Hola Better Internet Sells Your VPN Bandwidth To Botnets

Hola Better Internet Sells Your Bandwidth, Turning Its VPN into a Botnet

Hola Better Internet is a popular Chrome extension that allows you to watch blocked content overseas. However, there's something more nefarious going on behind the scenes: the company is selling the bandwidth of Hola users to anyone with money to buy, effectively turning its users into a botnet for hire.

To comprehend the issue here, it's important to understand how Hola works. Since it's a peer-to-peer VPN, users in one place (say, Europe) that want to "appear" in another place (like America) are essentially routed through a user in their desired location. That means, unless you pay for Hola's premium service, you act as an "exit node" for other users, in a similar fashion to services like Tor.

Unlike Tor, however, Hola users can't opt out of being an exit node in the free version. The problem with being an exit node is that when someone is connected through you and does something illegal or which violates your ISP's terms of service, you could be held accountable. Since Hola makes no promises to encrypt your traffic, it carries the same risk that using a service like Tor does (even if that risk is slight.) By using Hola, you're trusting that the users connecting to you aren't doing anything crazy, and that Hola will stop them from doing anything illegal.

This would all be fine if you were just an exit node for other users, but it turns out that Hola has been aggregating and selling the bandwidth of its user "exit nodes" through a service (which Hola also owns) called Luminati. This means anyone who wants to can essentially buy the bandwidth of Hola users, then direct it as they see fit -- and that's what one user did. He bought up bandwidth from Luminati and used it to attack anonymous message board 8chan. Hola says this was a mistake, and the user managed to elude its screening process, but you can see why this is incredibly sketchy behaviour.

While Hola's FAQ has always explained the peer-to-peer nature of the service, it never highlighted that centralised control, never mentioned Luminati, and never mentioned the fact that it was essentially selling your bandwidth until very recently.

This isn't Hola's first offence, either. You may remember when Hola was caught "testing injected ads" into its users' browsers too. Between these two events, we no longer recommend using them.

OK, Hola was just trying to make money while providing a free service -- but the way it used its customers and concealed its behaviour is highly problematic. Like almost every free VPN, using it comes with a trade-off, whether it's in slow speeds, limited bandwidth, or your browsing history being used for advertising. in this case the adage that "if you're not paying for it, you're the product" is literally true -- with potentially worse consequences.

Hola [8Chan via Hacker News and Business Insider]


Comments

    Urgh I use it, and have the Premium version. I've hunted for a while now but can't see how to opt out of exit node, is this automatic in Premium version? Or should I just get rid of it? Comments appreciated!

      it is my understanding the premium version is not an exit node... but the question now is can you trust anything this company says?

      they also claim these terms have been around since their inception but web.archive.org shows it as being updated May 27 right before this story broke... i only used the free version but there's no way unblocking content is worth going to jail for someone's child porn addiction. no dice.

      just get rid of it ASAP and use a reliable premium VPN like ExpressVPN https://goo.gl/8iJZfP
      which is secure, fast and still working for Netflix US.

      Last edited 27/01/17 3:39 am

    I stopped using it a while ago when google told me that Hola wanted to access and change my contacts, or something like that.

      About a month ago I noticed bandwidth was pegged at 100% when it was enabled and I wasn't even doing anything. I hooked it up to wireshark and saw a bunch of facebook/netflix/porn sites. Uninstalled it then. This doesn't surprise me at all.

        Yikes! We were also sorry to hear about the invasions of privacy that happened here. When you’re ready for a reliable VPN, come give us a try and let us know what you think. We have a 7 day money-back guarantee and there’s no logging or bandwidth sharing. https://www.ipvanish.com/.

    I have the extension installed and only rarely use it (a few minutes at a time, a few times a week).

    When not in use I disable the extension. Are they still able to use my connection/bandwidth when the extension is disabled?

    I have Hola installed on chrome, but only use it when connected to other networks anyway. At home I pay for Unblock-US.

    I've been using an extension called Browsec.I don't know if it's any safer than Hola.

    I use it all the time, dammit.
    What should we use>

      Get an actual VPN. You'll be better off all round.

    So is there a way to use a VPN we already own exclusively in a tab like with Hola? I have a PIA account but dont always want all of my traffic routed through the VPN

    Here's a comprehensive list of Hola alternatives https://thevpn.guru/hola-vpn-dns-proxy-alternative-find

    this is a shame... it just works so well!!
    I recently got a paid VPN (Private internet access) for privacy for downloads, and to watch football.
    downloading via proxy is great...
    sadly, the VPN isnt... Hola will usually watch the footy at 720p... VPN struggles to play at all.
    the speed is just all over the place.
    my 12mbit connection has gotten 5mbit in the morning when connected to japan, but when I actually want to use it (when the footy is on) I am getting <0.5mbit

    Certainly I've always known this was the case, which is why I don't use the service. The Chrome plugin was, I think, exempt, but the app certainly used this method from the start.

    I've said this before and I'll say it again. Sorting out paid VPN to get geoblocked content is not a massive cost in the scheme of things. Honestly, why you would compromise your security running Hola I don't know. I used a paid VPN through http://reviewmyvpn.com/nordvpn-review/ and it worked fine for me

Join the discussion!