

Adios, Hola – Why you should immediately uninstall Hola - OberstKrueger
http://adios-hola.org

======
prawnsalad
This whole situation baffles me. I understand that the Hola service is not
well executed in the slightest and should most likely be avoided if you do not
want your net connection shared, but this is going way over the top IMHO.

The FAQ page had always mentioned that resources were shared unless you paid
for the premium service. Yes, it could have been a lot clearer, but they have
never out right denied it as many people seem to be making out.

People complained that their FAQ and information pages were not up to scratch
to explain the details behind their network. So they update it with more
information and now people complain that they updated it? Damned if they do,
damned if they don't.

The service they provide is obviously targeted at non-technical users so it is
completely understandable why they wouldn't be mentioning the technical
details. This scares and baffles the users. If they were purposely deceiving
the users with flat out lies then that wold be another thing but that doesn't
seem to be the case here.

The exploits are serious and extremely stupid in the way they had developed
launching the binaries and people should be made aware. However it does seem
like Hola is getting a lot more flack than most others would.

~~~
joepie91_
> The FAQ page had always mentioned that resources were shared unless you paid
> for the premium service. Yes, it could have been a lot clearer, but they
> have never out right denied it as many people seem to be making out.

It _completely_ glosses over the drawbacks of said approach. That's what the
problem is. It doesn't provide enough information for informed consent.

> People complained that their FAQ and information pages were not up to
> scratch to explain the details behind their network. So they update it with
> more information and now people complain that they updated it? Damned if
> they do, damned if they don't.

We complain that they updated it _quietly_ , and then presented it _as if it
had always been there_. The update wasn't the problem, the manner in which it
was made was. Indeed, now that they have released a more transparent update,
it's pointed out as such on adios-hola.org

> The service they provide is obviously targeted at non-technical users so it
> is completely understandable why they wouldn't be mentioning the technical
> details. This scares and baffles the users. If they were purposely deceiving
> the users with flat out lies then that wold be another thing but that
> doesn't seem to be the case here.

"That doesn't seem to be the case here"? How about them _completely_ leaving
their users in the dark about the possible legal ramifications? Why does
something need to be a "flat out lie" to be highly deceptive?

There is such a thing as lying by omission.

> The exploits are serious and extremely stupid in the way they had developed
> launching the binaries and people should be made aware. However it does seem
> like Hola is getting a lot more flack than most others would.

They're not. Hola is getting a lot of flak because every aspect of their
business is completely and irreparably fucked up - the technical side _and_
the ethical/business side.

------
chris_wot
Whoa! When I installed Hola, I had no idea that I was proxyimg content and
allowing my IP address to be used by others!

It's my fault really, I should have checked into it more carefully. But if you
look at the Wayback Machine version from December 2014, there is nothing about
this on the main page [1] and the FAQ says absolutely nothing about their
commercial anonymization service, Luminati! im also curious: what is this
patented DNS algorithm they are using that interferes with OpenDNS? [2]

1\.
[http://web.archive.org/web/20150102160748/http://hola.org/](http://web.archive.org/web/20150102160748/http://hola.org/)

2\.
[http://web.archive.org/web/20150102160748/http://hola.org/fa...](http://web.archive.org/web/20150102160748/http://hola.org/faq)

~~~
zimbatm
> what is this patented DNS algorithm

It's probably just them running their own resolver over an encrypted channel
to avoid ISP rewriting DNS responses.

~~~
chris_wot
No, they appear to have their own app. According to the patent [1], they are
querying all the host systems DNS resolvers concurrently.

The second part of the invention is as follows:

 _In accordance with the present method and system, and a first exemplary
embodiment of the invention, in order to avoid wasting time when cache entries
are expired, the present method and system performs two steps concurrently.
First, the present method and system continues operation as if the expired
cache entry is still valid and thus continues resolving the DNS request from
the cache. In parallel, the present system and method queries the
authoritative domain name server that provided the expired answer in the past
for obtaining the latest valid entry for this URL. If, following the
comparison of the cache entry to the one now received from the authoritative
domain name server, the entry in the cache is still valid, the present method
and system uses the final answer received from the first process herein.
Acting on the assumption that the invalid cache entry was still valid is
productive for the process._

 _If the IP address received from the authoritative domain name server is not
the same as the expired entry in the cache, the present method and system
ignores the result received from the first step and continues normally with
the result received from the authoritative domain name server.This
modification in the operation of the DNS recursor saves time, since in most
cases of an expiration of a cached record, the record is still valid, and thus
the serial recursive process would have been slower than the concurrent
process of the present method and system. In other cases (i.e., in the cases
where the assumption that the expired cache entry was still valid, but
following the query to the authoritative domain name server it turned out not
to be valid), the time the present method and system takes is the same as the
prior art process, meaning that if the cache entry was indeed invalid, then
doing the two steps in parallel as described above did not waste time—the end
result is returned in the same time it would have taken a ‘normal’ DNS process
to return a valid answer._

How they implement this, I don't know. Possible they are modifying the
client's resolver? Seems like a recipe for disaster though.

1\.
[https://www.google.com/patents/US8671221](https://www.google.com/patents/US8671221)

~~~
zimbatm
I can see how this could improve the resolving latency slightly, at the
expense of more network traffic. Like you said, it must be tricky to get that
integrated properly.

