14 DAY TRIAL // The trouble that started for Hola VPN service last week may soon reach an end as the company’s CEO, Ofer Vilenski, has announced improvements to the security offered by the business and the software powering it.
Speaking about the events that tarnished Hola’s reputation, Vilenski said on Monday that a wave of changes already started, to make clear to everyone the business model and trade-off for a client of the free service.
As part of the commitment to users’ security, the CEO announces that a bug bounty program is being prepared, and steps have been taken towards making the documentation easy to access and understand.
Clear explanation on how Hola and Luminati VPN services work
To make sure that everybody understands the concept of peer-to-peer network the service relies on and that it involves one’s computer acting as an exit node for someone else’s connection, the FAQ section was changed to better reflect this aspect; this detail has also been made visible in other locations.
Vilenski says that a user of free Hola VPN is currently donating about 6MB per day, at computer idle times, in exchange of access to content that is limited to other countries.
The alternative to sharing resources is to become a premium user for $5 / €4.6 per month, which at the moment gets a customer two additional months free of charge, for the price of one.
The CEO also made it clear that Luminati, the network used by a crook to direct a distributed denial of service (DDoS) attack to anonymous image board 8Chan, is the money-making part of the business.
Customers purchasing a VPN subscription from the Luminati service route their connection through the systems with Hola Free installed.
To protect its free clients, Vilenski explains that there is “a record of the real identification and traffic of the Luminati users,” in the event they try to run a malicious operation. This way, if a crime is committed, they can be reported to authorities.
“This makes the Hola/Luminati network unattractive to criminals - as opposed to TOR for example, which provides them complete anonymity for free,” Vilenski notes.
Company working on uncovering other security flaws
One significant concern is the discovery of multiple vulnerabilities in the Hola software, some of them allowing an attacker to execute arbitrary code remotely on the client computer.
According to the CEO, this problem was addressed by the developers, who worked 24/7 since May 28, and updates were pushed to users. To make sure that other similar issues are found and removed, both internal and external security audits are conducted.
Maintaining a high security standard in the future is marked by the promise of a bug bounty program, which would allow any security researcher to report vulnerabilities in Hola software.