Why you should still avoid it in 2021
Anyone who has wandered into the virtual private network market is aware that there are many scams out there. Although our best VPN for iPhone and Best VPN for Android guides give recommendations on which services you should use on your mobile device, Google Play and the App Store are still full of problematic apps.
One of the worst offenders is Hola VPN, an Israeli company that approaches the free VPN model from a different perspective. With over 184 million users — at least, according to its website — Hola VPN is one of the most popular VPNs around, despite the fact that the company behind it exemplifies consumer manipulation.
By writes from CNN Money and Business Insider, Hola VPN appears to be a legitimate service, but its manipulation of the press and consumers can’t exclude it from the damned terms of service, which say Hola VPN sells access to your device to companies and possibly criminals around the world.
What is Hola VPN?
If you are browsing for free VPN services, Hola VPN does not stand out. Like many online options, it’s a free VPN that promises to unblock most websites from any country, but it made our worst free VPN guide for a reason.
Unlike Windscribe, for example, which limits the amount of data users can use for free, Hola VPN’s free plan has no limits (read our Windscribe review). Instead, it claims that it can run a VPN for free by creating a peer-to-peer network, making it no need to maintain servers all over the world.
This is an interesting business model, but anyone who knows what can go wrong with P2P communications can already see blood in the water.
Let’s get you up to speed. A VPN is a network of servers that are usually located all over the world. You connect to these servers before you go online, effectively masking your origin and traffic. Hola VPN does the same thing, but instead of maintaining a network of servers, it switches you to the network.
Let’s say, for example, that you are based in the UK and a US resident wants to stream BBC iPlayer (read our best VPN for BBC iPlayer guide). Instead of having a dedicated server in the UK, Hola VPN will use the computing resources of the device from a UK resident. In short, the US user will go through the UK user’s device.
This is not hidden information. In fact, Hola was praised for the model when it was released in 2014. The idea was that passive devices, like your smartphone, would create a content delivery network that would move traffic and speed up the internet for people all over the world. Unfortunately, this is not what happened.
The Adios website Hola, launched by nine security experts, discovered multiple vulnerabilities in the system, and it wasn’t just simple monitoring processes. By routing data through your device, Hola VPN allows anyone who tunnels on the network to track you online, including your installation directory, unique session key, and other personal data.
Even worse, the application allowed anyone to execute programs on your computer, which means that a hacker could dump malware on your device without your knowledge. Because of the deep permissions Hola needed, users had things like rootkits, which are nasty malware that even the best antivirus software has a hard time with, installed on their devices.
This is Hula in isolation. Unfortunately, the rabbit hole doesn’t stop there. Although accessing users’ devices is bad enough, it requires a lot of knowledge. So much so that it can be more difficult than jailbreaking someone’s device in another way. The scary thing about this story is that Hola VPN does not operate on a unique business model. It monetizes your IP address.
Hola and Luminati
Before we delve into it, it is important that you understand the relationship between Hola VPN and Luminati. Ofer Vilensky is the founder of Hola VPN, HolaCDN, and Luminati. He is currently the President of Luminati and CEO of Hola. Although no one seems to hide that the two companies are related – they are not BestVPN and Buffered – this is proof that they are.
Despite this, Luminati is not a VPN. Instead, it sells networks of affiliate computers. The idea is that smartphones, tablets, and computers are idle for part of the day, so Luminati uses the computing resources of these devices during idle time to give additional resources to businesses.
Use cases like this are numerous, according to Luminati on its About page. For example, you can test your website across multiple cities around the world or run scripts to collect information without huge computing costs. Although these are legitimate needs, the way you fill this Luminati is not.
Today, Luminati has 35 million residential IP addresses and 2 million mobile IP addresses. I managed to get a tenth of the US population by enslaving devices with Hola VPN and selling IP addresses through Luminati. Although it was a well-known fact in 2015, Luminati claims to have started working independently from Hola in 2016.
