Skip to main content
  1. Home
  2. Computing
  3. News

Hola! Hola found to be selling users’ bandwidth as botnet

By
hola found to be selling users internet bandwidth as botnet
Image used with permission by copyright holder

When you add an extension to your web browser, you ordinarily aren’t signing yourself up to let someone else control your computer and spam others. But for users of Hola, one of the most popular free online virtual private networks (VPNs) often used to view blocked videos, this is exactly what’s happening. Essentially, free users are signing their computers up to be part of a botnet — and the site’s founder says that was the agreement it made with its users.

Hola, which boasts 46 million users globally (including 7 million using Chrome), works by linking its users’ Internet connections to, or really through, each other. So, for instance, a user in the U.S. could watch blocked shows by using idle bandwidth from a Hola user as a proxy in France (so as to appear to be watching from France). But there’s a catch. By using the free version of Hola, you are allowing the site to sell your “idle” bandwidth under a brand called Luminati.

The subject came to light when 8chan message board operator Frederick Brennan claimed that Hola users’ computers — through Luminati — unknowingly attacked, and temporarily shut down, his website. “An attacker used the Luminati network to send thousands of legitimate-looking [requests to 8chan] in 30 seconds, representing a 100x spike over peak traffic,” he said in a note.

Related

The site’s founder Ofer Vilenski said that Hola has “always made it clear” that the “idle resources,” or bandwidth, of free Hola users is subject to be sold. And, as devious as the ploy seems, it is clearly written in Hola’s FAQ.  It’s worth noting, though, that accordingly to TorrentFreak, these explanations  concerning Luminati have only recently been added.

Regarding the accusations from 8chan’s Brennan, Vilenski does not deny the claims. “8chan was hit with an attack from a hacker with the handle of BUI,” he told TorrentFreak. “This person then wrote about how he used the Luminati commercial VPN network to hack 8chan. He could have used any commercial VPN network, but chose to do so with ours.”

The upshot of 8chan’s findings, though, is that Hola’s business strategy has become public. We imagine that Hola’s millions of users, who were likely using Hola to access Netflix’s offerings in Europe for example, probably aren’t too happy. While we’ve recommended Hola in the past, it’s probably not the best VPN option now.

Editors’ Recommendations

Topics
Chris Leo Palermino
Chris Leo Palermino
Former Digital Trends Contributor
Chris Leo Palermino is a music, tech, business, and culture journalist based between New York and Boston. He also contributes…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more