 servers, while CyberGhost and NordVPN boast over 5,000.
Many VPN companies make use of virtual servers, which are software-defined. Many virtual servers can be hosted on a single piece of server hardware, and those virtual servers configured to appear as if they are in a location other than their physical host machine. This is useful for quickly spinning up new servers to take on sudden spikes in traffic, and allows some companies to better secure their server infrastructure. A virtual server that covers a dangerous region can be safely housed in a safer location.
The problem is that not all VPN companies are transparent about which servers are hardware and which are virtual, making it harder to tell where your data is actually going. Hotspot Shield tells me that it relies only on hardware servers.
Your Privacy With AnchorFree Hotspot Shield
As VPNs become an increasingly popular tool to help secure your privacy online, more attention is being given to what VPN companies are doing to protect your privacy. After all, these companies could monitor your activity as much as ISPs already do. After reviewing information from the company, I found nothing that seemed overtly malevolent, but more could be done to enhance customers’ privacy.
Hotspot Shield VPN is owned and operated by Pango Inc. The company has an office in the US and another in Switzerland. US residents are customers of the former, and are therefore subject to US law. Other companies use out of country HQs as a check against requests for information by governments and law enforcement.
The company does not own all its servers, but that’s not unusual. Company representatives explained that the servers are configured and managed by Hotspot Shield’s employees. Some VPN companies, such as ExpressVPN, have migrated to RAM-only servers in order to prevent tampering. Hotspot Shield employs layers of security to protect its Public Key Infrastructure, including requiring three individuals to unlock its Root Certificate Authority.
Many VPN companies have begun releasing third-party audits of their products to establish security and privacy bona fides. These aren’t always useful, however. Hotspot Shield VPN has yet to release the results of an audit. The company also does not publish a transparency report, which would list the requests made by law enforcement and whether or not the company complied. While the company is already very transparent about its operation, it should endeavor to do both and make them easily accessible to customers. While neither is as guarantee of protection, they do provide a measure of accountability.
Two documents cover your privacy with Hotspot Shield. The first is a broader policy related more to Pango’s overall operation. The second is focused solely on the VPN product. I looked at both. It’s actually very difficult to square the two, as the former sounds far more dire and suspect, and the latter more reasonable and assured. I focus more on the VPN-related policy, but Pango needs to do some work making the two documents coexist in a sensible way. To its credit, the company is very transparent in all of its documents. I absolutely understand what the company says it’s doing and why, even if I don’t always agree with it.
The company says that it does not store any information on users’ browsing activity. The company does gather your IP address in order to match you to the best VPN server, but that information is encrypted during use and deleted at the end of your VPN session. The company says it does not have the ability to connect activity at a given server with a specific person using that server. This is good, and fairly standard.
The company does log session duration and the amount of data used, in order to enforce its policies. It also stores device hashes (that is, theoretically anonymous identifiers), but these are not linked to user activity. The company says that it must collect this information because it does not require users to create an account in order to use the product. I appreciate the rationale and safeguards on these practices, but other companies are able to provide services without these practices.
Company representatives explained to me that Hotspot Shield also logs the domains—but not complete URLs—of sites accessed by each VPN server, with a timestamp. I am told there is no way to connect this information to individual users, and is done to improve service. Some competitors have similar practices, but I’d like to see Hotspot Shield find creative ways to further protect user data.
The most difficult portion of both documents has to do with the company’s free VPN. In all of my conversations with the company over many years, representatives have stressed that they feel a moral obligation to provide a free VPN product, but that they must pay for it with ads on the Android version of its app. This is done with ad network SDKs and Google Ads, both of which gather user information to target advertisements. To its credit, the company is very clear about how this works, and even provides tools to prevent information sharing and de-target ads in the free version. The company has gone to great lengths to minimize the privacy concerns that stem from monetizing its free version, but the company made the decision to monetize the free app in the first place. A far simpler solution would be to simply not serve ads.
You could argue that targeted advertising in the free Hotspot Shield Android app is no worse than any other ad-supported app, or even browsing most websites, and that the cost in privacy is weighed fairly against free VPN protection for everyone. But that’s less compelling compared to ProtonVPN or TunnelBear, both of whom avoid the issue by simply not using ads in their free subscription apps. In fact, of the companies that responded to my survey, only one other product—Steganos Online Shield—used ads in its product. Because a VPN is intended to improve your privacy, I believe it must be held to a higher standard than the average mobile game. The easiest way to avoid this privacy conundrum is to pay for the app.
I always advise readers to look at a company’s policy and decide for themselves if they are comfortable with it. Security companies trade on trust, and if you do not feel that you can personally trust the company, you need to find one you do trust.
Hands On With Hotspot Shield
I had no trouble setting up Hotspot Shield on an Intel NUC Kit NUC8i7BEH (Bean Canyon) desktop running the latest version of Windows 10.
The Hotspot Shield client looks much more at home on Windows 10 than other VPN apps. It’s a simple, dark blue window with cyan highlights and a modern aesthetic. This matters, I think, because how a service looks is probably going to inform how we feel about it. When you start up for the first time, you’re greeted by a large button to connect the VPN, and a menu in the lower right corner that shows which server you’ll be connecting to. I really like this approach, as it gives customers an obvious action to take and makes it clear what will happen.
Once connected, th
e main page shows upload and download speeds, latency, the load on the server you’re using, and your apparent IP address. A map in the upper left shows a stylized view of the world. You can select a new location from the menu above. There are also panels to show your daily data usage, and what network connection is being used. Easy to miss is a Stop button at the very bottom of the app. This disconnects from the VPN.
