Sign in. It’s quick, free and it’s up to you.
An account is an optional way to support the work we do. Find out more.
ONE OF THE most popular Google Chrome extensions is selling its users’ bandwidth, largely without their knowledge — and it can be used by hackers to maliciously attack websites.
Hola is a VPN — a “virtual private network”. As streaming platforms like Netflix have risen in popularity, there has been a corresponding boom in VPNs, which help users circumvent the regional restrictions that forbid Americans from watching certain BBC shows, or people in Ireland from watching some shows on Comedy Central in the US.
One of the most popular of these is Hola.
Unlike most VPNs, it’s free to download as an easy-to-use browser plugin in the Google Chrome store. It currently has more than 6 million users. CNN Money said, “Hola is changing the way we use the internet”.
To avoid the need for fees, Hola uses a peer-to-peer system, routing users’ traffic through other users’ connections. Someone in Ireland trying to watch an American-only service, for example, might be routed through an American user’s internet connection.
But it is also selling access to users’ bandwidth for a profit, via the service Luminati, Hola discloses on a little-read FAQ page.
Luminati lets users buy access to the Hola network for a fee, for instance if users need a secure way to route commercial traffic anonymously. This revenue keeps Hola free for users.
But in the wrong hands this same function can transform its networked users into an unwitting botnet, defined as “a number of Internet computers that, although their owners are unaware of it, have been set up to forward transmissions to other computers on the internet”.
Frederick Brennan found that out when Hola was used to attack his website earlier this week.
Brennan, often known by the online moniker “Hotwheels,” is the administrator of 8chan, a countercultural online messageboard. Earlier this week Brennan was targeted by thousands of “legitimate-looking” posts, “prompting a 100x spike over peak traffic,” he wrote in a blogpost.
The attack originated with a user called “Bui” (who has attacked 8chan before), who later told Brennan he had used Hola’s Luminati service to carry it out.
‘It got through our screening process’
Hola’s founder Ofer Vilenski confirmed to Business Insider that Bui had “got through our screening process.” he also said that the attack had been ended and Bui banned from the network.
Hola’s site explains in an FAQ how the peer-to-peer network works. But before Brennan reached out following the attack, there was only a brief acknowledgement that it might be used for “commercial” purposes, and no mention at all of Luminati, which has been in operation since at least October 2014. (A fuller explanation has since been added.)
With no indication on the homepage, it’s doubtful that many users realise that Hola is selling their bandwidth. A Reddit thread discussing the subject is filled users expressing their surprise and asking how to uninstall it (and in a strawpoll of people I know who use Hola, none were aware of this).
“Even if they had said it all along in their FAQ,” wrote one commenter on news site Hacker News, “it’s still infuriatingly disingenuous for someone to act as if anyone ever browses to Hola’s site and reads their FAQ either before or after installing the Hola malware extension.
No ordinary person will ever do this.
The peer-to-peer nature of the site also potentially puts users at risk. On the anonymising Tor network, which works in a similar way, users have to opt-in to become an “exit node” — a point at which traffic can come and go, in and out of the network. But everyone using Hola is an exit node. This implies that if someone is using the plugin to conduct illegal activity through your connection, law enforcement might suspect you’re to blame.
Brennan believes that the company is “acting extremely irresponsibly,” and wants to “help users learn that others are using their internet connections without their knowledge or express permission”.
Hola’s Vilenski told Business Insider that there was nothing uniquely vulnerable about Hola’s VPN — the hacker “could have used any commercial VPN network, but chose to do so with ours.”
Furthermore, the company has been “listening to the conversations about Hola and while we think we’ve been clear about what we are doing, we have decided to provide more details about how this works, and thus the changes [to the website] in the past 24 hours.”
To embed this post, copy the code below on your site
I wonder will the Marxist rabble who recently had the audacity to gatecrash a Christmas mass in progress at a Dublin Cathedral..an outrage completely ignored by most of the media..to make some point about Israel and Gaza be out feeding the homeless on Christmas day? Somehow I very much doubt it!
@Jonn: I don’t think that Hamas or their fan clubs are noted for their charitable endeavours, especially around Christian festivals.
@Thomas Sheridan:
That’s true! I’m curious why the leftist rent a mob chose a Christian ceremony to disrupt..luck of the draw I suppose? Would they have been as quick to invade a mosque, or even a synagogue,which in the circumstances might have been more aligned with their ’cause’? But like the cowards they are they chose a church,an easy,safe target.
@Jonn:
Away sking with Mummy And Papa.
@H Woo:
Quite possibly, the ‘climate crisis’ will have to wait while they fly into Italy for a nice festive break from virtue signalling!
@Jonn: If Jesus was born now (assuming he was ever born or existed) he would undeniably be Palestinian. Unfortunately, the odds of him surviving today in Palestine might not be very good.
@Jack Hayes:
Jack I 100% support the Palestinians, and denounce everything Israel is doing,it’s an abomination, but still doesn’t explain why these morons thought disrupting a Christmas mass was relevant to their cause?
@Jonn: jesus was Marxist before Marxism
@Jonn: Mayne highlight the churchs silence on the GAZA situation
@Niall Lappin:
The church hasn’t been silent
You just haven’t been listening to it
@Niall Lappin:
How come they didn’t rock up to a synagogue waving their Palestinian flags?Probably more appropriate especially given senior Jewish figures in Irelands unquestioning support for Israel and the IDF? Or would the optics not have looked right, easier to pick on the usual whipping boy,the catholic church!
@Niall Lappin:
It’s always funny when people who wouldn’t be caught dead in a church enlighten us with the true meaning of Christianity!
@Jack Hayes:
He was Jewish
My father was in the Knights and he used to go to the mansion house every Christmas morning to bring comfort and joy and a fantastic Christmas Dinner to the homeless and make sure they weren’t forgotten about.
Excellent work by all those involved, a heartwarming show of Christianity
May God Bless them all.
@JP Fox: may the force be with you too
Nobody should be hungry.
Logion 29 : (L’évangile de Thomas).
Jésus disait : ‘ si la chair est venu à l’existence à cause de l’esprit,
c’est une merveille,
mais si l’esprit est venu à l’existence à cause du corps,
c’est une merveille de merveille.
mais moi, je me m’émerveille de ceci :
Comment cet être qui Est,
peut-il habiter ce néant ?’
(CF MT. 21, 41; MC 12, 11 ; JN 1, 14 ; 1 TM 3, 16 ; RM 8, 13 ; 1 CO 5, 3.)
Translated into French by Jean -Yyves Leloup.
@offside again: Go home bot. You’re drunk
have your say