Hola Better Internet Sells Your Bandwidth by Turning Its VPN Into a Botnet

Hola Better Internet is a popular Firefox and Chrome extension that allows you to view blocked content abroad . Behind the scenes, however, something more nefarious is going on: the company is selling the bandwidth of Hola users to anyone with the money to buy, effectively turning its users into a botnet for hire.

To understand the heart of the problem, it is important to understand how Hola works. Since it is a peer-to-peer VPN, users in one location (say, in Europe) who want to “pop up” elsewhere (say in America) essentially go through the user at the desired location. This means that if you don’t pay for Hola Premium, you are acting as an exit point for other users, much like services like Tor .

However, unlike Tor, Hola users cannot relinquish their role as an exit node in the free version. The problem with the exit node, of course, is that when someone connects through you and does something illegal or contrary to your ISP’s terms of service, you could be prosecuted – and since Hola does not promise to encrypt your traffic , it carries the same risk as using a service like Tor (even if the risk is low). By using Hola, you trust that the users connecting to you are not doing anything crazy and that Hola will stop them from doing any illegal activity. …

It would be fine if you were just an exit node for other users, but it turns out that Hola aggregates and sells the bandwidth of its user “exit nodes” through a service (which Hola also owns) called Luminati . This means that anyone who wants to can actually buy the bandwidth of Hola users and then channel it as they see fit – and that’s what one user has done. He bought a ton of bandwidth from Luminati and used it to attack the 8chan anonymous message board. Hola says it was a bug and the user just went through the validation process, but you can see why this behavior is incredibly sketchy.

While the Hola FAQ has always explained the peer-to-peer nature of the service, it never mentioned such centralized management, never mentioned Luminati, and never mentioned the fact that they were essentially selling your bandwidth until recently. This is also not Hola’s first crime. You may remember how Hola was caught “testing injected ads” in users’ browsers . In between these two events, we no longer recommend using them, and we will soon update our guide to streaming blocked content abroad with a new alternative.

In the end, Hola was just trying to make money by providing free services, but the way they used their customers and hid their behavior was definitely problematic. Like almost every free VPN, using it requires a trade-off, be it low speed, limited bandwidth, or your browsing history used for ads, but in this case there is a saying that “if you don’t pay for it, you are” re the product Literally true – with potentially worse consequences.

Hola | 8Chan via Hacker News and Business Insider

More…

Leave a Reply

Your email address will not be published. Required fields are marked *