Hola Better Internet is a popular Chrome extension that allows you to watch blocked content overseas. However, there’s something more nefarious going on behind the scenes: the company is selling the bandwidth of Hola users to anyone with money to buy, effectively turning its users into a botnet for hire.
To comprehend the issue here, it’s important to understand how Hola works. Since it’s a peer-to-peer VPN, users in one place (say, Europe) that want to “appear” in another place (like America) are essentially routed through a user in their desired location. That means, unless you pay for Hola’s premium service, you act as an “exit node” for other users, in a similar fashion to services like Tor.
Unlike Tor, however, Hola users can’t opt out of being an exit node in the free version. The problem with being an exit node is that when someone is connected through you and does something illegal or which violates your ISP’s terms of service, you could be held accountable. Since Hola makes no promises to encrypt your traffic, it carries the same risk that using a service like Tor does (even if that risk is slight.) By using Hola, you’re trusting that the users connecting to you aren’t doing anything crazy, and that Hola will stop them from doing anything illegal.
This would all be fine if you were just an exit node for other users, but it turns out that Hola has been aggregating and selling the bandwidth of its user “exit nodes” through a service (which Hola also owns) called Luminati. This means anyone who wants to can essentially buy the bandwidth of Hola users, then direct it as they see fit — and that’s what one user did. He bought up bandwidth from Luminati and used it to attack anonymous message board 8chan. Hola says this was a mistake, and the user managed to elude its screening process, but you can see why this is incredibly sketchy behaviour.
While Hola’s FAQ has always explained the peer-to-peer nature of the service, it never highlighted that centralised control, never mentioned Luminati, and never mentioned the fact that it was essentially selling your bandwidth until very recently.
This isn’t Hola’s first offence, either. You may remember when Hola was caught “testing injected ads” into its users’ browsers too. Between these two events, we no longer recommend using them.
OK, Hola was just trying to make money while providing a free service — but the way it used its customers and concealed its behaviour is highly problematic. Like almost every free VPN, using it comes with a trade-off, whether it’s in slow speeds, limited bandwidth, or your browsing history being used for advertising. in this case the adage that “if you’re not paying for it, you’re the product” is literally true — with potentially worse consequences.