Hotspot Shield VPN
Hotspot Shield is a popular VPN with just enough interesting and unusual features to help it stand out from the crowd.
The core service has a sizeable network of 1,800+ servers across 80+ countries and 115 cities. All servers are P2P-friendly, and built-in blocking of malicious and phishing sites helps keep you safe online.
- Want to try Hotspot Shield Premium? Check out the website here
The company's proprietary Catapult Hydra protocol generally delivers great performance. It's not supported by other software or operating systems, though, so you can mostly only use it via the Windows, Mac, Android and iOS apps (there's no manual setup guide for Chromebooks, say).
Fortunately, there's OpenVPN support for routers, which means you can now get Hotspot Shield working on Asus (AsusWRT/Merlin), DD-WRT, FreshTomato and GL.iNet boxes (the support site has detailed instructions on how this works).
Hotspot Shield's Windows app now also supports IKEv2, giving you even more connectivity options.
The service supports from five to 25 simultaneous connections, depending on your plan.
Hotspot Shield also includes two bonus security apps: a spam call blocker (Robo Shield) and a password manager (1Password).
These (along with a simple antivirus) used to be available for an additional $1 a month, but Hotspot Shield now says they're free. That's sort of true, but there's a little marketing trickery involved here. In reality, the company has stopped offering its previous (and $1 a month cheaper) VPN-only plan, so your only option is to buy the plans with the bundled tools.
Hotspot Shield pricing
Hotspot Shield's range starts with a very restrictive free plan: it has a 2Mbps speed limit, one location only (US) and a 500MB daily data allowance. It's useful as a way to check out the apps, but that's about it.
The paid VPN starts at $12.99 billed monthly, dropping to $7.99 on the annual plan to protect up to five devices.
That's at the high-end of the normal VPN price range. If you'll use the antivirus, call blocker or password manager, it still looks like a reasonable deal. But if you only need the VPN, most vendors charge around $3 to $5 for annual products, and even less for long-term contracts (Private Internet Access' three-year plan covers up to 10 devices for $2.19 a month).
Hotspot Shield does have one handy option in the Family plan, which gets you coverage for five people, with five devices each, for only $19.99 billed monthly, or $11.99 on the annual plan.
If you'll use all those licenses, that translates to $2.40 per user per month, for the VPN, plus the antivirus, spam call blocker and password manager.
There's no Bitcoin payment option, unfortunately, but you can use card or PayPal, and if anything goes wrong later you're protected by an unusually generous 45-day money-back guarantee.
Privacy
Understanding a VPN's security usually starts by looking at its protocol support, encryption and authentication details. This can be hugely complicated, but just seeing that a service supports a secure protocol like OpenVPN can give you reassuring feedback about its safety.
Hotspot Shield is more difficult to assess, because although it now supports the standard IKEv2 protocol, the service mostly relies on its proprietary Catapult Hydra technology.
This isn't as worrying as it might sound. Catapult Hydra's focus is on improving performance, and the encryption side of the protocol uses much the same standards as everyone else.
For example, the Hotspot Shield website reports that Catapult Hydra is based on TLS (Transport Layer Security) 1.2, with AES-256 and AES-128 encryption, 2048-bit RSA certificates for server authentication and keys exchanged via Elliptic Curve Diffie-Hellman (ECDHE) for perfect forward secrecy (keys last for only one session, with new ones generated next time). Which, for non-encryption geeks, is more than enough to keep you safe.
One problem with proprietary technologies like Catapult Hydra is there's no easy way to see what else is going on. OpenVPN is open source, and any developer can look at the code, figure out how it works, perhaps find problems or suggest improvements – something which isn't possible here.
That doesn't mean you must take Hotspot Shield's claims entirely on trust, though. The company points out that Catapult Hydra is used by 'the majority of large cybersecurity companies that offer VPN services from within their apps, such as McAfee, Bitdefender, Cheetah Mobile and many others.' In addition, 'carriers such as Telefonica and KDDI also use Catapult Hydra to provide VPN services and Wi-Fi security to their customers.'
As a result, though the code isn't publicly available, that doesn't mean its functionality hasn't been reviewed. These corporate customers need to understand Catapult Hydra to properly implement it themselves, and Hotspot Shield says the protocol has been 'evaluated by 3rd party security experts from more than 60% of the world’s largest security companies that use our SDK to provide VPN services to their users.'
