When you add an extension to your web browser, you ordinarily aren’t signing yourself up to let someone else control your computer and spam others. But for users of Hola, one of the most popular free online virtual private networks (VPNs) often used to view blocked videos, this is exactly what’s happening. Essentially, free users are signing their computers up to be part of a botnet — and the site’s founder says that was the agreement it made with its users.
Hola, which boasts 46 million users globally (including 7 million using Chrome), works by linking its users’ Internet connections to, or really through, each other. So, for instance, a user in the U.S. could watch blocked shows by using idle bandwidth from a Hola user as a proxy in France (so as to appear to be watching from France). But there’s a catch. By using the free version of Hola, you are allowing the site to sell your “idle” bandwidth under a brand called Luminati.
The subject came to light when 8chan message board operator Frederick Brennan claimed that Hola users’ computers — through Luminati — unknowingly attacked, and temporarily shut down, his website. “An attacker used the Luminati network to send thousands of legitimate-looking [requests to 8chan] in 30 seconds, representing a 100x spike over peak traffic,” he said in a note.
The site’s founder Ofer Vilenski said that Hola has “always made it clear” that the “idle resources,” or bandwidth, of free Hola users is subject to be sold. And, as devious as the ploy seems, it is clearly written in Hola’s FAQ. It’s worth noting, though, that accordingly to TorrentFreak, these explanations concerning Luminati have only recently been added.
Regarding the accusations from 8chan’s Brennan, Vilenski does not deny the claims. “8chan was hit with an attack from a hacker with the handle of BUI,” he told TorrentFreak. “This person then wrote about how he used the Luminati commercial VPN network to hack 8chan. He could have used any commercial VPN network, but chose to do so with ours.”
The upshot of 8chan’s findings, though, is that Hola’s business strategy has become public. We imagine that Hola’s millions of users, who were likely using Hola to access Netflix’s offerings in Europe for example, probably aren’t too happy. While we’ve recommended Hola in the past, it’s probably not the
- Apple’s Private Relay VPN seems to be leaking user data
- Another vulnerability found in Dell’s security bloatware, users must update ASAP
- Hacker infects 100K routers in latest botnet attack aimed at sending email spam