Home Features Free VPN? Your PC may be a Zombie on a Botnet

Free VPN? Your PC may be a Zombie on a Botnet

Free VPN, Hola

By Best VPN Zone

The desire to save money is inherent in us, humans. When there is a cheaper or a free alternative available, we tend to go with it, as opposed to the paid option. The problem is, we do that even when our safety is at stake.

And while our physical security is something we keep in mind at most times, we rarely think about cybersecurity. It’s easy to overlook how dangerous neglecting it can be when looking at the screens of our devices. We do so many cool things with them, but what are the hidden risks?

This explains the popularity of free security products. And most of all, it concerns VPNs.


Because of how nonsensical the very concept of a “free VPN” is. Is it really “free”? The infrastructural costs have to be paid somehow. Nobody has set up a bunch of VPN servers all around the world, paying their rent and fees to register their activity in, who knows how many countries, just to provide charitable services, with no profit in mind whatsoever.

So, as the old aphorism goes: Something else becomes the product. Or rather, someone.

The situation is the same no matter what device you want to protect. Whether you’re looking for a VPN for Mac or for Windows, iOS or Android, or even for your set-top box (even more so in this case, really), there aren’t any completely free solutions. You have to forego something: either speed, bandwidth, or your security. Sometimes all three.

That’s not to say that there aren’t any acceptably reliable VPNs, that are almost free. But there is an important caveat: these are funded by a paid version. As you probably guessed, the paid version is going to be better than the free one in terms of speed, features, and traffic limitations. TunnelBear is one example of that.

It offers a paid version and a free one. It can be concluded, then, that the latter is funded by the former. And it makes sense because free users of this service are limited to 500 Mb of traffic per month, whereas there is no limit on the paid version–so there is a very clear incentive to go for the paid version.

Free, but at what cost?

So the verdict is the following: Free VPNs are, at best, not very convenient. At worst, they are plain dangerous.

Experts from VPN Review agree with that. According to them, free VPNs not only lack in features and impose speed and bandwidth limitations on their users, but keep logs on them, too.

What is scary, though, is few people know this or think about it. It seems that these considerations are outweighed by the good old desire to save money, and the even older desire not to bother.

In 2017, researchers from Australia, the U.K., and the U.S. studied 234 VPN applications available on the Google Play Store. They discovered that more than a third of these apps used malware to track users’ online behavior.

Take a look at Hola VPN, for instance. Its website claims that it is used by 200 million people as of today. Most of them use it because it is free.

The irony is, most of those users have not read the terms and conditions before installing Hola VPN. If they did, they would have learned about Hola’s business model. In lieu of payment, users contribute their “idle resources” of their computers to create a “community powered” peer-to-peer (P2P) network. So their PCs become “exit nodes” for other users.

Isn’t that scary?

If that alone did not make them reconsider, then reading about the whole Luminati debacle with selling bandwidth of Hola users to conduct DDoS attacks, will certainly get them thinking. This was reported by cybersecurity solutions company Trend Micro in December 2018. In case you haven’t about it, we will elaborate.

The Luminati debacle

Luminati is a residential proxy provider and, just like Hola VPN, it is owned by Hola Networks Ltd. As Hola’s “Terms of Service” point out, by signing up for the free service provided by Hola VPN, a user “may” become a peer in the Luminati network. Mind you, they do mention this fine print now but prior to the scandal, they did not, which is why there was a scandal in the first place.

Such a problem is not present for paid Hola users. Neither is the necessity to serve as an exit node for other Hola customers who may use one’s bandwidth and IP address to commit any sort of crime.

CISO MAG visited the Luminati website and saw a notice that reads: “Luminati is an ethical proxy network that requires consent from its Residential peers, has tight compliance procedures for its customers and serves Fortune 500 enterprises.”

This claim was not independently verified by CISO MAG.

Back to Luminati. It sells Hola users’ bandwidth to whoever is paying for it. It can then be used for any purpose, depending only on how law-abiding the buyer is.

What happened in 2015 was that a hacker bought a bunch of IP addresses that belonged to Hola VPN users from Luminati. He then used them to conduct a DDoS attack on 8chan, a popular imageboard. Say what you want about anonymous imageboards, but distributed denial of service is not fun.

Obviously, temporary disruption of the work of an entertainment website is not that big deal. However, there is nothing to prevent similar attacks against hospitals and other important facilities. Not to mention all other criminal activity that is possible to carry out by buying Hola users’ addresses from Luminati.

To quote the founder of Hola, when he was asked if all his customers knew how their IP addresses and bandwidth were or could be used, “no […] because most of them just don’t care”.

And here’s the cherry on top: “Free users of Hola do not even have access to a VPN, despite the name of the service. There is no encryption provided to them but just proxy addresses.”

You know that something is seriously wrong when other free VPNs can excuse their lackluster service by saying that at least, they don’t sell their users to be a part of a botnet.

Did those 200 million people not do any research or did they just ignore the facts that went against their desire to not leave the bubble?

One thing is certain: While there are people who are willing to do either, there are going to be more scandals like the Hola botnet one. And it is likely that every time it happens, people will act surprised that they have become the product.

CISO MAG did not evaluate the advertised/mentioned product, service, or company, nor does it endorse any of the claims made by the advertisement/writer. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.