Tuesday, April 27, 2021

Hotspot Shield VPN

Hotspot Shield is a popular VPN with just enough interesting and unusual features to help it stand out from the crowd.

The core service has a sizeable network of 1800+ servers across 80+ countries and 115 cities. All servers are P2P-friendly, and built-in blocking of malicious and phishing sites helps keep you safe online.

The company uses its proprietary Catapult Hydra protocol to deliver maximum performance, and it generally delivers great results. The down side is it's not supported by other software or operating systems, so you can mostly only use it via the Windows, Mac, Android and iOS apps (there's no manual setup guide for Chromebooks, say.)


Hotspot Shield works with many different router types (Image credit: Hotspot Shield)

Fortunately, there's OpenVPN support for routers, which means you can now get Hotspot Shield working on Asus, (Asuswrt/ Merlin), DD-WRT, FreshTomato and GL.iNet boxes (the support site has detailed instructions on how this works.)

The service supports from five to 25 simultaneous connections, depending on your plan, more choice than you'll see with many competitors.

You can even add three more security apps - Windows/ Mac antivirus, a spam call blocker and a password manager - for a tiny price premium of just $1 a month.

We don't have the space to cover any of these, but they're major products, and a very interesting addition to the service. If you're interested in any of them, follow the link above to find out more.


You can either pay by card or PayPal (Image credit: Hotspot Shield)

Plans and pricing

Hotspot Shield's range starts with a very restrictive free plan: 2Mbps speed limit, one location only (US) and a 500MB daily data allowance. It's useful as a way to check out the apps, but that's about it.

The paid VPN starts at $9.99 billed monthly, dropping to $6.99 on the annual plan to protect up to five devices.

The monthly price is fair, but the yearly deal looks more expensive. Most vendors charge around $3-$5 a month for annual products, and some do even better (Private Internet Access asks $3.33 a month to protect up to ten devices.)

Keep Bitdefender Premium VPN in mind, too. It has almost no features, but it's supremely easy to operate, uses Hotspot Shield's speedy network and Catapult Hydra protocol underneath, and costs a fraction of the price at just $2.50 a month in year one, $4.17 on renewal. If you're happy with a bare bones service and don't care about anything other than speed and the network, it might be worth a try.

Premium Apps

Signing up for a premium account will also get you access to Hotspot Shield's password manager (Image credit: Hotspot Shield)

If power is more your thing, and you're tempted by Hotspot Shield's antivirus, spam call blocker and password manager, then you can get those as well for an extra $3 a month on the monthly plan, or $1 billed annually (that's an effective total of $12.99 and $7.99 a month.)

The best value could be the Family plan, though, which gets you coverage for five people, with five devices each, for only $19.99 billed monthly, or $11.99 on the annual plan.

If you'll use all those licenses, that translates to $2.40 per user per month, for the VPN, plus the antivirus, spam call blocker and password manager.

There's no Bitcoin payment option, unfortunately, but you can use card or PayPal, and if anything goes wrong later you're protected by an unusually generous 45-day money guarantee.


Hotspot Shield allows you to choose your preferred VPN protocol from its Settings menu (Image credit: Hotspot Shield)


Understanding a VPN's security usually starts by looking at its protocol support, encryption and authentication details. This can be hugely complicated, but just seeing that a service supports a secure protocol like OpenVPN can give you reassuring feedback about its safety.

Hotspot Shield is more difficult to assess, because although it now supports the standard IKEv2 protocol, the service mostly relies on its proprietary Catapult Hydra technology.

This isn't as worrying as it might sound. Catapult Hydra's focus is on improving performance, and the encryption side of the protocol uses much the same standards as everyone else.

For example, the Hotspot Shield website reports that Catapult Hydra is based on TLS (Transport Layer Security) 1.2, with AES-256 and AES-128 encryption, 2048-bit RSA certificates for server authentication and keys exchanged via Elliptic Curve Diffie-Hellman (ECDHE) for perfect forward secrecy (keys last for only one session, with new ones generated next time). Which, for non-encryption geeks, is more than enough to keep you safe.

