HideMyAss VPN

Wednesday, June 17, 2015

Hola VPN sells YOUR bandwidth – remove now!

Users of Hola VPN are justifiably angry and surprised to learn that their bandwidth has been sold
under the guise of a service called Luminati (which Hola owns). It’s not easy to think of a legitimate use or reason for a business to want to purchase Luminati’s multiple user connections, especially without the users’ knowledge but it does seem to be a perfect, although downright illegitimate, ‘botnet-for-hire’. A botnet is a network of computers which can be used for illegal reasons, such as targeting businesses with a DDOS (Distributed Denial of Service) attack, without the owner’s knowledge, and is powerful enough to bring down even the biggest websites! Just look at what one can do to companies like Sony and Microsoft.


The botnet issue was recently raised by 8chan founder, Fredrick Brennan, who claimed that an attack on his website could be traced back to computers on the Luminati network.
Hola VPN is actually a peer-to-peer (P2P) VPN service which is able to provide its services for nothing by selling Hola users’ bandwidth. However, this leaves the door wide open to spam, malware and potential unscrupulous third parties accessing Hola VPN users’ connections and use it for illegal activities, with the user having no clue as to what is going on.

A group of researchers and coders from Adios-Hola said on their website ”Hola is a ‘peer-to-peer’ VPN. This may sound nice, but what it actually means is that other people browse the web through your internet connection, similar to the way Tor works. To a website, it seems like it’s you browsing the site… imagine that somebody uploaded child pornography through your connection, for example. To everybody else, it seems as if it was your computer that did it, and you can’t really prove otherwise.”

The Adios researchers also found a number of serious security flaws with Hola VPN. Hola claim that they fixed “two vulnerabilities” but Adios-Hola found that “The vulnerabilities are *still* there, they just broke our vulnerability checker and exploit demonstration. Not only that; there weren’t two vulnerabilities, there were six.”
But that’s not all! According to Adios-Hola “…on some systems, it gets worse; Hola will happily run whatever you feed it as the ‘SYSTEM’ user. What this means in simple terms, is that somebody can completely compromise your system, beyond any repair. It allows for installing things like a rootkit, for example.”

In a bid to reassure around 9.7 million users of its free VPN, Hola quickly updated their FAQ’s to ensure that their users (if they have any left), are fully aware that their free VPN service is actually a P2P program.

“We assumed that by stating that Hola is a P2P network, it was clear that people were sharing their bandwidth with the community network in return for their free service. After all, people have been doing that for years with services like Skype. It was not clear to all our users, and we want it to be completely clear.”

The problem here is that their users weren’t aware that Hola VPN were selling users’ bandwidth and, more worryingly, Luminati / Hola didn’t seem to check or care what people were using it for.
“If you’re not paying for it, you’re the product!”, as they say.

There’s no such thing as a free lunch!
When we subscribe to any ‘free’ service, we have to ask ourselves, why is it free? What is the company getting out of this? Companies very rarely give us something for free out of the goodness of their hearts. In this digital age, we’re often giving away our personal data in exchange for products or services or to save money on health insurance – and in this case, Hola VPN users are giving away their right to privacy and security which could be used against them by criminals and other third parties.

Hola VPN are now looking to employ a Chief Security Officer… yep – good idea!
Is it really worth comprising your security and privacy for free VPN?

We at Hide My Ass! Pro VPN take your security and privacy extremely seriously – it’s what we do. We have VPN servers in over 190 countries around the world allowing you to safely, and securely surf the net anonymously, evade hackers and access your favourite sites and services around the world, for as little as $6.55 per month.


If you use Hola free VPN, will you continue to do so?


Name of the Provider
Website Address
Hide My Ass
Strong VPN
Switch VPN
Pure VPN
IPVanish VPN
Hotspot Shield Elite


Digital Magna Carta launched by British Library – vote now!

Students from around the world are taking part in a British Library project to consider which topics
should be included in a digital Magna Carta. The clauses fall under 3 categories; freedom, access and privacy.
3000 students from the UK and overseas have created over 500 My Digital Rights clauses for the British Library project, highlighting some of the concerns young people have with the digital age, including online safety and security, calls for online privacy, and to be able to enjoy freedom on the net.


