English

Looking for Something?

HideMyAss Review

HideMyAss

BestVPN.com Score 7 out of 10
Visit Site  

HideMyAss is a big-name Virtual Private Network (VPN) provider. Within the VPN industry, however, HideMyAss (HMA) has a poor reputation. 

VPN Stats

  • Server Locations 190
  • Average Speed 58.26 Mbit/s
  • Simultaneous Connections 5
  • Jurisdiction Prague

Likes

  • Huge number of servers located just about everywhere
  • US Netflix and BBC iPlayer available
  • Great speed test results
  • 5 simultaneous connections
  • Good software

Dislikes

  • Based in UK - could present jurisdiction issues
  • Many connection logs

Features

Port forwarding
Total servers 880
Countries 190
Simultaneous connections 5
Bare metal or virtual servers A combination
Router Support
Routers Supported n/a
Allows torrenting
Port selection

Supported platforms

Windows
MacOS
iOS
Android
Linux
Windows Phone

Protocols offered

PPTP
L2TP/IPsec
SSTP
IKEv2
OpenVPN

Privacy

Jurisdiction Prague
Logs Traffic
Logs Connections
Logs Timestamps
Logs Bandwidth
Logs IP Address
Logs Aggregated or Anonymized Data
Website tracking? Google Analytics

Performance

BestVPN.com SpeedTest (max/burst) 215.81
BestVPN.com SpeedTest (average) 58.26
Data limits
Bandwidth limits
IPv4 leak detected?
WebRTC leak detected?

Payment

Visa/MasterCard
Amex
Cryptocurrency

Security

Kill Switch
Obfuscation (stealth)
Self-hosted/Proxied DNS proxy
IPv4 leak protection
IPv6 leak protection
WebRTC leak protection

Support

Free trial No
24-hour support
Live chat support
Money-back Guarantee
Money back guarantee length 30

Unblocks:

Netflix
iPlayer

Alternative VPN Choices for You

From $3.99 / month
BestVPN.com Score 9.8 out of 10
Visit Site   Read Review
From $3.5 / month
BestVPN.com Score 9.5 out of 10
Visit Site   Read Review
From $6.67 / month
BestVPN.com Score 9.7 out of 10
Visit Site   Read Review
 

Features

Port forwarding Not available
Total servers 880
Countries 190
Simultaneous connections 5
Bare metal or virtual servers A combination
Router Support Available
Routers Supported n/a
Allows torrenting Not available
Port selection Available

A HideMyAss subscription offers the following features:

  • 720+ VPN servers in 320+ locations in 190+ countries
  • Five simultaneous connections
  • Supports OpenVPN, Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) VPN protocols
  • 30-day money-back guarantee (but with important limits)

That is an impressive number of server locations, and they are scattered all over the world. This includes exotic locations such as the Falkland Islands, Papua New Guinea, Malawi, Serbia, and many more.

HMA otherwise offers a very feature-light service, and the two simultaneous connections is miserly.

Speed and Performance

According to our new scientific speed tests, Hide My Ass scored as follows - Average Speed: 30.37 Mbit/s Max Speed/Burst Result: 180.7 Mbit/s. These are impressive results, and put HMA in fourth place overall of the providers we have tested, and in first place in terms of burst results.

Hma Ip Leak Test

Leak tests

BestVPN.com SpeedTest (max/burst) 215.81
BestVPN.com SpeedTest (average) 58.26
Data limits Not available
Bandwidth limits Not available
IPv4 leak detected? Not available
WebRTC leak detected? Not available

Although I am a little confused over whether the Windows software includes DNS leak protection features, I detected no DNS or other IP leaks. Please note, though, that my ISP (Virgin Media UK) does not support IPv6 connections. I am therefore unable to test for IPv6 leaks at this time. This is a situation that should change in the near future.

I was able to access US Netflix using HMA with a US server, and (update November 2017) I am assured BBC iPlayer can be accessed through the server called "Donkey town."

Price

HideMyAss has slightly increased its prices since last time we reviewed it. It offers one simple “all-in” plan, which now starts at $11.52 per month. This price goes down for six or 12-month subscriptions, dropping to $6.56 per month for the annual subscription.

At time of writing, a summer sale is underway. This provides savings of up to 56% (annual subscription) on the prices listed above.

