Posted on December 19, 2018 at 3:23 PM
VPN services are known for the ability to protect their users by encrypting and shielding their online data. However, according to researchers from Trend Micro, one free VPN service going by the name of HolaVPN might not be safe to use. In fact, this particular service was marked as potentially malicious.
In their report, Trend Micro researchers have stated that marking the HolaVPN as an unwanted and high-risk software was done in order to protect customers. According to them, there are multiple dangers that come with the use of free VPN, which is something that security experts were claiming for years.
HolaVPN responded by denying the claims, expressing surprise that Trend Micro would publish such a harsh report without getting in contact with the company first. The company, based in Israel, was called out by Trend Micro for a variety of reasons, including the fact that it does not work like a regular VPN.
HolaVPN’s many problems as reported by Trend Micro
Instead of being a network of private servers owned and/or controlled by the company, it functions more like a P2P network. Simply put, those who use HolaVPN’s service are sharing their own connectivity with other users. That way, they can get access to websites around the world.
Trend Micro believes this approach to be highly risky and unsafe, especially when it comes to those who use HolaVPN’s services for business purposes. According to them, Hola can allow users to watch Netflix overseas, but it can also allow strangers to exploit users’ internet for various shady purposes. While the approach can provide useful features, the risks are too high, and therefore — not worth it.
Trend Micro has even stated that these reasons should be good enough to prevent HolaVPN from being used in a corporate environment. Furthermore, Hola was also a center of a controversy back in 2015 when the P2P aspect of their service was made public. At the time, the company was believed to be making use of its users’ bandwidth for powering another VPN named Luminati.
Due to these allegations, Trend Micro decided to look into this issue as well. Their approach consisted of pulling data from around 7,000 anonymous computers, that were using the security software, but were also acting as Luminati network’s exit nodes. The results showed that over 85% of the traffic was directed to mobile ads and other similar uses.
This proved that it is possible for cybercriminals to launch a click fraud scheme by misusing the service. Furthermore, the study revealed that several of Luminati’s customers had a habit of misusing the service to hack into numerous email accounts. Finally, there is yet another issue with HolaVPN, which is the fact that it doesn’t offer encryption of any kind. Because of that, the service cannot offer any privacy during its users’ web sessions.
Considering how serious the accusations against Hola were, the company was quick to address the issue and respond. As mentioned previously, they were surprised that Trend Micro would publish a report like this without consulting with them first. Furthermore, Hola criticized the report by calling it “irresponsible” and “sensational”. They also stated that Trend Micro is falsely suggesting that every user of a VPN service aims to hide their identity.
According to the company, Hola is an unblocker which offers the ability to access any content from any location. It is not a privacy-focused service, and it has never claimed to be one. Hola also mentioned having over 175 million users, all of which are enjoying benefits that the service is offering.
Or Lenchner, the CEO of Luminati, also reacted to the report, demanding that Trend Micro removes it. Lenchner claims that the report is filled with “extensive errors”, and that Luminati is a key tool for detecting and preventing ad fraud.
Additionally, Lenchner stated that only those fully checked by Luminati itself are allowed on the service’s residential network. Meanwhile, those who violate the company’s terms and conditions are immediately suspended. Not only that, but Luminati is fully prepared to cooperate with law enforcement to provide data necessary for prosecution.
Despite these claims by Luminati and HolaVPN, Trend Micro did not take the report down. In fact, it appears to be willing to stand by it, stating that their researchers have uncovered indications of unethical behavior. Not only that, but there are even potential links to criminal behavior, which is why Trend Micro feels obligated to disclose these suspicions to a broader community.
While VPNs are services usually believed to be secure and anonymous, this incident should serve as a reminder that they should still be approached carefully, and with a proper amount of research. This is especially important when it comes to free services, which typically offer lesser quality or only some of the features that come with a premium package.