ExpressVPN

Beware free VPN service Hola

Here at BestVPN we have always been wary of recommending free VPN services. While old adages such as ‘there is no such thing as a free lunch,’ and ‘if you don’t pay for the product then you are the product’ are not always true (there is some great community developed open source software out there), when it comes to commercial services, they often are.

A very popular free VPN service is Israeli-run Hola, which boasts 7 million users of its Chrome extension alone. Following a DDoS attack last week, the owner of imageboard website 8Chan, Fredrick Brennan, did some investigation, and did not like what he found.

Although most users probably do not realize it, Hola works much like Tor. Every user of Hola also acts as a potential exit node for every other Hola user,

When a user installs Hola, he becomes a VPN endpoint, and other users of the Hola network may exit through his internet connection and take on his IP. This is what makes it free: Hola does not pay for the bandwidth that its VPN uses at all, and there is no user opt out for this.

This is likely to be something many users will be very uncomfortable with, and exposes them to the same kinds of risks that a Tor exit node user is vulnerable to. Because the apparent IP address of any Hola user is the IP address of another user, that user can be held responsible for the actions (criminal, hacking, DDoS attacks etc.) of users. As Brennan observes,

‘On the other hand, with the Tor onion router, users must specifically opt in to be exit nodes and are aware that completely anonymous traffic can pass through their connections, which means they should be ready for abuse reports for child porn, spam, copyrighted content and other ills that come with the territory.

Co-founder of Hola, Ofer Vilenski, has defended this setup. He explained that Hola has never hidden how the service works,

We have always made it clear that Hola is built for the user and with the user in mind. We’ve explained the technical aspects of it in our FAQ and have always advertised in our FAQ the ability to pay for non-commercial use.

However… what was never made clear (until its FAQ was quickly updated last Wednesday as news spread of Brennan’s findings), is that Hola sells its users’ bandwidth through its sister company, Luminati (an archived version of the older FAQ is available here.)

Luminati 1

This basically means that Hola is selling the bandwith of every one of its almost 10 million users, for most almost certainly without either their knowledge of consent. A Brendan notes,

‘[Hola boasts] more than 9,761,015 exit nodes on their website, and based on what I saw in the past week I have no reason to doubt it. The only silver lining is their greed: they charge $20/GB to use lines that cost them nothing, their software simply mooches off of the unfortunate users who have installed the proprietary Hola software… Hola is the most unethical VPN I have ever seen.

This lack of ethical business practice was also pointed out by Lantern founder Adam Fisk, who told Motherboard that,

The bottom line is they’re trying to figure out how to run a profitable business, and they’re essentially selling out their users to try to figure that out.

Security researcher Raphael Vinot also chimed in with a similar opinion,

If it works the way it is explained, it’s a terrible idea to use it. Because you end up being responsible for what the other users of the service are doing… Honestly, that level of trickiness is art.

Hola users desperate for a free alternative VPN service can check out our article on 5 Best Free VPNs. But really, is a few bucks a month too much to pay for a good, fast, and private VPN service, that will not sell you out for sheer greed? We think not.


Douglas Crawford I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. Find me on Google+

Related Coverage


20 responses to “Beware free VPN service Hola

  1. To Mr Douglas
    Hi Mr Douglas your website was very informative thanks a lot, i just wanted to ask you about something. Today morning i installed the hola app on my samsung s7 edge through the play store. I had it installed in my phone for about 2 hours before uninstalling it. Is my IP address at risk of being stolen and misused because i used my WI-FI to download hola? thank you

    1. Hi Jason,

      The Hola app hijacks some of your bandwidth so that Hola can re-sell it. Once you have uninstalled the app you should have no further problems.

  2. Will Hola create any problem if i use it for downloading small files which are blocked in my country.
    My point is, can I enable Hola whenever I require it and disable it later, will that create any problem, and the files which i am talking about is in kb’s size.

    1. Hi Harry,

      As long as you are aware of the issues involved (as discussed in this article), then it should not cause any problems using it for your limited purposes.

