⬆️ ⬇️

Hola and your safety

Recently, about Hola products you can read a lot of different things about security. On behalf of the company, I will try below to separate the truth from conjectures and exaggerations, and in the comments - to answer questions.



image



I remind you that our products for end users allow you to bypass regional locks set by both the websites themselves and administrators, providers and states.



1. Hola users make up a traffic exchange network (P2P).

')

Most "anonymous proxies" pass user traffic through their own servers in the country of interest. This usually works, but many web services block such servers by blacklisting IP addresses. In addition, to provide such a service costs a lot of money, and therefore it cannot be (or remain for a long time) free.



Hola works differently: in exchange for a free service, the user allows us to use part of his bandwidth. Skype and many popular cartographic applications (for example, Waze) do something similar. By the way, in 2009 a very similar scandal arose around Skype.



We try not to create problems for users and therefore pass traffic through user devices in the background only when these devices are not in use, connected to a charger and access the Internet via Ethernet or WiFi. On average, the additional traffic from Hola at the moment is about 6 MB per day - about 15 seconds of YouTube videos. If this is unacceptable for you, there is an alternative - a paid account for $ 5 per month - and then your device will never be used as a node of a P2P network.



We never hid our principle of action from users ( this is how our FAQ page looked at the end of May of this year), but our mistake was that we didn’t explain it well enough. Now we have explained it in detail not only on the FAQ page, but also on the main page .



2. We do not build a botnet from your devices!



First, as I have already said, we are doing everything possible to clarify to the users what they agree to. Secondly, we take steps to ensure that nothing is done from your IP address, which can cause you trouble.



We sell the right to use the P2P network as anonymous proxy servers. This business is called Luminati . For example, businessmen who want to anonymously monitor prices on competitors' websites use this. The Luminati rules strictly prohibit the use of the service for illegal actions, including all sorts of DoS attacks. Before giving a new client access to the service, we conduct a thorough verification procedure to make sure that we are really dealing with a representative of the company on whose behalf the contact person acts, and that he has legal intentions. In addition, we must preserve customer information, which will help bring him to justice in case of violation of the rules.



Recently, an incident happened when one of Luminati’s clients had abused trust and used our P2P network to attack a well-known web service. This happened because we didn’t carefully check this client. It was our mistake!



Having found a violation, we have disabled his account, and now we are working with the investigation to bring the perpetrator to justice. We have strengthened the mandatory verification procedure that every new client must go through, and checked on it all existing ones. In addition, we have implemented some algorithms that will help us quickly pay attention to the suspicious behavior of users.



We do our best to prevent any attempts to use your devices for illegal and unethical behavior.



3. Vulnerabilities



Recently information about several vulnerabilities in our products has been published. We take such messages seriously!



Over the past weeks we have fixed many vulnerabilities, both described by hackers and those that we found on our own. Most of the fixes are already in force. Some of the underlying problems were immediately corrected "hastily", and now we are working on a fundamental rework of the architecture for their "correct" elimination.



In the light of the published security issues, we not only began an internal review of the entire existing code, but also attracted a professional cyber-audit company to this.



Soon we will announce the launch of a new program, under which everyone who informs us about a new vulnerability will be offered a material reward.



We try to make a good product for you. Bugs and abuses annoy us as much as you. Mistakes are made by everyone; we try to quickly recognize our mistakes and learn from them. Thank you for staying with us and helping us to correct mistakes!

Source: https://habr.com/ru/post/260359/



All Articles