Privacy isn't just about the low-level technicalities. Client implementation is also important, especially when it comes to blocking DNS and WebRTC leaks which might give away your real identity. Fortunately, testing Hotspot Shield's clients and browser extensions at IPLeak and DNSLeakTest didn't reveal any issues, with the service protecting us from snoopers at all times.
Your IP address could also leak if the VPN connection suddenly drops, at least in theory. Some of Hotspot Shield's apps include a kill switch to prevent this by shutting down your internet until the VPN is back up, but does this really work?
Some quick Windows tests got off to a good start. Even with the kill switch turned off, the client didn't leak our real IP address when we changed locations, and our IP address was exposed for typically no more than a couple of seconds if the connection dropped. When we turned the kill switch on, our IP address wasn't visible at all.
Digging deeper, we found the client opened multiple local TCP connections to manage the tunnel. If we forced these to close, we wondered, would that break the client? Nope; it didn't crash, leak our IP or even raise an alert, but just reopened the connections and continued as before. That ability to cope with unexpected events is a sign of smart engineering, and suggests the client will cope with oddball issues that we've seen break other apps.
Logging
Hotspot Shield's Privacy Policy includes some reassuring details on the company's logging practices, as follows: 'Our VPN products do not log or otherwise record IP addresses, device identifiers, or any other form of identifier in combination with your VPN browsing activity. Simply put, this means that our VPN products do not store any information about what any specific user browsed or accessed through a VPN connection.'
There is still some logging, the policy explains, including:
- 'the duration of VPN sessions and the bandwidth consumed'
- 'the domains that have been accessed by our users, but on an anonymized basis such that we do not know which user accessed which domain (we also aggregate this information on an approximately monthly basis)'
- 'device hashes, which are used to identify devices and associate them with other data we collect... Device hashes are not linked to VPN browsing activity'
- 'we do collect and use IP addresses [in the context of] protecting against fraud in connection with financial transactions with us, [and] deriving non-identifiable items of information, such as your approximate geographic location and information about your internet service provider or carrier'
This gives some scope for building a profile on how you use the service. For example, the company could keep a record of the time and date of every session, the device used, your approximate location and how much data you transferred.
Hotspot Shield clearly says none of this information can be used to link your account to any VPN browsing activity, which is good to hear. But, unlike some competitors, the company hasn't put itself through any form of public security or privacy audit, so there's no confirmation of these privacy promises. We're left to take Hotspot Shield's words on trust.
Performance
Hotspot Shield makes big claims about the performance of its Catapult Hydra protocol, but does it live up to the hype? We checked the service out with SpeedTest's website and command line app, along with a number of other benchmarking sites to find out.
Tests from a UK data center revealed speeds of around 280-300Mbps, a little down on the 360-380Mbps we saw last time. We switched to IKEv2, and the results were a near identical 280-290Mbps.
US speeds were a little better at 320-340Mbps for OpenVPN, 400-410Mbps for Catapult Hydra.
Although that'll be enough for some users – more than many devices and network connections can use – it's a long way behind the top competition. VPNs with WireGuard typically get 500Mbps and more, and providers such as CyberGhost, IPVanish, Mozilla and NordVPN regularly beat 750Mbps.
Netflix and streaming
Connecting to a VPN can help you bypass all kinds of website restrictions, from streaming sites which block content in specific countries, to nations such as China which block a host of popular sites.
Measuring a VPN's unblocking abilities is difficult as there are so many factors involved, but we try to get a feel for its effectiveness by checking how the service works with BBC iPlayer, Netflix, Amazon Prime Video and Disney Plus.
Hotspot Shield provides specialist streaming servers which should make this easy (so there's no need to try five different US servers to find one which gets you into Netflix), but to confirm this works reliably, we test each service using three separate logins and IP addresses.
BBC iPlayer has the technology to detect and block many VPNs, but Hotspot Shield bypassed that for all our test logins and allowed us to stream whatever content we needed.
Netflix is one of the most difficult streaming sites to access with a VPN, and it proved a step too far for Hotspot Shield. We weren't able to access US Netflix from any test locations.
There was better news with our last two tests, though, as Hotspot Shield got us into Disney Plus and Prime Video.
Three out of four is a very solid performance. Netflix has been fighting VPNs harder than ever, recently, and getting around its defenses is a serious challenge. There are still plenty of providers who manage it, though, and CyberGhost, ExpressVPN, Hide.me, Hola, PrivadoVPN, Private Internet Access, ProtonVPN and Surfshark all achieved a 100% unblocked-everything score in our most recent tests.
