- Trend Micro bashes Hola VPN for offering unsafe services and false advertising to their free customers.
- Report findings include blatant exploitation of users as exit nodes for obscure platforms.
- Hola VPN answers with a downplaying statement that undermines the scope of the report.
Trend Micro, a cybersecurity company, published a report on Hola VPN, after conducting analytical research on the popular VPN service. Following IP address leaks that affected Hola VPN in March of 2018, and with the fact being combined with users’ bandwidth stealing, Trend Micro security researchers decided that this behavior was weird and unjustifiable if the standard VPN service provision practices were followed.
The summary of the report indicates that Hola VPN is selling its users as exit nodes via its monetizing company, Luminati. After scanning 100 million URLs in the Luminati network, Trend Micro discovered that more than 85% of the total traffic was directed to mobile ads and platforms that can potentially be used by cybercriminals, or have even been used as such in the past. According to the revelations, Hola VPN free users do not get any kind of encryption, and their traffic is not routed through a safe tunnel. This means that HolaVPN acts as a proxy server, so the user IPs are openly exposed to the visited websites.
Now, considering the fact that the main purpose of using a VPN service is to stay hidden from surveillance and override restrictions and censorship, the findings may be regarded as false advertising from the part of Hola VPN. Offering free of charge VPN services and asking for “idle resources” from these users would be a fair trade if the VPN services actually used some form of a privacy protection layer. To the contrary, Hola VPN doesn’t see it this way, as they have characterized Trend Micro’s report “irresponsible”, claiming that not all VPN users want to hide their identity from the websites they browse, or even the Luminati network.
With over 175 million users from all around the world, Hola VPN is one of the most popular services of this kind, and taking such a stance on the matter of their users’ privacy is alarming. All of these users are susceptible to “Man-in-The-Middle” attacks, IP identification, and even serve as an aid to illicit attacks launched by 'rogueware' authors.
Trend Micro warns that their findings also concern the corporate clients of Hola VPN, raising the level of the danger of rendering a company system to one of Luminati’s exit nodes. Such a scenario would potentially allow attackers to pass through corporate firewalls and gain access to critical company information. For this, and all of the aforementioned reasons, Trend Micro software will treat Hola VPN as "unwanted software", and will advise users with its complete removal.