With the unprecedented growth of internet censorship and government surveillance in addition to the ridiculous increase in severe legal penalties practised by copyright enforcement agencies and anti-privacy laws demanding ISPs to keep track of their users’ online activities and personal data, a lot of internet users have turned to virtual private networks, VPNs, in order to secure their personal data, surf the web anonymously and gain access to restricted web content and unblock banned websites in their countries. However, VPN services usually charge monthly fees in order to enjoy their full features and whether the service is available or not depends on where you are located. However, a lot of people prefer free VPN or proxy services which provide data security, internet anonymity and unlimited access to blocked content without any charges.
But what could be more sinister than a VPN which instead of serving its purpose in providing online security and anonymity, exposes your personal data to the world and sells your bandwidth to be used in botnet attacks?!
The Ugly Truth Behind Hola VPN
Meet “Hola VPN“, one of the most popular VPN services in the world that is based in Israel and has over 46 million users with 7 million users using the service’s free VPN/geo-unblocker Chrome plug-in. Unfortunately, the price of free VPN services can be quite costly like we have previously discussed here why you shouldn’t trust a free VPN service. Shockingly, Hola VPN is accused of selling its users’ bandwidth connections to Luminati users, a paid anonymizing service owned by Hola Networks and claims to operate similarly to Tor browser to mask internet traffic by routing data through a chain of volunteer-operated nodes. Hola VPN is not only accused of selling its users’ connections, but also with using these connections to launch botnet attacks.
These shocking accusations were made by Fredrick Brennan, operator of a Gamergate cesspool called “8chan”, when he said that Hola VPN users launched a series of DDoS attacks on his websites without their knowledge.
” An attacker used the Luminati network to send thousands of legitimate-looking POST requests to 8chan’s post.php in 30 seconds, representing a 100x spike over peak traffic and crashing PHP-FPM.”
But how did that happen exactly?
“When a user installs Hola, he becomes a VPN endpoint, and other users of the Hola network may exit through his internet connection and take on his IP. This is what makes it free: Hola does not pay for the bandwidth that its VPN uses at all, and there is no user opt out for this. On the other hand, with the Tor onion router, users must specifically opt in to be exit nodes and are aware that completely anonymous traffic can pass through their connections, which means they should be ready for abuse reports for child porn, spam, copyrighted content and other ills that come with the territory.”
Hola VPN doesn’t have its own network of servers unlike other VPN service providers which tunnel the user’s data through those encrypted servers so it would appear they they’re coming from a different location other than their actual location. Instead, the shady service “operates as a peer-to-peer VPN, routing users’ connections through each other’s devices like a giant telephone exchange. Hola makes money by selling idle bandwidth from its free users under the Luminati brand. Users who don’t want to contribute their bandwidth have to pay $5 a month explains the site’s FAQ.”
Even though the company’s founder Ofer Vilenski responded by saying that his company “has always made it clear” about how it operates, its users were clearly unaware that their bandwidth was being sold and used for unethical and illegal purposes.