But this is not true. The Hola End User License Agreement, which was flagged as the last update in 2018, clearly states that “in exchange for the free use of Hola Free VPN Proxy, Hola Fake GPS Location, and Hola Video Accelerator, you may be a peer on the Luminati Network. “
The dangers of being peer
While we’ve already talked about the risks of Hola VPN being a closed peer-to-peer network, the idea that others can buy access to your device is even more scary. Basically, Luminati legally sells botnets, a product that is usually only available on the dark web for the purpose of cybercrime.
Botnet is an acronym for “botnet”. The concept is easy to understand. It is a network of devices that have bots installed on them. Bots allow the person in charge to do just about anything they want to do on your device. By installing Hola VPN, you agree to install a bot on your device.
Hola does not hide the fact that it will use additional resources on your device, but it is not clear what the purpose of using these resources is. Botnets are a hot commodity, generating a lot of revenue for those who run them through ad fraud, crypto-mining, and distributed denial-of-service attacks.
One of the most famous botnets was known as ZeroAccess, which collected 1.9 million IP addresses in a P2P network. Symantec, the company that created Norton Security (read our Norton Security review), studied botnets in 2013 to see how much they affected.
I found that the bots had two purposes: to mine bitcoin and to commit click fraud. Bitcoin mining generated about $2,000 a day, adding up to $800,000 a year, while scams fetched tens of millions of clicks.
ZeroAccess used affiliate computers to fake clicks on ads, making it seem as if the ads were more popular than they were. In this sense, the botnet generated 488 terabytes of traffic per day, harming those who indulged in it. Each user who was part of the bots spent about $110 more in electricity annually, adding up to $204 million annually.
To put that into perspective, the amount of electricity ZeroAccess uses can power more than 100,000 homes.
This is a network of 1.9 million IP addresses. Luminati sits with 37 million. While it is distributed among many users, the environmental and economic impacts still exist. By being a peer in the Luminati network, you are likely to increase your electric bill, put money in the hands of criminals and steal much needed electricity.
We are not saying that everyone who uses Luminati is a criminal. There are legitimate use cases for it. However, it can be used in cybercrime. Hola VPN system vulnerabilities allow Luminati users to deliver malware to users’ devices and harness the power of the network to commit any of the crimes that can be committed using botnets.
Save the headache
Although we understand the importance of saving money, your privacy is something you should value. It’s not worth the potential risk of using a free VPN, such as Hola VPN, to unblock new movies on Netflix or protect your torrents. In the end, you always pay, and the lower monthly rate that legitimate VPNs charge end up being cheaper in the long run.
We forgive you if you go past our best VPN, ExpressVPN, if you’re on a tight budget. While we think it’s worth the price — you can see why in our ExpressVPN review — it’s undoubtedly one of the more affordable options.
However, there are budget options, most notably CyberGhost and Private Internet Access. CyberGhost’s monthly price isn’t impressive – it’s the same price as ExpressVPN – but its multi-year contracts are second to none. For the same price as a year’s service from ExpressVPN, you can get three years with CyberGhost (read our CyberGhost review).
CyberGhost is the cheapest provider we can still consider, but PIA isn’t much inferior to it. PIA is also much cheaper. At half CyberGhost’s monthly rate, and with deep discounts on multi-year plans, PIA is the best value on the market (read our PIA review).
For just a few dollars per month, you can get a legitimate VPN that will protect you. The free options are attractive, but the gross misuse of your consent can lead to a terrifying scenario. Hola VPN is that nightmare. Even when the provider isn’t as degraded as Hola, free VPNs usually mean that your data is being collected and sold for profit.
Unfortunately, Hola VPN is not the only one of its kind. Although he might be the only one who stoops that far, there are plenty of VPN scams out there online. It’s never a good idea to be cheap, and this is especially true with VPNs. If you are looking to stream, torrent, or just protect yourself online, make sure to use a legitimate service.
Register to get our latest news
For the latest new releases and more.
What VPN are you using? Let us know your thoughts on this topic in the comments below, and as always, thanks for reading.
Let us know if you liked the post, this is the only way we can improve it.