The thing about free stuff, is that’s its never really free, someone, somewhere is paying somehow. Now there are various things that can happen, like invasive ads or pay per click stuff being quite common place (this blog uses it to pay for the server), however its when devious means are used to pay for things that it get worrying, especially when you can’t figure out what’s going on “under the hood”.
Hola Free VPN
This is a classic example of how end users are fooled into thinking a free lunch is a good thing. I want to see US Netflix, for example, install Hola and voila all sorted! I’m afraid that’s where the real problems start.
Hola have been negligent in many ways, an article on digital trends (March 2015) highlights several vulnerabilities that amount to more than development mistakes; such as leaving a console active which would allow a malicious attacker to bypass Anti Virus to install more software without the users knowledge. Serious enough, but it doesn’t stop there, the article goes onto reveal that serious breaches had already taken place and that SIX vulnerabilities were identified. Further analysis showed FIVE identified malwares already present in its systems.
Full story:Digital Trends
This is even more damning from Adios-Hola,
- 1. They allow for you to be tracked across the internet, no matter what you do
- 2. They send traffic of strangers through your internet connection
- 3. They sell access to third parties, and don’t care what it’s used for
- 4. They let anybody execute programs on your computer
- 5. They’re trying to rewrite history
- So, what should I do?
- So, what should I use instead?
- Why did you publish this?
- Who are behind this research?
Full Story: Adios Hola
9 Million Exit Nodes
This story from ZD Net also covers some frightening thoughts for users,
“The admission was made following the public complaints of 8chan message board operator Fredrick Brennan, who alleges users of the Hola network have unwittingly been fueling a botnet used to conduct multiple attacks on his website. Each user of the free service becomes an endpoint for the network, and therein lies the issue — if security flaws exist in Hola’s network, this could then in theory be exploited by attackers who use the botnet for their own ends.
Calling Hola “the most unethical VPN I have ever seen,” Brennan says the Luminati botnet consists of over nine million exit nodes.”
Full Story: ZD Net Article
In summary then Hola is really something you shouldn’t have on your system at all, its proven to be full of security holes and has been used to launch attacks on sites. There is even talk it was used to identify torrent users, but the fact remains this software is exposing its users to malware at best, but with its “botnet” potential you could be getting into all kinds of hot water as other users get to use your PC as an exit point, watching Netflix is hardly worrying but what if they were using your IP to download child pornography?
PAID VPN Services
Yes there are paid services with well established credentials such as Private Internet Access and IPVanish, yes they cost money, but they have a vested interest in keeping you safe and secure. That for me is most important of all, not that they are perfect, because nothing ever is. A company whose reputation is staked on the quality of their product seems a more sensible approach than simply “getting a free lunch”.
I personally use Private Internet Access – I did try IPVanish, but found it slower on side by side test, so returned to “old faithful” PIA, have it on 3 laptops, phone and tab (but you can 5 devices simultaneously on 1 account). It has a vast location listing to choose from too. There was a scare recently with a vulnerability when using torrents sites – PIA were one of the first to patch and get it out to users. First Class.
Visit the site and check it out – I pay annually (cheapest) but lots of options.
Private Internet Access Website
Comments
Post a Comment