Disclosure: Privacy Australia is community-supported. We may earn a commission when you buy a VPN through one of our links. Learn more.
Hola VPN Founder: Should New Free VPNs Be Avoided?
One of the most popular proxies in the world – behind Hola VPN – just launched a new service called BrightVPN.
Bright Data’s BrightVPN is being touted as a new ‘industry disruptor.’ It will allegedly offer all of the features available on a subscription-based traditional VPN, while staying 100 percent free for all users. But with Hola’s historically sketchy performance, should this new creation be avoided?
What is Hola VPN? 🤔️
Let’s get up to speed. Hola VPN has been around for a long while now, available as browser extensions to let users un-geoblock many websites and services regardless of country and without data restrictions.
Hola claims to get around the need for data restrictions because it innovated peer-to-peer networking that is designed to create proxies to bypass ISP censors. While a promising technological model, P2P networks have serious security gaps.
Hola’s history of privacy 🛡️
The rabbit hole: HolaVPN has been wickedly good at getting glowing write-ups from sources like Insider and CNN. But their PR campaign belies a technological and business model that goes against their terms of services and customer expectations.
VPNs are usually networks of servers physically located in different parts of the world. Sometimes these physical servers are tweaked to appear, when online, as though they are in a different part of the world.
But you’re connecting to an actual server when you log into the internet, which acts as a tunnel that masks your traffic and location origin.
HolaVPN does the same thing, but rather than a network of servers, it turns each computer – connected onto it – into nodes. This is known as peer-to-peer networking. And it means the company does not need to maintain servers – each computer is turned into a mini server.
Risks of peer-to-peer VPN networks ➡️
First a quick rundown on how P2P networking works. Let’s say for instance, you’re based in the UK and connected to a network with a Canadian who wants to stream BBC iPlayer.
Rather than the Canadian needing access to a private or dedicated server in the UK, HolaVPN siphons off a portion of your computing power to the Canadian. A small fraction of your device’s resources will be diverted so that the user can tunnel through your user device.
Website Adios, Hola was formed by a group of security experts, who detected numerous serious vulnerabilities in the networking system, which were not just small oversights.
P2P networking saves Hola from needing to maintain a dedicated physical server. But, by routing data between user devices, the company exposes data to non-privileged users using the network to tunnel. Individual users can be tracked from site-to-site, viewing sensitive information – everything from unique session keys to installation directories, and other PII data packets.
To make things worse, one major security gap lets any user launch executables on other devices, meaning that a cyberattacker could install more malware onto your device without you realising.
By connecting to our known peers, hackers can use this communication to radically alter permissions – from no privilege to system-admin level. Some users were hit with the hardest to detect and remove malware, like rootkits, which were installed on their devices through the P2P connection.
Monetizing your IP address
So, the new BrightVPN offering works in the same way that we’ve seen before… Founded by Ofer Vilenski, who was also the founder for Hola VPN – Ofer also founded company Luminati, which is now called Bright Data.
It might be interesting to some to learn how Bright Data grew to fame:
Bright Data grew out of secretly selling slave IPs
Bright Data currently has over 10,000 customers, with a few among them being Fortune 500 companies. The company, formerly known as Luminati Networks claims its mission is to boost internet transparency by letting users reach any website and public web data – wherever they reside. Without regional restrictions and other firewalls.
Until BrightVPN, the company didn’t actually go about making VPNs. It instead sold networks made up of slave computers, taking further the idea behind Hola P2P VPN.
From tablets to smartphones and computers, a range of devices can be used. Some of your idle power available during the day can be harnessed, to give latent resource supplies to businesses. There are a lot of legitimate use cases for this business model. But the darker truth behind Bright Data is it was able to amass its database of IP addresses by secretly collecting it through Hola.
Since 2016, it’s been operating independently of Hola. But the initial free browser extension was able to amass a whopping 2 million mobile IP addresses, 35 million residential IP addresses, and what amounts to 1/10 of the USA population – through its free Hola VPN.
In short, the history behind BrightVPN is it was able to grow by secretly monetising user IPs.
New BrightVPN service – is it any good?
Issues aside, BrightVPN is a totally free offering. It will need no technical skills to operate.
And the full VPN software can supposedly be set up, from download to being ready for connections, in only 40 seconds – according to Bright Data’s sales promotionals.
The software gives users options to view settings, to decide whether their IP address is given or refused when requested by the sites they are accessing. The VPN service is actually a subset of a bigger crowdsourcing project – with features that are allegedly a rival to the most expensive premium VPNs on the market.
All of this will remain free, without the hazards associated with free VPNs, according to BrightVPN. The company claims their client is secure enough to be leak free, so that you can stay hidden online and withhold your IP address away from forcible tracking by commercial parties.
What happens to the original HolaVPN? ➡️
Bright Data, formerly known as Luminati, Has claimed independent operations from Hola since 2016. But with the historic ties, the company has made a statement that the free HolaVPN service, which currently has a user-base of millions, will continue operating for free, with a premium option.
“HolaVPN’s mission also remains the same, to provide web transparency to all,” BrightData said in a recent interview.
“BrightVPN is our newest VPN-based product that is configured to maximize users’ privacy. Both products serve different needs in what is an increasingly demanding market for these services.”
Risks of slave networks
Bright Data’s business model, of capturing and selling IP addresses of slave computers, that make up its P2P network, is closely similar to how botnets work on the dark web by cybercriminals:
Botnets are also called “robot networks.” This simply means a machine network that has bots preinstalled. Whoever is in control of the bots can freely manipulate the device. When you install Hola VPN, or one of its subsidiaries, you are also opting to have a bot installed on your device.
Both HolaVPN and BrightVPN admit to using botnets. But keep in mind that these can be altered to generate other revenue, whether it’s through crypto mining, ad manipulations, or DDoS attacks.
One of the more successful botnet networks was known as ZeroAccess. Studied by Norton Symantec, the project was found to have amassed 1.9 million IP addresses using a P2P network. Money was generated by two means: bitcoin mining and ad-click fraud.
This amounted to a staggering tens of millions generated by click fraud – and $2000 a day or $100,000 a year from bitcoin mining.
Slave computers were used to fraudulently click on advertisements, to give the impression of ads to be more popular than actuality. From this alone, ZeroAccess generated nearly 500TB of traffic daily, costing each user in the P2P network about $110 of electricity a day, or $204 million a year.
ZeroAccess was able to do that with only a network of 1.9 million IP addresses. Whereas Bright Data currently sits on around 40 million IP addresses.
Should I use BrightVPN?
Based on HolaVPN’s track record, when considering BrightVPN we would advise strong caution. The P2P model is yet to be proven rocksolid for private tunnelling. In the next few months, tests will unveil more about their security level.
All we have to go by – for the moment – is Bright Data’s reputation, which isn’t ideal.
You Might Also Like: