Unsafe Peer-to-Peer Network
Hola Free VPN routes your internet traffic through other users’ devices to spoof your IP address and bypass website blocks.
In turn, other users can use your IP address as they please. This is dangerous as your IP address can be used for criminal activity, which would be tied to your identity and home address.
A website named Adios, Hola!, created by security researchers, states that Hola is “harmful to the internet as a whole, and to its users in particular” and labels it a “poorly secured botnet” with “serious consequences.”
The researchers at Adios, Hola! discovered various vulnerabilities within the Hola VPN architecture, one of which reportedly allowed anyone to execute programs on your computer.
According to the website, Hola fixed some of the vulnerabilities, but others still remain.
An example of this happened in 2015, when 8chan founder Fredrick Brennan claimed that his website had been DDoS attacked by users exploiting the Hola network. This was later confirmed by Hola VPN co-founder Vilenski.
Hola VPN is also vulnerable to IP address leaks and has facilitated data scraping, according to cybersecurity firm Trend Micro.
Hola VPN Lacks Basic Security Features
Hola VPN’s mobile apps use the outdated and insecure PPTP and provide no encryption. Your internet traffic is left unencrypted and encased in an easily hacked tunneling protocol.
Put simply, it’s not safe to use Hola VPN on mobile.
On Windows, Hola VPN defaults to the IKEv2/IPSec protocol, but its website states that the app may switch to PPTP to overcome specific geo-blocks.
We also found a drop-down menu for different encryption ciphers, with AES-256 listed as the default.
We verified this using Wireshark: a packet-sniffing tool. All of our data packets displayed incoherent symbols encased by the IKEv2/IPSec protocol, rendering our browsing activity private.
Hola VPN only encrypts traffic on its PC app.
Although this is an improvement on its mobile apps, the IKEv2/IPSec protocol is closed-source and has known security vulnerabilities.
We’d like to see Hola VPN introduce secure and open-sourced tunneling protocols such as OpenVPN or WireGuard. This would improve trust and ensure that your personal data remains private.
We couldn’t test the macOS app as it blocked our internet access. However, we find it unlikely that it uses proper encryption or tunneling protocols, as we couldn’t locate either within its settings menu.
Faulty Kill Switch With Limited Availability
Only Hola VPN’s Windows app comes equipped with a VPN kill switch. Hola users on mobile and macOS are left unprotected in the event of a VPN disconnection.
We ran the Windows kill switch through our in-house kill switch testing tool and found that it leaked our real IP address, too:
We experienced an IP leak while reconnecting to the internet.
Technical Features We’d Like to See Added
Hola VPN fails to include basic technical features that we expect all VPN services to have. Here’s a summary of the most important ones it’s missing:
- VPN server network to safely and securely route internet traffic, without the need of other users’ IP addresses.
- AES-256 encryption on all apps to protect your data and conceal your online activity.
- Modern VPN protocols such as WireGuard and OpenVPN ensure that your internet traffic is kept secure. They’re fast, open-source, and have no known security issues.
- VPN kill switch to prevent your personal data from leaking in the event of an unexpected VPN disconnection.
- IPv4 & IPv6 Leak protection to guarantee your real IP address remains private.