Skip to Main Content

Hola Better Internet Sells Your Bandwidth, Turning Its VPN into a Botnet


Hola Better Internet is a popular Firefox and Chrome extension that allows you to watch blocked content overseas. However, there’s something more nefarious going on behind the scenes: the company is selling the bandwidth of Hola users to anyone with money to buy, effectively turning its users into a botnet for hire.

To understand the issue here, it’s important to understand how Hola works. Since it’s a peer-to-peer VPN, users in one place (say, Europe) that want to “appear” in another place (like America) are essentially routed through a user in their desired location. That means, unless you pay for Hola premium, you act as an “exit node” for other users, similar to services like Tor.

Unlike Tor, however, Hola users can’t opt out of being an exit node in the free version. The problem with being an exit node, of course, is that when someone is connected through you and does something illegal or against your ISP’s terms of service, you could be held accountable—and since Hola makes no promises to encrypt your traffic, it carries the same risk that using a service like Tor does (even if that risk is slight.) By using Hola, you’re trusting that the users connecting to you aren’t doing anything crazy, and that Hola would stop them from doing anything illegal.

This would all be fine if you were just an exit node for other users, but it turns out that Hola has been aggregating and selling the bandwidth of its user “exit nodes” through a service (which Hola also owns) called Luminati. This means anyone who wants to can essentially buy the bandwidth of Hola users, then direct it as they see fit—and that’s what one user did. He bought up a ton of bandwidth from Luminati and used it to attack anonymous message board 8chan. Hola says this was a mistake, and the user just got through their screening process, but you can see why this is incredibly sketchy behavior.

While Hola’s FAQ has always explained the peer-to-peer nature of the service, it never made mention of that kind of centralized control, never mentioned Luminati, and never mentioned the fact that they were essentially selling your bandwidth until very recently. This isn’t Hola’s first offense, either. You may remember when Hola was caught “testing injected ads” into its users’ browsers too. Between these two events, we no longer recommend using them, and we’ll update our guide to streaming blocked content overseas soon with a new alternative.

At the end of the day, Hola was just trying to make money while providing a free service—but the way they used their customers and hid their behavior was certainly problematic. Like almost every free VPN, using it comes with a tradeoff, whether it’s in slow speeds, limited bandwidth, or your browsing history being used for advertising, but in this case the adage that “if you’re not paying for it, you’re the product” is literally true—with potentially worse consequences.

Hola | 8Chan via Hacker News and Business Insider