Author Topic: Why You Should Immediately Uninstall Hola  (Read 1109 times)

Offline thaiga

  • Korat forum specialist
  • *****
  • Posts: 16097
Why You Should Immediately Uninstall Hola
« on: June 01, 2015, 12:09:52 AM »
can this be true :-[

Why You Should Immediately Uninstall Hola

Hola is harmful to the internet as a whole, and to its users in particular. You might know it as a free VPN or "unblocker", but in reality it operates like a poorly secured botnet - with serious consequences.

You might be vulnerable. We can't reliably check for Hola on every platform. If you have Hola installed, you should uninstall it right now. Read on for details.

UPDATE (May 31, 2015): Hola has pushed yet another update to their Windows version, that breaks the (harmless) method we use to determine whether you are vulnerable. This does remove the tracking vulnerability, but leaves the other issues intact.

Android remains vulnerable to tracking. All versions remain vulnerable to the code execution issues. You are still vulnerable if you are running Hola, we just can't do a (harmless) check for it anymore.

While Hola still hasn't put out a proper statement towards its users, they have updated their website and FAQ, which is a start. Unfortunately, both of these changes still do not explain the legal consequences.

We continue to suspect that today's 'patch' was primarily an attempt to break our vulnerability checker, and that fixing the tracking vulnerability was merely an unintended side-effect.

Here are some of the ways in which Hola puts you and everybody else at risk.

1. They allow for you to be tracked across the internet, no matter what you do

Good news, it looks like you can't be tracked through (your version of) Hola!

Want to know what it would've looked like if you could? Click here!

2. They send traffic of strangers through your internet connection

Hola is a "peer-to-peer" VPN. This may sound nice, but what it actually means is that other people browse the web through your internet connection. To a website, it seems like it's you browsing the site.

Perhaps that doesn't seem bad to you. However, imagine that somebody uploaded something illegal through your connection, for example. To everybody else, it seems as if it was your computer that did it, and you can't really prove otherwise.

The operators of "exit nodes" for the Tor anonymity network have had similar issues. Being a Hola peer is more or less equivalent to running a Tor exit from home - something the EFF even explicitly recommends against.

And even if you can prove your innocence, you can still get raided and tangled up in a long legal process. And as a bonus, it'll use your bandwidth - not exactly desirable if you have a slow connection, or a low data cap.

This is an unfixable problem, that Hola doesn't disclose transparently. It's how Hola is designed to work, and it cannot function without it.


Anyone who goes to a psychiatrist should have his head examined.