Here at BestVPN we have always been wary of recommending free VPN services. While old adages such as ‘there is no such thing as a free lunch,’ and ‘if you don’t pay for the product then you are the product’ are not always true (there is some great community developed open source software out there), when it comes to commercial services, they often are.
A very popular free VPN service is Israeli-run Hola, which boasts 7 million users of its Chrome extension alone. Following a DDoS attack last week, the owner of imageboard website 8Chan, Fredrick Brennan, did some investigation, and did not like what he found.
Although most users probably do not realize it, Hola works much like Tor. Every user of Hola also acts as a potential exit node for every other Hola user,
‘When a user installs Hola, he becomes a VPN endpoint, and other users of the Hola network may exit through his internet connection and take on his IP. This is what makes it free: Hola does not pay for the bandwidth that its VPN uses at all, and there is no user opt out for this.’
This is likely to be something many users will be very uncomfortable with, and exposes them to the same kinds of risks that a Tor exit node user is vulnerable to. Because the apparent IP address of any Hola user is the IP address of another user, that user can be held responsible for the actions (criminal, hacking, DDoS attacks etc.) of users. As Brennan observes,
‘On the other hand, with the Tor onion router, users must specifically opt in to be exit nodes and are aware that completely anonymous traffic can pass through their connections, which means they should be ready for abuse reports for child porn, spam, copyrighted content and other ills that come with the territory.’
Co-founder of Hola, Ofer Vilenski, has defended this setup. He explained that Hola has never hidden how the service works,
‘We have always made it clear that Hola is built for the user and with the user in mind. We’ve explained the technical aspects of it in our FAQ and have always advertised in our FAQ the ability to pay for non-commercial use.’
However… what was never made clear (until its FAQ was quickly updated last Wednesday as news spread of Brennan’s findings), is that Hola sells its users’ bandwidth through its sister company, Luminati (an archived version of the older FAQ is available here.)
This basically means that Hola is selling the bandwith of every one of its almost 10 million users, for most almost certainly without either their knowledge of consent. A Brendan notes,
‘[Hola boasts] more than 9,761,015 exit nodes on their website, and based on what I saw in the past week I have no reason to doubt it. The only silver lining is their greed: they charge $20/GB to use lines that cost them nothing, their software simply mooches off of the unfortunate users who have installed the proprietary Hola software… Hola is the most unethical VPN I have ever seen.’
This lack of ethical business practice was also pointed out by Lantern founder Adam Fisk, who told Motherboard that,
‘The bottom line is they’re trying to figure out how to run a profitable business, and they’re essentially selling out their users to try to figure that out.’
Security researcher Raphael Vinot also chimed in with a similar opinion,
‘If it works the way it is explained, it’s a terrible idea to use it. Because you end up being responsible for what the other users of the service are doing… Honestly, that level of trickiness is art.’
Hola users desperate for a free alternative VPN service can check out our article on 5 Best Free VPNs. But really, is a few bucks a month too much to pay for a good, fast, and private VPN service, that will not sell you out for sheer greed? We think not.