Popular web browser extension Hola turns you into a botnet

[GoodBytes]

The popular Hola web browser extension for Chrome and Firefox is used to by-pass region lock content, and access Netflix and other services from the U.S. It is praised for its easy-to-use and free service.

It has been recently found that when used and your bandwidth it idle, it uses you as a botnet through another service from the company: Luminati VPN, which is a service, where you buy traffic in bulk, and has been found to be used for DDOS attack by attackers to hide themselves.

 

The issue came to light after the moderator of the controversial 8chan forum — an off-shoot of 4chan that has been criticized for acting as an "active pedophile network" — reported that the site had been the target of multiple DoS attacks from Hola's network. "[Hola] recently ... realized that they basically have a 9 million IP strong botnet on their hands, and they began selling access to this botnet," says a note on the site. "An attacker used the Luminati network to send thousands of legitimate-looking [requests to 8chan] in 30 seconds, representing a 100x spike over peak traffic."

The real reason for this, is that Hola doesn't provide its own bandwidth or servers, but simply redirects that of its users'. That is how it is able to provide fast, quality service to all, all the time. The big problem with this, is those with bandwidth qupta from their ISP, and being part for potential online attacks without knowing.

Hola says that if you don't want to contribute your bandwidth, you need to pay 5$ per month (45$ per year) for Hola Premium.

The company claim that this was made clear to it's users that they do this, however, it doesn't seam to be case for most.

Source: http://www.theverge.com/2015/5/29/8685251/hola-vpn-botnet-selling-users-bandwidth

Do you use, or used Hola extension? Did you know about this before your got it?

[Homicidium]

Funnily I uninstalled Hola yesterday since I currently do not have a premium Netflix subscription (I used it to watch the US netflix content) and don't really have a use for it. Oh well, glad I found primewire.ag a couple of months ago, so there's no real need for me anymore to use it. Glad I uninstalled it!

[Sonefiler]

"Luminati VPN"? ilLuminati Confirmed

[Jade]

lol'd. Just buy a VPS in the US and host your own OpenVPN or Shadowsocks proxy. Even cheaper than a VPN and you can do other stuff with it.

[Speedbird]

My dad uses it.... Better tell him.

[Snickerzz]

I already knew this and have a few months of premium. You can use a referall to sign up for hola with a dispostable email and get a month of hola for free each time you do this

[linuxfan66]

Unless someone has a smoother replacement it can stay for the time being. still worth noting.

[qwertywarrior]

I don't know what is funnier, the fact that Hola was hacked for abusive use this easily or the fact that people think 8chan is a bad website.

hola wasn't hacked

"they began selling access to this botnet"

[patrick3027]

I use this to watch Community on Yahoo!

Good to know, thanks.

[o0Martin]

I use Hola all the time to watch American netflix, obviously I could just use streaming websites for free without it being locked by region, but using netflix and hola is just so much more convenient and enjoyable, so I don't really plan on stopping, but this is good to know. 

[dmegatool]

Got myself an unlimited, lifetime vpn subscription for 40$ so I unistalled Hola a while back. Always wondered how they could manage the bandwith without charging. Like it was too easy... 

 

If you want the deal for the VPN, it comes back really often. Check for VPN Unlimited. The only drawback is that it works with apps so you can't set it at the router level. But's it no big deal and it's easier to turn on and off. 

[Guest]

Popular web browser extension Hola turns you into a botnet

 

Umm, it turns your computer into a bot.

This bot collaborates with other bots controlled by the same entity forming a network of bots - a botnet.

[projectmayhem]

I had never heard of this extension.

I just use a VPN and am very happy with what I have.

[Misanthrope]

The plug in can be turned on and off (and not just by deactivating the plug in extension settings) so I'd say its still a small price to pay since it's free and pretty hard to defeat by being p2p other vpns can be routinely blocked by sites.

[Guest]

lol'd. Just buy a VPS in the US and host your own OpenVPN or Shadowsocks proxy. Even cheaper than a VPN and you can do other stuff with it.

ZenMate is nice. It's free. And snappy. And doesn't your computer into a bot.

[Jade]

ZenMate is nice. It's free. And snappy. And doesn't your computer into a bot.

Or so you think.

[Guest]

Or so you think.

or so I know. I've checked everything about it. It's code. And even if it does, I still have given my computer into another PAID VPN, as well as I fold...

[Jade]

or so I know. I've checked everything about it. It's code. And even if it does, I still have given my computer into another PAID VPN, as well as I fold...

Release build doesn't have to exactly mirror what's in the repositories.

[sof006]

Guess i'll be removing that when I get home tonight.

[Guest]

Release build doesn't have to exactly mirror what's in the repositories.

No no no... Grease Monkey, or the GOOGLE Plugins Tool allows you to view source code.

And, either way, even if it does turn my computer in a bot. I don't really care. I'll just switch to my paid VPN for primary use.

[ChineseChef]

I thought this was common knowledge, that it used other people with the extension like a p2p service.  That is how it was always described to me, though my own knowledge may bias my understanding of such things.  When you already understand how things like p2p, torrent, vpn, the internet, and computers all work, its easy to understand new things that are similar without realizing the person talking to you about it doesn't understand how it actually works.  Though the people that have told me and others about this at work and such always made sure to warn others that it is basically just sharing your connection with other people who use it.

[Sharkyx1]

As a canadian wouldn't this not affect me, since no one is using Hola to view candian websites?

 

It seems Hola should be using data in the region the users are trying to get to

 

EDIT: i uninstalled the extention some time ago though, so i am not worried

[GoodBytes]

As a canadian wouldn't this not affect me, since no one is using Hola to view candian websites?

 

It seems Hola should be using data in the region the users are trying to get to

It does affect you, as the service that is being used is VP purposes. So if a person uses VPN to torrent, and the service uses your connect... well.. you are tormenting without knowing.