Beware: Hola VPN turns your PC into an exit node and sells your traffic

Status
Not open for further replies.

Kent

Level 10
Thread author
Verified
Well-known
Nov 4, 2013
468
Source-------------------http://www.ghacks.net/2015/05/28/be...-pc-into-an-exit-node-and-sells-your-traffic/

Hola is a popular virtual private network (VPN) provider that is available for various web browsers including Google Chrome, Mozilla Firefox and Internet Explorer, as well as desktop and mobile operating systems.

It is free to use and if you check ratings and users on Chrome's Web Store alone, you will notice that it is used by more than 7.1 million Chrome users currently.

Hola uses a sophisticated system to offer its services for free. Instead of routing users solely (or at all) through company servers and raking up huge bandwidth bills in the process, it is utilizing user devices as endpoints.

This means basically that any user device that Hola is running on acts as an endpoint. An endpoint is a node that is communicating directly with a target website or service that Hola users access when the service is enabled.

Hola users have no control over endpoints which is problematic for several reasons. First, it increases the bandwidth usage on the device and reveals your device's IP address to the target service or website which you may not always want.
hola-unblocker.png

What's even more problematic than that is the fact that Hola seems to have started selling access to these exit nodes on the Luminati website.

If you check Whois records for both sites, you will notice that they are both owned by Hola.

Luminati provides its customers with access to an API that they can use to utilize Hola end points for various activities, for instance denial of service attacks but also load tests. This makes Hola an effective botnet, especially since it cannot be blocked easily as it uses IP addresses from around the world and not a set of larger IP ranges.

The admin of 8chan noticed denial of service attacks recently against the site and found out that the attack was utilizing Hola endpoints through Luminati.

Hola charges per Gigabyte of traffic starting at $20 per Gigabyte and going down to $2 per Gigabyte and lower depending on volume that you purchase.

This means: if you are using Hola, your connection may be used as an endpoint not only by other Hola users who try to access sites in the country you are in, but may also be sold to individuals and companies who may use it for questionable or outright illegal activities.

Closing Words

If your computer is being used as an exit node, it is your IP address that webmasters, law enforcement or rights holders see when they check server logs. If it is used in attacks or malicious activity, it is you who will be contacted by the authorities or site owners.

My personal recommendation is to uninstall Hola if it is installed on a system and stay away from the service for now.
 

OokamiCreed

Level 18
Verified
Honorary Member
Top Poster
Well-known
May 8, 2015
881
I trusted my gut on this a long time ago and decided not to use it. I myself pay for yearly Private Internet Access. I see many "free" VPN like services using tactics I hate. Like I saw one free VPN installing bitcoin miners on your computer (they tell you that though but still...). It had Ninja in it's name I think
 

Janl92l

Level 7
Verified
Nov 7, 2014
339
That is why i never use a free vpn. i use https://www.perfect-privacy.com vpn. Its high cost vpn but with a nice own vpn client for windows with inbuild firewall rules that only allow connection true the vpn server and other nice extra like cascading true 4 servers at the same time,the only vpn that i can find that still accept paysafecard+absolutly no logs at all. if anyone want a realy nice quality vpn service with a nice support i can highly suggest this vpn provider.
 
  • Like
Reactions: Kent

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
That's the common problem for VPN, a risk is always there where its term of anonymity cause the issue. Likely a through research on which known trusted brand which hold the real meaning of being anonymous.

And as usual privacy policy is the problem where users take it for granted, such pretty basic tactic in the world of IT.
 
  • Like
Reactions: Kent and frogboy

kev216

Level 21
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 6, 2014
1,044
Nope, I know a lot of people who used it for Netflix, but I've never used it.
 
  • Like
Reactions: Rishi
D

Deleted member 2913

I have used it previously when I was not aware of this. When I came to know I stopped using it.

Currently Zenmate VPN.
 

Aleeyen

Level 22
Verified
Top Poster
Well-known
Nov 19, 2012
1,121
I once thought of using it, but when I read how they offer their services I thought some thing like this can happen. So, I didn't use it. Now I feel that I was right.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top