While VPNs mostly come as standalone programs for PC or mobile, one of the popular free VPNs called Hola Better Internet comes as a free browser extension and is available for Firefox and Chrome. The service however, doesn’t route traffic through its own dedicated servers. Rather, it takes the peer-to-peer approach by routing all traffic through its users’ computers, which in essence, turns every user’s computer into a VPN server, thereby saving the VPN provider a lot of money in bandwidth cost, helping keep the service free, as bandwidth is generally the single largest overhead for any VPN service provider. Hola also offers a premium service for $5 per month, which grants access to the VPN without being a node in its P2P network. However, the free service has a ‘feature’ not all users might be familiar with. The feature is called Luminati, and it now seems as though at least one major botnet has used the network its resources – read the users – to attack websites.
Mr. Frederick Brennan, owner and founder of the controversial message board 8chan, reported that his site faced multiple DDoS (Distributed Denial of Service) attacks this week, which originated from the Luminati / Hola network. Mr. Brennan says, he found out that more than a thousand new accounts were created on his site within a very short span of time, driving a huge spike in traffic. On his blog, he wrote, “An attacker used the Luminati network to send thousands of legitimate-looking POST requests to 8chan’s post.php in 30 seconds, representing a 100x spike over peak traffic and crashing PHP-FPM”. The attack was reportedly carried out by someone using the handle BUI, and Hola’s founder Mr. Ofer Vilenski claims that since terminating BUI’s account, 8Chan has had no further problems.
Post this allegation, TorrentFreak interviewed Mr. Vilenski, who admitted selling his users’ bandwidth, saying that the Luminati clause is present in the FAQs front and center. He also said that his company screens commercial users before letting them use the Hola network, and referred to BUI as an isolated case of someone with malicious intent somehow sneaking through. Mr. Vilenski also argued that the attack could have been carried out using any other VPN network, and there’s nothing unique about Hola that needs to be addressed. However, the point that Mr. Vilenski might be missing is that other VPNs don’t use the P2P protocol to route traffic. So there’s no chance of any innocent user getting embroiled in any controversy or become an unwitting part of a botnet attack. While this unseemly episode does affect Hola’s credibility, only time will tell whether it affects its business in times to come. As far as VPNs are concerned, there are plenty of options to choose from, and paid options can get users 100s of Gigabytes of usage per month for not more than just a few dollars.