One problem with proprietary technologies like Catapult Hydra is there's no easy way to see what else is going on. OpenVPN is open source and any developer can look at the code, figure out how it works, perhaps find problems or suggest improvements – something which isn't possible here.

That doesn't mean you must take Hotspot Shield's claims entirely on trust, though. The company points out that Catapult Hydra is used by 'the majority of large cybersecurity companies that offer VPN services from within their apps, such as McAfee, Bitdefender, Cheetah Mobile and many others.' In addition, 'carriers such as Telefonica and KDDI also use Catapult Hydra to provide VPN services and Wi-Fi security to their customers.'

As a result, though the code isn't publicly available, that doesn't mean its functionality hasn't been reviewed. These corporate customers need to understand Catapult Hydra to properly implement it themselves, and Hotspot Shield says the protocol has been 'evaluated by 3rd party security experts from more than 60% of the world’s largest security companies that use our SDK to provide VPN services to their users.'

Privacy isn't just about the low-level technicalities. Client implementation is also important, especially when it comes to blocking DNS and WebRTC leaks which might give away your real identity. Fortunately, testing Hotspot Shield's clients and browser attachments at IPLeak and DNSLeakTest didn't reveal any issues, with the service protecting us from snoopers at all times.

Kill Switch

You can also enable Hotspot Shield's kill switch from the Settings menu (Image credit: Hotspot Shield)

Your IP address could also leak if the VPN connection suddenly drops, at least in theory. Some of Hotspot Shield's apps include a kill switch to prevent this by shutting down your internet until the VPN is back up, but does this really work?

Some quick Windows tests got off to a good start. Even with the kill switch turned off, the client didn't leak our real IP address when we changed locations, and our IP address was exposed for typically no more than a couple of seconds if the connection dropped. When we turned the kill switch on, our IP address wasn't visible at all.

Digging deeper, we found the client opened multiple local TCP connections to manage the tunnel. If we forced these to close, we wondered, would that break the client? Nope: it didn't crash, leak our IP or even raise an alert, but just reopened the connections and continued as before. That ability to cope with unexpected events is a sign of smart engineering, and suggests the client will cope with oddball issues that we've seen break other apps.


According to its privacy policy, Hotspot Shield does not keep any logs on its users  (Image credit: Hotspot Shield)


Hotspot Shield's Privacy Policy includes some reassuring details on the company's logging practices:

'Our VPN products do not log or otherwise record IP addresses, device identifiers, or any other form of identifier in combination with your VPN browsing activity. Simply put, this means that our VPN products do not store any information about what any specific user browsed or accessed through a VPN connection.'

There is still some logging, the policy explains, including:

- 'the duration of VPN sessions and the bandwidth consumed...'

- 'the domains that have been accessed by our users, but on an anonymized basis such that we do not know which user accessed which domain (we also aggregate this information on an approximately monthly basis)... '

- 'device hashes, which are used to identify devices and associate them with other data we collect... Device hashes are not linked to VPN browsing activity.

- 'we do collect and use IP addresses [in the context of] protecting against fraud in connection with financial transactions with us, [and] deriving non-identifiable items of information, such as your approximate geographic location and information about your internet service provider or carrier.'

This gives some scope for building a profile on how you use the service. For example, the company could keep a record of the time and date of every session, the device used, your approximate location and how much data you transferred.

Hotspot Shield clearly says none of this information can be used to link your account to any VPN browsing activity, which is good to hear. But, unlike some competitors, the company hasn't put itself through any form of public security or privacy audit, so there's no confirmation of these privacy promises. We're left to take Hotspot Shield's words on trust.

New Speedtest Image

We used Ookla's Speedtest to measure the performance of Hotspot Shield, among other sites (Image credit: Ookla)


Hotspot Shield makes big claims about the performance of its Catapult Hydra protocol, but does it live up to the hype? We checked the service out with SpeedTest, TestMy, Netflix' Fast.com and other websites to find out.

