Selling user's bandwidth is shady, but consistent with VPN usage (i.e. traffic routing). You can present it as "hey, that's our actual business model, we just forgot to tell you guys" and <i>maybe</i> get away with it.<p>But this:<p><pre><code> Hola [...] installs its own code-signing certificate on
the user’s system.
Hola contains a built-in console (“zconsole”) that is not
only constantly active but also has powerful functions
including the ability to kill running processes, download
a file and run it whilst bypassing anti-virus software plus
read and write content to any IP address or device.
</code></pre>
This is going so far into shady territory it becomes indistinguishable from actual malware. This is Lenovo/Superfish all over again.
I have zero connection to this company but if you are looking for a reliable, fast, unlimited VPN I would check out Private Internet Access (<a href="https://www.privateinternetaccess.com/" rel="nofollow">https://www.privateinternetaccess.com/</a>) I've got a number of friends who use this and I've been using it for a little over a month and have nothing but good things to say. At $40/yr it's well worth it IMHO and provides a native VPN client, PPTP, and Socks5 (They have mobile apps as well to make it easier but you can use PPTP directly as well).<p>I use it 100% of the time on my phone and on my laptop unless I'm at work (internal resources that I haven't figured out how to play nice with yet).
Hola extension has been removed from Firefox and Chrome download sites. I read the source of the Firefox extension at one point and don't remember seeing any binaries or the so-called "zconsole". But <i>CSO Online</i> [1] is reporting the extensions were vulnerable (despite <i>Vectra</i> [2] not mentioning this).<p>It was also unclear to me how the browser extension could be used to share user's traffic; it didn't seem like the extension did that, but I didn't read the source code too carefully.<p>Does anyone has a copy of these extensions?<p>I am disappointed the Windows and Android apps were vulnerable and that Hola didn't market their software better. It's probably the coolest app since Napster. Yes, it's a botnet of sorts, but the Internet needs a way to let users disassociate themselves from IP addresses. And most proxy services are easily identified.<p>[1] <a href="http://www.csoonline.com/article/2928817/vulnerabilities/hola-vpn-client-vulnerabilities-put-millions-of-users-at-risk.html" rel="nofollow">http://www.csoonline.com/article/2928817/vulnerabilities/hol...</a><p>[2] <a href="http://blog.vectranetworks.com/blog/technical-analysis-of-hola" rel="nofollow">http://blog.vectranetworks.com/blog/technical-analysis-of-ho...</a>
Coming from the receiving end of this. As a user of a anonymous image board this happen recently. It seems that hola is selling botnet access. Of course users are "vetted" that they are not going to use the access for nefarious purposes before they gain access. In this case one of the "vetted" users decided to DDOS said anonymous image board. (Note:Could be some other actors involved, but have confirmation from other board users).<p>Update(Confirmation from TorrentFreak): <a href="http://torrentfreak.com/hola-vpn-sells-users-bandwidth-150528/" rel="nofollow">http://torrentfreak.com/hola-vpn-sells-users-bandwidth-15052...</a>
Hola is going down a dangerous route here by turning all of their users into exit nodes, but if they actually make this work it would give them a unique position among all VPN providers.<p>Legally this is a very risky endeavor though. In Germany for example (where I'm based), people are even scared of sharing their Internet contract with their neighbors since the account owner can be held responsible for any illegal activities (e.g. downloading copyrighted content) that are carried out through his/her connection. Allowing other people to "freeload" on my connection would therefore be a big no-no here. The only way around this risk would be to record and attribute the connection information to each user of the service, but this would of course eliminate many of the advantages of using a VPN again (e.g. privacy).
So this is interesting to me because lately, I've been looking for a VPN that would work for my little brother who is trying to make it to the point that he can stream full time on Twitch. The problem is that he has been targeted by script kiddies, who found his IP address through Skype. Shame on you skype.<p>That said, I've been looking for a good VPN for him. It seems that ProXpn isn't as solid as I thought it was because they found his IP there and were able to (D)DOS not sure how exactly they are doing it at this point, him. They have also been able to get him banned from Twitch via his IP. He needs a VPN with enough bandwith that he can do Twitch and Skype (under a different name), all while playing games. I figured ProXpn would be sufficient, but I've never loaded it like that.<p>Also, there is no guide out there for streamers, or people who are in the public eye on the internet, on how to avoid getting attacked by script kiddies. Or at least no guide that I've found sufficiently useful, and yes I have googled this. Does anyone here have any references they can point me to that give the "what not to do" for streamers, youtubers, big twitter people, etc?
So far I've told him.<p>-Use strong passwords: LastPass and yes I know this is a point of contention but it's better then what he is using and it's accessible enough for him that he'll actually use it.<p>-Don't click links in chat: Because duh (Is there a way to verify the safety of said links first)? I know of none.
-Obfuscate your Skype id: This seems to be a major tool in finding IPs.<p>-Keep a personal and a public email: Personal goes to banks and stuff, public goes to everyone else.<p>-Don't friend people on Steam you don't know.<p>Am I missing any major advice points that seem easy to follow?<p>Edit: formatting and added steam bullet point.
I wish to just use OpenVPN but it's not so easy. Certificates - no problem. Forward DNS requests - there is an option for it in the config file. Routing entire traffic through OpenVPN - quite tricky unless you're fluent in command line network management tools and computer networks in general.
Hola really don't make it clear what you are installing when you download it.<p>All you think is, "I'm installing a browser add-on to watch Netflix in another country". You sort of assume it's only actually running when you are actively using it for Netflix, but it's running all of the time.<p>I first noticed something was up when I installed Hola (for Netflix) then all of a sudden Fiddler wouldn't work anymore. Had me completely stumped, then somebody on StackOverflow suggested turning off Hola and that indeed sorted it. - <a href="http://stackoverflow.com/a/19905099/969613" rel="nofollow">http://stackoverflow.com/a/19905099/969613</a>
I think that Chrome users are relatively unaffected by this if they installed the extension trough Google Play thanks to Chrome's security model. In that case I think it's just routing the traffic trough their proxy and not installing the shady zconsole or changing the SSL certificates.<p>Still, creating a new user profile just for watching netflix is recommended.
They've posted some kind of explanation/apology on their blog:<p><a href="http://hola.org/blog/the-recent-events-on-the-hola-network" rel="nofollow">http://hola.org/blog/the-recent-events-on-the-hola-network</a>
Is there a way to make sure hola uninstalling the hola extension removed everything hola related from my pc? I can imagine with the level of access this extension had(I didn't even know Chrome extensions could have this level of access) just removing the extension isn't enough.
i used Hola VPN experience . i am sorry to say used bad experience for web surfing and ip changing because show the top domain surfing our country and reconnect and reconnect the hola ip. Otherwise good system and add on but reconnect the web surfing heritage. it compare the other VPN Like Ivacy and PureVpn is Good Vpn services both experience nice, not encryption from website browsing and surfing , also secure