The popular VPN service, Hola, has been selling users’ bandwidth to third parties in attempts to pay for its free service. This is an extremely concerning revelation that could lead to a disastrous botnet-for-sale network that compromises the VPN users.
Hola is a free service designed to provide people with online security and help them bypass geo-blocked content and media on the internet.
Hola’s controversial agreement with Luminati
Hola is available as a Google Chrome browser plugin, which is easy to install and use. At this time, the tool has been downloaded over 6 million times. However, this simple design puts regular online users at risk from hackers who could use it to perform cyberattacks on various websites, and in turn, make those users liable.
Hola plugin is based on a P2P (peer-to-peer) network, so even if you’re located in a foreign country, you will probably be routed through a U.S.-based connection to access U.S. content.
Hola offers its services for “free,” but instead makes money by selling users’ bandwidth to Luminati, a third-party service that uses that data to re-sell the same connections. This has all been confirmed by Ofer Vilenski, founder of Hola.
Luminati, which is currently one of the largest VPN networks in the world, then asks its customers to pay a small fee to use the Hola connections. This is meant to provide the consumers with secured commercial traffic with complete anonymity.
Selling their users’ bandwidth basically means that Hola is offering their consumers up as voluntary botnets. Anyone with malicious intent can use someone else’s connection to do whatever they wanted. Motherboard states that this agreement between Hola and Luminati can only be described as a giant botnet partnership.
This cautionary tale was revealed when an 8chan administrator by the name of Fredrick Brennan claimed that users of both Hola and Luminati had been compromised and used as scapegoats in a large-scale botnet attack against 8chan.
The 8chan cyberattack
Brennan reported that his website was faced with thousands of post requests that looked like legitimate user requests. However, within 30 seconds of the attack, the website’s PHP-FPM crashed due to a 100x spike in web traffic.
It was a DoS (denial of service) attack carried out by infamous spammer, “Bui,” who confessed to Brennan that he had taken advantage of Hola’s partnership with Luminati.
Before the revelation, Hola had a statement on its FAQ (Frequently Asked Questions) page that revealed that its service can be used for commercial purposes. However, there was no follow-up answer as to which third-party websites are privy to it. Following the 8chan attack, Hola has updated the page with a more specific explanation about its dealings with Luminati.
The new statement further states that any illegal activity found on its network would be reported to the authorities, along with the true IP of its free users. This action in no way could protect regular users from being scapegoated by hackers using their connections.
Vilenski has tried to reassure users that the older FAQ page requested that anyone wishing to use the service for commercial use should contact the company for a quote. However, he also admits that most people probably wouldn’t notice the statement. His excuse for this is that users just don’t care about it, rather than Hola trying to be sneaky. Vilenski states that all people want is a solid service that simply does what they need it to do.
The moral of the story? Invest in a proper VPN
The Hola-Luminati fiasco just goes to show that nothing is as free as it seems. While free VPN services like Hola will save you a few bucks every month, it leaves you vulnerable to hackers and potential legal problems. A few dollars paid to a proper VPN service can provide you with a secured connection that won’t be compromised or resold to third parties.
Installing premium VPN software is incredibly easy, and will offer highly encrypted connections and assign you with new IPs that cannot be revealed. Since paid VPNs route your traffic through their own secured severs first, there’s no room for information disclosure. VPNs like these work on the foundation that all online users deserve and need anonymity, and work tirelessly to provide that.
There are hundreds of premium VPN service providers currently available. If you aren’t sure of which one to choose, you can read our two decent VPNs comparison article, which highlights the pros and cons of two top-rated services, IPvanish and HideMyAss.
Also, check out this PureVPN review to learn about one more great VPN that can protect you for a small monthly fee.
And if you are still not sure whether you need VPN or not, don’t miss this story. It will tell you all about ISPs and will reveal the details about what your ISP regularly snoops on when you think no one’s looking and you are safe and secured online.
After that, you will be able to choose the VPN that best suits your needs and requirements.