Connecting to our nearest US server from a US location with a fast 600Mbps connection, we ran multiple tests in morning and evening sessions across several benchmarking services (SpeedTest's website and command line app, Netflix' Fast.com, TestMy.net and more.) That gives scope for a lot of variation (which is why we run so many tests), but results were very consistent at 360-380Mbps. That's also very similar to the speeds we've seen in previous reviews (320-330Mbps last time, 330-410Mbps before that), giving us extra confidence in the results.

IKEv2 speeds were very poor by comparison at 35-40Mbps. That's so low we're left wondering if there was some temporary server or other issue during our tests, but unless you must use IKEv2 for some reason, it's not likely to be an issue - just use the speedy Catapult Hydra, instead.

Normally we repeat these tests from a UK data center, but this time we weren't able to get Hotspot Shield working in the test environment (our issue, nothing to do with the company.) But running the service from a UK home with a 70Mbps test line saw Hotspot Shield IKEv2 connections regularly beat 60Mbps, as fast as we could have expected, and showing us that our poor US IKEv2 speeds weren't necessarily typical.

We followed up with some long-distance checks, and these also returned excellent results, with even distant locations like Vietnam regularly hitting more than 60Mbps.


Hotspot Shield was able to unblock US and UK Netflix without difficulty, so we didn’t witness any nasty error messages (Image credit: Netflix)


Connecting to a VPN can help you bypass all kinds of website restrictions, from streaming sites which block content in specific countries, to nations such as China which block a host of popular sites.

Measuring a VPN's unblocking abilities is difficult as there are so many factors involved, but we try to get a feel for its effectiveness by checking how the service works with BBC iPlayer, Netflix, Amazon Prime Video and Disney+. 

Hotspot Shield provides specialist streaming servers which should make this easy (no need to try 5x US servers to find one which gets you into Netflix), but to confirm this works reliably, we test each service using three separate logins and IP addresses.

BBC iPlayer has the technology to detect and block many VPNs, but Hotspot Shield bypassed all that for all our test logins and allowed us to stream whatever content we needed.

Netflix is normally one of the most difficult streaming sites to access with a VPN, but again, no-one told Hotspot Shield, and it allowed us to view US and UK Netflix without difficulty.

The good news continued to the end of the test, with Hotspot Shield getting us into both Disney+ and Amazon, giving the service a perfect 100% unblocking success rate.


Like most VPNs, Hotspot Shield doesn't like to boast about its P2P support, but pay close attention to the website and you'll discover some good news.

The service fully supports P2P on all servers, for instance, so once you've connected with any of the clients (Windows, Mac, Android or iOS), you're ready to start downloading.

We don't like to take website claims for granted, so we verified Hotspot Shield's torrent-friendliness by successfully downloading torrents while connected to the US, UK and Japan.

Search the support site for the keywords P2P or torrent and you won't find anything at all, but there are a few simple guides for beginners in the Resources and Blog sections (try searching here), including advice on why you might want to use a VPN for torrenting, and pointers on How To Download Torrents Anonymously.  

Whatever method you're using, Hotspot Shield doesn't have any bandwidth limits or restrictions, so you should be able to use the service as much as you like.


Hotspot Shield offers clients for most major platforms and browsers (Image credit: Hotspot Shield)

Client setup

Sign up for Hotspot Shield and you're redirected to a web console, where you'll find download links for Windows, Mac, Android, Android TV, iOS and Linux apps.

In a neat touch, you can have the site send a text to your mobile with the relevant download link.

If you're hoping to find instructions for setting up connections manually on routers or other platforms, you're going to be disappointed. This should be possible, now the service supports IKEv2 connections, but for some reason the company doesn't want to give users the option.

This does at least make it easy to use the service. The Windows client set itself up much like any other application, while the mobile apps and Chrome extension are available in the relevant app stores. Log in with the username and password you chose during signup and you're ready to explore the service.

Not Connected

This is what you'll see when you first open the Hotspot Shield app (Image credit: Hotspot Shield)

Windows client

otspot Shield's Windows client opens with a dark panel displaying the current default location, a large On/ Off panel, and a tiny sidebar with more options. It looks very straightforward, and even total VPN newbies are likely to be exploring its features right away.