Torrents
Like most VPNs, Hotspot Shield doesn't like to boast about its P2P support, but pay close attention to the website and you'll discover some good news.
The service fully supports P2P on all servers, for instance, so once you've connected with any of the clients (Windows, Mac, Android or iOS), you're ready to start downloading.
We don't like to take website claims for granted, so we verified Hotspot Shield's torrent-friendliness by successfully downloading torrents while connected to the US, UK and Japan.
Search the support site for the keywords P2P or torrent and you won't find anything at all, but there are a few simple guides for beginners in the Resources and Blog sections (try searching here), including advice on why you might want to use a VPN for torrenting, and pointers on how to download torrents anonymously.
Whatever method you're using, Hotspot Shield doesn't have any bandwidth limits or restrictions, so you should be able to use the service as much as you like.
Client setup
Sign up for Hotspot Shield and you're redirected to a web console, where you'll find download links for Windows, Mac, Android, Android TV, iOS and Linux apps.
In a neat touch, you can have the site send a text to your mobile with the relevant download link.
It's all very easy to use. The Windows VPN client set itself up much like any other application, while the mobile apps and Chrome extension are available in the relevant app stores. Log in with the username and password you chose during signup and you're ready to explore the service.
Windows client
Hotspot Shield's Windows client opens with a dark panel displaying the current default location, a large On/Off button, and a tiny sidebar with more options. It looks very straightforward, and even total VPN newbies are likely to be exploring its features right away.
Tapping the On button got us connected at a very high speed, typically just 2-3 seconds to even the most distant servers. Most VPNs take at least five seconds to make a local connection, others might need 10 to 20.
Once connected, a map appears showing your new virtual location, while other panels display a host of status information: your server IP address, load and latency, the amount of data used today, your current transfer speeds and the name of your local network (handy as a reminder when you're connecting to wireless hotspots, say). This is arguably a little cluttered and could intimidate not-so-technical users, but it's also smartly designed, and does a good job of presenting a lot of information.
Clicking the current location displays a list of other countries and cities you can choose from. There's no server load figures or ping times to help with your decision, though, and no Favorites system to group commonly-used locations, a surprise considering the rest of the app looks so feature-packed.
Hotspot Shield's settings dialog is more capable, with a choice of protocols (IKEv2 or Catapult Hydra), and switches to run the client when Windows starts, prevent IP leaks, and enable a kill switch to block internet access if the VPN drops.
There's a handy bonus feature in the client's ability to automatically connect to Hotspot Shield when you access unsafe Wi-Fi hotspots, safe hotspots or all networks. That option isn't available nearly as often as we'd like, especially on Windows, and it's good to see it here.
The 'Smart VPN' feature enables choosing domains that won't be routed through the VPN, handy for websites which don't work as usual when you appear to be in another location. If we connect from the UK to a US server, for instance, we won't be able to view BBC iPlayer, but add it to the 'Web domain bypass' list and iPlayer should work as usual, whatever our VPN location.
Support for keyboard shortcuts is a small usability plus. Ctrl+Shift+C connects and then disconnects, for instance, while Ctrl+Shift+V displays and enables choosing a virtual location.
This all worked well for us, but if you run into difficulties, a Support page includes links to open the FAQ, Live Chat and 'Leave a message' pages on the Hotspot Shield website.
Android app
The Hotspot Shield Android VPN app looks and feels much the same as its Windows cousin.
The location list is very similar, for instance, still with no Favorites system. Connection times are quick, and although the post-connect screen doesn't display the map, it's still crammed with status information: server status, load, ping time and IP address, the amount of data uploaded and downloaded in the past 24 hours, and your peak speed in the current session.
Most of the action is in the Settings dialog, which includes some interesting options and tweaks.
For example, the Connection Center enables setting up the app to automatically connect when you access insecure or untrusted networks, when your device starts, or even when you launch a particular app. Some apps have one or two of these capabilities, but very few include the full set, and present them in a single integrated panel.
A Smart VPN feature is Hotspot Shield's version of split tunneling, and allows you to direct some app traffic through the VPN, while others connect to the internet directly.
Elsewhere, an integrated kill switch protects your identity by blocking your internet connection if the VPN drops, and there's a battery-saving extra in the ability to turn off the VPN when your device is sleeping.
The app doesn't support IKEv2, unlike the Windows client, and it doesn't have quite as many low-level technical features as some (no DNS control, for instance). Still, the app is easy to use, with more than enough functionality for most users, and overall, it's a capable addition to the range.
iOS app
Hotspot Shield's iOS app is a close interface match for the company's Android offering, with little more than a connect button, a world map and list of locations, and a very few settings.
