In practice, if you are a user of the free version of Hola, your connection can be sold as an exit node through Luminati. In other words, your internet connection can be bought and used through Luminati, turning you and other Hola users into a node of what could be described as a voluntary botnet.This is something that wasn't widely known until 8chan revealed Luminati and Hola had been used to spam and take down the site. And it's also something that Hola's creators never disclosed openly until this week.
If you are a user of the free version of Hola, your connection can be sold as an exit node through Luminati.
Vilenski said that the explanation "actually was there in a different form," and pointed to the old FAQ, which said: "if you would like to use Hola for commercial use contact us at firstname.lastname@example.org for a quote."Yet, Vilenski himself admitted most users are probably not aware of it."Are 100 percent of users aware that they are on a peer-to-peer network and what it means?" he told me on the phone. "The answer is no. Not because we're covering it, trying not to show them—because we are telling them about it—but because most of them just don't care, they want a good service, it works well and it doesn't screw them up."He might be right, most users are probably not aware of how Hola really works."What???? Horrible!" a Hola user told me in chat when I asked her whether she was aware of the fact that Hola allows others to use her connection when it's idle, and that her connection can be sold through a separate service. "I had no idea. […] WTF I am deleting it ASAP."
"We can provide [Hola] for free since each user is also an exit node for other users."
"If it works the way it is explained, it's a terrible idea to use it," Raphael Vinot, a security researcher, told Motherboard. "Because you end up being responsible for what the other users of the service are doing."In fact, in the case of Tor exit nodes, the Tor Project itself advises against running an exit node at home, given the legal risks. As Motherboard previously reported, Tor exit operators can face police raids and even jail if their nodes are involved in illegal activities.With Hola and Luminati, millions of users (Vilenski says Hola has 46 millions installs) are exit nodes, likely without realizing it.Vilenski told me that they don't allow customers of Luminati to do illegal activities, and that Bui's account was suspended after the incident with 8chan."We're very, very serious about people not misusing our network," he said, adding that it'd be "stupid" to use the network for criminal activity. (It's worth mentioning that the old FAQ did not say that Hola is a "managed and supervised" network and thus not a good fit for criminals trying to hide their identities.)
"If it works the way it is explained, it's a terrible idea to use it."
Yet, when another security researcher posed as a potential customer, a Luminati representative told him that "we simply offer you a proxy platform, what you do with it, is up to you," and that "we have no idea what you are doing on our platform," according to chat logs provided by the researcher, who wishes to remain anonymous, to Motherboard.At the same time, the Luminati website now doesn't describe the service as "the world's largest anonymity network" anymore, as it did on Tuesday. Now, it's a "VPN network" and the words "anonymous" or "anonymity" have disappeared from the site."The bottom line is they're trying to figure out how to run a profitable business," Adam Fisk, the founder of Lantern, an app that allows people to become proxies for internet users in countries where there's online censorship, told Motherboard. "And they're essentially selling out their users to try to figure that out."Vinot, the security expert, described it as "an interesting business model.""Honestly," he said, "that level of trickiness is art."This story has been amended. A previous version of this story described Luminati as an "unwitting botnet," but it can be more accurately described as a "voluntary botnet."
"They're essentially selling out their users to try to figure out [how to run a profitable business]."