Tapping the On button got us connected at a very high speed, typically just two to three seconds to even the most distant servers. Most VPNs take at least five seconds to make a local connection, some require more like 10 to 15.


Hotspot Shield displays a lot more data about your connection once you turn on its VPN (Image credit: Hotspot Shield)

Once connected, a map appears showing your new virtual location, while other panels display a host of status information: your server IP address, load and latency, the amount of data used today, your current transfer speeds and the name of your local network (handy as a reminder when you're connecting to wireless hotspots, say). This is arguably a little cluttered and could intimidate not-so-technical users, but it's also smartly designed, and does a good job of presenting a lot of information.

Locations 2

Hotspot Shield has VPN servers in 127 different locations all over the world (Image credit: Hotspot Shield)

Clicking the current location displays a list of other countries and cities you can choose from. There's no server load figures or ping times to help with your decision, though, and no Favorites system to group commonly used locations, a surprise considering the rest of the app looks so feature-packed.

Hotspot Shield's settings dialog is more capable, with a choice of protocols (IKEv2 or Catapult Hydra), and switches to run the client when Windows starts, prevent IP leaks, and enable a kill switch to block internet access if the VPN drops.

There's a handy bonus feature in the client's ability to automatically connect to Hotspot Shield when you access unsafe Wi-Fi hotspots, safe hotspots or all networks. That option isn't available nearly as often as we'd like, and it's good to see it here.


Hotspot Shield suggests different locations based on whether you plan on streaming or even gaming (Image credit: Hotspot Shield)

The 'Smart VPN' feature enables choosing domains that won't be routed through the VPN, handy for websites which don't work as usual when you appear to be in another location. If we connect from the UK to a US server, for instance, we wouldn't be able to view BBC iPlayer. Add it to the 'Web domain bypass' list and iPlayer should work as usual, whatever our VPN location.

Support for keyboard shortcuts is a small usability plus. Ctrl+Shift+C connects and then disconnects, for instance, while Ctrl+Shift+V displays and enables choosing a virtual location.

This all worked well for us, but if you run into difficulties, a Support page includes links to open the FAQ, Live Chat and 'Leave a message' pages on the Hotspot Shield website.

Android App

This is the user interface for Hotspot Shield's Android app (Image credit: Hotspot Shield)

Android app

The Hotspot Shield Android app looks and feels much the same as its Windows cousin.

The location list is very similar, for instance, still with no Favorites system. Connection times are quick, and although the post-connect screen doesn't display the map, it's still crammed with status information: server status, load, ping time and IP address, the amount of data uploaded and downloaded in the past 24 hours, and your peak speed in the current session.

Most of the action is in the Settings dialog, which includes some interesting options and tweaks.

For example, the Connection Center enables setting up the app to automatically connect when you connect to insecure or untrusted networks, when your device starts, even when you launch a particular app. Some apps have one or two of these, but very few include the full set, and present them in a single integrated panel.

A Smart VPN feature is Hotspot Shield's version of split tunneling, and allows you to direct some app traffic through the VPN, while others connect to the internet directly.

Elsewhere, an integrated kill switch protects your identity by blocking your internet connection if the VPN drops, and there's a battery-saving extra in the ability to turn off the VPN when your device is sleeping.

The app doesn't support IKEv2, unlike the Windows client, and it doesn't have quite as much low-level technical features as some (no DNS control, for instance.) Still, the app is easy to use, with more than enough functionality for most users, and overall it's a capable addition to the range.

iOS app

Hotspot Shield's iOS app is a close interface match for the company's Android offering, with little more than a connect button, a world map and list of locations, and a very few settings.

What you don't get is much in the way of functionality. There are no auto-start or auto-connect options, and no kill switch. The only option you get is an 'Insecure connections' setting which warns you if you're connecting to an insecure network, perhaps prompting you to connect manually (and even that is turned off by default).