What you don't get is much in the way of functionality. There are no auto-start or auto-connect options, and no kill switch. The only option you get is an 'Insecure connections' setting which warns you if you're connecting to an insecure network, perhaps prompting you to connect manually (and even that is turned off by default).
Overall, the iOS app looks good and is straightforward to operate, but it's hard to see why it doesn't have an option to connect to the best server for your location.
Still, as an iPhone VPN it's simple, very fast and unblocks almost everything, and that's going to be more than enough for most users.
Browser extensions
Many VPNs offer browser extensions, but they're usually very basic, stripped-back tools with little more functionality than a Location list and a Connect button. That's not the case with Hotspot Shield, though – its Chrome extension is stuffed with features, and more powerful in some ways than the desktop and mobile apps.
The opening interface gives no indication of this, as it looks much like the other clients: a mostly empty dark panel with a Connect button in the middle, and barely anything else. Point, click, and you're connected.
It's a near-instant connection, too, because the browser extension is a simple proxy system which protects your browser traffic only. That won't work in every situation, but if you're mostly interested in unblocking websites, it could serve you very well.
Tap the Configuration button top-right and you're able to set a default server which you'd like Hotspot Shield to access when you first connect, or have it automatically connect to the nearest server.
There are a bunch of privacy extras, starting with ad, cookie, tracker, malware and WebRTC blockers, along with a handy option to ignore any resources you're accessing which are hosted within your local network.
Perhaps the best additions are the Auto Protect and Bypass lists, at least once you've found them (they're in Chrome's Hotspot Shield Settings page rather than the extension console). Add websites which require the VPN to Auto Protect and Hotspot Shield automatically turns itself on whenever you try to access them. Add websites to the Bypass list and Hotspot Shield directs them through your regular connection, rather than the VPN tunnel, which is handy for sites that don't work with a VPN, or which need to see your real location (a streaming platform which is only available in your country, say).
This isn't quite as powerful as it looks. The ad blocker isn't as capable as the market leaders, for instance, and doesn't have any settings or options to customize how it functions. Still, overall it works very well, and the Chrome extension is better than most of the proxy competition.
Although it's barely advertised on the website, Hotspot Shield also has a Firefox extension. This lagged a little behind the Chrome build in our last review, and for example didn't include Sword Mode for feeding web trackers fake browsing information, but recent updates have fixed that, and the extensions now appear identical.
There's a lot to like here, and both the Chrome and Firefox builds are welcome additions to the Hotspot Shield line-up. We'd like to see the company develop them further, though. The Chrome extension's privacy tools have been flagged as 'beta' for a long time; it's time to get them finished, and begin thinking about what comes next.
Support
If Hotspot Shield isn't working for you, the various apps give you instant access to advice on common issues by embedding documents from the website. As usual, if your issue is more complex, you can head off to the support website for more in-depth guidance.
A web-based Support Center organizes its articles by platform, as well as categories like Payments and Subscriptions, Manage Account and Common Issues. There is some useful information on the website that you won't always get elsewhere (release notes, for instance), but most articles can't match the depth you'll get with providers like ExpressVPN.
The 'Why is my speed slow when I'm connected?' Android article, for instance, suggests 'it's normal to experience speed reduction from 30-50% when using any VPN service' (we're not so sure about that).
The article only contains a single sentence explaining how you might fix the problem: 'Sometimes switching the connection OFF and ON a few times can help the app search for servers that are physically closer to you and potentially faster.' That's the best they have to offer? Really? (There are other articles with more detail on this, but that's no help if you find this one first.)
The vast bulk of the article – 330+ words and no less than 15 screenshots – explains how to take a speed test and send it to Support.
Fortunately, if you can't find an answer in the knowledgebase, you're able to get in touch with the support team via live chat or email.
We tried live chat – the chat window quickly appeared, reported that we were first in the queue, and we were talking to a friendly and knowledgeable agent in under a minute.
There's room for improvement on the support site, then, but many users should quickly find the core details they need, and the quality support team are on hand to help with anything else.
Hotspot Shield review: Final verdict
Hotspot Shield is a likeable VPN with plenty of apps, some interesting features, and good live chat support to help out if you need it. But this provider also has issues in a lot of areas – it isn't the fastest VPN, there are some privacy concerns, and it doesn't unblock Netflix – and overall, the service can't quite match the best of the competition.
- We've also featured the best VPN
0 comments:
Post a Comment