Popular virtual private network provider Hotspot Shield has been accused of spying on its users and injecting its own advertising into web pages, according to a newly filed Federal Trade Commission complaint.

The accusations come from the Center for Democracy & Technology, which claims in its 14-page filing that Hotspot Shield is monitoring its users in breach of its own stated policies. The CDT also said Hotspot Shield is engaging in unfair and deceptive trade practices by interfering with web traffic and redirecting it to partner websites such as those of advertising companies.

“Hotspot Shield’s description for its iOS and Android mobile applications declares a ‘no logs’ policy; however, its Privacy Policy, which covers and includes its Hotspot Shield services, describes more elaborate logging practices,” the CDT claims in its filing.

In addition to the accusation that Hotspot Shield is actively keeping logs on users, the software is also accused of using JavaScript code to forcibly inject its own advertising into web pages being visited by its users.

“When using [the Hotspot Shield] VPN service, a user’s internet connections are routed through servers either run by or controlled by the VPN provider,” CDT Director Michelle De Mooy said in a blog post. “VPN providers may log data about this connection. These VPN logs serve a variety of functions, ranging from operations to delivery of third-party advertising.”

Hotspot Shield, like other VPN providers, is used by users for a number of purposes. Ostensibly its primary use is privacy: VPNs bypass the IP address of the Internet service provider and allows users to connect to a site without identifying their location. However, it’s well-known that VPNs such as Hotspot Shield are mostly used to bypass geo-restrictions on content. That may be a legal or illegal use depending on the spokesperson for a given industry, but it’s what most individual consumers would use a VPN for, and Hotspot Shield has long been one of the most popular options on the market.

That Hotspot Shield is subject to a complaint about its arguably dubious practices is not at all surprising to anyone who has used the software before. A quick Google search finds complaints about the software going back six years and some sites even go as far as referring to it as malware: Essentially once you install it, it does ad injection, exactly what CDT claimed.

For those who have Hotspot Shield installed and are at all worried about the fact that it’s monitoring users’ moves and injecting its own ads, instructions on how to remove the software can be found here.

Image: Hotspot Shield