In the recent weeks there has been some announcements of how the browser plugin Hola.org (Hola) could be used for nefarious actions. Hola is a plugin that works with Google Chrome, Firefox and some other browsers. It allows you to unlock content by routing your internet traffic through other users on the network. Hola works more like a bit torrent client rather than a VPN or SmartDNS service. This type of system is often called a Peer to Peer network (P2P). Your internet traffic is routed via the browser, rather than using a VPN to tunnel through a server. Your traffic is routed through other users on the network. For the most part you don’t have a say with what way the traffic is sent or how your connection is also used.
Ultimately it allows you to do many of the same things as a VPN or SmartDNS services do. For example, this means that you could be in France, but visit a website that has US restricted content. This content would be requested by users on the Hola network that are in the US and then routed to you in France.
This is a really clever way of getting around geo-restricted content and is virtually impossible to detect due to it’s distributed nature. Typically streaming services like Netflix, BBC or RTÉ monitor their traffic and block IP address that are not from real users, but from VPN services. They look at web traffic from 3rd party servers like Amazon Web Solutions, Rackspace, etc. Generally the IP ranges from these services are predictable and thus easy to detect traffic coming from a VPN server instead of a legitimate user. The VPNs we recommend all have high numbers of servers and associated IP addresses. When one IP address is blocked, the better VPN providers, use a new ‘clean’ IP address.
Issues with Hola.org
Here are some of these issues are being highlighted and tracked by adios-hola.org and you should be aware of them. In all they have identified 4 main areas where Hola could be vulnerable
- being an exit node – By it’s very nature Hola uses the connections of others, so your connection could be used to access & download illegal resources, like via the Tor network or BitTorrent. This is so called P2P network (wikipedia)
- being tracked – older versions of Hola could add tracking code to let advertisers or other parties know what sites you visit. The best way to avoid this is to make sure you plugin is up to date by visiting adios-hola.org, they can check your plugin version.
- code execution – as Hola can change the content of a webpage it may be possible for it to execute some code from the browser side.
- root code execution – It’s not yet known if Hola can also run code on your computer, outside your browser. This of course could have wider implications.
So it’s important to understand the implications of using Hola or any other similar plugins. Free VPNs or Free SmartDNS services still have to make money to pay their server costs. Hola sells their services to 3rd parties that can use the network (i.e. your connection if you are running the plugin) to view and download content. We want you to be aware of these implications when you are using free services.