VPN service "can intercept and redirect HTTP requests to partner websites."

A privacy advocacy group has filed a formal complaint with the Federal Trade Commission, alleging that Hotspot Shield, a popular free VPN service, collects numerous pieces of data and intercepts traffic in contrast to the company's claim that it provides "complete anonymity."
In its 14-page filing, which was submitted Monday morning, the Center for Democracy and Technology claims that the company displays persistent cookies and works with various other entities for advertising purposes, among other alleged unsavory practices.

The CDT partnered with researchers from Carnegie Mellon University to determine that the VPN service sometimes "redirects e-commerce traffic to partnering domains." As the complaint continues:

For example, when a user connects through the VPN to access specific commercial web domains, including major online retailers like www.target.com and www.macys.com, the application can intercept and redirect HTTP requests to partner websites that include online advertising companies.
The organization wants the FTC to open an investigation into what the CDT has dubbed Hotspot Shield’s "unfair and deceptive trade practices."

As Ars has reported previously, some VPN providers are likely to be more scrupulous than others: but in the end there’s no way for most users to know in a meaningful and obvious way that they should trust one provider over another. (We published an article in May 2017 explaining how to roll your own VPN!)