Hola VPN is not software that safeguards your privacy. In fact, we rarely see logging policies as intrusive as Hola’s.
Here’s what Hola VPN stores when you use its service:
- The websites you visit
- Time spent on those websites
- Your true IP address
- Connection timestamps
- Your browser type
- Your name, email address, screen name, payment and billing information
If subscribe to Hola VPN through a social network account, Hola has access to even more information including: your home address, birth date, profile picture, friend list, personal bio, and any publicly available information on your account.
Hola tries to reassure its users that it doesn’t “rent or sell any personal information,” but that doesn’t mean it doesn’t share it with third parties:
“We may disclose Personal Information to other trusted third party service providers or partners for the purposes of providing you with the Services, storage and analytics. We may also transfer or disclose Personal Information to our subsidiaries, affiliated companies.”
What’s even worse, Hola will retain all this information for “as long as necessary.”
In short, Hola’s privacy and logging policy is unsatisfactory. This is not a service you want to entrust all your personal data with.
Who Owns Hola VPN?
Hola VPN was founded by Ofer Vilenski and Derry Shribman under the company name Hola Networks Limited, based in Israel.
The product was launched in 2012, and gained traction in January 2013 when it moved from 80 downloads a day to 40,000 overnight.
Hola Networks Limited provides a free consumer ‘VPN’ service, as well as a premium subscription and corporate service called Luminati.
Luminati uses free users’ bandwidth, which is charged per gigabyte, without reimbursing the free user. This practice has sparked criticism among cybersecurity professionals.
Thankfully, this is now clearly advertised when you download the app, as you can see in the screenshot below.
How Hola VPN actually works
Hola VPN is a peer-to-peer overlay network that uses peer-to-peer caching and routing for quick access to blocked content.
This means users of Hola VPN throw their real IP address into a pool of IP addresses for other users to use as they please.
When you use Hola VPN, your internet traffic is routed through other peers (called nodes), but it’s not encrypted.
While some subscribers may use Hola VPN as a website unblocker, there’s no way to stop others using your IP address to access unlawful content.
Free users also share their ‘idle resources’ (WiFi and cellular data) with the network, which means that Hola VPN doesn’t incur underlying operational costs.
Hola VPN defines ‘idle’ as “the device is not using battery but is connected to electricity; no mouse or keyboard activity has been detected; and the device is connected to the internet.”
Despite its “goal of making a better internet,” selling user bandwidth is not the only controversy Hola VPN has been embroiled in to date.
In May 2015, 8chan founder Fredrick Brennan claimed that his website had been DDoS attacked by users exploiting the Hola network, which Vilenski later confirmed.
A website named Adios, Hola!, created by nine security researchers, states that Hola is “harmful to the internet as a whole, and to its users in particular” and labels it a “poorly secured botnet” with “serious consequences.”
The researchers at Adios, Hola! discovered various vulnerabilities within the Hola VPN architecture, one of which reportedly allowed anyone to execute programs on your computer.
According to the website, Hola fixed some of the vulnerabilities, but others still remain.
Hola VPN is also vulnerable to IP address leaks and has facilitated data scraping, according to cybersecurity firm Trend Micro.
Hola VPN’s jurisdiction
Hola VPN is based in Israel, which isn’t an official member of the Five Eyes (or Nine or 14 Eyes) intelligence-sharing alliance, but it collaborates with it.
The VPN company states in it privacy policy that it will “comply with law, regulation, subpoena or court order.” It will also hand over your personal information if it has “good reason to believe that it is necessary to.”
