Barnicoz Tech Barnicoz Tech Author
Title: Is Hola VPN Safe on Chrome?
Author: Barnicoz Tech
Rating 5 of 5 Des:
  There's no good reason to use Hola. While it's nice that it's free, your security and privacy can't be guaranteed, and th...

 ASUS Chromebook 12 C223NAThere's no good reason to use Hola. While it's nice that it's free, your security and privacy can't be guaranteed, and there are much more reliable free alternatives out there.

Hola VPN is a service that advertises heavily across the web, claiming it can help you access sites you normally can’t. However, there are some serious issues with the technical side of how it works, not to mention a long history of scandal—all of which raises the question of whether you should use the Hola VPN extension in the first place.

What Is Hola and How Does It Work?

First, let’s look at the tech of Hola on Chrome. You access Hola through a Chrome extension—or whichever browser you’re using—and it connects you to an exit node (a point in a network), letting you assume that node’s IP address.

If you’re familiar with VPNs, this may seem familiar to you, except that there are some key differences. For one, when using a “real” VPN, the node you connect to is a VPN server owned and operated by the service. This means that you take on the IP address of that server, but you’re paying the provider for their trouble.

There’s a bit more to how all this works; check out our full guide on virtual private networks for more.

Hola claims that its premium version—which costs over $80 per year—works this way, but that its free version is instead “community-driven.” When you or any of the 265 million users Hola claims open up the Chrome extension and select a location to connect to, you’re not picking a server run by Hola.

Instead, the node is supplied by a fellow user—you’re essentially routing your traffic through another person’s device, and their traffic through yours. This is something that bears repeating, as Hola doesn’t quite make this clear in quite so many words, instead just saying on its main page that you “contribute minimum resources to our network.”

Hola FAQ text

This makes Hola a peer-to-peer (P2P) network and brings with it a host of issues. The biggest is that of performance: since the Hola Chrome extension is using both your upload and download bandwidth, your speeds will likely slow down to a crawl whenever you connect. Having played around a little with it ourselves, speeds have been poor every time.

Another issue is that somebody you don’t know is using your IP address to do things you don’t know about. If they’re cracking Netflix, that’s fine, of course, but if they’re doing something criminal or downloading torrents, it could mean you end up being on the hook for their behavior.

Hola Security

There’s also the issue of security. A VPN uses VPN protocols to secure its connections, special programs that determine how the VPN interacts with sites and servers. In its FAQ, Hola claims that it uses IKEv2 or a proxy protocol, but we have a suspicion that IKEv2—which is fast but has a history of security issues—is only used when connecting to premium servers, and free users are stuck using the proxy protocol.

This is an important distinction, as proxies, to put it bluntly, leak like a sieve. As we explain in more detail in our article comparing VPNs vs. proxies, proxies offer no real security and slow down your connection, to boot. While there are scenarios in which they are the better choice over VPNs, none of them apply to most Hola users.

The result is that if you use Hola’s Chrome extension, you’re most likely exposing your traffic to anybody who wants to see. This is fine if you’re trying to unblock Netflix—though it likely won’t work—but it’s a disaster for anybody that actually needs security. Activists and journalists working in countries run by authoritarian regimes are inviting trouble using Hola, as are torrenters.

The Hola VPN Extension vs. “Real” VPNs

The upshot is that Hola is more of a glorified proxy than a VPN, and it seems the company agrees: while officially it’s still called “Hola VPN,” very little of the copy on its webpage mentions the term outside of the copyright notice at the bottom of each page and some images

Hola VPN image

 The only exception may be the premium plan, which has you use servers to spoof your IP address and likely uses a VPN protocol. Still, even a quick look at the landing page gives you the distinct impression any of the best VPNs on the market would blow it out of the water.

Even though these technical reasons alone should be enough reason to avoid Hola, there are more reasons to not use Hola VPN for Chrome—just consider its shady history.

Past Issues with the Hola VPN Chrome Extension

As serious as some of these technical issues are, the company has also had a checkered past. Though at first it seems fair enough that you get to use Mary’s bandwidth and therefore she gets to use yours—decentralized VPNs follow a similar philosophy, for example—it doesn’t make the company behind Hola any money, either.

Back in 2015, TorrentFreak found out that to fix this issue, Hola had been selling users’ bandwidth to third parties. This effectively turned the Hola network (then roughly 46 million users) into a giant botnet. If you had Hola’s Chrome extension installed, your device had effectively been enslaved to Hola or, more precisely, its parent company Luminati.

According to TorrentFreak, this only came to light because an admin of the notorious 8chan claimed a botnet owned by Hola had attacked his message board, though it was likely down without Hola’s direct knowledge. In response, Hola founder Ofer Vilenski claimed that Hola users could have known their devices could be suborned this way as it was laid out clearly in the terms of service—even though it was never mentioned before TorrentFreak brought it up.

Has Hola Cleaned Up Its Act?

You’d think that the revelation that this free VPN was using its users in a botnet would spark a massive backlash, but aside from some media furore, there hasn’t been much. Though the company seems to be vetting those third parties better, making the chances that an operator who wants to use the network to carry out botnet attacks smaller, it still makes no bones that it’s selling users’ bandwidth.

The only thing that has changed is that it’s not Luminati doing the selling, but a company Bright Data, as is made clear in the first entry of Hola’s FAQ. So while you probably won’t be made part of a cyberattack when using Hola, there’s no way what else these companies could be doing with your data.

Should You Use the Hola Free VPN Extension?

The upshot is that Hola proves the old adage that if you’re not paying for something, you’re the product. While it seems interesting to use as a free VPN, the security risks are, in our opinion, far too high, especially since there are plenty of trustworthy free VPNs around you could use instead.

 

 

 

 

 

About Author

Advertisement

Post a Comment

 
Top