Researchers at ComRes recently found that 29% of young people aged 10-18 wanted to feel safe and protected on the net, and 17% of those polled want to see freedom of speech and an uncensored net for everyone, no matter where they are in the world.

The digital Magna Carta marks the 800th anniversary of Magna Carta and the 25th anniversary of the web. The Magna Carta (meaning Great Charter in Latin) was granted by King John on 15 June 1215 at Runnymede, which meant that no one, even a King, was above the law. One of the four remaining copies of the 1215 Magna Carta is preserved in Salisbury Cathedral’s Chapter House, in the UK.
At the time of writing, the top ten digital Magna Carta clauses include “not to be censored by the government”,  “be free from censorship and mass surveillance”, and “not allow the government and technology companies to intrude on our privacy when online; whether searching information or surfing social media, the web we want should be private and safe.”

We at Hide My Ass! couldn’t agree more with the clauses young people have put forward for the digital Magna Carta!  We abhor net censorship and ridiculous blocks placed on websites by so many governments around the world – which is the main reason our VPN service was originally established.

Inventor of the world wide web Tim Berners-Lee believes a digital Magna Carta is critical to secure users’ online privacy, and freedom of speech on the net. Speaking at a We Want Web event in September last year Tim Berners-Lee said “There have been lots of times that it has been abused, so now the Magna Carta is about saying…I want a web where I’m not spied on, where’s there’s no censorship” Berners-Lee added  “Our rights are being infringed more and more on every side, and the danger is that we get used to it.”

Voting is open to the public and runs this week, with the top 10 digital Magna Carta clauses to be announced on Monday 15th June – Magna Carta Day!

What the digital Magna Carta will conclude, well, we’ll find out next week – but don’t forget to cast your vote!


Name of the Provider
Website Address
Hide My Ass
Strong VPN
Switch VPN
Pure VPN
IPVanish VPN
Hotspot Shield Elite


How to stay anonymous online: 5 more tips

How to secure your smartphone - 5 more tips!Staying anonymous online isn’t difficult to achieve. In the second part in our series on how to stay
anonymous online, we provide 5 more tips which will help you to surf anonymously and stay anonymous online! You can also check our previous article on how to stay anonymous online: 5 top tips. 

Staying anonymous online – 5 tips to surf anonymously and stay secure online

1. Proxy server
When you connect to a proxy server all your internet requests go through the proxy, and your source IP address (your originating IP address), is replaced by that of the proxy server. It’s a great way to stay anonymous online. When you use a proxy server you use the IP of the proxy server, not the IP your ISP gives you. However, it’s worth pointing out that none of your data is encrypted, which leaves the door wide open to any attacker or thief. Why not use our HMA! proxy

2. ZRTP
ZRTP is a cryptographic key-agreement protocol, and as such, isn’t an application or piece of software in itself, rather the secure layer the application uses across a network. Currently, it has many advantages over other methods of encryption as it doesn’t rely on server management, shared secrets or PKI (Public Key Infrastructure) and provides protection against man-in-the-middle attacks, amongst many others. ZRTP is mainly implemented in cellphone / VoIP software at the moment and so while perhaps not something for the average user to concern themselves with, it may be worth looking out for as things develop.

3. Spies on the net  
In our article ‘Who’s watching you?’ you will see that a number of companies can easily track you, and these companies DO track you – building a spiderweb of user activity. You won’t normally be able to see these stealth operators, but they are watching you and building up a profile of your surfing habits.  There are a couple of services you can use, such as Ghostery, that block the cookies, tags, web bugs, pixels and beacons of over 1,900 ad networks as well as letting you see what it blocked in real time.

4. Bitcoin
Given the attention the media has lent Bitcoin recently, both good and bad, you’re probably somewhat familiar with the crypto-currency by now. Leaving the political issues to one side, Bitcoin allows a user to pay for goods or services with complete anonymity, with companies such as Microsoft and Virgin Galactic and HMA! Pro VPN now accepting it as payment. Setting a Bitcoin wallet up is a simple process nowadays but beware, due to the anonymous nature of Bitcoin, there’s not always a great deal of transparency available when it comes to determining who has control of your wallet. Also, while the currency itself is anonymous, the way you use it to pay for things, what those things are and how you receive them may not have the same level, or any, anonymity applied.