When you go to select a new location, you’ll see a grid of available server locations with the flag of that region. A search bar at the top makes short work of the numerous server locations. If there is more than one location within a region, you’ll be able to click in and choose where you’d like to connect. The United States region includes 20 cities, for example. This is pretty good, but I prefer services that let you choose specific servers, and services that display information on the usage load a server or region is currently experiencing.
A left rail of icons grants access to account information, FAQs, and other information. Note that you can activate the other services in your Pango account from the Hotspot Shield app.
The Settings section is fairly light. Anyone looking to tweak their network connection may be better served by Private Internet Access. There are still some useful tools. You can designate which URL domains should be allowed to travel in the clear, making it easier to access services that frequently block VPN access. You can also specify which apps you’d like to send data outside the VPN tunnel. There’s also a kill switch, which cuts off all internet traffic should your VPN become disconnected.
When you use a VPN, you expect that your IP address and DNS information are not leaked. To confirm that’s the case, I use the DNS Leak Test tool. My tests showed that my IP address was changed and that my DNS information was secure. Keep in mind that I only tested one server. Other servers may be incorrectly configured.
Hotspot Shield and Netflix
Using a VPN often prevents you from accessing Netflix, even if you’re connected to a VPN server within the US. The streaming company has been very aggressive about cracking down on people spoofing their location in order to access Netflix content that isn’t available in a particular geographic market.
Fortunately, I had no trouble streaming video from Netflix while connected to a US-based server. Unfortunately, that might not always be the case. Services that work one day are frequently blocked the next, so keep that in mind when looking to purchase a VPN.
In addition to securing your traffic, Hotspot Shield says it blocks over 50 million known malicious domains. That’s a good addition, but it’s also a trick that your browser does as well if not better. I have not tested the efficacy of Hotspot Shield’s site blocking.
The major benefit that Hotspot Shield affords customers beyond VPN protection are the services provided through Pango. It simply outsizes the competition—at least for now. TunnelBear offers a standalone tracker blocker and a password manager called RememBear. NordVPN recently diversified with a password manager and an encrypted file manager called NordLocker. Nearly all of these other services, however, require an additional subscription. Pango is a one-stop offering.
Speed and Performance
VPNs work by adding extra distance to the path your web traffic must traverse, and that distance usually has a negative effect on your browsing experience. To get a feel for the impact of using a VPN, I perform a series of tests using the Ookla SpeedTest website, and find a percent change between test results with and without the VPN. You can read more about my testing, including its limitations, in the aptly named article How We Test VPNs.
(Note that Ookla is owned by PCMag’s publisher, Ziff Davis.)
My testing shows the Hotspot Shield is the fastest VPN available, and has the least impact on download speeds and latency. Its download results in particular are significantly better than most of the competition. Surfshark VPN, however, is right behind Hotspot Shield. Surfshark’s download scores were only a hair behind Hotspot Shield, and Surfshark has a significantly better upload score than any other service by a huge margin.
You can see how the results break down in the chart below. This shows the nine services whose scores in all categories matched or exceeded the median results. In total, about 40 products were tested.
In general, I don’t believe that speed is the most important factor when choosing a VPN. Price, privacy, and trustworthiness are far more valuable than a quick download. It’s also worth noting that my tests can’t be viewed as the final word on speed. Network conditions can change on a dime, after all. My tests are more like a snapshot.
Hotspot Shield on Other Platforms
Hotspot Shield provides apps for Android, iOS, macOS, and Windows. Several streaming devices, including Android TV and Amazon Fire Stick, also support Hotspot shield apps. There’s also a command line app for Linux.
Additionally, Hotspot Shield provides a Chrome browser plugin. This only protects your browser traffic, and doesn’t use the same encryption mechanism as the Hotspot Shield desktop app.
You can also manually configure your computer to use a Hotspot Shield VPN connection and eschew the app entirely. However, this is a tedious process, and requires a fair amount of upkeep. It also won’t give you access to all the features of the service that you’re paying for. In general, I recommend against it.
The company provides instructions on how to configure your router to use Hotspot Shield. This has the advantage of protecting all the devices on your network, and doing so without counting against your limited number of simultaneous connections. That said, I think this approach isn’t especially practical.
A Shield for Your Hotspot?
Hotspot Shield excels in many ways. Its client software is slick and easy-to-use. The service aced our speed tests, and it provides numerous server locations in regions often ignored by the rest of the industry. The included Pango account brings more services beyond a VPN than other competitors, making it comparable to the suites of tools offered by antivirus companies. The fact that the app will let you designate certain websites to load without a VPN connection is actually very useful, too.
The service is, however, expensive. And while it makes a strong value argument to justify that cost, it’s easy to imagine that not every customer will find the Pango offering appealing. If you already have a password manager, a free subscription to another isn’t much incentive.
Hotspot Shield VPN ticks many of the boxes that would put it in the running for an Editors’ Choice award, along with our other winners Mullvad VPN, ProtonVPN, and TunnelBear VPN. But the company’s decision to monetize its free VPN offering with ads on Android means
it must come up short. We don’t believe that the company is up to anything malicious, and putting ads in an app is par for the course, but a service that should improve your privacy above all else must be held to a different standard. The fact that it has neither audits nor transparency reports also lowers Hotspot Shield’s profile.
Hotspot Shield is an excellent product, especially if you pay for a subscription. If you need a free VPN, can keep your bandwidth under 500MB per day, and are willing to sacrifice some privacy with its Android app, its free version will get the job done, too.
Hotspot Shield VPN Specs
|Allows 5+ Simultaneous Connections||Yes|