HolaVPN is one of the many so-called Free VPNs which has been downloaded onto millions of devices around the world.
We have warned about the many risks associated with these Free VPNs before, but now Trend Micro, one of the world’s leading cybersecurity companies has weighed into the argument with a research paper exposing the truth behind HolaVPN.
HolaVPN markets itself as a ‘community VPN’ and claims that it can help users to unblock websites by sharing their internet connections. However, as Trend Micro explain in their report, entitled Illuminating HolaVPN and the Dangers It Poses, their approach actually poses a number of very severe risks.
HolaVPN offers no encryption or IP Address privacy
When a service uses the term VPN, most people would think it is safe to assume that service encrypts the internet data of its users. But that is not the case with HolaVPN. The data of HolaVPN’s users is not protected by encryption at any point while using their service, which means anyone can see what you are doing online.
If HolaVPN doesn’t encrypt data, then you might at least assume that it protects user privacy by hiding their original IP Address. But think again. HolaVPN routinely leaks the IP Addresses of all its users meaning there are no privacy benefits from using it.
This is actually really dangerous because a lot of free VPN users come from developing countries and are using VPNs to access content censored by the authoritarian governments. If they are caught doing this, there could be serious consequences and HolaVPN offers no protection whatsoever against this.
The absence of any genuine security or privacy protections is probably enough to put you off HolaVPN already. But remarkably, there is more.
The ‘Community VPN’ myth exposed
HolaVPN’s rather ideological claim to be creating a VPN community where everyone shares their internet connection to make censored and blocked content available everywhere will no doubt appeal to many users who dream of such an online utopia.
But as Trend Micro has revealed, the reality of the service HolaVPN provide is very different. They have concluded that the Community VPN aspect of their service simply doesn’t exist. Instead, HolaVPN users web traffic is redirected through one of about a thousand exit nodes hosted in data centres around the world.
So, in claiming to offer a community VPN, HolaVPN are, at best seriously misrepresenting the service they offer, and at worst lying to those using their service.
If you have downloaded the free HolaVPN app onto your device, there is something even more worrying to content with.
Trend Micro’s analysis found that when you download the HolaVPN, your device is turned into an exit node which HolaVPN makes money from through a commercial service called Luminati, which they own.
Luminati sells the extra bandwidth of HolaVPN users to third parties by offering a residential proxy service. This means that your bandwidth can be used by anyone signed up to Luminati. This could include cyber-criminals, paedophiles, and absolutely anyone else.
A proxy service offers a high degree of anonymity which means they are immune from risk. But if they are piggybacking on your internet connection to commit illegal acts, it is quite possible that these could be traced back to you.
TrendMicro has analysed 100 million URLs on about 7,000 different computers which were being used by Luminati in 2017 and 2018.
They found 85% of the traffic on their network was linked to mobile advertising, which is hugely profitable to Luminati but not strictly illegal. But they did also found evidence of various criminal acts taking place too including data scraping and the hacking of webmail and other private online services.
TrendMicro concludes HolaVPN is unwanted and high risk
As a result of these findings, TrendMicro has decided to categorise HolaVPN as unwanted, high-risk software. Their recommendations to all individual and corporate users is not to allow HolaVPN on their networks.
This is a conclusion that we fully endorse. HolaVPN is one of the worst examples of a free service abusing the term VPN to exploit users online data and bandwidth.
By failing to provide any kind of online security or privacy protection, HolaVPN is conning their users with false claims and potentially exposing them to very serious risks.
We strongly advise anyone reading this who is using HolaVPN to delete all the software from their device as soon as possible and run a thorough sweep to ensure that no nasty hidden surprises have been left behind.
If you want to benefit from the encryption and online privacy protections offered by a VPN, we strongly recommend opting for a service like ExpressVPN. They only cost a few dollars a month and actually deliver what their promise.
If a few dollars is too much for you, there are other options. More affordable VPNs like NordVPN also offer a great service or you could opt for IPVanish, which offers ten simultaneous connections with every sign-up, and then split the cost with friends or family.
Whatever you do, don’t fall prey to free VPNs like HolaVPN, which are not interested in keeping you safe online, but just want to make as big a profit as they can.