As the saying goes, you get what you pay for.
According to TorrentFreak, users of Hola's free VPN claim that the company has been taking advantage of their connections. Hola isn't denying it. The service is a free VPN, after all, and the company has to find some way for the service to work—and to keep the lights on.
The allegations state that Hola does two things that are a bit unscrupulous. First, when users take part in its free service, they're allegedly opening up their own connections to everyone else's traffic.
"When a user installs Hola, he becomes a VPN endpoint, and other users of the Hola network may exit through his internet connection and take on his IP. This is what makes it free: Hola does not pay for the bandwidth that its VPN uses at all, and there is no user opt out for this," reads a post from 8chan message board operator Fredrick Brennan. "On the other hand, with the Tor onion router, users must specifically opt in to be exit nodes and are aware that completely anonymous traffic can pass through their connections, which means they should be ready for abuse reports for child porn, spam, copyrighted content and other ills that come with the territory."
Brennan's stake in the argument centers on the second major allegation: That Hola is also taking users' bandwidth when their computers are idle and selling it, as a package, via its paid-for Luminati VPN service. In other words, if you're a free Hola user, then you're potentially signing up your computer for one, giant botnet at worst. At best, you're opening the door for others to use your IP address for anything they want. Anything.
"So far as I can tell, there is no way to tell if an IP has the Hola VPN software installed or not: no tell tale open port, no special header from Luminati, and no specific range," Brennan wrote.
"This is a huge issue for 8ch, which allows posters to post completely anonymously, and has some protections in place for typically abused ranges (like Tor and VPN ranges) but still allows posts through," he said. "An attacker used the Luminati network to send thousands of legitimate-looking POST requests to 8chan's post.php in 30 seconds, representing a 100x spike over peak traffic and crashing PHP-FPM."
According to TorrentFreak, Hola says it made all this information available in its FAQ—one that was recently updated to note the association with Luminati, that is.
As for the hack, "8chan was hit with an attack from a hacker with the handle of BUI. This person then wrote about how he used the Luminati commercial VPN network to hack 8chan. He could have used any commercial VPN network, but chose to do so with ours," Hola founder Ofer Vilenski told TorrentFreak.
"If 8chan was harmed, then a reasonable course of action would be to obtain a court order for information and we can release the contact information of this user so that they can further pursue the damages with him," he argued.