  3. My daughter and I have been using a free trial of HOLA to get on the USA Netflix since it seems Canada doesn’t get some of the best shows/movies. We had fully planned on paying for it and keeping it when the trial was over. I cannot thank you enough for writing this article. I realize the article is from awhile ago but you have still possibly saved us from some really nasty fallout. Companies like this should not be allowed to run. They could very well ruin people’s lives because of their greed. I am one of the billions of people who don’t really read all the fine print before clicking ‘yes I read it all’. Even when I do attempt to read it, I cannot understand most of it due to all the legalese in it. We really cannot thank you enough. I am going to post this to my Facebook as a public article and hopefully pass it on to someone else who uses HOLA and doesn’t realize what they have signed up for. Thank you, thank you, thank you again!!

  4. Hi! I’ve had Hola unblocker as a chrome extension for about a year now, I’ve deleted it a few weeks ago but since reading this article I’m worried. Do you think they can still use my IP and computer? My computer (a PC bought in 2015) has slowed down since I uploaded Hola and deleting it hasn’t improved my computer. Thank you so much for this article! I think it’s very important people know what they are really working with…

    1. Hi Anna,

      Hola, for all its ills, is not a virus, so if you have uninstalled it then I’m pretty sure its gone. Diagnosing PC slowdown is a bit beyond the scope of this website, but I suggest going to Start -> Run -> type msconfig -> Startup (older Windows) or right-click Taskbar -> Task Manager -> Startup (Windows 8.1 (?)+) and removing unwanted programs from the Startup list.

  5. Hola vpn is fake. simply type “where is my location” and hit search whilst using hola vpn. The result will display your real location instead of your ‘supposed’ location.

    1. Hi Dallas1,

      There are many problems with Hola (as discussed in this article), but in my experience it does actually work.

  6. Thank you very much Mr Douglas Crawford for the notes about Hola vpn.I included hola in chrome extension,but not enabled.But i am worried that some thing gone wrong .

    1. Hi MANI,

      If the Chrome extension is not enabled then Hola should not be able to steal your bandwidth. You can uninstall it, however, by going to Menu (the three horizontal lines to the top right of your browser window) -> More tools -> Extensions -> find the Hola extension and click on the bin icon.

  7. i had hola chrome extension on my pc as it seems like a software package installed it silently on my pc. I didn’t use it and after some hours when I recognized that it was installed and found out what it is I removed it-

    So do you think I have to be worried that some traffic (especially as exitnode) was routed over my pc ?

    1. Hi Boas,

      Personally I wouldn’t worry about it. You only had Hola installed for short while, and you have now uninstalled it.

  8. Thanks for the article. I stopped using Hola because it would work at first and then always screw up my internet connection. Now I know why.

  9. Thanks for the article. I was looking for a free VPN but Im convinced now that $10 a month is completely reasonable for a professional service.
    Thats trully some sneaky sh*t by Hola.

  10. Hello, Douglas.

    • I installed the free Hola Chrome extension a few years ago, before these risks became widely known (or, at least, before I heard about them). I still have the app, but now I only enable it when I need to hop a geo-restriction fence; otherwise, I keep it disabled.
    Am I fooling myself by thinking I can only become an exit node while the extension is actually enabled?

    • In Hola.org’s FAQs they say Chrome browser extension and Opera browser add-on operate as a standard VPN service and are not part of the Hola peer-to-peer network.
    Does this mean using Hola via Chrome is less risky?

    • The page says joining Hola Premium lets you use Hola without your idle resources being used in return… You are never used as a peer
    Does this eliminate the risk that your IP address may be used for nefarious or illegal activity?

    Thanks in advance!

    1. Hi Atoz,

      In theory I’d say yes to all of those – when the Hola extension is turned off it should be completely off, and those quotes do seem to say that on Opera and when using Hola Premium you are not being used as an exit node and sharing your bandwidth. If this is the case then your IP address cannot be used by others. The question is, though, do trust Hola here? And even if you do, do you really want to use a service (let alone pay for it) that treats its other users so shabbily?

  11. Thank you very much for writing this article. I have used Hola in the past, and had no idea it worked like this, and I read all FAQ’s and tech. info I can get my hands on before using a VPN or any other anonymity related program. Hola’s owner definitely DID NOT have any technical info. about how the VPN worked on the site even a few months ago, which is when I used it. I was very lucky nothing nefarious was done with my IP address!

Leave a Reply

Your email address will not be published. Required fields are marked *