Popular free VPN Hola has been found to be selling user bandwidth, which is how the service has managed to remain free of charge. This revelation has been made worse by the fact that it was discovered after it was used to deploy a botnet attack on 8chan.
Hola is one of the most popular VPNs in the world, mainly owing to the fact that it is free to use and that there is an easily accessible Chrome extension to go along with it. The service works by opening up a user’s traffic to outside connections, allowing other people to access the the internet through that same IP address. This is not the same as other VPN services that hide a user’s IP address from being discovered. It also carries more risk as it does not have the same privacy protections that regular VPNs have.
To add to the problems, Hola openly sells unused bandwidth as part of its Luminati network. Users who don’t want their bandwidth being sold out can opt to buy a US$5 (about RM18.45) per month subscription, but few actually make use of this. Hola itself did not inform end users of what happens to their bandwidth if they choose the free option.
It turns out that Hola does not look too closely at what all that bandwidth is used for, and it ended up being deployed as part of a DDoS attack on internet message board 8chan. Hola founder Ofer Vilenski does not see this as a weakness of his network; instead saying that the hacker could have used any commercial VPN, and that it was very unfortunate that Luminati was involved in the attack.
As of this writing, the Hola Chrome extension has been removed from the Chrome Web Store.