5. Delete cookies
Cookies and supercookies stored on browsers such as Safari, Internet Explorer and Chrome are created every time you carry out an online search, log in to a website or simply browse certain sites. They tell the owner of the website information such as whether you’ve visited their site before. For example, travel websites use cookies to track and record the number of times you check a flight by using your IP address. Did you know that a VPN can save money on your airfares?!  Cookies can provide you with an enhanced browsing experience, as they allow companies to track your surfing activity. They can remember if, for example, you like a specific brand of handbag. Using incognito mode or private browsing mode on your computer will help to control them, but this will only remove the information from your computer and not the server.

Travel sites use cookies to track and record how many times your IP address has checked the price of a flight.

It is a good idea to delete cookies every now and then using software such as CCleaner. It’s also a good idea to block third party cookies (ad company cookies) in your browser.
Now, according to Edward Snowden if you use CSpace, VPN, Tor and ZRTP all together, you will achieveLevel 5 catastrophic levels of privacy – the NSA cannot break the encryption – yet!


Looking for more information about how to stay anonymous online? Then take a look at our website where you will find all the information you need about HMA! Pro VPN to help you surf anonymously and stay anonymous online. Of course, if you prefer you can always send us an email or contact us via HMA! chat (look for the ‘Chat with us’ icon in the bottom right hand corner on our website) and one of our support donkeys will be happy to help you!


Name of the Provider
Website Address
Hide My Ass
Strong VPN
Switch VPN
Pure VPN
IPVanish VPN
Hotspot Shield Elite


Cambodia net censorship is coming!

Cambodia net censorship is coming!Net censorship in Cambodia is rearing its ugly head again as Cambodia’s government revisits a
Cybercrime Law and a Law on Telecommunications that will seriously impede Cambodian netizens’ right to freedom of speech and expression – internet censorship is on its way!


Where freedom of expression is heavily restricted in countries such as China and North Korea, Cambodians currently enjoy relatively uncensored net access thanks to low-cost handsets and affordable monthly ISP charges, allowing them to voice their opinions freely on social media platforms such as Facebook (which has 1.76 million registered Cambodian users) and Twitter. But with increased numbers of Cambodians using the internet, the Cambodian government is preparing its Cybercrime Law and Law on Telecommunications to restrict free speech, to crack down on political dissidents, and to conduct mass surveillance on Cambodian internet users.
Or as a Cambodian spokesman puts it, the cybercrime law is meant to crack down on “hackers.”
Unfortunately, it does look like Cambodia internet censorship is coming!

A new report from the rights group Licadho “Going Offline? The Threat to Cambodia’s Newfound Internet Freedom” details Cambodia’s plans to stifle freedom of expression on the net – to match censorship which already exists in broadcast media and in print in the country.
Am Sam Ath, technical coordinator at Licadho said in a statementFreedom of expression is a right that many Cambodians have never truly experienced. It comes as no surprise that as soon as Cambodia found a way to have their voices heard, the government has begun a comprehensive effort to once again silence them.”

Cambodia’s Cybercrime Law was first announced in May 2012, and in 2014 a draft version of the Cybercrime Law was leaked to the public which revealed that the government were leaning towards suppressing freedom of expression in the country by making it an offense to post content that “generates insecurity, instability, and political cohesiveness.”

The draft Cybercrime Law was “scrapped” in December 2014, according to Licadho “one official claimed that it was ‘not a priority’ any longer.” But now government officials have changed their minds, it is now a priority. The Cambodian government hopes that the draft Cybercrime Law, and the draft Telecommunications Law will thwart online internet crimes, such as hacking. However, this raises the question – how far will the Cambodian government go? According to Licadho’s report, the “provision of the Cybercrime Law are so broad and vaguely defined that the law could be stretched to encompass nearly any form of critical online content…that could easily apply to routine news postings, citizen journalism and online commentary.”

The Law on Telecommunications brings grave concerns that the Cambodian government could use mass surveillance technology to spy on its citizens’ online activities. Both these laws, the Cybercrime Law and the Law on Telecommunications would stifle freedom of expression, and place a stranglehold on free speech, stripping Cambodians’ right to freedom of opinion. Imagine not being able to voice your opinions on Facebook or Twitter in fear that your government will come down on you like a ton of bricks?!

