Why You Shouldn’t Use Hola VPN on Chrome
In September 2021, Google removed the Hola VPN extension from the Chrome Web Store because it contained malware.
Google has now reinstated the Hola VPN extension, however our tests reveal Hola VPN is still not a safe VPN to use, on any device or browser.
Hola VPN puts your privacy and security at risk simply by having the software installed.
The VPN logs almost everything you do online, has a history of security breaches and vulnerabilities, and its free VPN doesn’t even encrypt your web traffic.
We don’t recommend using Hola VPN on any browser or device, including Google Chrome.
In this section, we’ll take a detailed look at the reasons why Hola VPN is unsafe to use with Chrome and in general.
1. Overly-Intrusive Logging Policy
Hola has one of the most privacy-unfriendly logging policies we’ve ever seen.
The company openly admits to recording and storing information about its free users such as:
- The websites you visit
- The time and date you visited those websites
- How long you spent on each website
- Your birth date, profile picture and friends list (if you register or sign in via a social network)
- Your public IP address
This is an excessive amount of data for a VPN service to collect from users, especially given that they retain the information for “as long as necessary”. It’s very likely that they’re sharing your data with third-parties, too.
Sadly, there’s a precedent for this. We found that Touch VPN’s Chrome extension logs your data and shares it with advertisers and law enforcement agencies.
There is simply no need to use a VPN with this level of disregard for your online privacy. It is one of the primary reasons why we advise readers to remove Hola VPN from their device.
2. Shares Your IP Address & Bandwidth
Hola Free VPN does not work like a normal VPN service.
Usually, VPN services will own or rent a network of servers located around the world. When you turn on the VPN, your traffic is routed through one of these private servers. This means the websites you visit see your connection originating from the location of the VPN server, and not from your true location.
By contrast, Hola VPN uses a peer-to-peer (P2P) network which routes your connection through another Hola users’ device on its way to the internet. Your traffic takes on their IP address, allowing you to access websites that are available in their location, but not yours.
The P2P architecture lets Hola operate with significantly reduced costs because they don’t have to own and operate a network of servers themselves.
However, it puts users’ privacy and security at risk. By signing up to Hola Free VPN and using it with Chrome, you agree to join the P2P network. You agree to let other Hola members use your IP address for their own online activity. That means someone you don’t know could do something illegal online, and it would be traceable back to you and your device.
Being a peer in the network also means providing Hola with access to some of your device’s bandwidth. Not only is this a possible security threat, it’s also going to be costly if you have a slow internet connection or a monthly data limit.
The service claims to take bandwidth only when your device is charging and not in use, up to a maximum of 3MB a day on mobiles or 100MB on desktops. However, this is still concerning.
NOTE: Hola’s FAQ section states that the Chrome extension “operate[s] as a standard VPN service, and [is] not part of the Hola VPN peer-to-peer network”.
There are no extra details to evidence this claim, but if accurate it suggests the Hola VPN Chrome extension was not susceptible to the risks associated with Hola’s P2P architecture. Users were still subject to the company’s intrusive logging policy, though.
3. Hola Has A Controversial & Untrustworthy History
Because Hola VPN gives other users access to your device’s idle resources, the software is repeatedly at the center of events that highlight the company’s lack of transparency, security and care for its users’ privacy:
- Luminati: In 2014, it was revealed that Hola sells access to the VPN’s P2P network through its sister company, Luminati. This means it’s not just other Hola Free VPN users you’re letting use your IP address and bandwidth.
For just $20.00 per GB, Luminati customers can buy their way onto your device (Luminati has recently rebranded to Bright Data, but the same business model is still in place).
- 8chan Botnet Attack: Hola’s association with Luminati came to light after one customer used the idle resources of thousands of Hola Free VPN users to carry out a Distributed Denial of Service (DDoS) attack on 8chan.
This prompted a team of security researchers to set up the Adios, Hola! website, which describes Hola VPN as a “poorly secured botnet” and encourages everyone to uninstall it.
- Malware: These same security researchers also found that Hola’s P2P design effectively allowed hackers to run whatever lines of code they liked on your computer. They could use this to install spyware, steal personal information, or infect your device with malware.
- Chrome Extension Hacked: In 2018, the Hola VPN Chrome extension was hacked for five hours. In this time, the hackers stole huge amounts of cryptocurrency from Hola users with the management platform MyEtherWallet. One individual reported losing approximately $12,000.
EXPERT ADVICE: Since Google blocked the Hola VPN Chrome extension, a number of APKs and cracked versions of the add-on have been created. We strongly advise against downloading one of these – not only for the reasons outlined above, but also because APK files and cracked software from unknown sources may often contain malware of its own.
4. No Torrenting & No Encryption
In addition to all of the privacy, security, and transparency issues described above, the fact is that Hola Free VPN is simply not a very good VPN service.
While its speeds are somewhat quick, our Hola VPN tests show that the VPN blocks all torrenting and P2P traffic.
This is verified by the FAQs on its website, which state that torrenting clients are not permitted on Hola’s network. Morever, the VPN doesn’t work in China and other highly-censored nations.
Most worryingly, Hola Free VPN doesn’t encrypt your data in any way. Your traffic is sent to the other nodes in the network unprotected. There is no kill switch, leak protection or split tunneling features, either.
Hola Premium VPN:
You can avoid becoming an exit node in Hola’s P2P network by upgrading to Hola’s Premium VPN subscription. It costs $2.99 a month (if you sign up for 3 years) or $14.99 for a rolling monthly subscription.
The premium service works more like a standard VPN and does use AES-256 encryption, as well as the IKEv2 protocol and a kill switch. That said, you’ll still be subject to Hola’s invasive logging policy and, for that reason, it’s not worth the risk.
There are cheaper VPNs that work better, are more privacy friendly, and are operated by more trustworthy companies.