Hola, a popular VPN service, is in deep trouble. According to the latest revelations from 8chan, if you use the free Hola service, you may have become part of a botnet, and could have involuntarily participated in DDoS attacks. Even paying subscribers have been exposed to serious security holes that enable anyone to execute malicious programs on your computer, leaving you vulnerable to ongoing cyber attacks.
How Hola works
Hola is not technically a VPN service; it doesn’t own or lease VPN servers, nor does it pay for any bandwidth. Actually, Hola operates like a BitTorrent service for web browsing. Every user connected to Hola’s network is considered a peer, with non-paying users defined as exit nodes, which allows other Hola users to use those nodes as a proxy to access the Internet. Hola tracks each user and routes traffic from peer to peer, describing its service as a “peer to peer VPN network”. Hola claims its service gives people the freedom to browse the Internet without censorship and allows people to browse the web anonymously. However, in fact, Hola’s network presents serious security and privacy issues.
- Because Hola doesn’t maintain any VPN servers it has no control of the security of the machine that routes your traffic.
- Unpaid users become by default an exit node of the Hola network. This means other users can browse the Internet through your device, so your IP address becomes the “foot print” of another person’s online activity. If that person did something unlawful, it would be traced back to your IP.
- Hola also has a sister site – Luminati, which sells access to its network to anyone who is willing to pay. Selling users’ bandwidth without their informed consent is at the very least dishonest, but exposing them to security risks and malicious attacks is clearly unethical and irresponsible. A malicious person can use Hola’s network to create a botnet and launch a DDoS attack devastating enough to take even a large website down – imagine 40+ million users trying to access Facebook at the same time. That’s what happened to 8chan.
While Hola claims to protect your privacy and enhance your online security, in reality it does exactly the opposite. Hola creates a security hole on your device and makes you vulnerable to cyber attacks. If you’re still using Hola, you should uninstall it immediately. Now the logical question is, “what are the alternatives”?
The closest alternative to Hola is TunnelBear. It works not only on mobile devices and desktop computers, but also as a standalone Google Chrome browser extension. That means you can browse the web with VPN and still access the local network and conduct other Internet activities without VPN. Because the TunnelBear Google extension only works with the Chrome browser, it doesn’t encrypt all traffic from your computer. To encrypt all the traffic install the TunnelBear desktop application. The following is a list of trusted VPN services to replace Hola. The VPN listings are in no particular order; click on the column header to sort them according to your needs.
|VPN Service||Price [one year]||Logs Keeping||Jurisdiction|
|ExpressVPN||$99.95||No||British Virgin Islands|
If you come across a good VPN service you’d like to recommend, please tell us about it so we can include it in the listing.
And don’t forget to share this post with anyone who might still be using Hola!
Image credit: https://www.flickr.com/photos/ukaaa/
Got a question? Post it in our forums. We’ll work it out.
Make your dreams come true by trusting me… I am an african spell casterdoctor
I trust you. My dream is for you to stop spamming my website. Please make it true to prove you indeed have the power you claim.
I would like to know if any of the Firefox add-ons such as BESTPROXYSWITCHER and HOXX are safe?Thanks,
Check out ZenMate
Anirban Dutta — if your virus scanner worked well IT WOULD NOT ALLOW HOLA TO INSTALLED!!!!!!!! It`s a bot net that also has very bad VPN security and it might not be a big deal to household users with low internet and computers, but think of alll the people who watch netflix on company computers.. If my company would be infected with a bot net millions of dollars of servers that could put any site down in minutes.. what would you do Anirban if your ISP kicks you off for hosting a bot net, how will you get you Netflix then,, THINK PEOPLE
im really sorry but a peer to peer vpn network is the way to go. if it induces some security risks we have to live with that. im not going to pay some company lots of cash to maintain a unecological server infrastructure just to circumvent artificial geoblocking.
If your confidential information was exposed would you be okay with it then? This isn’t just about sacrificing a little bit of your own personal network’s security. As I told someone else, it is allowing your computer to become a participant of DoS (Denial of Service) attacks which can lead to the illegal exposure and theft of confidential health, security, or personal information or the hijacking of websites. This is illegal and morally and ethically wrong. Are you really willing to do that just so you can watch Saving Private Ryan for free?
I had hola for almost a year and just learned about its problems today. I’m so glad I found your website and removed hola immediately. Thanks for the info!
Hola is by far THE BEST one out there, easy to use, free, and I don’t care at all if I become the node for others to connect to the websites in my country. All these Geo-blocking crap are such a big B.S. Internet should be free and without boundaries!
It’s not just others connecting to websites in your country. It is also making your computer a participant of DoS (Denial of Service) attacks which can lead to the illegal exposure and theft of confidential health, security, or personal information. It’s doing so much more than just letting the Chinese access Facebook or the Russians access US Netflix.
I used good antivirus on my pc. So, if Hola unsecure no problem.
I just want to clarify to the people commenting on this thinking their PC is protected… you are helping hackers take down websites with your machine. You are not safe. As you use HOLA, your computer could be sending out packets of info to websites, with no return address, and thus clogging the internet so they can’t respond.
It’s socially responsible to delete HOLA, and you actually could get caught participating in a DDOS attack and lose your contract with your ISPs.
Absolutely agree. We all have a moral and ethical obligation to not participate in hacking. Even indirectly. Thank you so much for pointing all of this out.