It seems like a weird optimization to do and unrelated to VPN. Maybe they have
fast-changing DNS entries when nodes are joining and leaving.

------
kristofferR
I'm honestly pretty surprised that so many people were unaware about how Hola
worked up til now. I've had a seperate Chromium installation for Hola for
years now, since I didn't want to contribute bandwidth/my IP.

It would have been impossible for them to give people unlimited IPs in almost
all the countries in the world for free if they themselves had to buy and
maintain them like a traditional VPN service.

Apart from the exploits (which should be fixed ASAP ofc), Hola is a great
thing for the internet. Geofencing is the real enemy, and Hola kills it.

The problem with Hola isn't really that it shares your connection, the problem
is that it is too uncommon. The internet would be a better place if you
weren't responsible for what exited through your IP, if everyone were an exit
node nobody could be held responsible. Plausible deniability only works if
it's actually plausible.

~~~
joepie91_
> I'm honestly pretty surprised that so many people were unaware about how
> Hola worked up til now. I've had a seperate Chromium installation for Hola
> for years now, since I didn't want to contribute bandwidth/my IP.

> It would have been impossible for them to give people unlimited IPs in
> almost all the countries in the world for free if they themselves had to buy
> and maintain them like a traditional VPN service.

Hola markets itself explicitly to a demographic that doesn't understand what
business models are and aren't feasible in the tech world. That's why.

> Apart from the exploits (which should be fixed ASAP ofc), Hola is a great
> thing for the internet. Geofencing is the real enemy, and Hola kills it.

And does so in a highly unethical way. The workings and possible drawbacks of
Hola should be transparent, but they are not. And they are unlikely to ever be
sufficiently transparent, as that will decrease their userbase and hurt their
income through Luminati.

And this is exactly why you don't let a commercial business "fix the
internet".

> The problem with Hola isn't really that it shares your connection, the
> problem is that it is too uncommon. The internet would be a better place if
> you weren't responsible for what exited through your IP, if everyone were an
> exit node nobody could be held responsible. Plausible deniability only works
> if it's actually plausible.

Sure, if that were the case, then it'd be great. Unfortunately, it's not.

------
lelf
[http://adios-hola.org/advisory.txt](http://adios-hola.org/advisory.txt) oh
dear.

~~~
ConAntonakos
Creepy... :(

------
cerealizer
It got removed from the Chrome Web Store by the looks of it
([https://chrome.google.com/webstore/detail/hola-better-
intern...](https://chrome.google.com/webstore/detail/hola-better-
internet/gkojfkhlekighikafcpjkiklfbnlmeio))

~~~
prawnsalad
[https://chrome.google.com/webstore/detail/hola-better-
intern...](https://chrome.google.com/webstore/detail/hola-better-
internet/mhcmfkkjmkcfgelgdpndepmimbmkbpfp)

~~~
joepie91_
That's the app, not the extension. They're two separate distributions.

------
benoliver999
Could not agree more. They have a clever idea but they are not clear about how
it works.

What caught me onto it was seeing what they offered as 'premium' features.
These basically involved not being a peer!

They have clarified things a little but to the uninitiated, being a 'helper'
sounds like a good thing!

~~~
Jake232
I think they could have made it clearer, and changing up their FAQ didn't
exactly make a great impression on a lot of users. That said; I think
providing they tell users about this upfront, and don't waste their bandwidth
on mobile connections etc (as they say they don't) - then I see no problem
with this.

It's a way for users to get a VPN for "free". For most end-users they won't
even notice/care about the odd HTTP request they're proxying. I think
transparency may have been the issue here.

~~~
thefreeman
> For most end-users they won't even notice/care about the odd HTTP request
> they're proxying.

I'm pretty sure people would care if the cops showed up because that odd HTTP
request happened to requesting child pornography.

~~~
Jake232
That is a risk they take. That's what I was saying about transparency. If the
Hola website made had made the whole situation more obvious, then users either
take this risk or pay the $X a month for an actual VPN service.

~~~
joepie91_
The problem is that that goes against Hola's own (commercial) interests.

------
Bladegunner
What vpn does HN recommended?

~~~
rhinoceraptor
Set up an OpenVPN server on Digital Ocean's Germany region.

~~~
0xndc
Germany?

------
minot
Hear me out. Perhaps the law should assume innocence and not think I'm guilty
just because it looks like I am downloading something "bad".

In a perfect world, there would be no laws against downloading or uploading
anything on the Internet. If you order a hit on someone, we have existing laws
against that. if you threaten to kill someone, there are laws against that.

What a wonderful world that would be!

------
dsjoerg
missing context. what is hola

i can google it, but still missing context. is hola popular. are some of its
claims not true. was it obviously a scam already. what is notable about this.