Naly Pilorge, director at Licadho told Voice of America “The draft Cybercrime Law and Law on Telecommunications are a clear attempt by the CPP (Cambodian People’s party) to establish complete control over Cambodia’s Internet.  The extreme discretion that the Cambodian government would wield under these laws could and likely will be used to suppress virtually any form of critical online content.”

The Cybercrime Law, if made law, would seriously impede Cambodians right to privacy and freedom of expression, by imposing censorship on those with opposing political views – and that is never a good thing! However, it’s OK, because Ministry of Posts and Telecommunications spokesman Meas Po says that the draft Cybercrime Law will be debated by the end of year and said “We made the law to guide and to monitor…we did not make the law to create problems.” Phew!

While Cambodian net censorship is under threat – many canny Cambodians use virtual private networks (VPNs) to gain access to blocked websites – largely political opposition driven sites. For more information about HMA! Pro VPN visit our website.


Name of the Provider
Website Address
Hide My Ass
Strong VPN
Switch VPN
Pure VPN
IPVanish VPN
Hotspot Shield Elite


The European “Censorship” Games in Baku – online security tips for journalists

The European The European Games in Baku are underway, but under all the pizzazz lies the very disturbing issue of
censorship, the violation of human rights, and the safety of journalists reporting on the event in the gas and oil rich country. However, there are a number of online security tips for journalists to secure their data while covering the European Games in Azerbaijan’s capital city.

More than a billion dollars has been spent on the European Games in Baku, including the Olympic Stadium, making the first edition of the event a truly magnificent sight to behold. 6000 athletes from 50 nations are competing in the 17 day event which runs until 28 June, organised by the European Olympic Committee (EOC.)

The opening ceremony on Friday 12 June included a performance from Lady Gaga killing John Lennon’s “Imagine” (interestingly the line “no need for greed and hunger” was omitted from her rendition!) however, the event has been heavily marred by the Azerbaijani government clamping down on freedom of speech, seriously violating human rights and barring media outlets and human rights organizations from attending the European Games in Baku.

Look at the spectacular fireworks, look at Lady Gaga, look at the balloons escape (at a glacial pace – skip to 2:37) from a giant pomegranate– there’s no way that we’re a repressive government!
While the majority of EU leaders boycotted the opening ceremony of the European Games in Baku, due to the country’s poor record on human rights, surprise, surprise, some of HMA!’s least favourite internet dictatorial-led leaders were in attendance, including President Recep Tayyip Erdogan and Russian President Vladimir Putin, who watched the opening ceremony with fellow censorship comrade President Ilham Aliyev.

A number of human rights organizations, including Amnesty International and the Human Right’s Watch, as well as several media outlets including a journalist from The Guardian were refused entry into the country for the 2015 European Games in Baku for calling attention to the violation of human rights there.

Rachel Denber from the Human Rights Watch said “Government repression is making the European Games historic for all the wrong reasons.”

