- AnchorFree Hotspot Shield subscription options:
- 36 month plan - €2.99 per month (€107.64 total cost)
Plans and prices
Today's Hotspot Shield pricing plan offers: The Hotspot Shield line starts with a very restrictive free plan: 2 Mbps speed limit, one location (US), and a daily data allowance of 500MB. It's useful for learning about apps, but it's pretty much everything. The paid VPN starts at €9.99 billed monthly, rising to €6.99 on the annual plan to protect up to five devices. The monthly price is fair, but the annual offer seems more expensive. Most providers charge €3-€5 per month for annual products, and some do even better (Private Internet Access charges €3.33 per month to protect up to ten devices). Also consider Bitdefender Premium VPN. It's almost featureless, but extremely easy to use, uses Hotspot Shield's fast network and Catapult Hydra protocol below, and costs a fraction of the price at just $2.50 per month for the first year, $4.17 when you renew. If you're happy with a simple service and don't care about anything other than speed and network, it might be worth a try. Signing up for a premium account will also give you access to Hotspot Shield's password manager (Image credit: Hotspot Shield) If power is more your thing and you're tempted by antivirus, spam call blocker and email manager Hotspot Shield passwords, you can also get them for an extra €3 per month on the plan, monthly or €1 billed annually (that's a total of €12,99 and €7,99 per month). The best value for money, though, might be the family plan, which gives you coverage for five people, with five devices each, for just €19,99 billed monthly or €11,99 on the annual plan. If you use all those licenses, that translates to €2.40 per user per month, for the VPN, plus antivirus, spam blocker, and password manager. Unfortunately, there's no Bitcoin payment option, but you can use a card or PayPal, and if something goes wrong later, you're protected by an exceptionally generous 45-day money-back guarantee. Hotspot Shield allows you to choose your preferred VPN protocol from its Settings menu (Image credit: Hotspot Shield)Privacy
Understanding VPN security typically starts by looking at the details of authentication, encryption, and protocol support. It can be extremely complicated, but just seeing that a service supports a secure protocol like OpenVPN can give you reassuring feedback about its security. Hotspot Shield is more difficult to assess, because while it now supports the standard IKEv2 protocol, the service is primarily based on its proprietary Catapult Hydra technology. This is not as disturbing as it seems. The goal of Catapult Hydra is to improve performance, and the encryption side of the protocol uses pretty much the same standards as everyone else. For example, the Hotspot Shield website reports that Catapult Hydra is based on Transport Layer Security (TLS) 1.2, with AES-256 and AES-128 encryption, 2048-bit RSA certificates for server authentication, and keys exchanged over Elliptic Curve Diffie-Hellman. (ECDHE) for a seamless secret transfer (keys only last for one session, and new ones are generated the next time). Which, for you unencrypted geeks out there, is more than enough to keep you safe. One problem with proprietary technologies like Catapult Hydra is that there's no easy way to see what else is going on. OpenVPN is open source and any developer can look at the code, understand how it works, maybe find problems or suggest improvements, which is not possible here. However, that doesn't mean you have to accept Hotspot Shield's claims completely on confidence. The company notes that Catapult Hydra is used by "most of the large cybersecurity companies that offer VPN services from within their apps, such as McAfee, Bitdefender, Cheetah Mobile, and many more." In addition, "operators such as Telefónica and KDDI are also using Catapult Hydra to provide VPN services and Wi-Fi security to their customers." As a result, even though the code is not publicly available, that doesn't mean its functionality hasn't been reviewed. These corporate customers need to understand Catapult Hydra to successfully implement it themselves, and Hotspot Shield says the protocol has been ``reviewed by third-party security experts from more than 60% of the world's largest security companies who use our SDK to deliver VPN services to its users. ' Confidentiality is not just about low-level technicalities. The client application is also important, especially when it comes to blocking DNS and WebRTC leaks that could reveal your true identity. Fortunately, testing Hotspot Shield browser clients and attachments on IPLeak and DNSLeakTest revealed no problems, and the service protected us from spies at all times. You can also enable Hotspot Shield's kill switch in the Settings menu (Image credit: Hotspot Shield) Your IP address could also be leaked if the VPN connection suddenly drops, at least in theory. Some of the Hotspot Shield apps include a kill switch to prevent this by shutting down your internet until the VPN is back up, but does it really work? Some quick Windows tests started out fine. Even with the kill switch turned off, the client did not reveal our real IP address when we changed locations, and our IP address was typically exposed for no more than a few seconds if the connection was dropped. When we turned on the kill switch, our IP address was not visible at all. Digging deeper, we discovered that the client had opened multiple local TCP connections to manage the tunnel. If we did make them shut down, we wonder if that would break the client. No: it didn't block, it didn't reveal our IP address, it didn't even trigger an alert, it just reopened the connections and carried on as before. This ability to deal with unexpected events is a sign of smart engineering and suggests that the client will face some weird issues that we've seen other apps break. In accordance with its privacy policy, Hotspot Shield does not keep any logs of its users (Image credit: Hotspot Shield)Recording
Hotspot Shield's privacy policy includes reassuring details about the company's logging practices: “Our VPN products do not record or log IP addresses, device IDs, or any other form of identification in combination with your VPN browsing activity. In a nutshell, this means that our VPN products do not store any information about what a specific user has browsed or accessed through a VPN connection. There is still a record, the policy explains, including:- 'the length of VPN sessions and the bandwidth consumed...'
`` which domains our users accessed, but anonymously, so we don't know which user accessed which domain (we also add this information roughly monthly)...''
Device hashes, used to identify devices and associate them with other data we collect... Device hashes are not related to VPN browsing activity.
'We collect and use fraud protection IP addresses in the context of financial transactions with us, derive non-identifiable pieces of information, such as your approximate geographic location and information about your Internet service provider or operator. "
This gives you some leeway to create a profile of how you use the service. For example, Company may keep a record of the time and date of each session, the device used, your approximate location, and the amount of data you transferred. Hotspot Shield makes it clear that none of this information can be used to link your account to VPN browsing activity, which is good to hear. But unlike some competitors, the company hasn't gone through any sort of privacy or public safety audit, so there's no confirmation of these privacy promises. We have yet to accept Hotspot Shield's words about trust.
We use Ookla Speedtest to measure the performance of the Hotspot Shield, among other sites (Image credit: Ookla)