A 30-day money back guarantee is available, but there are important restrictions on this. Most notably, you may not exceed 10GB of bandwidth. It is worth noting that this guarantee does not cover purchases made via Google Play or iTunes. Please also see the comments section beneath this review, as many readers report not receiving a refund to which they felt entitled.

Please also be aware that auto-renewal of subscriptions is enabled by default, and must be manually changed via the online account control panel.

Payment is via credit/debit card, PayPal, iDEAL, bank/wire transfer, UnionPay and SOFORT banking. No Bitcoin payment option is available, but then HMA is not a service to use if privacy matters to you anyway.

Ease of Use

Windows Available
MacOS Available
iOS Available
Android Available
Linux Available
Windows Phone Not available

HMA offers custom software for Windows, Mac OS, iOS, and Android. Unlike the Android app, the iOS app uses the IPsec VPN protocol. A command line script is available for configuring OpenVPN in Linux.

Manual setup guides for the various VPN protocols supported by HMA are also available for a number of platforms. This includes for Boxee, a selection of routers, Windows Mobile and so forth. It is also possible to buy pre-configured HideMyAss routers from FlashRouters.

The Android App

Assuming that you don’t mind the usual HideMyAss aesthetic, the Android app is pretty smart looking.

Hma Android 3

It uses the OpenVPN protocol.

Hma Android 2

Android users gain access to HMA’s huge server list.

2017 07 04 14

For some reason Paranoid Mode connected me to a server in Ireland! All-in-all, the app is very polished and works well.

Customer Service

Free trial No
24-hour support Available
Live chat support Available
Money-back Guarantee Available
Money back guarantee length 30

Support is via live chat or a ticketed email system. I had to wait a few minutes for the live chat staff to respond to my queries, but it was friendly enough when it did.

I do not expect frontline live chat staff to have deep technical knowledge, so was happy for my more difficult questions regarding encryption to be elevated via ticketed email for attention by a more knowledgeable staff member. Unfortunately, my ticket was never answered.

Privacy and Security

Kill Switch Available
Obfuscation (stealth) Not available
Self-hosted/Proxied DNS proxy
IPv4 leak protection Available
IPv6 leak protection Not available
WebRTC leak protection Available

HideMyAss is infamous within the security community for handing over data on its customers to the police.

The most well-known incident occurred in 2011, when HMA handed over internet records and personal details of one of its customers, Cody Kretsinger, to the police. Kretsinger was a LulzSec member accused of hacking the Sony Pictures website, and received a prison sentence for his involvement in the crime.

A similar incident also occurred last year in Galveston County, Texas, when a disgraced judge was arrested and forced out of office for harassing an ex-girlfriend. The culprit had hidden his real IP address using the HideMyAss VPN service, which the provider clearly must have handed over as evidence to Texas police.

Logs

Although now owned by Czech company Avast Software, HMA is a UK-based service. The UK now has the most draconian surveillance laws in the world.

Even before the Investigatory Powers Act (IPA) “formalised” the situation into law, UK VPN providers were required to maintain detailed connection (metadata) logs. These are now readily accessible to the police and a vast array of government agencies (at least in theory). According to HideMyAss’ privacy policy:

We will store a time stamp and IP address when you connect and disconnect to our VPN service, the amount data transmitted (up- and download) during your session together with the IP address of the individual VPN server used by you.”

As we can see from the incidents noted above, this is more than enough logging to get you into trouble if you do something wrong. HMA says that logs are usually kept for two to three months, but the new Investigatory Powers Act legally requires that logs are kept for at least 12 months.

Upadate November 2017. HMA has provided the following response to these comments:

“HideMyAss! does not monitor the websites our customers connect to, or any of the data sent over our network.

 As a network operator, we take our responsibilities to our users and society as a whole very seriously. HideMyAss! is deeply committed to the belief that everyone has a right to keep their online activities private, secure and have the freedom to access the internet wherever they are in the world.

 Our acceptable use policy states that our service is not to be used for illegal activity. We are based in London so operate within the framework of EU and English law. We follow strict data protection regulations and we are only obliged to co-operate with disclosure requests in very specific circumstances described in our logging policy

 Our VPN service, as with VPN services in general, is not designed to be used to commit illegal activities. Paying a subscription fee to a VPN service does not mean a user is entitled to break the law and not suffer any consequences as a result of their actions.

