Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Beware: Hola VPN turns your PC into an exit node and sells your traffic
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Beware: Hola VPN turns your PC into an exit node and sells your traffic

mikhomikho Member, Host Rep

Hola VPN turns any device it is run on in an exit node which anyone may purchase access to.

Hola uses a sophisticated system to offer its services for free. Instead of routing users solely (or at all) through company servers and raking up huge bandwidth bills in the process, it is utilizing user devices as endpoints.

This means basically that any user device that Hola is running on acts as an endpoint. An endpoint is a node that is communicating directly with a target website or service that Hola users access when the service is enabled.

I've read a few articles about this in swedish but here is one in english.
English article: http://www.ghacks.net/2015/05/28/beware-hola-vpn-turns-your-pc-into-an-exit-node-and-sells-your-traffic/

If you are a Hola user, make sure you are protected.

Thanked by 1Admiral_Awesome
«13

Comments

  • bohdansbohdans Member

    I always thought this was common knowledge?

    Thanked by 1faultyservers
  • mikhomikho Member, Host Rep

    Obviously not. ......

  • MikePTMikePT Veteran

    Tbh isnt no good to share our IPs among all users, so I dont see an use for such service. People should indeed be aware.

  • bohdansbohdans Member

    Just ask the question,
    What company would have 1,000's of servers all over the world to host your traffic?
    How is that company going to make money? Even with LEBoxes it would be a crazy high cost to provide those connections.

  • TarZZ92TarZZ92 Member

    may also be worth knowing it appears to be a "israeli" company.

    Thanked by 2creep Anna_Parker
  • sinsin Member

    The only time I use Hola is when I'm buying games from Nuuvem.

  • indexiaindexia Member

    i'm just curious, how to make sure that our internal network can't use that services, is it enough for blocking the hola networks? thanks

  • TarZZ92TarZZ92 Member

    indexia said: i'm just curious, how to make sure that our internal network can't use that services, is it enough for blocking the hola networks? thanks

    and how do you intend to block it?

  • NyrNyr Community Contributor, Veteran
    edited May 2015

    I am surprised it did take so long for it to hit the fan, since they were already using their users as exits even if not selling bandwidth, which is just incredible.

    indexia said: i'm just curious, how to make sure that our internal network can't use that services, is it enough for blocking the hola networks? thanks

    https://support.cipafilter.com/index.php?/Knowledgebase/Article/View/158/27/hola---how-to-block

    As of Hola version 1.4.450, the app primarily connects on ports 6851 and 6861 to multiple different IP addresses. The easiest method for blocking access is to create a drop firewall rule to block TCP traffic on those ports:

    Thanked by 2indexia netomx
  • nitro85nitro85 Member

    What a massive botnet... so many IP's

  • blackblack Member

    It's not a botnet per-se, it's just a p2p network but the maintainer of the network makes a lot of money from the peers on the network.

  • nitro85nitro85 Member

    @black said:
    It's not a botnet per-se, it's just a p2p network but the maintainer of the network makes a lot of money from the peers on the network.

    puppetnet

  • DylanDylan Member

    The fact that it's a P2P VPN network has always been pretty clear (it's right on their front page and in their FAQ). I'm OK with that; it's the whole reason Hola works so much better than any other free VPN.

    The commercial use, though, wasn't clearly disclosed until now and I'm not thrilled at all to learn about that.

    Thanked by 1faultyservers
  • hbjlee17hbjlee17 Member, Host Rep
    edited May 2015

    found this in faq:

    Hola is free for private (non-commercial) use. The only exception is Hola VPN on iOS which costs $4.99 (monthly) or $44.99 (annual) due to Apple's restrictions. Commercial use of Hola for business class VPN is available through our Luminati service. The Hola peer to peer architecture makes Hola free and secure. However, some users may prefer not to contribute their idle resources to the Hola network, and thus can join the Hola premium service which lets you use Hola without your idle resources being used in return.

  • I use Hola, but I decided to have a bit of fun, turning it into a MITM attack, monitoring all incoming/outgoing traffic.

    The way I see it, might as well have a bit of fun before I remove it. Might even inject advertisements for fun.

  • Fun thing is that it even keeps your computer infected when you remove the VPN :)

    If you ever used a VPN/proxy, please clear your cache.

  • perennateperennate Member, Host Rep
    edited May 2015

    KwiceroLTD said: I use Hola, but I decided to have a bit of fun, turning it into a MITM attack, monitoring all incoming/outgoing traffic.

    The way I see it, might as well have a bit of fun before I remove it. Might even inject advertisements for fun.

    Well, you're violating the terms of service:

    You may not use the Services in any manner that could damage, disable, overburden, or impair our servers or interfere with any other party's use and enjoyment of the Services. You may not attempt to gain unauthorized access to any aspect of the Services or to information for which you have not been granted access through password mining or any other process. We may take any and all legal, equitable, technical or operational means available to prevent or cease any violation or breach of this Agreement and to otherwise enforce this Agreement.

    They should definitely be more clear about this though. I imagine this has caused some people to have issues with their ISP by this point?

  • @perennate well they're violating my right to privacy, so it's fair.

  • hbjlee17hbjlee17 Member, Host Rep
    edited May 2015

    @KwiceroLTD said:
    perennate well they're violating my right to privacy, so it's fair.

    they are not violating your rights..
    it is explicitly stated that if you are not using their premium service then your idle resources will be used. You agreed to their terms when you started using their product?

  • @hbjlee17 said:

    Meh, going to do it anyways.

    Thanked by 1hbjlee17
  • ricardoricardo Member

    well they're violating my right to privacy, so it's fair.

    No they're not. You can use their paid service if you don't want this 'free' thing that you have to agree to.

  • @ricardo said:
    No they're not. You can use their paid service if you don't want this 'free' thing that you have to agree to.

    Or I could just block them for using my network, and still piggyback off of others.

  • @TarZZ92 said:
    may also be worth knowing it appears to be a "israeli" company.

    let's keep the antisemitism out of LET, shell we? Great companies have come out of there. Probably because the country values its software engineers (contrary to most EU countries, where software engineers are paid on par with truck drivers, no offence to truck drivers).

    Thanked by 3yomero Dylan Pwner
  • ricardoricardo Member

    He didn't say anything anti-semitic. He may be implying that a certain organisation may be behind it. Wouldn't surprise me, good fly paper.

  • PwnerPwner Member

    @TarZZ92 said:
    may also be worth knowing it appears to be a "israeli" company.

    You're so anti-Semitic, it's just pathetic at this point. What does being an Israeli company have anything to do with the service it offers?

    Thanked by 1pieman103021
  • perennateperennate Member, Host Rep
    edited May 2015

    Pwner said: You're so anti-Semitic, it's just pathetic at this point. What does being an Israeli company have anything to do with the service it offers?

    Would you trust operating system maintained by some "company" in North Korea? Everyone has some bias against some political entities, for example I wouldn't rely on any anonymous email service in the U.S.

    Thanked by 1Pwner
  • PwnerPwner Member

    @perennate said:
    Would you trust operating system maintained by some "company" in North Korea?

    Israel and North Korea are two completely different cases.

  • perennateperennate Member, Host Rep
    edited May 2015

    Pwner said: Israel and North Korea are two completely different cases.

    Maybe to you, but not completely different to everyone. Also edited my post above (added another sentence).

    Here's another example, I'm much more careful with sharing my personal data with Russian company than with U.S. company.

Sign In or Register to comment.