Hola has explicitly denied any suggestion that its Chrome extension contains malware, labeling the claim as “obviously false” and reassuring customers that it is working with Google to resolve the issue.
Hola VPN denies that its Chrome Extension contains malware.
Now the extension has been disabled, it is essentially impossible to verify whether it contained malware or not. However, it is possible to state that Hola VPN is not a safe VPN service to use, on any device or browser.
Hola VPN puts your privacy and security at risk simply by having the software installed. It logs almost everything you do online, has a history of security breaches and vulnerabilities, and doesn’t even encrypt your data if you’re a free VPN user.
We don’t recommend using Hola VPN on any browser or device, including Google Chrome.
In this section, we’ll take a detailed look at the reasons why Hola VPN is unsafe to use with Chrome and in general.
Skip to the next section if you’d rather learn how to remove Hola VPN from Chrome, or check out our recommendations for three alternative VPNs that are better and safer than Hola VPN.
1. Overly-Intrusive Logging Policy
Hola has one of the most privacy-unfriendly logging policies we’ve ever seen. The company openly admits to recording and storing information about its free users such as:
- The websites you visit
- The time and date you visited those websites
- How long you spent on each website
- Your birth date, profile picture and friends list (if you register or sign in via a social network)
- Your public IP address
This is an excessive amount of data for a VPN service to collect from users, especially given that they retain the information for “as long as necessary”. It’s very likely that they’re sharing your data with third-parties, too.
Unfortunately, there’s a precedent for this. We found that Touch VPN’s Chrome extension logs your data and shares it with advertisers and law enforcement agencies.
There is simply no need to use a VPN with this level of disregard for your online privacy. It is one of the primary reasons why we advise readers to remove Hola VPN from their device.
2. Shares Your IP Address & Bandwidth
Hola Free VPN does not work like a normal VPN service.
Usually, VPN services will own or rent a network of servers located around the world. When you turn on the VPN, your traffic is routed through one of these private servers. This means the websites you visit see your connection originating from the location of the VPN server, and not from your true location.
By contrast, Hola VPN uses a peer-to-peer (P2P) network which routes your connection through another Hola users’ device on its way to the internet. Your traffic takes on their IP address, allowing you to access websites that are available in their location, but not yours.
Hola describes its P2P network as a “community-powered VPN”.
The P2P architecture lets Hola operate with significantly reduced costs because they don’t have to own and operate a network of servers themselves.
However, it puts users’ privacy and security at risk. By signing up to Hola Free VPN and using it with Chrome, you agree to join the P2P network. You agree to let other Hola members use your IP address for their own online activity. That means someone you don’t know could do something illegal online, and it would be traceable back to you and your device.
Being a peer in the network also means providing Hola with access to some of your device’s bandwidth. Not only is this a possible security threat, it’s also going to be costly if you have a slow internet connection or a monthly data limit.
The service claims to take bandwidth only when your device is charging and not in use, up to a maximum of 3MB a day on mobiles or 100MB on desktops. However, this is still concerning.
NOTE: Hola’s FAQ section states that the Chrome extension “operate[s] as a standard VPN service, and [is] not part of the Hola VPN peer-to-peer network”.
There are no extra details to evidence this claim, but if accurate it suggests the Hola VPN Chrome extension was not susceptible to the risks associated with Hola’s P2P architecture. Users were still subject to the company’s intrusive logging policy, though.
3. Hola Has A Controversial & Untrustworthy History
Because Hola VPN gives other users access to your device’s idle resources, the software is repeatedly at the center of events that highlight the company’s lack of transparency, security and care for its users’ privacy:
- Luminati: In 2014, it was revealed that Hola sells access to the VPN’s P2P network through its sister company, Luminati. This means it’s not just other Hola Free VPN users you’re letting use your IP address and bandwidth.
For just $20 per GB, Luminati customers can buy their way onto your device (Luminati has recently rebranded to Bright Data, but the same business model is still in place).
Hola VPN sells your IP address and bandwidth to Luminati customers, too.
- 8chan Botnet Attack: Hola’s association with Luminati came to light after one customer used the idle resources of thousands of Hola Free VPN users to carry out a Distributed Denial of Service (DDoS) attack on 8chan.
This prompted a team of security researchers to set up the Adios, Hola! website, which describes Hola VPN as a “poorly secured botnet” and encourages everyone to uninstall it.
- Malware: These same security researchers also found that Hola’s P2P design effectively allowed hackers to run whatever lines of code they liked on your computer. They could use this to install spyware, steal personal information, or infect your device with malware.
- Chrome Extension Hacked: In 2018, the Hola VPN Chrome extension was hacked for five hours. In this time, the hackers stole huge amounts of cryptocurrency from Hola users with the management platform MyEtherWallet. One individual reported losing approximately $12,000.
EXPERT TIP: Since Google blocked the Hola VPN Chrome extension, a number of APKs and cracked versions of the add-on have been created. We strongly advise against downloading one of these – not only for the reasons outlined above, but also because APK files and cracked software from unknown sources may often contain malware of its own.
4. No Netflix, No Torrenting & No Encryption
In addition to all of the privacy, security, and transparency issues described above, the fact is that Hola Free VPN is simply not a very good VPN service.
While its speeds are somewhat quick, our Hola VPN tests show the VPN doesn’t unblock Netflix, BBC iPlayer or Hulu.
In other words, you won’t be able to stream international content on Chrome regardless of which version of Hola VPN you’re using.
Hola also blocks all torrenting and P2P traffic on its network. Morever, the VPN doesn’t work in China and other highly-censored nations.
Most worryingly, Hola Free VPN doesn’t encrypt your data in any way. Your traffic is sent to the other nodes in the network unprotected. There is no kill switch, leak protection or split tunneling features, either.
Hola Premium VPN:
You can avoid becoming an exit node in Hola’s P2P network by upgrading to Hola’s Premium VPN subscription. It costs $2.99 a month (if you sign up for 3 years) or $14.99 for a rolling monthly subscription.
The premium service works more like a standard VPN and does use AES-256 encryption, as well as the IKEv2 protocol and a kill switch. That said, you’ll still be subject to Hola’s invasive logging policy and, for that reason, it’s not worth the risk.
Hola VPN offers premium subscription tiers that include encryption.
There are cheaper VPNs that work better, are more privacy friendly, and are operated by more trustworthy companies.