There are no free meals in this world and Hola users could discover the bitter truth the hard way.

Are you using the free Hola virtual private network (VPN)? Then you're in trouble as you've made yourself susceptible to botnets and while on the subject, your bandwidth is also being sold for use by Hola.

Before you think of taking legal action hold on to your horses as you inadvertently agreed to this when you signed up for the popular VPN—it's part of the agreement.

Israel-based Hola is subtly selling the "idle resources" of a user via a separate brand, Luminati. This basically enables any individual to purchase bulk traffic and readdress the same to the targeted site to wage a denial-of-service (DoS) attack. And there bad news is you cannot opt out of it.

"When a user installs Hola, he becomes a VPN endpoint, and other users of the Hola network may exit through his internet connection and take on his IP. This is what makes it free: Hola does not pay for the bandwidth that its VPN uses at all, and there is no user opt out for this," reveals Frederick Brennan, the moderator of the 8chan forum who brought the issue to light.

So if you installed the Hola Better Internet Chrome plug-in or the Hola Unblocker add-on for Firefox, you're unwittingly participating in botnets.

For the unfamiliar, Hola helps in masking a user's location and, therefore, since the VPN uses different countries to route the traffic it is popular with users as they can bypass regional restrictions.

Brennan also divulged that the 8chan site had also been a victim of several DoS attacks from the network, including one waged from a hacker who went by the handle BUI.

"An attacker used the Luminati network to send thousands of legitimate-looking [requests to 8chan] in 30 seconds, representing a 100x spike over peak traffic," revealed Brennan

Brennan revealed that Hola which boasts several million users has also started selling the bandwidth access via Luminati.

"They recently ... realized that they basically have a 9 million IP strong botnet on their hands, and they began selling access to this botnet," he said.

Hola's founder Ofer Vilenski does not deny any of the claims and says that the company has this information available in its FAQs. However, Hola did not make any mention of Luminati on its site prior to Wednesday and seems to have updated its FAQs to include Luminati brand's activities recently.

"Hola generates revenue by selling a commercial version of the Hola VPN service to businesses (through our Luminati brand). This is what allows us to keep Hola free for our users. Users who want to enjoy the Hola network without contributing their idle resources can do so by joining the Hola premium service for $5 per month (or $45 per year)," notes the company's FAQs.

Vilenski is also aware how the Luminati VPN network was used to hack 8chan and how the hacker opted to hack 8chan via their network even though he have waged the attack via any other commercial VPN network.

Hola terminated the hacker's account and communicated the same to Brennan. The company says that even though it screens users of its commercial network, BUI somehow slipped past. However, the company has now made "adjustments."

With the incident bringing to light the loops lurking while using VPNs, users are advised to read the fine print carefully before they fall for the free trap.

Photo: Ángel Raúl Ravelo Rodríguez | Flickr

ⓒ 2021 All rights reserved. Do not reproduce without permission.