Being able to locate users if legally compelled to do so is imperative in order for HMA! to maintain the HMA! VPN service, because a VPN service risks losing server contracts if it cannot take action to prevent abuse, fraud or other unlawful activities such as spamming, terrorism and child pornography.

 We keep logs of the data, described in our logging policy for between 2 and 3 months unless any limited circumstances apply.  The data is stored on our secure servers, and may be transferred and stored at a destination outside the European Economic Area, as described in the privacy policy. We only log the time users connect and disconnect from our service, and we do not log users’ actual internet traffic. Please see our logging policy on our website for more details.”

I can only say that this logging policy is not consistent with UK law as enacted by the IPA. HMA tells me that it has never been approached about this. Given the current political upheavals in the UK, I am quite willing to believe that the government has not (so far) seen enforcing the IPA a priority. But it is the law as stands.

Peer-to-peer (P2P) torrenting

HMA permits legal torrenting, but not downloading copyrighted material. HMA says that if it receives a Digital Millennium Copyright Act (DMCA) complaint or similar, it will not hand over your identity. Repeated complaints, however, may lead to your account being suspended.

Anecdotally, I have heard reports from HMA users who have received warnings over copyright offenses from their Internet Service Provider (ISP) or copyright holders after using the service for torrenting. for more information see our best VPN for torrents guide.

Security

On its website, HMA says,

OpenVPN is using OpenSSL with algorithms 3DES, AES 256, RC5, 256 bit encryption for control channel (e.g. password, authentication, etc.).

This is meaningless techno-babble written by someone who knows nothing about encryption. Support was also unable to shed light on the issue, but I have since talked to HMA's management. CyberGhost uses the following encryption:

Data channel: a Blowfish 128-bit cipher with HMC SHA-1 hash authentication. Control channel: an AES-256 cipher with RSA-2048 handshake encryption and SHA-1 hash authentication. Perfect forward secrecy is provided courtesy of a Diffie-Hellman key exchange.

Please see VPN Encryption: The Complete Guide for a detailed discussion on OpenVPN encryption, but TL:DR is that this is a secure OpenVPN setup. Data channel encryption is a little weak, but this doesn't really matter too much as an adversary would need to crack the control channel encryption just to get to it.

Although I usually concentrate on the OpenVPN encryption used by VPN providers, I did notice that L2TP/Internet Protocol Security (IPsec) connections use a pre-shared key to authenticate connections (“HideMyAss"!). This is usually considered a big no-no, but HMA assures me it is not a problem because your username and password provides additional authentication.

Encryption Protocols

PPTP Not available
L2TP/IPsec Not available
SSTP Not available
IKEv2 Not available
OpenVPN Available

Final thoughts

Despite a high profile among VPN consumers, HideMyAss is poorly regarded by those in the know. A big reason for this is its history of betraying users to the authorities. It could be argued that being based in Britain means that HMA has little choice in such situations, but whatever. It is not a service that you can trust with your privacy.

Next to PureVPN, HideMyAss is also the service that BestVPN.com has received the most complaints about. These center on poor customer service, not honoring its money back guarantee, and poor speed performance. I was therefore a little surprised to see rather good speed test results!

The main reason to choose HMA is the size and diversity of its VPN server network. It has servers in over 190 countries, so if you really need a VPN server in the Cook Islands, Equatorial Guinea, Haiti, Lebanon, or a host of other unusual locations, then HideMyAss is pretty much the only option available.

61 Comments

  1. Jen
    on June 28, 2018
    Reply

    Hide My Ass doesn't work, and their customer service reps refuse to acknowledge and refund me for their BS VPN service. AVOID!

  2. med
    on June 21, 2018
    Reply

    HMA s a scam. I have been trying to cancel the account with no success for months once. I succeed in reaching a HMA support, but the operator was from the Philippines and he could not help at all. It is nigh impossible to cancel HMA account once you have signed it. BEWARE of it

  3. med
    on June 21, 2018
    Reply

    good

  4. V. Elizabeth
    on June 10, 2018
    Reply

    Betraying users is pretty harsh, don't you think? As a European citizen, I agree that every company must comply with the European law. I've only heard great things about HMA, for example in this article right here: https://www.router-reset.com/vpn-review-hidemyass/ (who, btw, also talks about the whole betraying users thing, but in a fairer way). However, I've been scouring the web to find out about their customer service. I had a nasty experience once with the CS of a paid VPN, and don't want to repeat the whole experience. Anybody can chime in?

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.