Overall, the iOS app looks good and is straightforward to operate, but it's hard to see why it doesn't have an option to connect to the best server for your location.

Still, it's simple, very fast and unblocks almost everything, and that's going to be more than enough for most users.

Browser Extension

The Chrome extension is a simple way to protect browser traffic only (Image credit: Hotspot Shield)

Browser extensions

Many VPNs offer browser extensions, but they're usually very basic, stripped-back tools with little more functionality than a Location list and a Connect button. That's not the case with Hotspot Shield, though – its Chrome extension is stuffed with features, and more powerful in some ways than the desktop and mobile apps.

The opening interface gives no indication of this, as it looks much like the other clients: a mostly empty dark panel with a Connect button in the middle, and barely anything else. Point, click, and you're connected.

It's a near instant connection, too, because the browser extension is a simple proxy system which protects your browser traffic only. That won't work in every situation, but if you're mostly interested in unblocking websites, it could serve you very well.

Tap the Configuration button top-right and you're able to set a default server which you'd like Hotspot Shield to access when you first connect, or have it automatically connect to the nearest server..

There are a bunch of privacy extras, starting with ad, cookie, tracker, malware and WebRTC blockers, along with a handy option to ignore any resources you're accessing which are hosted within your local network.

Perhaps the best additions are the Auto Protect and Bypass lists, at least once you've found them (they're in Chrome's Hotspot Shield Settings page rather than the extension console). Add websites which require the VPN to Auto Protect and Hotspot Shield automatically turns itself on whenever you try to access them. Add websites to the Bypass list and Hotspot Shield directs them through your regular connection, rather than the tunnel, handy for sites which don't work with a VPN, or which need to see your real location (a streaming platform which is only available in your country, say).

This isn't quite as powerful as it looks. The ad blocker isn't as capable as the market leaders, for instance, and doesn't have any settings or options to customize how it functions. Still, overall it works very well, and the Chrome extension is better than most of the proxy competition.

Although it's barely advertised on the website, Hotspot Shield also has a Firefox extension. This lagged a little behind the Chrome build in our last review, and for example didn't include Sword Mode for feeding web trackers fake browsing information, but recent updates have fixed that, and the extensions now appear identical.

There's a lot to like here, and both the Chrome and Firefox builds are welcome additions to the Hotspot Shield line-up. We'd like to see the company develop them further, though. The Chrome extension's privacy tools have been flagged as 'beta' for a long time; it's time to get them finished, and begin thinking about what comes next.

Support Within the App

You can now reach Hotspot Shield's support team from within its apps (Image credit: Hotspot Shield)


If Hotspot Shield isn't working for you, the various apps give you instant access to advice on common issues by embedding documents from the website. As usual, if your issue is more complex, you can head off to the support website for more in-depth guidance.

A web-based Support Center organizes its articles by platform, as well as categories like Payments and Subscriptions, Manage Account and Common Issues. There is some useful information on the website that you won't always get elsewhere (release notes, for instance), but organization is poor, and the articles can't compare with the depth of web guidance you'll get from providers like ExpressVPN.

We'd expect the Getting Started section to include detailed setup instructions for each platform, for instance, but not here. The very first article on the Windows Getting Started page is 'How does the Hotspot Shield Referral Program work'; we don't know what proportion of users have that as top of their priority list, but we'll bet it's really, really small.


Hotspot Shield also offers live chat to solve any issues you can't figure out after searching its knowledgebase (Image credit: Hotspot Shield)

If you can't find an answer in the knowledgebase, you're able to get in touch with the support team via live chat or email.

We tried live chat – the chat window quickly appeared, reported that we were first in the queue, and we were talking to a friendly and knowledgeable agent in under a minute.

There's room for improvement on the support site, then, but many users should quickly find the core details they need, and the quality support team are on hand to help you with anything else.

Final verdict

Hotspot Shield has some issues – differences across platforms, no router or manual setup support, a little logging – but if top-notch unblocking and solid and reliable performance are your top priority, it could be a great choice. Give it a try.


Post a Comment


Popular Posts


Blog Archive