July 27th, 2015
We get it – signing up for a VPN and paying money for it seems a waste when there are free VPN services out there! But do you really know what you’re getting into with a free service?
The first question is how is a free VPN sustained? There are obviously lots of ongoing costs in running a VPN service the biggest one being servers and bandwidth. Without a paid model, there has to be a way to monetize unless someone is running VPNs at a huge operating loss out of goodwill.
“If you’re not paying for a product, you ARE the product.”
The most common way is to serve advertising, selling customer data or aggregated statistics on customer use. However Hola VPN, a free VPN provider, took it a step further by using a user’s bandwidth!
With over 7 million installs on the Chrome Webstore alone, it’s easy to trust such a provider. It’s free, and it works on almost all devices. You’re thinking: It must be pretty huge with a lot of servers all over the country then!
Nope. Hola uses user devices as endpoints. This means that no one is routed through servers owned by Hola but instead of through each other. And there is evidence that this has been abused leading to potentially serious security ramifications for its users.
A paid for VPN service (example: BolehVPN) instead only routes traffic through it’s own servers and its own bandwidth and uses proven techniques in ensuring privacy. The responsibility lies with us and also because we do monitor our server’s overall bandwidth usage (not user activity), we are able to ensure a consistent quality of service across our servers. The trust of the VPN provider is still key but Hola’s approach introduces outside factors as well as other users can also abuse the system as we shall see below.
What is an endpoint though?
Endpoints are nodes that talk to websites or services that other Hola users access. Basically: YOU are the VPN server. This means that your bandwidth is being used, and your real IP potentially exposed. And there’s no way to opt-out for free, only if you purchase Hola Premium.
Hola also sells YOU to commercial users through their Luminati site; their endpoints are sold as use for brand monitoring, load tests, or in one case they were used for a DDOS attack on 8chan. This means that your real IP is the IP that will show up on a website or services logs if someone were to use Luminati for illegal activities. To their credit, Hola says they have a record of the real ID of Luminati users. But do you really want to risk the headache of explaining all this to your local authorities?
You can read more about Hola’s response here.
What’s the takeaway?
Things are seldom for free. Take this in mind when choosing whether to go for a free or paid VPN service. Alternatively, if you don’t mind the slow loading speeds, TOR makes an excellent privacy tool for free, however remember that you are trusting an anonymous exit node/endpoint as well. Read more about this here and here.