Dozens of political activists, journalists and critics of the government have been locked up, many others have fled the country in fear of persecution according to Human Rights Watch. While Azerbaijan’s systematic approach to clamping down on freedom of speech is no secret, the government hopes the European Games in Baku (as they also hoped hosting the 2012 Eurovision Song Contest), will detract attention away from their appalling human rights record to establish future ties with Europe. But this has only highlighted Azerbaijan’s appalling human rights track record. #humanrightsfail
Online security tips for journalists covering the European Games in Baku
If you’re a journalist reporting on the European Games in Baku, or in fact any future events, you can beef up the security and privacy on your devices with these online security tips for journalists from Hide My Ass! and also from Alan Pearce who was commissioned by the International Federation of Journalists (IFJ) and the European Federation of Journalists (EFJ) to protect media covering the event.
  • If you need to connect to public Wi-Fi use a VPN which will stop anyone, including attackers, or other third parties from being able to access your confidential information when covering the European Games in Baku. A VPN will also give you access to any blocked websites you may need to access. Hide My Ass! is your best bet – we have a VPN server in Azerbaijan giving you fast, reliable access to information and services. Check out our tips on how to stay safe on public Wi-Fi hotspots!
  • Do you trust the message you have received on your device? If you’re not 100% confident it’s from a trusted and reliable source do not click on it, and certainly don’t open any attachments or click on any links within the message. Alan Pearce recommends to disable HTML in your email programme via the Settings tag to avoid infection via email.
  • Hide My Phone! is a great mobile privacy app for journalists covering the European Games in Baku (or other privacy-conscious people), make phone calls without being traced by governments, or any other unscrupulous third parties.
  • Keep your laptop or mobile device in your sights at all times. Alan Pearce recommends “applying a coat of glitter nail polish over a laptop or tablet and then taking a photo of it with your smartphone can calter show if the device has been tampered with.”
  • Set your smartphone passcode to automatically lock at a time that works for you. If you set it to lock every 30 mins and you’re only on it for 2 mins, you’re leaving your smartphone vulnerable to attack.
  • Make sure that any websites you visit uses SSL. You will know this, as you will see “https” in the URL address. The “s” means secure. Look for “https” on every webpage you visit and if you don’t see it, then that part of your session isn’t encrypted.
  • There will be times when you meet various different personnel while covering the European Games in Baku, but may not wish to give out your real email address. Use the Hide My Ass! anonymous email service to keep your personal email address personal!
  • Leaving Bluetooth or NFC on is an open invitation for anyone to access your smartphone device and steal your personal data. A good rule of thumb to follow is always turn off Bluetooth, or any other services, once you finished using it or switch mode to “not discoverable.”
  • Great online security tips for journalists also includes the apps Mobile Hidden Camera for Android and Secret Camera for iOS with both apps allowing you to take photos without the shutter sound, previous or playback.
  • If you need to share files, try SpiderOak, recommend by Edward Snowden. Steer clear of using Dropbox, which Snowden calls “hostile to privacy.”
  • Install anti-theft software which will allow you to remotely delete data from your phone if it falls into the wrong hands or you misplace it during the European Games in Baku. Android users can download “Where’s my Droid” and iOS users can download the app “Find My Phone.”
  • Services such as Skype and Facebook can be, and are, intercepted on a regular basis. A more secure service is CSpace, which is an open-source encrypted chat service which allows people to communicate safely and securely, as well as transfer files.

Find more great online security tips for journalists (or anyone concerned about privacy) visit our blog and also look for tips from Alan Pearce to secure your devices at home and abroad!


Name of the Provider
Website Address
Hide My Ass
Strong VPN
Switch VPN
Pure VPN
IPVanish VPN
Hotspot Shield Elite


Sunday, February 1, 2015

HMA! TIP: HOW TO RECOVER FROM HACKED ACCOUNTS

If you suspect that one of your accounts has been compromised (for example, your email account), it is extremely important that you carry out a full security-check of all your accounts and services, as well as taking action to prevent further damage and future security problems.
Keep in mind that time is of the essence – any additional time your accounts are compromised can lead to more damage and more problems. Don’t panic, but don’t postpone it either!

1. Change your passwords
Your first step should be to change your passwords – not only for the compromised account/service, but also for all accounts and services that relate to it.
For example, if your email account was hacked, the hacker can just reset passwords for all other services that are registered to your email address. The hacker can easily take control of all your other accounts.
To be on the safe side, it’s best if you change ALL your passwords.
Unable to access your account? Has the hacker changed your passwords already?
Check the affected services support pages for information on incidents like this. If they do not offer a solution on how to reset your password again, contact their support department and explain the situation. Make sure you include relevant information to confirm that you’re the legitimate account owner.
2. Damage Assessment
Get to know what possible damage has been done with your compromised account.
For example:
  • Was your email account used to send spam or viruses to anyone in your address book?
  • Was your account used for illegal purposes?
  • Was sensitive information or data accessed or stolen from your account or computer?
  • Has you incurred financial loss due to the incident?
3. Prevent it from happening again
  • What lead to the hacked account?
  • Have you been using a weak password? (select stronger passwords!
  • Would security software have prevented the incident? (by installing anti-spyware/malware, antivirus and firewall software)
  • Is your computer properly secured? (For example, use TrueCrypt for storing sensitive data, don’t store your passwords and other login-info in cleartext)
Note: Security problems like compromised accounts are not always caused by negligent behavior such as using weak passwords or missing security software. Outdated software and firmware can lead to situations like this as well, so make sure to keep all your software including your operating system itself up-to-date.

Name of the Provider
Website Address
Hide My Ass
Strong VPN
Switch VPN
Pure VPN
IPVanish VPN
Hotspot Shield Elite