Security Popular free VPN service, Hola, discovered to have malware-like behavior

Scorpus

TechSpot Staff
Staff member

popular vpn hola malware chrome extension extension free vpn

One of the most popular free VPN and geo-unblocking services, Hola, has been uncovered as exhibiting malware-like behavior after its founder, Ofer Vilenski, confirmed that company resells the idle bandwidth of anyone who has installed the service.

Hola is most commonly downloaded as a browser extension to bypass the geo-blocks implemented by services such as Netflix and Hulu. It works as a peer-to-peer VPN; anyone who installs Hola acts as a VPN exit for another user. For example, if someone from Australia wanted to watch US Netflix, they would use the IP address of a US Hola user. If that US Hola user wanted to use an Australian service, they could borrow the Australian user's IP.

While this has always been how Hola has operated its free service, it turns out the company also sells users' connections to a third-party service called Luminati. Anyone can then buy bandwidth from Luminati's "Super Proxies" to route traffic through millions of free Hola users' idle internet connections.

As Luminati essentially functions as a Tor-like network, buyers of the service's bandwidth could end up hijacking a Hola user's connection to traffic child porn, access illegal marketplaces or perform other malicious activities. The Luminati network anonymizes their users in such a way that to authorities, the people seen to be accessing illegal sites are the 'innocent' Hola users.

According to the operator of online message board website 8chan, people have already used the Luminati network, hijacking thousands of Hola user's internet connections, to perform a denial of service attack on the website.

The recently-updated Hola FAQ does state exactly how the user's internet connection will be used, and claims that criminals won't be able to access the service as "Hola is a managed and supervised network and thus any illegal activity such as CP, etc. would be reported to the authorities with the real IP of the user."

However that doesn't stop the service from being dodgy. While Hola does function as intended, there is the real possibility that someone with malicious intent could hijack a user's connection through the service, access illegal material, and then let the blame fall squarely on the unprotected Hola user (at least initially).

Unless you are willing to take this risk, we strongly advise that the 46 million users of Hola uninstall the service to prevent their connection from being hijacked. If you are looking for a way to bypass geo-blocks, there are plenty of great, cheap VPN services that offer far greater privacy and security to their users.

Permalink to story.

 

Timmy R

TS Rookie
Dodgy is right...

people are already claiming they're being blocked from websites due to illicit activities. the hola ceo saying its always be in the terms? bull. check web.archive.org...
 

sadman3

TS Enthusiast
Hahah. at a small fee, you can bypass any restrictions on sites in your region via this VPN. also, have secured info from ID theft.
 
D

DavidBailey

If you are interested, Opera browser has a free VPN built in.
 

EricMegabyte

TS Rookie
Next time I decide to download something off the internet for free, I will first ask the support team about malware, etc first. Thanks for bringing this up. @lipe123 - No free lunch indeed. Sad . . .